Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-29651 |
Description: SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 170623 Rel.1022n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields.
EPSS Score: 0.05%
April 16th, 2025 (5 days ago)
|
|
CVE-2025-28072 |
PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php.
Description: PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php.
EPSS Score: 0.29%
April 16th, 2025 (5 days ago)
|
|
CVE-2025-26153 |
Description: A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.
EPSS Score: 0.03%
April 16th, 2025 (5 days ago)
|
|
CVE-2024-55372 |
Description: Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious files to the server. Once a web shell is installed, the attacker gains the ability to execute arbitrary commands.
EPSS Score: 0.08%
April 16th, 2025 (5 days ago)
|
|
CVE-2024-55371 |
Description: Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authenticated attacker (being an administrator is not required) to upload malicious files to the server. Once a web shell is installed, the attacker gains the ability to execute arbitrary commands.
EPSS Score: 0.06%
April 16th, 2025 (5 days ago)
|
|
CVE-2024-27101 |
Description: SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2.
CVSS: HIGH (7.3) EPSS Score: 0.04% SSVC Exploitation: none
April 16th, 2025 (5 days ago)
|
|
CVE-2024-2078 |
Description: A Cross-Site Scripting (XSS) vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. This vulnerability could allow an attacker to send a specially crafted JavaScript payload within the email field and partially take control of an authenticated user's browser session.
CVSS: MEDIUM (4.6) EPSS Score: 0.06% SSVC Exploitation: none
April 16th, 2025 (5 days ago)
|
|
CVE-2024-2076 |
Description: A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255392. Eine problematische Schwachstelle wurde in CodeAstro House Rental Management System 1.0 ausgemacht. Dies betrifft einen unbekannten Teil der Datei booking.php/owner.php/tenant.php. Mittels dem Manipulieren mit unbekannten Daten kann eine missing authentication-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.08% SSVC Exploitation: poc
April 16th, 2025 (5 days ago)
|
|
CVE-2024-0692 |
Description: The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.
CVSS: HIGH (8.8) EPSS Score: 76.78% SSVC Exploitation: none
April 16th, 2025 (5 days ago)
|
|
Description: Researchers discovered new variants of the malware, which is tied to a China-nexus threat group, targeting Windows environments of critical infrastructure networks in Europe.
April 16th, 2025 (5 days ago)
|