Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-41788 |
Description: A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
CVSS: CRITICAL (9.1) EPSS Score: 0.27%
April 8th, 2025 (2 months ago)
|
|
CVE-2025-31330 |
Description: SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
April 8th, 2025 (2 months ago)
|
|
CVE-2025-30016 |
Description: SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the application.
CVSS: CRITICAL (9.8) EPSS Score: 0.18%
April 8th, 2025 (2 months ago)
|
|
CVE-2025-27429 |
Description: SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
April 8th, 2025 (2 months ago)
|
|
CVE-2025-2004 |
Description: The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS: CRITICAL (9.1) EPSS Score: 0.34%
April 8th, 2025 (2 months ago)
|
|
CVE-2024-36246 |
Description: Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.
CVSS: CRITICAL (9.8) EPSS Score: 0.21% SSVC Exploitation: none
April 8th, 2025 (2 months ago)
|
|
CVE-2025-3364 |
Description: The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system.
CVSS: CRITICAL (9.8) EPSS Score: 0.02%
April 8th, 2025 (2 months ago)
|
|
CVE-2025-3363 |
Description: The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVSS: CRITICAL (9.8) EPSS Score: 0.62%
April 8th, 2025 (2 months ago)
|
|
CVE-2025-3362 |
Description: The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVSS: CRITICAL (9.8) EPSS Score: 0.62%
April 8th, 2025 (2 months ago)
|
|
CVE-2025-3361 |
Description: The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVSS: CRITICAL (9.8) EPSS Score: 0.62%
April 8th, 2025 (2 months ago)
|