Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26966 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.08% SSVC Exploitation: none
February 25th, 2025 (about 2 months ago)
|
|
CVE-2025-26943 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jürgen Müller Easy Quotes allows Blind SQL Injection. This issue affects Easy Quotes: from n/a through 1.2.2.
CVSS: CRITICAL (9.3) EPSS Score: 0.04% SSVC Exploitation: none
February 25th, 2025 (about 2 months ago)
|
|
CVE-2025-26900 |
Description: Deserialization of Untrusted Data vulnerability in flexmls Flexmls® IDX allows Object Injection. This issue affects Flexmls® IDX: from n/a through 3.14.27.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
February 25th, 2025 (about 2 months ago)
|
|
CVE-2025-24032 |
Description:
Nessus Plugin ID 216720 with Critical Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0688-1 advisory. - CVE-2025-24032: default value for `cert_policy` (`none`) allows for authentication bypass (bsc#1237062). - CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to crash (bsc#1237058).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected pam_pkcs11 and / or pam_pkcs11-32bit packages.
Read more at https://www.tenable.com/plugins/nessus/216720
CVSS: CRITICAL (9.2) EPSS Score: 0.05%
February 25th, 2025 (about 2 months ago)
|
|
CVE-2025-24032 |
Description:
Nessus Plugin ID 216733 with Critical Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0689-1 advisory. - CVE-2025-24032: default value for `cert_policy` (`none`) allows for authentication bypass (bsc#1237062). - CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to crash (bsc#1237058).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected pam_pkcs11, pam_pkcs11-32bit and / or pam_pkcs11-devel-doc packages.
Read more at https://www.tenable.com/plugins/nessus/216733
CVSS: CRITICAL (9.2) EPSS Score: 0.05%
February 25th, 2025 (about 2 months ago)
|
|
CVE-2025-1128 |
Description: The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVF_Form_Fields_Upload class in all versions up to, and including, 3.0.9.4. This makes it possible for unauthenticated attackers to upload, read, and delete arbitrary files on the affected site's server which may make remote code execution, sensitive information disclosure, or a site takeover possible.
CVSS: CRITICAL (9.8) EPSS Score: 0.7%
February 25th, 2025 (about 2 months ago)
|
|
CVE-2017-3066 |
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are listed below -
CVE-2017-3066 (CVSS score: 9.8) - A deserialization vulnerability impacting
CVSS: CRITICAL (9.8)
February 25th, 2025 (about 2 months ago)
|
|
CVE-2025-27140 |
Description: WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, `importar_dump.php` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. The command is basically a command to move a temporary file, so a webshell upload is also possible. Version 3.2.15 contains a patch for the issue.
CVSS: CRITICAL (10.0) EPSS Score: 0.28%
February 24th, 2025 (about 2 months ago)
|
|
CVE-2025-27364 |
Description: In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera's Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.
CVSS: CRITICAL (10.0) EPSS Score: 0.56% SSVC Exploitation: poc
February 24th, 2025 (about 2 months ago)
|
|
CVE-2025-27364 |
Description: CVE-2025-27364: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS: CRITICAL (10.0) EPSS Score: 0.56%
February 24th, 2025 (about 2 months ago)
|