Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31340 |
Description: A improper control of filename for include/require statement in PHP program vulnerability in the retrieve course Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to perform arbitrary system commands by running a malicious file.
CVSS: CRITICAL (9.9) EPSS Score: 0.15%
April 17th, 2025 (5 days ago)
|
|
CVE-2025-31339 |
Description: An unrestricted upload of file with dangerous type vulnerability in the course management function of Wisdom Master Pro versions 5.0 through 5.2 allows remote authenticated users to craft a malicious file.
CVSS: MEDIUM (5.3) EPSS Score: 0.15%
April 17th, 2025 (5 days ago)
|
|
CVE-2025-31338 |
Description: A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality.
CVSS: MEDIUM (6.9) EPSS Score: 0.14%
April 17th, 2025 (5 days ago)
|
|
CVE-2025-1290 |
Description: A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure
during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution.
EPSS Score: 0.03%
April 17th, 2025 (5 days ago)
|
|
April 17th, 2025 (5 days ago)
|
|
Description: An Indian disaster-relief flight delivering aid is the latest air-traffic incident, as attacks increase in the Middle East and Myanmar and along the India-Pakistan border.
April 17th, 2025 (5 days ago)
|
|
CVE-2025-2073 |
Description: Out-of-Bounds Read in ip_set_bitmap_ip.c in Google ChromeOS Kernel Versions 6.1, 5.15, 5.10, 5.4, 4.19. on All devices where Termina is used allows an attacker with CAP_NET_ADMIN privileges to cause memory corruption and potentially escalate privileges via crafted ipset commands.
EPSS Score: 0.02%
April 17th, 2025 (5 days ago)
|
|
CVE-2025-1704 |
Description: ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 124.0.6367.34 on Chromebooks allows enrolled users with local access to unenroll devices
and intercept device management requests via loading components from the unencrypted stateful partition.
EPSS Score: 0.02%
April 17th, 2025 (5 days ago)
|
|
CVE-2025-1568 |
Description: Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 131.0.6778.268 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.
EPSS Score: 0.11%
April 17th, 2025 (5 days ago)
|
|
CVE-2025-1566 |
Description: DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 129.0.6668.36 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.
EPSS Score: 0.02%
April 17th, 2025 (5 days ago)
|