Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-48841 |
Description: Network access can be used to execute arbitrary code with elevated privileges.
This
issue affects FLXEON 9.3.4 and older.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2024-36248 |
Description: API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2024-35244 |
Description: There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2024-21546 |
Description: Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code.
CVSS: CRITICAL (9.3) EPSS Score: 0.05%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-24650 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 25th, 2025 (3 months ago)
|
|
CVE-2025-23006 |
🚨 Marked as known exploited on January 24th, 2025 (3 months ago).
Description: Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
CVSS: CRITICAL (9.8) EPSS Score: 1.37%
January 25th, 2025 (3 months ago)
|
|
CVE-2025-22612 |
Description: Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP / domain, port (most likely 22) and user (root) matches with the victim's server configuration, then the attacker can execute arbitrary commands on the remote server. Version 4.0.0-beta.374 fixes the issue.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 25th, 2025 (3 months ago)
|
|
CVE-2025-22611 |
Description: Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He's also able to kick every other member out of the team, including admins and owners. This allows the attacker to access the `Terminal` feature and execute remote commands. Version 4.0.0-beta.361 fixes the issue.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 25th, 2025 (3 months ago)
|
|
CVE-2025-22609 |
Description: Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server configuration of IP / domain, port (most likely 22) and user (root) matches with the victim's server configuration, then the attacker can use the `Terminal` feature and execute arbitrary commands on the victim's server. Version 4.0.0-beta.361 fixes the issue.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 25th, 2025 (3 months ago)
|
|
CVE-2025-21556 |
Description: Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework. While the vulnerability is in Oracle Agile PLM Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM Framework. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
January 25th, 2025 (3 months ago)
|