Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-21198 |
Description: Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
CVSS: CRITICAL (9.0) EPSS Score: 0.05%
February 12th, 2025 (3 months ago)
|
|
CVE-2025-1144 |
Description: School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrator credentials.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 12th, 2025 (3 months ago)
|
|
CVE-2025-1126 |
Description: A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
February 12th, 2025 (3 months ago)
|
|
CVE-2025-1044 |
Description: Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the web service, which listens on TCP port 443 by default. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25336.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
February 12th, 2025 (3 months ago)
|
|
CVE-2025-0181 |
Description: The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.7. This is due to the plugin not properly validating a user's identity prior to setting the current user and their authentication cookie. This makes it possible for unauthenticated attackers to gain access to a target user's (e.g. administrators) account.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
February 12th, 2025 (3 months ago)
|
|
CVE-2025-0180 |
Description: The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
February 12th, 2025 (3 months ago)
|
|
CVE-2024-47908 |
Description: OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
February 12th, 2025 (3 months ago)
|
|
CVE-2024-10644 |
Description: Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
February 12th, 2025 (3 months ago)
|
|
CVE-2024-38856 |
Description: Apache OFBiz Exploit - CVE-2024-38856
CVSS: CRITICAL (9.8)
February 11th, 2025 (3 months ago)
|
|
CVE-2025-24032 |
Description: PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if cert_policy is set to none (the default value), then pam_pkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user's public data (e.g. the user's certificate) and a PIN known to the attacker. If no signature with the private key is required, then the attacker may now login as user with that created token. The default to *not* check the private key's signature has been changed with commit commi6638576892b59a99389043c90a1e7dd4d783b921, so that all versions starting with pam_pkcs11-0.6.0 should be affected. As a workaround, in `pam_pkcs11.conf`, set at least `cert_policy = signature;`.
CVSS: CRITICAL (9.2) EPSS Score: 0.05%
February 11th, 2025 (3 months ago)
|