Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2021-20035 |
Description: SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution.
CVSS: MEDIUM (6.5)
April 16th, 2025 (3 days ago)
|
|
CVE-2025-3697 |
Description: A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-product.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in SourceCodester Web-based Pharmacy Product Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /edit-product.php. Durch Beeinflussen des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03% SSVC Exploitation: poc
April 16th, 2025 (3 days ago)
|
|
CVE-2024-28229 |
Description: In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
CVSS: MEDIUM (6.5) EPSS Score: 0.01% SSVC Exploitation: none
April 16th, 2025 (3 days ago)
|
|
CVE-2024-28122 |
Description: JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. This issue has been patched in versions 1.2.29 and 2.0.21.
CVSS: MEDIUM (6.8) EPSS Score: 0.03% SSVC Exploitation: poc
April 16th, 2025 (3 days ago)
|
|
CVE-2024-27915 |
Description: Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The problem is patched in versions 2.4.17 and 2.5.13. Some workarounds are available. One may apply the patch to `vendor/symfony/security-http/HttpUtils.php` manually or avoid installing `symfony/security-http` versions greater equal than `v5.4.30` or `v6.3.6`.
CVSS: MEDIUM (6.8) EPSS Score: 0.09% SSVC Exploitation: none
April 16th, 2025 (3 days ago)
|
|
CVE-2024-27900 |
Description: Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner.
CVSS: MEDIUM (4.3) EPSS Score: 0.03% SSVC Exploitation: none
April 16th, 2025 (3 days ago)
|
|
CVE-2024-2331 |
Description: A vulnerability was found in SourceCodester Tourist Reservation System 1.0. It has been declared as critical. This vulnerability affects the function ad_writedata of the file System.cpp. The manipulation of the argument ad_code leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256282 is the identifier assigned to this vulnerability. In SourceCodester Tourist Reservation System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion ad_writedata der Datei System.cpp. Durch Manipulation des Arguments ad_code mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.07% SSVC Exploitation: none
April 16th, 2025 (3 days ago)
|
|
CVE-2024-20832 |
Description: Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.
CVSS: MEDIUM (6.4) EPSS Score: 0.06% SSVC Exploitation: none
April 16th, 2025 (3 days ago)
|
|
CVE-2024-1851 |
Description: The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating product lists.
CVSS: MEDIUM (6.3) EPSS Score: 0.04% SSVC Exploitation: none
April 16th, 2025 (3 days ago)
|
|
CVE-2024-1769 |
Description: The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source.
CVSS: MEDIUM (5.3) EPSS Score: 0.22% SSVC Exploitation: none
April 16th, 2025 (3 days ago)
|