Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-29870 |
Description: Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information.
CVSS: HIGH (7.5) EPSS Score: 0.06%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-27934 |
Description: Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information.
CVSS: HIGH (7.5) EPSS Score: 0.06%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-25053 |
Description: OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
CVSS: HIGH (8.8) EPSS Score: 0.25%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-30290 |
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to access files and directories that are stored outside the intended restricted directory. Exploitation of this issue requires user interaction.
CVSS: HIGH (8.7) EPSS Score: 0.09% SSVC Exploitation: none
April 8th, 2025 (13 days ago)
|
|
CVE-2025-30289 |
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.
CVSS: HIGH (7.5) EPSS Score: 0.21% SSVC Exploitation: none
April 8th, 2025 (13 days ago)
|
|
CVE-2025-30288 |
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.
CVSS: HIGH (7.8) EPSS Score: 0.39% SSVC Exploitation: none
April 8th, 2025 (13 days ago)
|
|
CVE-2025-30287 |
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass authentication mechanisms and execute code with the privileges of the authenticated user. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application.
CVSS: HIGH (8.1) EPSS Score: 0.04% SSVC Exploitation: none
April 8th, 2025 (13 days ago)
|
|
CVE-2025-30284 |
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: HIGH (8.0) EPSS Score: 3.93% SSVC Exploitation: none
April 8th, 2025 (13 days ago)
|
|
CVE-2024-30243 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5.
CVSS: HIGH (8.5) EPSS Score: 0.57% SSVC Exploitation: none
April 8th, 2025 (13 days ago)
|
|
CVE-2024-3008 |
Description: A vulnerability, which was classified as critical, was found in Tenda FH1205 2.0.0.7(775). Affected is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258294 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine Schwachstelle in Tenda FH1205 2.0.0.7(775) gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion formexeCommand der Datei /goform/execCommand. Durch die Manipulation des Arguments cmdinput mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.81% SSVC Exploitation: poc
April 8th, 2025 (13 days ago)
|