Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22457 |
Description: Ivanti Connect Secure, Policy Secure and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.
CVSS: CRITICAL (9.0) EPSS Score: 10.25%
April 4th, 2025 (2 months ago)
|
|
Description: Summary
A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version(v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server.
Details
It exists an unsafe code segment in serde.py:
def deserialize_value(self, payload: Payload) -> t.Any:
if "buffer-lengths" not in payload.metadata:
return pickle.loads(b"".join(payload.data))
Through data flow analysis, it is confirmed that the payload content is sourced from an HTTP request, which can be fully manipulated by the attack. Due to the lack of validation in the code, maliciously crafted serialized data can execute harmful actions during deserialization.
PoC
Environment:
Server host:
IP: 10.98.36.123
OS: Ubuntu
Attack host:
IP: 10.98.36.121
OS: Ubuntu
Follow the instructions on the BentoML official README(https://github.com/bentoml/BentoML) to set up the environment.
1.1 Install BentoML (Server host: 10.98.36.123) :
pip install -U bentoml
1.2 Define APIs in a service.py file (Server host: 10.98.36.123) :
from __future__ import annotations
import bentoml
@bentoml.service(
resources={"cpu": "4"}
)
class Summarization:
def __init__(self) -> None:
import torch
from transformers import pipeline
device = "cuda" if torch.cuda.is_available() else "cpu"
self.pipeline = pipeline('summarization', device=device)
@bentoml.api(batchable=True)
def summarize(self, texts: list...
CVSS: CRITICAL (9.8) EPSS Score: 49.06%
April 4th, 2025 (2 months ago)
|
|
CVE-2025-32118 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance allows Using Malicious Files. This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.13.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 4th, 2025 (2 months ago)
|
|
CVE-2025-31480 |
Description: aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and ensure they run the latest version issuing ALTER EXTENSION aiven_extras UPDATE TO '1.1.16' after installing it. This needs to happen in each database aiven_extras has been installed in.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 4th, 2025 (2 months ago)
|
|
CVE-2025-27520 |
Description: BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. It exists an unsafe code segment in serde.py. This vulnerability is fixed in 1.4.3.
CVSS: CRITICAL (9.8) EPSS Score: 49.06% SSVC Exploitation: poc
April 4th, 2025 (2 months ago)
|
|
|
Description: Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules).
The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution.
This issue affects pgAdmin 4: before 9.2.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-2945
https://github.com/pgadmin-org/pgadmin4/issues/8603
https://github.com/pgadmin-org/pgadmin4/commit/75be0bc22d3d8d7620711835db817bd7c021007c
https://github.com/advisories/GHSA-g73c-fw68-pwx3
CVSS: CRITICAL (9.9) EPSS Score: 31.44%
April 4th, 2025 (2 months ago)
|
|
|
Description: pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-2946
https://github.com/pgadmin-org/pgadmin4/issues/8602
https://github.com/pgadmin-org/pgadmin4/commit/1305d9910beefd0d6b4c7eb4f111f86edb1d356b
https://github.com/advisories/GHSA-2rrx-pphc-qfv9
CVSS: CRITICAL (9.1) EPSS Score: 0.03%
April 4th, 2025 (2 months ago)
|
|
CVE-2025-31403 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 4th, 2025 (2 months ago)
|
|
CVE-2025-2798 |
Description: The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link.
CVSS: CRITICAL (9.8) EPSS Score: 0.23%
April 4th, 2025 (2 months ago)
|
|
CVE-2024-51800 |
Description: Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
April 4th, 2025 (2 months ago)
|