Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-0917
remote code execution in paddlepaddle/paddle 2.6.0
Description: remote code execution in paddlepaddle/paddle 2.6.0

CVSS: CRITICAL (9.4)

EPSS Score: 0.29%

Source: CVE
February 14th, 2025 (2 months ago)

CVE-2024-0818
Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6
Description: Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6

CVSS: CRITICAL (9.1)

EPSS Score: 0.06%

Source: CVE
February 14th, 2025 (2 months ago)

CVE-2024-0817
Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0
Description: Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (2 months ago)

CVE-2024-0815
Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0
Description: Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0

CVSS: CRITICAL (9.3)

EPSS Score: 0.05%

Source: CVE
February 14th, 2025 (2 months ago)

CVE-2024-0204
Authentication Bypass in GoAnywhere MFT
Description: Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

CVSS: CRITICAL (9.8)

EPSS Score: 64.5%

Source: CVE
February 14th, 2025 (2 months ago)

CVE-2025-26361
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0...
Description: A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests.

CVSS: CRITICAL (9.1)

EPSS Score: 0.04%

Source: CVE
February 13th, 2025 (2 months ago)

CVE-2025-26359
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0...
Description: A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
February 13th, 2025 (2 months ago)

CVE-2025-26347
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0...
Description: A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
February 13th, 2025 (2 months ago)

CVE-2025-26345
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0...
Description: A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user group permissions via crafted HTTP requests.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
February 13th, 2025 (2 months ago)

CVE-2025-26344
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0...
Description: A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable passwordless guest mode via crafted HTTP requests.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
February 13th, 2025 (2 months ago)