Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-25213 |
Description: Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-25056 |
Description: Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-23407 |
Description: Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-3442 |
Description: This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.
CVSS: MEDIUM (4.4) EPSS Score: 0.01%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-20952 |
Description: Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-3100 |
Description: The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping in tasks discussion. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-32464 |
Description: HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.
CVSS: MEDIUM (6.8) EPSS Score: 0.16%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-29988 |
Description: Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
CVSS: MEDIUM (6.9) EPSS Score: 0.01%
April 9th, 2025 (13 days ago)
|
|
CVE-2025-25013 |
Description: Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 8th, 2025 (14 days ago)
|
|
CVE-2024-55354 |
Description: Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expected to be blocked and access resources that would be expected to be protected.
CVSS: MEDIUM (5.1) EPSS Score: 0.02%
April 8th, 2025 (14 days ago)
|