Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-25210 |
Description: Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php.
CVSS: CRITICAL (9.8) EPSS Score: 0.08% SSVC Exploitation: poc
May 12th, 2025 (26 days ago)
|
|
CVE-2024-25209 |
Description: Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php.
CVSS: CRITICAL (9.8) EPSS Score: 0.08% SSVC Exploitation: poc
May 12th, 2025 (26 days ago)
|
|
CVE-2024-24691 |
Description: Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
CVSS: CRITICAL (9.6) EPSS Score: 0.34% SSVC Exploitation: none
May 12th, 2025 (26 days ago)
|
|
CVE-2025-26846 |
Description: An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
May 12th, 2025 (26 days ago)
|
|
CVE-2024-56524 |
Description: Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by adding a special character to the request.
CVSS: CRITICAL (9.1) EPSS Score: 0.06%
May 12th, 2025 (26 days ago)
|
|
CVE-2024-56523 |
Description: Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method.
CVSS: CRITICAL (9.1) EPSS Score: 0.06%
May 12th, 2025 (26 days ago)
|
|
CVE-2025-4559 |
Description: The ISOinsight from Netvision has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVSS: CRITICAL (9.8) EPSS Score: 0.11%
May 12th, 2025 (27 days ago)
|
|
CVE-2025-4558 |
Description: The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system.
CVSS: CRITICAL (9.8) EPSS Score: 0.11%
May 12th, 2025 (27 days ago)
|
|
CVE-2025-4557 |
Description: The specific APIs of Parking Management System from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access specific APIs and operate system functions. These functions include opening gates and restarting the system.
CVSS: CRITICAL (9.1) EPSS Score: 0.19%
May 12th, 2025 (27 days ago)
|
|
CVE-2025-4556 |
Description: The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
CVSS: CRITICAL (9.8) EPSS Score: 0.25%
May 12th, 2025 (27 days ago)
|