Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11951 |
Description: The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 5th, 2025 (about 2 months ago)
|
|
CVE-2025-25015 |
Description: Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests.
In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors
CVSS: CRITICAL (9.9) EPSS Score: 0.21%
March 5th, 2025 (about 2 months ago)
|
|
CVE-2025-1515 |
Description: The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient identity verification on the LinkedIn login request process. This makes it possible for unauthenticated attackers to bypass official authentication and log in as any user on the site, including administrators.
CVSS: CRITICAL (9.8) EPSS Score: 0.15%
March 5th, 2025 (about 2 months ago)
|
|
CVE-2024-13787 |
Description: The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'veda_backup_and_restore_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
CVSS: CRITICAL (9.8) EPSS Score: 0.12%
March 5th, 2025 (about 2 months ago)
|
|
CVE-2025-1393 |
Description: An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
CVSS: CRITICAL (9.8) EPSS Score: 0.12%
March 5th, 2025 (about 2 months ago)
|
|
CVE-2025-27682 |
Description: Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Insecure Log Permissions V-2022-005.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
March 5th, 2025 (about 2 months ago)
|
|
CVE-2025-27658 |
Description: Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Authentication Bypass OVE-20230524-0001.
CVSS: CRITICAL (9.8) EPSS Score: 0.07%
March 5th, 2025 (about 2 months ago)
|
|
CVE-2025-27655 |
Description: Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: CPA v1 V-2023-009.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 5th, 2025 (about 2 months ago)
|
|
CVE-2025-27647 |
Description: Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication V-2024-002.
CVSS: CRITICAL (9.8) EPSS Score: 0.07%
March 5th, 2025 (about 2 months ago)
|
|
CVE-2025-1316 |
🚨 Marked as known exploited on March 17th, 2025 (about 1 month ago).
Description: Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device
CVSS: CRITICAL (9.3) EPSS Score: 50.61%
March 5th, 2025 (about 2 months ago)
|