Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0982 |
Description: Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.
CVSS: CRITICAL (9.4) EPSS Score: 0.04%
February 7th, 2025 (2 months ago)
|
|
CVE-2025-0674 |
Description: Multiple Elber products are affected by an authentication bypass
vulnerability which allows unauthorized access to the password
management functionality. Attackers can exploit this issue by
manipulating the endpoint to overwrite any user's password within the
system. This grants them unauthorized administrative access to protected
areas of the application, compromising the device's system security.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 7th, 2025 (2 months ago)
|
|
CVE-2024-51547 |
Description: Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
February 7th, 2025 (2 months ago)
|
|
CVE-2024-51450 |
Description: IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
February 7th, 2025 (2 months ago)
|
|
CVE-2024-39272 |
Description: A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability.
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
February 7th, 2025 (2 months ago)
|
|
CVE-2024-21413 |
Description: Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.
CVSS: CRITICAL (9.8)
February 6th, 2025 (2 months ago)
|
|
CVE-2020-29574 |
Description: CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.
CVSS: CRITICAL (9.8)
February 6th, 2025 (2 months ago)
|
|
CVE-2020-15069 |
Description: Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.
CVSS: CRITICAL (9.8)
February 6th, 2025 (2 months ago)
|
|
CVE-2025-20124 |
Description: Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices.
The vulnerabilities are listed below -
CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
February 6th, 2025 (2 months ago)
|
|
CVE-2025-23114 |
Description: A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
February 6th, 2025 (3 months ago)
|