Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-5688
Out of Bounds Write in FreeRTOS-Plus-TCP
Description: We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled. Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.

CVSS: HIGH (7.5)

EPSS Score: 0.01%

Source: CVE
June 4th, 2025 (3 days ago)

CVE-2025-5595
FreeFloat FTP Server PROGRESS Command buffer overflow
Description: A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component PROGRESS Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in FreeFloat FTP Server 1.0 gefunden. Es geht hierbei um eine nicht näher spezifizierte Funktion der Komponente PROGRESS Command Handler. Dank Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.04%

Source: CVE
June 4th, 2025 (3 days ago)

CVE-2025-5594
FreeFloat FTP Server SET Command buffer overflow
Description: A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component SET Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In FreeFloat FTP Server 1.0 wurde eine kritische Schwachstelle gefunden. Es geht um eine nicht näher bekannte Funktion der Komponente SET Command Handler. Dank der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.04%

SSVC Exploitation: poc

Source: CVE
June 4th, 2025 (3 days ago)

CVE-2025-20261
Cisco Integrated Management Controller Privilege Escalation Vulnerability
Description: A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.

CVSS: HIGH (8.8)

EPSS Score: 0.13%

Source: CVE
June 4th, 2025 (3 days ago)

CVE-2025-20163
Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability
Description: A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials.

CVSS: HIGH (8.7)

EPSS Score: 0.02%

Source: CVE
June 4th, 2025 (3 days ago)

CVE-2025-29093
File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the...
Description: File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component.

CVSS: HIGH (8.2)

EPSS Score: 0.09%

Source: CVE
June 4th, 2025 (3 days ago)

CVE-2025-20261
Cisco Integrated Management Controller Privilege Escalation Vulnerability
Description: A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability, but a mitigation is available. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM Security Impact Rating: High CVE: CVE-2025-20261

CVSS: HIGH (8.8)

EPSS Score: 0.13%

Source: Cisco Security Advisory
June 4th, 2025 (3 days ago)

CVE-2025-48961
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build...
Description: Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938.

CVSS: HIGH (7.3)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE
June 4th, 2025 (3 days ago)

CVE-2025-1701
Local Privilege Escalation in MIM Admin Service
Description: CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could exploit this vulnerability by sending a specially crafted request over the RMI interface to execute arbitrary code with the privileges of the MIM Admin service. The RMI interface is only accessible locally (listening on 127.0.0.1), limiting the attack vector to the local machine. This means that in a properly configured hospital environment, an attacker must have already compromised the network and additionally compromised the system where the MIM Admin service is running. From there, attackers with sufficient knowledge of MIM's implementation, library usage, and functionality with access to extend the MIM RMI library could force the MIM Admin service to run commands on the local machine with its privileges. Users of MIM Software products exposed via RDP or multi-user application virtualization system should take note that the system being exposed is the environment hosting the virtualized MIM client. This issue affects MIM Admin Service: before 7.2.13, 7.3.8, 7.4.3

CVSS: HIGH (8.9)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
June 4th, 2025 (3 days ago)

CVE-2025-30415
Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux,...
Description: Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077.

CVSS: HIGH (7.5)

EPSS Score: 0.07%

Source: CVE
June 4th, 2025 (3 days ago)