Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-25108 |
Description: Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: CRITICAL (9.9) EPSS Score: 0.06% SSVC Exploitation: poc
May 7th, 2025 (1 day ago)
|
|
CVE-2024-24796 |
Description: Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1.
CVSS: HIGH (8.2) EPSS Score: 0.24% SSVC Exploitation: none
May 7th, 2025 (1 day ago)
|
|
CVE-2024-23833 |
Description: OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest version of OpenRefine (8.0.30), there is no associated deserialization utilization point, so original code execution cannot be achieved, but attackers can use this vulnerability to read sensitive files on the target server. This issue has been addressed in version 3.7.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (7.5) EPSS Score: 1.15% SSVC Exploitation: none
May 7th, 2025 (1 day ago)
|
|
CVE-2024-23763 |
Description: SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
EPSS Score: 0.05% SSVC Exploitation: none
May 7th, 2025 (1 day ago)
|
|
CVE-2024-23759 |
Description: Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
EPSS Score: 62.74% SSVC Exploitation: none
May 7th, 2025 (1 day ago)
|
|
Description: The spyware company must pay the tech giant $168 million in punitive and compensatory damages after a 2019 attack targeting 1,400 devices.
May 7th, 2025 (1 day ago)
|
|
|
Description: European regulators sent an unmistakable message about messing around with GDPR-protected data. How can organizations avoid similar compliance hassles?
May 7th, 2025 (1 day ago)
|
|
Description: 2.5 million USD
May 7th, 2025 (1 day ago)
|
|
CVE-2025-4043 |
Description: An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot.
CVSS: MEDIUM (6.8) EPSS Score: 0.02%
May 7th, 2025 (1 day ago)
|
|
CVE-2025-3925 |
Description: BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or
series 5 prior to v9.0.166 contain an execution with unnecessary
privileges vulnerability, allowing for privilege escalation on the
device once code execution has been obtained.
CVSS: HIGH (7.8) EPSS Score: 0.01%
May 7th, 2025 (1 day ago)
|