Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-22942 |
Description: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
CVSS: CRITICAL (9.8) EPSS Score: 3.13% SSVC Exploitation: poc
June 3rd, 2025 (3 days ago)
|
|
CVE-2024-22087 |
Description: route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.
CVSS: CRITICAL (9.8) EPSS Score: 4.83% SSVC Exploitation: poc
June 3rd, 2025 (3 days ago)
|
|
CVE-2024-21669 |
Description: Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifying the presentation `document.proof` was not factored into the final `verified` value (`true`/`false`) on the presentation record. The flaw enables holders of W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDPs) to present incorrectly constructed proofs, and allows malicious verifiers to save and replay a presentation from such holders as their own. This vulnerability has been present since version 0.7.0 and fixed in version 0.10.5.
CVSS: CRITICAL (9.9) EPSS Score: 0.14% SSVC Exploitation: poc
June 3rd, 2025 (3 days ago)
|
|
CVE-2024-21638 |
Description: Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.
CVSS: CRITICAL (9.1) EPSS Score: 3.55% SSVC Exploitation: none
June 3rd, 2025 (3 days ago)
|
|
CVE-2024-0322 |
Description: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS: CRITICAL (9.1) EPSS Score: 0.11% SSVC Exploitation: poc
June 3rd, 2025 (3 days ago)
|
|
Description: Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code.
The vulnerability, tracked as CVE-2025-49113, carries a CVSS score of 9.9 out of 10.0. It has been described as a case of post-authenticated remote code execution via
CVSS: CRITICAL (9.9) EPSS Score: 0.66%
June 3rd, 2025 (3 days ago)
|
|
CVE-2025-4517 |
Description: Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data".
You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature.
Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.
Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
CVSS: CRITICAL (9.4) EPSS Score: 0.07%
June 3rd, 2025 (3 days ago)
|
|
CVE-2025-4797 |
Description: The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user's identity prior to setting an authorization cookie. This makes it possible for unauthenticated attackers to log in as any user, including administrators, provided they know the user's email address.
CVSS: CRITICAL (9.8) EPSS Score: 0.07%
June 3rd, 2025 (4 days ago)
|
|
Description: This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-37093.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
June 2nd, 2025 (4 days ago)
|
|
CVE-2024-1015 |
Description: Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device.
CVSS: CRITICAL (9.8) EPSS Score: 1.56% SSVC Exploitation: none
June 2nd, 2025 (4 days ago)
|