Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-38337 |
Description: IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments.
CVSS: CRITICAL (9.1) EPSS Score: 0.09%
January 20th, 2025 (3 months ago)
|
|
CVE-2024-13375 |
Description: The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the adifier_recover() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 19th, 2025 (3 months ago)
|
|
CVE-2025-23202 |
Description: Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vulnerability could allow an attacker to manipulate the API request URLs, potentially leading to unauthorized access or data tampering. This issue has been addressed in version 0.0.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 18th, 2025 (3 months ago)
|
|
CVE-2024-13503 |
Description: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclusion.
This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The issue is both present on the PowerPC versions of the modem and the ARM versions.
A stack buffer buffer overflow in the swdownload binary allows attackers to execute arbitrary code. The parse_INFO function uses an unrestricted `sscanf` to read a string of an incoming network packet into a statically sized buffer.
CVSS: CRITICAL (9.5) EPSS Score: 0.04%
January 18th, 2025 (3 months ago)
|
|
CVE-2024-13502 |
Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19.
The `commit_multicast` page used to configure multicasts in the modem's web administration interface uses improperly parses incoming data from the request before passing it to an `eval` statement in a bash script. This allows attackers to inject arbitrary shell commands.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 18th, 2025 (3 months ago)
|
|
CVE-2025-0282 |
Description: CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident response case.
The post Threat Brief: CVE-2025-0282 and CVE-2025-0283 appeared first on Unit 42.
CVSS: CRITICAL (9.0) EPSS Score: 15.33%
January 17th, 2025 (3 months ago)
|
|
CVE-2025-23922 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through 1.0.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 17th, 2025 (3 months ago)
|
|
CVE-2025-23797 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through 1.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 17th, 2025 (3 months ago)
|
|
CVE-2025-0471 |
Description: Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
January 17th, 2025 (3 months ago)
|
|
CVE-2025-0456 |
Description: The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 17th, 2025 (3 months ago)
|