Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-43560 |
Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
CVSS: CRITICAL (9.1) EPSS Score: 1.93%
May 13th, 2025 (25 days ago)
|
|
CVE-2025-43559 |
Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
CVSS: CRITICAL (9.1) EPSS Score: 3.17%
May 13th, 2025 (25 days ago)
|
|
CVE-2025-45865 |
Description: TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
May 13th, 2025 (25 days ago)
|
|
CVE-2025-4660 |
Description: A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent.
This does not impact Linux or OSX Secure Connector.
CVSS: CRITICAL (9.8) EPSS Score: 0.19%
May 13th, 2025 (25 days ago)
|
|
CVE-2025-4658 |
Description: Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
May 13th, 2025 (25 days ago)
|
|
CVE-2025-3757 |
Description: Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.
CVSS: CRITICAL (9.3) EPSS Score: 0.02%
May 13th, 2025 (25 days ago)
|
|
CVE-2025-30387 |
Description: Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
May 13th, 2025 (25 days ago)
|
|
CVE-2025-45858 |
Description: TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.
CVSS: CRITICAL (9.8) EPSS Score: 5.76%
May 13th, 2025 (25 days ago)
|
|
CVE-2025-45857 |
Description: EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function.
CVSS: CRITICAL (9.8) EPSS Score: 0.38%
May 13th, 2025 (25 days ago)
|
|
CVE-2025-28056 |
Description: rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
May 13th, 2025 (25 days ago)
|