Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-27769 |
Description:
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices
CVSS: HIGH (8.8) EPSS Score: 0.27% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|
|
CVE-2024-27195 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Watermark RELOADED allows Stored XSS.This issue affects Watermark RELOADED: from n/a through 1.3.5.
CVSS: HIGH (7.1) EPSS Score: 0.06% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|
|
CVE-2024-27096 |
Description: GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13.
CVSS: HIGH (7.7) EPSS Score: 0.52% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|
|
CVE-2024-2597 |
Description: Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_school_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
CVSS: HIGH (7.1) EPSS Score: 0.07% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|
|
CVE-2024-2586 |
Description: Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
CVSS: HIGH (8.2) EPSS Score: 0.03% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|
|
CVE-2024-2489 |
Description: A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256896. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine kritische Schwachstelle in Tenda AC18 15.03.05.05 entdeckt. Hiervon betroffen ist die Funktion formSetQosBand der Datei /goform/SetNetControlList. Mit der Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.91% SSVC Exploitation: poc
April 10th, 2025 (11 days ago)
|
|
CVE-2024-2469 |
Description: An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS: HIGH (8.0) EPSS Score: 0.78% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|
|
CVE-2024-1685 |
Description: The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
CVSS: HIGH (8.8) EPSS Score: 1.96% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|
|
CVE-2025-29915 |
Description: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues.
CVSS: HIGH (7.5) EPSS Score: 0.02%
April 10th, 2025 (11 days ago)
|
|
CVE-2024-25699 |
Description: There is a difficult to exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise 11.1 and below on Kubernetes which, under unique circumstances, could potentially allow a remote, unauthenticated attacker to compromise the confidentiality, integrity, and availability of the software.
CVSS: HIGH (8.5) EPSS Score: 0.37% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|