Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-25014 |
Description: A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints.
CVSS: CRITICAL (9.1) EPSS Score: 0.25% SSVC Exploitation: none
May 6th, 2025 (about 1 month ago)
|
|
Description: A proof-of-concept exploit has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. [...]
CVSS: CRITICAL (10.0)
May 6th, 2025 (about 1 month ago)
|
|
CVE-2025-4041 |
Description: In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with the device's ssh server and utilize the system's components to perform OS command executions.
CVSS: CRITICAL (9.3) EPSS Score: 0.07%
May 6th, 2025 (about 1 month ago)
|
|
CVE-2025-45492 |
Description: Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.
CVSS: CRITICAL (9.8) EPSS Score: 1.43%
May 6th, 2025 (about 1 month ago)
|
|
CVE-2025-45491 |
Description: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter.
CVSS: CRITICAL (9.8) EPSS Score: 0.87%
May 6th, 2025 (about 1 month ago)
|
|
CVE-2025-45488 |
Description: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter.
CVSS: CRITICAL (9.8) EPSS Score: 0.89%
May 6th, 2025 (about 1 month ago)
|
|
CVE-2025-40625 |
Description: Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file to obtain a Remote Code Execution (RCE).
CVSS: CRITICAL (9.3) EPSS Score: 0.23%
May 6th, 2025 (about 1 month ago)
|
|
CVE-2025-40624 |
Description: SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ and “email” parameters of the ‘updatePassword’ endpoint.
CVSS: CRITICAL (9.3) EPSS Score: 0.09%
May 6th, 2025 (about 1 month ago)
|
|
CVE-2025-40623 |
Description: SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘Sender’ and “email” parameters of the ‘createNotificationAndroid’ endpoint.
CVSS: CRITICAL (9.3) EPSS Score: 0.09%
May 6th, 2025 (about 1 month ago)
|
|
CVE-2025-40622 |
Description: SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘username’ parameter of the ‘GetLastDatePasswordChange’ endpoint.
CVSS: CRITICAL (9.3) EPSS Score: 0.09%
May 6th, 2025 (about 1 month ago)
|