Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-22636 |
Description: PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field.
CVSS: HIGH (8.8) EPSS Score: 3.57% SSVC Exploitation: poc
May 30th, 2025 (9 days ago)
|
|
CVE-2024-22424 |
Description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo CD. A CSRF attack works by tricking an authenticated Argo CD user into loading a web page which contains code to call Argo CD API endpoints on the victim’s behalf. For example, an attacker could send an Argo CD user a link to a page which looks harmless but in the background calls an Argo CD API endpoint to create an application running malicious code. Argo CD uses the “Lax” SameSite cookie policy to prevent CSRF attacks where the attacker controls an external domain. The malicious external website can attempt to call the Argo CD API, but the web browser will refuse to send the Argo CD auth token with the request. Many companies host Argo CD on an internal subdomain. If an attacker can place malicious code on, for example, https://test.internal.example.com/, they can still perform a CSRF attack. In this case, the “Lax” SameSite cookie does not prevent the browser from sending the auth cookie, because the destination is a parent domain of the Argo CD API. Browsers generally block such attacks by applying CORS policies to sensitive requests with sensitive content types. Specifically, browsers will send a “preflight request” for POSTs with content type “application/json” asking the d...
CVSS: HIGH (8.4) EPSS Score: 0.06% SSVC Exploitation: poc
May 30th, 2025 (9 days ago)
|
|
CVE-2024-0778 |
Description: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. Eine kritische Schwachstelle wurde in Uniview ISC 2500-S bis 20210930 entdeckt. Es geht hierbei um die Funktion setNatConfig der Datei /Interface/DevManage/VM.php. Mittels dem Manipulieren des Arguments natAddress/natPort/natServerPort mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.0) EPSS Score: 29.84% SSVC Exploitation: poc
May 30th, 2025 (9 days ago)
|
|
CVE-2024-0521 |
Description: Code Injection in paddlepaddle/paddle
CVSS: HIGH (7.8) EPSS Score: 0.06% SSVC Exploitation: poc
May 30th, 2025 (9 days ago)
|
|
CVE-2025-5190 |
Description: The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the 'IS_BA_Browse_As::notice' function with the 'is_ba_original_user_COOKIEHASH' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the user id.
CVSS: HIGH (8.8) EPSS Score: 0.06%
May 30th, 2025 (9 days ago)
|
|
CVE-2025-1763 |
Description: An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
CVSS: HIGH (8.7) EPSS Score: 0.02%
May 30th, 2025 (9 days ago)
|
|
CVE-2025-48912 |
Description: An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data.
This issue affects Apache Superset: before 4.1.2.
Users are recommended to upgrade to version 4.1.2, which fixes the issue.
CVSS: HIGH (7.1) EPSS Score: 0.08%
May 30th, 2025 (9 days ago)
|
|
CVE-2025-4636 |
Description: Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user
CVSS: HIGH (7.8) EPSS Score: 0.01%
May 30th, 2025 (9 days ago)
|
|
CVE-2025-48936 |
Description: Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user. If an attacker can manipulate these headers (e.g., via host header injection), they could cause ZITADEL to generate a password reset link pointing to a malicious domain controlled by the attacker. If the user clicks this manipulated link in the email, the secret reset code embedded in the URL can be captured by the attacker. This captured code could then be used to reset the user's password and gain unauthorized access to their account. This specific attack vector is mitigated for accounts that have Multi-Factor Authentication (MFA) or Passwordless authentication enabled. This issue has been patched in versions 2.70.12, 2.71.10, and 3.2.2.
CVSS: HIGH (8.1) EPSS Score: 0.07%
May 30th, 2025 (9 days ago)
|
|
CVE-2025-48492 |
Description: GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE). This issue is set to be patched in version 3.3.22.
CVSS: HIGH (8.6) EPSS Score: 0.29%
May 30th, 2025 (9 days ago)
|