Exploit Intelligence Platform

CVE-2025-35939 5.3 MEDIUM KEV EPSS 0.30

Craft CMS - RCE

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at '/var/lib/php/sessions'. Such session files are named 'sess_[session_value]', where '[session_value]' is provided to the client in a 'Set-Cookie' response header. Craft CMS stores the return URL requested by the client without sanitizing parameters. Consequently, an unauthenticated client can introduce arbitrary values, such as PHP code, to a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this issue.

CWE-472 May 07, 2025

CVE-2024-58136 9.0 CRITICAL KEV 1 Writeup NUCLEI EPSS 0.61

Yii 2 <2.0.52 - RCE

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.

CWE-424 Apr 10, 2025

CVE-2025-30154 8.6 HIGH KEV 1 Writeup EPSS 0.15

reviewdog/action-setup <v1 - RCE

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.

CWE-506 Mar 19, 2025

CVE-2025-23209 8.0 HIGH KEV 1 Writeup EPSS 0.19

Craftcms Craft Cms < 4.13.8 - Code Injection

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue.

CWE-94 Jan 18, 2025

CVE-2024-53197 7.8 HIGH KEV EPSS 0.01

Linux Kernel < 4.19.325 - Out-of-Bounds Write

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.

CWE-787 Dec 27, 2024

CVE-2024-53150 7.1 HIGH KEV EPSS 0.01

Debian Linux < 5.4.287 - Out-of-Bounds Read

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check.

CWE-125 Dec 24, 2024

CVE-2024-53104 7.8 HIGH KEV EPSS 0.13

Debian Linux < 4.19.324 - Out-of-Bounds Write

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.

CWE-787 Dec 02, 2024

CVE-2024-50302 5.5 MEDIUM KEV EPSS 0.01

Google Android < 4.19.324 - Use of Uninitialized Resource

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

CWE-908 Nov 19, 2024

CVE-2023-38180 7.5 HIGH KEV EPSS 0.01

.NET - DoS

.NET and Visual Studio Denial of Service Vulnerability

CWE-400 Aug 08, 2023

CVE-2022-4135 9.6 CRITICAL KEV EPSS 0.00

Google Chrome < 107.0.5304.121 - Out-of-Bounds Write

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CWE-787 Nov 25, 2022

CVE-2022-0609 8.8 HIGH KEV RANSOMWARE EPSS 0.40

Google Chrome <98.0.4758.102 - Use After Free

Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE-416 Apr 05, 2022

CVE-2021-39226 9.8 CRITICAL KEV 1 Writeup NUCLEI EPSS 0.94

Grafana < 7.5.11 - Missing Authorization

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.

CWE-862 Oct 05, 2021

CVE-2020-36193 7.5 HIGH KEV RANSOMWARE 1 Writeup EPSS 0.71

PHP Archive Tar < 1.4.11 - Path Traversal

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

CWE-22 Jan 18, 2021

CVE-2020-16017 9.6 CRITICAL KEV EPSS 0.21

Google Chrome < 86.0.4240.198 - Use After Free

Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CWE-416 Jan 08, 2021

CVE-2020-16013 8.8 HIGH KEV EPSS 0.26

Google Chrome < 86.0.4240.198 - Out-of-Bounds Write

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE-787 Jan 08, 2021

CVE-2020-13671 8.8 HIGH KEV RANSOMWARE EPSS 0.05

Drupal < 7.74 - Unrestricted File Upload

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.

CWE-434 Nov 20, 2020

CVE-2020-16009 8.8 HIGH KEV EPSS 0.84

Cefsharp < 86.0.241 - Out-of-Bounds Write

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE-843 Nov 03, 2020

CVE-2019-1003029 9.9 CRITICAL KEV EPSS 0.93

Jenkins Script Security Plugin <1.53 - RCE

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.

Mar 08, 2019

CVE-2015-5317 7.5 HIGH KEV EPSS 0.27

Jenkins <1.638-1.625.2 - Info Disclosure

The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.

CWE-200 Nov 25, 2015

CVE-2006-1547 7.5 HIGH KEV EPSS 0.15

Apache Struts <1.2.9 - DoS

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

CWE-749 Mar 30, 2006

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps