Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54028 |
Description: An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
CVSS: HIGH (8.4) EPSS Score: 0.02%
June 2nd, 2025 (6 days ago)
|
|
CVE-2024-52035 |
Description: An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
CVSS: HIGH (8.4) EPSS Score: 0.02%
June 2nd, 2025 (6 days ago)
|
|
CVE-2024-48877 |
Description: A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVSS: HIGH (8.4) EPSS Score: 0.02%
June 2nd, 2025 (6 days ago)
|
|
Description: Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild.
The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below -
CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) - Two incorrect authorization vulnerabilities in the Graphics
CVSS: HIGH (8.6) EPSS Score: 3.15%
June 2nd, 2025 (6 days ago)
|
|
CVE-2025-37092 |
Description: A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVSS: HIGH (7.2) EPSS Score: 0.42%
June 2nd, 2025 (6 days ago)
|
|
CVE-2025-37091 |
Description: A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVSS: HIGH (7.2) EPSS Score: 0.2% SSVC Exploitation: none
June 2nd, 2025 (6 days ago)
|
|
CVE-2025-37089 |
Description: A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVSS: HIGH (7.2) EPSS Score: 0.42% SSVC Exploitation: none
June 2nd, 2025 (6 days ago)
|
|
CVE-2025-26396 |
Description: The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability.
CVSS: HIGH (7.8) EPSS Score: 0.01% SSVC Exploitation: none
June 2nd, 2025 (6 days ago)
|
|
CVE-2024-57783 |
Description: The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.
CVSS: HIGH (8.1) EPSS Score: 0.02%
June 2nd, 2025 (6 days ago)
|
|
CVE-2024-20498 |
Description:
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition to the AnyConnect VPN service on an affected device.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco Meraki has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2
Security Impact Rating: High
CVE: CVE-2024-20498,CVE-2024-20499,CVE-2024-20500,CVE-2024-20501,CVE-2024-20502,CVE-2024-20513
CVSS: HIGH (8.6) EPSS Score: 0.06%
June 2nd, 2025 (6 days ago)
|