Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-13160
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Description: Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

CVSS: CRITICAL (9.8)

Source: CISA KEV
March 10th, 2025 (about 1 month ago)

CVE-2024-13161
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Description: Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

CVSS: CRITICAL (9.8)

Source: CISA KEV
March 10th, 2025 (about 1 month ago)

CVE-2025-26936
CVE-2025-26936: WordPress Fresh Framework Plugin <= 1.70.0 is vulnerable to Remote Code Execution (RCE)
Description: CVE-2025-26936: WordPress Fresh Framework Plugin <= 1.70.0 is vulnerable to Remote Code Execution (RCE)

CVSS: CRITICAL (10.0)

EPSS Score: 0.07%

Source: DarkWebInformer
March 10th, 2025 (about 1 month ago)

CVE-2025-26936
WordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Remote Code Execution (RCE) vulnerability
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh Framework allows Code Injection. This issue affects Fresh Framework: from n/a through 1.70.0.

CVSS: CRITICAL (10.0)

EPSS Score: 0.07%

Source: CVE
March 10th, 2025 (about 1 month ago)

CVE-2025-26916
WordPress Massive Dynamic theme <= 8.2 - Unauthenticated Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EPC Massive Dynamic. This issue affects Massive Dynamic: from n/a through 8.2.

CVSS: CRITICAL (9.0)

EPSS Score: 0.14%

SSVC Exploitation: none

Source: CVE
March 10th, 2025 (about 1 month ago)

CVE-2025-1497
Remote Code Execution in PlotAI
Description: A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting the risk. The vendor does not plan to release a patch to fix this vulnerability.

CVSS: CRITICAL (9.3)

EPSS Score: 0.42%

Source: CVE
March 10th, 2025 (about 1 month ago)

CVE-2025-0177
Javo Core <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup
Description: The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.

CVSS: CRITICAL (9.8)

EPSS Score: 0.06%

Source: CVE
March 8th, 2025 (about 1 month ago)

CVE-2023-20025
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Vulnerabilities
Description: Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device. For more information about these vulnerabilities, see the Details section of this advisory.  Cisco has not released software updates to address the vulnerabilities described in this advisory. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5 Security Impact Rating: Critical CVE: CVE-2023-20025,CVE-2023-20026,CVE-2023-20118

CVSS: CRITICAL (9.0)

Source: Cisco Security Advisory
March 7th, 2025 (about 1 month ago)

CVE-2025-27603
XWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translations
Description: XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. A user that doesn't have programming rights can execute arbitrary code due to an unescaped translation when creating a page using the Migration Page template. This vulnerability is fixed in 1.2.0.

CVSS: CRITICAL (9.1)

EPSS Score: 0.1%

Source: CVE
March 7th, 2025 (about 1 month ago)

CVE-2025-27519
Cognita Arbitrary File Write
Description: Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setup using Docker. Because the docker environment sets up the backend uvicorn server with auto reload enabled, when an attacker overwrites the /app/backend/__init__.py file, the file will automatically be reloaded and executed. This allows an attacker to get remote code execution in the context of the Docker container. This vulnerability is fixed in commit a78bd065e05a1b30a53a3386cc02e08c317d2243.

CVSS: CRITICAL (9.3)

EPSS Score: 0.31%

Source: CVE
March 7th, 2025 (about 1 month ago)