Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk.
The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for
CVSS: CRITICAL (9.0)
April 10th, 2025 (2 months ago)
|
CVE-2024-3057 |
Description: A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.
CVSS: CRITICAL (9.8) EPSS Score: 0.11% SSVC Exploitation: none
April 10th, 2025 (2 months ago)
|
|
CVE-2025-32743 |
Description: In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code, because those lookup values lead to incorrect length calculations and incorrect memcpy operations.
CVSS: CRITICAL (9.0) EPSS Score: 0.09%
April 10th, 2025 (2 months ago)
|
|
CVE-2025-22375 |
Description: An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5 and a patch has been made available to all instances of CyberAudit-Web, including the versions that are End of Maintenance (EOM). Anyone that requires support with the resolution of this issue can contact [email protected] for assistance.
CVSS: CRITICAL (9.3) EPSS Score: 0.1%
April 10th, 2025 (2 months ago)
|
|
CVE-2025-32206 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects allows Upload a Web Shell to a Web Server. This issue affects Processing Projects: from n/a through 1.0.2.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 10th, 2025 (2 months ago)
|
|
CVE-2025-32202 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress allows Upload a Web Shell to a Web Server. This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000025.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 10th, 2025 (2 months ago)
|
|
CVE-2025-32140 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail allows Upload a Web Shell to a Web Server. This issue affects WP Remote Thumbnail: from n/a through 1.3.1.
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
April 10th, 2025 (2 months ago)
|
|
CVE-2025-27690 |
Description: Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user account.
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
April 10th, 2025 (2 months ago)
|
|
CVE-2024-58136 |
🚨 Marked as known exploited on April 10th, 2025 (2 months ago).
Description: Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.
CVSS: CRITICAL (9.0) EPSS Score: 36.6%
April 10th, 2025 (2 months ago)
|
|
CVE-2025-32461 |
Description: wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3.
CVSS: CRITICAL (9.9) EPSS Score: 0.08% SSVC Exploitation: none
April 9th, 2025 (2 months ago)
|