Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-20055 |
Description: OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may execute an arbitrary OS command.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 15th, 2025 (3 months ago)
|
|
CVE-2025-0070 |
Description: SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
January 15th, 2025 (3 months ago)
|
|
CVE-2025-0066 |
Description: Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-55591 |
Description: An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
CVSS: CRITICAL (9.6) EPSS Score: 2.63%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-54142 |
Description: Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has been addressed in commit `92f122c`. Users are advised to update. Users unable to update may remove all groups from `ai bot public sharing allowed groups` site setting.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-49375 |
Description: Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on the Rasa instance eg with `--enable-api`. This is not the default configuration. 2. For unauthenticated RCE to be exploitable, the user must not have configured any authentication or other security controls recommended in our documentation. 3. For authenticated RCE, the attacker must posses a valid authentication token or JWT to interact with the Rasa API. This issue has been addressed in rasa version 3.6.21 and all users are advised to upgrade. Users unable to upgrade should ensure that they require authentication and that only trusted users are given access.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-48856 |
Description: Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-39803 |
Description: Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `sel_mode` POST parameter.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-39802 |
Description: Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_dat` POST parameter.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-39801 |
Description: Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_bandwidth` POST parameter.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 15th, 2025 (3 months ago)
|