Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24480 |
Description: A Remote Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to lack of input sanitation and could allow a remote attacker to run commands or code as a high privileged user.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 29th, 2025 (3 months ago)
|
|
CVE-2025-23211 |
Description: Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.
CVSS: CRITICAL (10.0) EPSS Score: 0.05%
January 29th, 2025 (3 months ago)
|
|
CVE-2024-13448 |
Description: The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 29th, 2025 (3 months ago)
|
|
CVE-2024-12649 |
Description: Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
January 29th, 2025 (3 months ago)
|
|
CVE-2024-12648 |
Description: Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
January 29th, 2025 (3 months ago)
|
|
CVE-2024-12647 |
Description: Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
January 29th, 2025 (3 months ago)
|
|
CVE-2025-24671 |
Description: Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Object Injection. This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 4.4.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-24667 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.17.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-24665 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Unishippers Edition allows SQL Injection. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.8.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-24664 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology LTL Freight Quotes – Worldwide Express Edition allows SQL Injection. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.20.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|