Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-27133
WeGIA has SQL Injection endpoint at 'dao/pet/adicionar_tipo_exame.php' parameter 'tipo_exame'
Description: WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was discovered in the WeGIA application prior to version 3.2.15 at the `adicionar_tipo_exame.php` endpoint. This vulnerability allows an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. Version 3.2.15 contains a patch for the issue.

CVSS: CRITICAL (9.4)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (about 2 months ago)

CVE-2024-54820
CVE-2024-54820: Vulnerability: Unauthenticated SQL Injection - Clear Credentials Dump
Description: CVE-2024-54820: Vulnerability: Unauthenticated SQL Injection - Clear Credentials Dump

CVSS: CRITICAL (9.8)

EPSS Score: 0.3%

Source: DarkWebInformer
February 24th, 2025 (about 2 months ago)

CVE-2025-25279
[github.com/mattermost/mattermost/server/v8] Mattermost allows reading arbitrary files related to importing boards
Description: Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards. References https://nvd.nist.gov/vuln/detail/CVE-2025-25279 https://mattermost.com/security-updates https://github.com/mattermost/mattermost-plugin-boards/commit/025ce8d363a054473bc002f43f602a4032d38c06 https://github.com/mattermost/mattermost/commit/4ed702ccff4ec3c9eff832a9b6060f9f4454141d https://github.com/advisories/GHSA-5fwx-p6xh-vjrh

CVSS: CRITICAL (9.9)

EPSS Score: 4.4%

Source: Github Advisory Database (Go)
February 24th, 2025 (about 2 months ago)

CVE-2025-20051
[github.com/mattermost/mattermost/server/v8] Mattermost allows reading arbitrary files
Description: Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards. References https://nvd.nist.gov/vuln/detail/CVE-2025-20051 https://mattermost.com/security-updates https://github.com/mattermost/mattermost-plugin-boards/commit/025ce8d363a054473bc002f43f602a4032d38c06 https://github.com/mattermost/mattermost/commit/4ed702ccff4ec3c9eff832a9b6060f9f4454141d https://github.com/advisories/GHSA-v469-7wp6-7cvp

CVSS: CRITICAL (9.9)

EPSS Score: 0.08%

Source: Github Advisory Database (Go)
February 24th, 2025 (about 2 months ago)

CVE-2024-54820
XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnerability in the login page. This vulnerability...
Description: XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnerability in the login page. This vulnerability allows attackers to extract all usernames and passwords via a crafted input.

CVSS: CRITICAL (9.8)

EPSS Score: 0.3%

SSVC Exploitation: poc

Source: CVE
February 24th, 2025 (about 2 months ago)

CVE-2025-20051
CVE-2025-20051/24490/25279: Mattermost Boards Arbitrary File Read Vulnerability in Multiple Versions
Description: CVE-2025-20051/24490/25279: Mattermost Boards Arbitrary File Read Vulnerability in Multiple Versions

CVSS: CRITICAL (9.9)

EPSS Score: 0.08%

Source: DarkWebInformer
February 24th, 2025 (about 2 months ago)

CVE-2017-3066
Adobe ColdFusion Deserialization Vulnerability
Description: Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.

CVSS: CRITICAL (9.8)

Source: CISA KEV
February 24th, 2025 (about 2 months ago)

CVE-2025-25279
Arbitrary file read in Mattermost Boards via import & export board archive
Description: Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards.

CVSS: CRITICAL (9.9)

EPSS Score: 4.4%

Source: CVE
February 24th, 2025 (about 2 months ago)

CVE-2025-24490
SQL Injection in Mattermost Boards via board category ID reordering
Description: Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to use prepared statements in the SQL query of boards reordering which allows an attacker to retrieve data from the database, via a SQL injection when reordering specially crafted boards categories.

CVSS: CRITICAL (9.6)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (about 2 months ago)

CVE-2025-20051
Arbitrary file read via block duplication in Mattermost Boards
Description: Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards.

CVSS: CRITICAL (9.9)

EPSS Score: 0.08%

Source: CVE
February 24th, 2025 (about 2 months ago)