Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-48376 |
Description: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue.
CVSS: LOW (3.5) EPSS Score: 0.03% SSVC Exploitation: none
May 23rd, 2025 (10 days ago)
|
|
CVE-2025-1421 |
Description: Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC.
This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).
CVSS: LOW (2.4) EPSS Score: 0.04%
May 21st, 2025 (12 days ago)
|
|
CVE-2025-32035 |
Description: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2.
CVSS: LOW (2.6) EPSS Score: 0.02% SSVC Exploitation: none
April 8th, 2025 (about 2 months ago)
|
|
CVE-2025-21337 |
Description: Windows NTFS Elevation of Privilege Vulnerability
CVSS: LOW (3.3) EPSS Score: 0.05%
February 12th, 2025 (4 months ago)
|
|
CVE-2025-21312 |
Description: Windows Smart Card Reader Information Disclosure Vulnerability
CVSS: LOW (2.4) EPSS Score: 0.05%
January 28th, 2025 (4 months ago)
|
|
CVE-2025-24034 |
Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`.
CVSS: LOW (3.2) EPSS Score: 0.04%
January 24th, 2025 (4 months ago)
|
|
CVE-2024-42179 |
Description: HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's name & version.
CVSS: LOW (2.0) EPSS Score: 0.04%
January 13th, 2025 (5 months ago)
|
|
CVE-2024-26246 |
Description: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVSS: LOW (3.9) EPSS Score: 0.07%
January 1st, 2025 (5 months ago)
|
|
CVE-2024-21383 |
Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS: LOW (3.3) EPSS Score: 0.05%
January 1st, 2025 (5 months ago)
|
|
CVE-2024-21336 |
Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS: LOW (2.5) EPSS Score: 0.05%
January 1st, 2025 (5 months ago)
|