Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-53016
Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver
Description: Memory corruption while processing I2C settings in Camera driver.

CVSS: MEDIUM (6.6)

EPSS Score: 0.01%

Source: CVE
June 3rd, 2025 (6 days ago)

CVE-2024-53015
Use After Free in Computer Vision
Description: Memory corruption while processing IOCTL command to handle buffers associated with a session.

CVSS: MEDIUM (6.6)

EPSS Score: 0.02%

Source: CVE
June 3rd, 2025 (6 days ago)

CVE-2024-53013
Buffer Copy Without Checking Size of Input in Audio
Description: Memory corruption may occur while processing voice call registration with user.

CVSS: MEDIUM (6.6)

EPSS Score: 0.02%

Source: CVE
June 3rd, 2025 (6 days ago)

CVE-2024-0579
Totolink X2000R formMapDelDevice command injection
Description: A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr/devicemac1/bandstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In Totolink X2000R 1.0.0-B20221212.1452 wurde eine kritische Schwachstelle entdeckt. Es geht um die Funktion formMapDelDevice der Datei /boafrm/formMapDelDevice. Mittels Manipulieren des Arguments macstr/devicemac1/bandstr mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 1.38%

SSVC Exploitation: none

Source: CVE
June 3rd, 2025 (6 days ago)

CVE-2025-4047
Broken Link Checker <= 2.4.4 - Missing Autorization to Authenticated (Subscriber+) Plugin Status Dashboard View
Description: The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view the plugin's status.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
June 3rd, 2025 (6 days ago)

CVE-2025-2939
Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution
Description: The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute arbitrary functions, though it does not allow user supplied parameters only single functions can be called so the impact is limited.

CVSS: MEDIUM (5.6)

EPSS Score: 0.02%

Source: CVE
June 3rd, 2025 (6 days ago)

CVE-2025-49164
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of...
Description: Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
June 3rd, 2025 (6 days ago)

CVE-2025-49163
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file.
Description: Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file.

CVSS: MEDIUM (6.7)

EPSS Score: 0.02%

Source: CVE
June 3rd, 2025 (6 days ago)

CVE-2025-49162
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an...
Description: Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename.

CVSS: MEDIUM (6.4)

EPSS Score: 0.02%

Source: CVE
June 3rd, 2025 (6 days ago)

CVE-2025-3919
WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
Description: The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page. The vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
June 2nd, 2025 (6 days ago)