Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-20188 |
Description: A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.
This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.
Note: For exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device. It is not enabled by default.
CVSS: CRITICAL (10.0) EPSS Score: 3.8%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-6047 |
Description: Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands.
CVSS: CRITICAL (9.8) EPSS Score: 75.4%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-11120 |
Description: Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands.
CVSS: CRITICAL (9.8) EPSS Score: 54.56%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-47657 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Productive Minds Productive Commerce allows SQL Injection. This issue affects Productive Commerce: from n/a through 1.1.22.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-47549 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10.
CVSS: CRITICAL (9.1) EPSS Score: 0.06%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-2777 |
Description: SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
CVSS: CRITICAL (9.3) EPSS Score: 13.47%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-2776 |
Description: SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
CVSS: CRITICAL (9.3) EPSS Score: 13.47%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-2775 |
Description: SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
CVSS: CRITICAL (9.3) EPSS Score: 8.12%
May 7th, 2025 (about 1 month ago)
|
|
🚨 Marked as known exploited on May 7th, 2025 (about 1 month ago).
Description: A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.
"This is due to the create_wp_connection() function missing a capability check and
CVSS: CRITICAL (9.8) EPSS Score: 17.88%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-4104 |
Description: The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_wp_ajax_fed_login_form_post() function in versions 1.0 to 2.2.6. This makes it possible for unauthenticated attackers to reset the administrator’s email and password, and elevate their privileges to that of an administrator.
CVSS: CRITICAL (9.8) EPSS Score: 0.12%
May 7th, 2025 (about 1 month ago)
|