Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1127 |
Description: The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
February 14th, 2025 (2 months ago)
|
|
CVE-2025-0896 |
Description: Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker.
CVSS: CRITICAL (9.2) EPSS Score: 0.04%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-7102 |
Description: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.
CVSS: CRITICAL (9.6) EPSS Score: 0.04%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-6913 |
Description: Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.This issue affects ProcessPlus: through 1.11.6507.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.06%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-6912 |
Description: Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.15%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-5217 |
Description: ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
CVSS: CRITICAL (9.2) EPSS Score: 94.59%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-5171 |
Description: Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers:
* Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.
* Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.
* Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.
CVSS: CRITICAL (10.0) EPSS Score: 0.06%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-4879 |
Description: ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
CVSS: CRITICAL (9.3) EPSS Score: 95.01%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-4577 |
Description: In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
CVSS: CRITICAL (9.8) EPSS Score: 95.38%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-39911 |
Description: 1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: CRITICAL (10.0) EPSS Score: 0.15%
February 14th, 2025 (2 months ago)
|