Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27082 |
Description: Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlying host operating system.
CVSS: HIGH (7.2) EPSS Score: 0.06%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-3289 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-3288 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-3287 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-3286 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-3285 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-32018 |
Description: Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the user or via maliciously crafted context, to automatically write to files outside of the opened workspace. This behavior required deliberate prompting, making successful exploitation highly impractical in real-world scenarios. Furthermore, the edited file was still displayed in the UI as usual for user review, making it unlikely for the edit to go unnoticed by the user. This vulnerability is fixed in 0.48.7.
CVSS: HIGH (8.1) EPSS Score: 0.03%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-2829 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-2293 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (14 days ago)
|
|
CVE-2025-2288 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (14 days ago)
|