Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24612 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MORKVA Shipping for Nova Poshta allows SQL Injection. This issue affects Shipping for Nova Poshta: from n/a through 1.19.6.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-24601 |
Description: Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection. This issue affects FundPress: from n/a through 2.0.6.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-22604 |
Description: Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-21311 |
Description: Windows NTLM V1 Elevation of Privilege Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.11%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-21307 |
Description: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-21298 |
Description: Windows OLE Remote Code Execution Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-0357 |
Description: The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 28th, 2025 (3 months ago)
|
|
CVE-2024-6670 |
Description: In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
CVSS: CRITICAL (9.8) EPSS Score: 90.42%
January 28th, 2025 (3 months ago)
|
|
CVE-2024-56012 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Pearlbells Flash News / Post (Responsive), Pearlbells Post Title (TypeWriter) allows Privilege Escalation.This issue affects Flash News / Post (Responsive): from n/a through 4.1; Post Title (TypeWriter): from n/a through 4.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2024-50603 |
🚨 Marked as known exploited on January 13th, 2025 (3 months ago).
Description: An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
CVSS: CRITICAL (10.0) EPSS Score: 92.43%
January 28th, 2025 (3 months ago)
|