Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-22988 |
Description: An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component.
CVSS: CRITICAL (9.8) EPSS Score: 0.16% SSVC Exploitation: none
April 22nd, 2025 (about 2 months ago)
|
|
Description: Summary
An unsafe deserialization vulnerability allows for remote code execution on Wazuh servers.The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent.
Details
DistributedAPI parameters are a serialized as JSON and deserialized using as_wazuh_object (in framework/wazuh/core/cluster/common.py). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (__unhandled_exc__) to evaluate arbitrary python code.
Using the server API, it quite easy to trigger. For example, using the run_as endpoint (implemented by run_as_login in api/api/controllers/security_controller.py): the auth_context argument is completely controlled by the attacker, and is forwarded to the master server to handle. By sending a malicious run_as request to a worker server, it is possible to execute code on the master server.
It is also possible to exploit the bug as a compromised agent, in certain configurations.A compromised agent can respond to a getconfig request with a malicious JSON object (containing a serialized unhandled exception). If the getconfig request was caused because of a server API request to /agents/{agent_id}/config/{component}/{configuration} (api.controllers.agent_controller.get_agent_config), and the agent is managed by a server other than the one that received the server API request, the unsafe des...
CVSS: CRITICAL (9.9)
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2024-25291 |
Description: Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.
CVSS: CRITICAL (9.8) EPSS Score: 11.64% SSVC Exploitation: none
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2025-27495 |
Description: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: TeleControl Server Basic
Vulnerabilities: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to read and write to the application's database, cause a denial-of-service condition, and execute code in an OS shell.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
TeleControl Server Basic: versions prior to V3.1.2.2
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89
The affected application is vulnerable to SQL injection through the internally used 'CreateTrace' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected...
CVSS: CRITICAL (9.8) EPSS Score: 0.13%
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2024-6407 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: Wiser Home Controller WHC-5918A
Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to disclose sensitive credentials.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Schneider Electric reports the following products are affected:
Wiser Home Controller WHC-5918A: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200
An information exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device.
CVE-2024-6407 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-6407. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: France
3.4 RESEARCHER
Schneider Electric reported this vulnerability to CISA.
4. MITIGATIONS
Schneider Electric reports the Wiser Home Controller WHC-5918A product has been discontinued and is out of support. Users should consider upgrad...
CVSS: CRITICAL (9.8)
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2025-1950 |
Description: IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
CVSS: CRITICAL (9.3) EPSS Score: 0.01%
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2024-40446 |
Description: An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2025-24813 |
Description:
Nessus Plugin ID 234708 with Critical Severity
Synopsis
The remote Amazon Linux AMI host is missing a security update.
Description
The version of tomcat8 installed on the remote host is prior to 8.5.99-1.98. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1969 advisory. Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:- writes enabled for the default servlet (disabled by default)- support for partial PUT (enabled by default)- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads- attacker knowledge of the names of security sensitive files being uploaded- the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution:- writes enabled for the default servlet (disabled by default)- support for partial PUT (enabled by default)- application was using Tomcat's file based session persistence with the defaul...
CVSS: CRITICAL (9.8)
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2024-58250 |
Description: The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.
CVSS: CRITICAL (9.3) EPSS Score: 0.02% SSVC Exploitation: none
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2025-32958 |
Description: Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in the AdeptLanguage/Adept repository. This issue has been patched in commit a1a41b7.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
April 21st, 2025 (about 2 months ago)
|