Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-44221
SonicWall SMA100 Appliances OS Command Injection Vulnerability
Description: SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user.

CVSS: LOW (0.0)

Source: CISA KEV
May 1st, 2025 (about 1 month ago)

CVE-2025-3504
WP Maps < 4.7.2 - Admin+ Stored XSS
Description: The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: LOW (3.5)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE
May 1st, 2025 (about 1 month ago)

CVE-2025-3502
WP Maps < 4.7.2 - Admin+ Stored XSS
Description: The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: LOW (3.5)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE
May 1st, 2025 (about 1 month ago)

CVE-2024-37996
A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014),...
Description: A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS: LOW (3.3)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
May 1st, 2025 (about 1 month ago)

CVE-2024-32754
Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information
Description: Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.

CVSS: LOW (3.1)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
May 1st, 2025 (about 1 month ago)

CVE-2024-21754
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions,...
Description: A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.

CVSS: LOW (1.8)

EPSS Score: 0.36%

SSVC Exploitation: none

Source: CVE
May 1st, 2025 (about 1 month ago)
SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models
🚨 Marked as known exploited on May 1st, 2025 (about 1 month ago).
Description: SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild. The vulnerabilities in question are listed below - CVE-2023-44221 (CVSS score: 7.2) - Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to

CVSS: LOW (0.0)

Source: TheHackerNews
May 1st, 2025 (about 1 month ago)

CVE-2024-36137
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is...
Description: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.

CVSS: LOW (3.3)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
April 30th, 2025 (about 1 month ago)

CVE-2024-47784
Unverified Password Change
Description: Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.

CVSS: LOW (2.1)

EPSS Score: 0.03%

Source: CVE
April 30th, 2025 (about 1 month ago)

CVE-2025-32972
The lesscss script service allows cache clearing without programming right
Description: XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, making it possible to clean the cache without having programming right. The only impact of this is a slowdown in XWiki execution as the caches are re-filled. As this vulnerability requires script right to exploit, and script right already allows unlimited execution of scripts, the additional impact due to this vulnerability is low. This issue has been patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1.

CVSS: LOW (2.7)

EPSS Score: 0.07%

Source: CVE
April 30th, 2025 (about 1 month ago)