Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-6221 |
Description: A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: poc
April 7th, 2025 (9 days ago)
|
|
CVE-2025-23203 |
Description: Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.3 and 1.11.3 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required (plus api access with regard to the api endpoints). And even though some of these Icinga Director users are restricted from accessing certain objects, are able to retrieve information related to them if their name is known. This makes it possible to change the configuration of these objects by those Icinga Director users restricted from accessing them. This results in further exploitation, data breaches and sensitive information disclosure. Affected endpoints include icingaweb2/director/service, if the host name is left out of the query; icingaweb2/directore/notification; icingaweb2/director/serviceset; and icingaweb2/director/scheduled-downtime. In addition, the endpoint `icingaweb2/director/services?host=filteredHostName` returns a status code 200 even though the services for the host is filtered. This in turn lets the restricted user know that the host `filteredHostName` exists even though the user is restricted from accessing it. This could again result in further exploitation of this information and data breaches. Icinga Director has patches in versions 1.10.3 and 1.11.1. If upgrading is not feasible, disable the director module for the users other than admin role for the ti...
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
March 26th, 2025 (21 days ago)
|
|
CVE-2024-9447 |
Description: An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This could lead to unauthorized access to services and significant data breaches or financial loss.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
March 20th, 2025 (27 days ago)
|
|
CVE-2024-6577 |
Description: In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not properly secured or claimed by the appropriate entity. The issue may result in data breaches, exposure of proprietary information, or unauthorized modifications to stored data.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
March 20th, 2025 (27 days ago)
|
|
CVE-2024-12869 |
Description: In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed without their consent. This data leakage can facilitate further attacks, such as phishing or spam, and result in loss of trust and potential regulatory issues.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
March 20th, 2025 (27 days ago)
|
|
CVE-2025-25042 |
Description: A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches.
CVSS: MEDIUM (4.3) EPSS Score: 0.04% SSVC Exploitation: none
March 18th, 2025 (29 days ago)
|
|
CVE-2025-27408 |
Description: Summary
Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same hash, making it easier for attackers to identify and exploit patterns, thereby accelerating the cracking process.
Details
Analysis of the application source code reveals that user passwords are hashed using the SHA3 algorithm without implementing a unique salt per user.
const newUser: AuthenticableEntity = entityRepository.create(signupUserDto)
newUser.password = SHA3(newUser.password).toString()
This approach results in deterministic password hashes, which can be identified by comparing the hashes for users with matching credentials.
PoC
Create two users with the same password (it could be admin or any other authenticatable entity)
Extract their password hashes from the database
Verify that both hashes are identical, confirming the absence of unique salts
Impact
This is a cryptographic weakness vulnerability that affects all users of the system. The lack of a unique salt when hashing passwords reduces protection against database breaches, as attackers who gain access to the database can more efficiently crack user passwords. Since identical passwords result in identical hashes, attackers can use precomputed hash databases (e.g., Rainbow Tables) or offline brute-force attacks to ...
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
March 3rd, 2025 (about 1 month ago)
|