Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-11286
WP JobHunt <= 7.1 - Authentication Bypass
Description: The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user's account, including administrators.

CVSS: CRITICAL (9.8)

EPSS Score: 0.15%

Source: CVE
March 14th, 2025 (about 1 month ago)

CVE-2024-11285
WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover
Description: The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.

CVSS: CRITICAL (9.8)

EPSS Score: 0.07%

Source: CVE
March 14th, 2025 (about 1 month ago)

CVE-2024-11284
WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover
Description: The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the account_settings_save_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

CVSS: CRITICAL (9.8)

EPSS Score: 0.07%

Source: CVE
March 14th, 2025 (about 1 month ago)

CVE-2024-22718
Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application...
Description: Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL.

CVSS: CRITICAL (9.6)

EPSS Score: 0.35%

SSVC Exploitation: none

Source: CVE
March 13th, 2025 (about 1 month ago)

CVE-2024-36130
An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to...
Description: An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.

CVSS: CRITICAL (9.8)

EPSS Score: 9.11%

SSVC Exploitation: none

Source: CVE
March 13th, 2025 (about 1 month ago)

CVE-2024-22923
SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script.
Description: SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script.

CVSS: CRITICAL (9.8)

EPSS Score: 0.38%

SSVC Exploitation: none

Source: CVE
March 13th, 2025 (about 1 month ago)

CVE-2024-0039
In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code...
Description: In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS: CRITICAL (9.8)

EPSS Score: 20.65%

SSVC Exploitation: none

Source: CVE
March 13th, 2025 (about 1 month ago)

CVE-2024-0390
Hard-coded credentials in iZZi connect application
Description: INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit "reQnet iZZi".This issue affects "iZZi connect" application versions before 2024010401.

CVSS: CRITICAL (9.8)

EPSS Score: 0.24%

SSVC Exploitation: none

Source: CVE
March 13th, 2025 (about 1 month ago)

CVE-2025-2263
Santesoft Sante PACS Server Stack-based Buffer Overflow
Description: During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker.

CVSS: CRITICAL (9.8)

EPSS Score: 0.23%

Source: CVE
March 13th, 2025 (about 1 month ago)

CVE-2025-2080
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that...
Description: Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the products.

CVSS: CRITICAL (9.3)

EPSS Score: 0.06%

Source: CVE
March 13th, 2025 (about 1 month ago)