Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-40460
An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE
Description: An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE

CVSS: HIGH (7.8)

EPSS Score: 0.01%

Source: CVE
May 22nd, 2025 (18 days ago)

CVE-2024-40459
An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function
Description: An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function

CVSS: HIGH (7.8)

EPSS Score: 0.01%

Source: CVE
May 22nd, 2025 (18 days ago)

CVE-2024-40458
An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets.
Description: An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets.

CVSS: HIGH (7.8)

EPSS Score: 0.02%

Source: CVE
May 22nd, 2025 (18 days ago)

CVE-2025-3887
GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Description: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.

CVSS: HIGH (8.8)

EPSS Score: 0.18%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (18 days ago)

CVE-2025-3882
eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability
Description: eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the dest parameter provided to the nwcheckexec.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23114.

CVSS: HIGH (8.8)

EPSS Score: 0.13%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (18 days ago)

CVE-2025-3881
eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability
Description: eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the ntp parameter provided to the check_req.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23113.

CVSS: HIGH (8.8)

EPSS Score: 0.13%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (18 days ago)

CVE-2024-13957
SSRF Server Side Request Forgery
Description: SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVSS: HIGH (7.6)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (18 days ago)

CVE-2024-13955
SQL Injection 2nd Order
Description: 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVSS: HIGH (8.8)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (18 days ago)

CVE-2024-13952
Remote Code Execution
Description: Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVSS: HIGH (8.4)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (18 days ago)

CVE-2024-13951
One way hash with predictable salt
Description: One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVSS: HIGH (7.6)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (18 days ago)