Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5504 |
Description: A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWsc. The manipulation of the argument peerRptPin leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In TOTOLINK X2000R 1.0.0-B20230726.1108 wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /boafrm/formWsc. Durch die Manipulation des Arguments peerRptPin mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 3.68% SSVC Exploitation: poc
June 3rd, 2025 (5 days ago)
|
|
CVE-2025-46548 |
Description: If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied.
Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes this issue.
CVSS: MEDIUM (6.5) EPSS Score: 0.07%
June 3rd, 2025 (5 days ago)
|
|
CVE-2025-45855 |
Description: An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
June 3rd, 2025 (5 days ago)
|
|
CVE-2025-43925 |
Description: An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data.
CVSS: MEDIUM (4.6) EPSS Score: 0.02%
June 3rd, 2025 (5 days ago)
|
|
CVE-2025-43924 |
Description: Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin, allow stored XSS.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
June 3rd, 2025 (5 days ago)
|
|
CVE-2025-43923 |
Description: An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 3rd, 2025 (5 days ago)
|
|
CVE-2024-45655 |
Description: IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
CVSS: MEDIUM (5.5) EPSS Score: 0.01% SSVC Exploitation: none
June 3rd, 2025 (5 days ago)
|
|
CVE-2024-23178 |
Description: An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.
CVSS: MEDIUM (5.4) EPSS Score: 0.35% SSVC Exploitation: poc
June 3rd, 2025 (5 days ago)
|
|
CVE-2024-23177 |
Description: An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.
CVSS: MEDIUM (6.1) EPSS Score: 0.39% SSVC Exploitation: poc
June 3rd, 2025 (5 days ago)
|
|
CVE-2024-23173 |
Description: An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php.
CVSS: MEDIUM (6.1) EPSS Score: 0.39% SSVC Exploitation: poc
June 3rd, 2025 (5 days ago)
|