Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS).
The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024," JPCERT/CC researcher Yuma
CVSS: CRITICAL (9.0)
April 25th, 2025 (about 1 month ago)
|
CVE-2025-46616 |
Description: Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage.
CVSS: CRITICAL (9.9) EPSS Score: 0.21%
April 25th, 2025 (about 1 month ago)
|
|
CVE-2025-46272 |
Description: WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection
attack that could allow an unauthenticated attacker to execute OS
commands on the host system.
CVSS: CRITICAL (9.1) EPSS Score: 2.91%
April 25th, 2025 (about 1 month ago)
|
|
CVE-2025-46275 |
Description: WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could
allow an attacker to create an administrator account without knowing any
existing credentials.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-46274 |
Description: UNI-NMS-Lite uses hard-coded credentials that could allow an
unauthenticated attacker to read, manipulate and create entries in the
managed database.
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-46273 |
Description: UNI-NMS-Lite uses hard-coded credentials that could allow an
unauthenticated attacker to gain administrative privileges to all
UNI-NMS managed devices.
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-46271 |
Description: UNI-NMS-Lite is vulnerable to a command injection attack that could
allow an unauthenticated attacker to read or manipulate device data.
CVSS: CRITICAL (9.1) EPSS Score: 2.91%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2024-32752 |
Description: The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated
communications with ICU, which may allow an attacker to gain unauthorized access
CVSS: CRITICAL (9.1) EPSS Score: 0.21% SSVC Exploitation: none
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-26382 |
Description: Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue
CVSS: CRITICAL (9.3) EPSS Score: 0.06%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-43859 |
Description: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
April 24th, 2025 (about 2 months ago)
|