Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-27221
Azure Linux 3.0 Security Update: ruby (CVE-2025-27221)
Description: Nessus Plugin ID 234642 with Low Severity Synopsis The remote Azure Linux host is missing one or more security updates. Description The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27221 advisory. - In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. (CVE-2025-27221)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234642

CVSS: LOW (3.2)

Source: Tenable Plugins
April 20th, 2025 (about 3 hours ago)

CVE-2024-42178
HCL MyXalytics is affected by a failure to restrict URL access vulnerability
Description: HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution.

CVSS: LOW (2.5)

EPSS Score: 0.02%

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2024-42177
HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities
Description: HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system.

CVSS: LOW (2.6)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-26269
DragonflyDB Dragonfly through 1.28.2 allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that...
Description: DragonflyDB Dragonfly through 1.28.2 allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.

CVSS: LOW (3.3)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2024-0282
Kashipara Food Management System addmaterialsubmit.php cross site scripting
Description: A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249837 was assigned to this vulnerability. Es wurde eine Schwachstelle in Kashipara Food Management System bis 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei addmaterialsubmit.php. Mittels dem Manipulieren des Arguments tin mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.5)

EPSS Score: 0.07%

SSVC Exploitation: poc

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-32415
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this,...
Description: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

CVSS: LOW (2.9)

EPSS Score: 0.01%

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-26268
DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The...
Description: DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.

CVSS: LOW (3.3)

EPSS Score: 0.01%

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2024-0349
SourceCodester Engineers Online Portal missing secure attribute
Description: A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability. In SourceCodester Engineers Online Portal 1.0 wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung. Durch Beeinflussen mit unbekannten Daten kann eine sensitive cookie without secure attribute-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.7)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2024-0341
Inis GET Request File.php path traversal
Description: A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The identifier VDB-250109 was assigned to this vulnerability. Eine Schwachstelle wurde in Inis bis 2.0.1 ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /app/api/controller/default/File.php der Komponente GET Request Handler. Mit der Manipulation des Arguments path mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.5)

EPSS Score: 0.42%

SSVC Exploitation: none

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-29931
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length...
Description: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition. Successful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted.

CVSS: LOW (3.7)

EPSS Score: 0.09%

Source: CVE
April 17th, 2025 (3 days ago)