Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32035 |
Description: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2.
CVSS: LOW (2.6) EPSS Score: 0.02% SSVC Exploitation: none
April 8th, 2025 (9 days ago)
|
|
CVE-2025-21337 |
Description: Windows NTFS Elevation of Privilege Vulnerability
CVSS: LOW (3.3) EPSS Score: 0.05%
February 12th, 2025 (2 months ago)
|
|
CVE-2025-21312 |
Description: Windows Smart Card Reader Information Disclosure Vulnerability
CVSS: LOW (2.4) EPSS Score: 0.05%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-24034 |
Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`.
CVSS: LOW (3.2) EPSS Score: 0.04%
January 24th, 2025 (3 months ago)
|
|
CVE-2024-42179 |
Description: HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's name & version.
CVSS: LOW (2.0) EPSS Score: 0.04%
January 13th, 2025 (3 months ago)
|
|
CVE-2024-26246 |
Description: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVSS: LOW (3.9) EPSS Score: 0.07%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-21383 |
Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS: LOW (3.3) EPSS Score: 0.05%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-21336 |
Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS: LOW (2.5) EPSS Score: 0.05%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-49138 |
Description: Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-55578 |
Description: Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|