Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-8997 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: through 18.03.2025.
CVSS: CRITICAL (9.8) EPSS Score: 0.04% SSVC Exploitation: none
March 18th, 2025 (about 1 month ago)
|
|
CVE-2024-23786 |
Description: Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product.
CVSS: CRITICAL (9.3) EPSS Score: 1.89% SSVC Exploitation: none
March 18th, 2025 (about 1 month ago)
|
|
CVE-2024-23943 |
Description: An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected.
CVSS: CRITICAL (9.1) EPSS Score: 0.07%
March 18th, 2025 (about 1 month ago)
|
|
Description: Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-1398
https://mattermost.com/security-updates
https://github.com/advisories/GHSA-xmvv-w44w-j8wx
CVSS: CRITICAL (10.0) EPSS Score: 0.01%
March 17th, 2025 (about 1 month ago)
|
|
CVE-2024-21014 |
Description: Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS: CRITICAL (9.8) EPSS Score: 0.58% SSVC Exploitation: none
March 17th, 2025 (about 1 month ago)
|
|
CVE-2025-1398 |
Description: Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.
CVSS: CRITICAL (10.0) EPSS Score: 0.01%
March 17th, 2025 (about 1 month ago)
|
|
CVE-2024-21010 |
Description: Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVSS: CRITICAL (9.9) EPSS Score: 0.48% SSVC Exploitation: none
March 17th, 2025 (about 1 month ago)
|
|
|
Description: A Privilege Escalation through a Mass Assignment exists in Camaleon CMS
When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-2304
https://www.tenable.com/security/research/tra-2025-09
https://github.com/owen2345/camaleon-cms/pull/1109
https://github.com/owen2345/camaleon-cms/commit/179fd6b1ecf258d3e214aebfa87ac4a322ea4db4
https://github.com/owen2345/camaleon-cms/releases/tag/2.9.1
https://github.com/advisories/GHSA-rp28-mvq3-wf8j
CVSS: CRITICAL (9.4) EPSS Score: 0.06%
March 17th, 2025 (about 1 month ago)
|
|
Description: An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024.
The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a
CVSS: CRITICAL (9.3) EPSS Score: 50.61%
March 17th, 2025 (about 1 month ago)
|
|
CVE-2025-2200 |
Description: QL injection vulnerability in the IcProgreso Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query on the parameters user, id, idGroup, start_date and end_date in the endpoint /report/icprogreso/generar_blocks.php.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
March 17th, 2025 (about 1 month ago)
|