Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-58250 |
Description: The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.
CVSS: CRITICAL (9.3) EPSS Score: 0.02% SSVC Exploitation: none
April 22nd, 2025 (about 2 months ago)
|
|
CVE-2025-32958 |
Description: Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in the AdeptLanguage/Adept repository. This issue has been patched in commit a1a41b7.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
April 21st, 2025 (about 2 months ago)
|
|
CVE-2024-38428 |
Description: url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
CVSS: CRITICAL (9.1) EPSS Score: 0.27% SSVC Exploitation: none
April 21st, 2025 (about 2 months ago)
|
|
CVE-2025-0632 |
Description: Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise.
This issue affects Rock Maker Web: from 3.2.1.1 and later
CVSS: CRITICAL (9.2) EPSS Score: 0.56%
April 21st, 2025 (about 2 months ago)
|
|
Description: Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. [...]
CVSS: CRITICAL (10.0) EPSS Score: 37.73%
April 19th, 2025 (about 2 months ago)
|
|
Description: ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices.
The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0.
"An improper authentication control vulnerability exists in certain ASUS router firmware series,"
CVSS: CRITICAL (9.2) EPSS Score: 0.33%
April 19th, 2025 (about 2 months ago)
|
|
CVE-2025-1093 |
Description: The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8) EPSS Score: 0.2%
April 19th, 2025 (about 2 months ago)
|
|
CVE-2025-3278 |
Description: The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
April 19th, 2025 (about 2 months ago)
|
|
CVE-2025-28236 |
Description: Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This vulnerability allows attackers to execute arbitrary code via supplying a crafted update package to the /#/software/upgrades endpoint.
CVSS: CRITICAL (9.8) EPSS Score: 0.13%
April 18th, 2025 (about 2 months ago)
|
|
CVE-2025-32434 |
Description: PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.41%
April 18th, 2025 (about 2 months ago)
|