Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Posted by Pierre Kim on Apr 02## Advisory Information
Title: 10 vulnerabilities in Brocade Fibre Channel switches
Advisory URL: https://pierrekim.github.io/advisories/2025-brocade-switches.txt
Blog URL: https://pierrekim.github.io/blog/2025-03-31-brocade-switches-10-vulnerabilities.html
Date published: 2025-03-31
Vendors contacted: Brocade
Release mode: Released
CVE: CVE-2021-27797, CVE-2022-33186, CVE-2023-3454, CVE-2024-5460,
CVE-2024-5461, CVE-2024-7516
## Product...
CVSS: CRITICAL (9.8)
April 3rd, 2025 (17 days ago)
|
CVE-2024-42472 |
Description: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality.
When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access.
However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox.
Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app runnin...
CVSS: CRITICAL (10.0) EPSS Score: 0.18% SSVC Exploitation: none
April 2nd, 2025 (17 days ago)
|
|
Description: Summary
In the process of remediating CVE-2025-29927, we looked at other possible exploits of Middleware. We independently verified this low severity vulnerability in parallel with two reports from independent researchers.
Learn more here.
Credit
Thank you to Jinseo Kim kjsman and ryotak for the responsible disclosure. These researchers were awarded as part of our bug bounty program.
References
https://github.com/vercel/next.js/security/advisories/GHSA-223j-4rm8-mrmf
https://vercel.com/changelog/cve-2025-30218-5DREmEH765PoeAsrNNQj3O
https://github.com/advisories/GHSA-223j-4rm8-mrmf
CVSS: CRITICAL (9.1) EPSS Score: 91.42%
April 2nd, 2025 (17 days ago)
|
|
CVE-2025-31484 |
Description: conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure.
Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a package to the conda-forge channel, bypassing our feedstock-token + upload process. The security logs on anaconda.org were check for any packages that were not copied from the cf-staging to the conda-forge channel and none were found.
CVSS: CRITICAL (9.3) EPSS Score: 0.05%
April 2nd, 2025 (17 days ago)
|
|
CVE-2025-31477 |
Description: The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener (e.g. xdg-open on Linux). This was meant to be restricted to a reasonable number of protocols like https or mailto by default. This default restriction was not functional due to improper validation of the allowed protocols, allowing for potentially dangerous protocols like file://, smb://, or nfs:// and others to be opened by the system registered protocol handler. By passing untrusted user input to the open endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. This vulnerability is fixed in 2.2.1.
CVSS: CRITICAL (9.3) EPSS Score: 0.53%
April 2nd, 2025 (17 days ago)
|
|
CVE-2024-38392 |
Description: Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code.
CVSS: CRITICAL (9.1) EPSS Score: 0.14%
April 2nd, 2025 (17 days ago)
|
|
CVE-2025-2005 |
Description: The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8) EPSS Score: 0.08%
April 2nd, 2025 (17 days ago)
|
|
CVE-2025-0415 |
Description: A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.
CVSS: CRITICAL (9.2) EPSS Score: 0.18%
April 2nd, 2025 (18 days ago)
|
|
CVE-2025-30356 |
Description: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent unsafe calculations. As a result, an attacker can still craft malicious frames that cause a negative tf_payload_len, which is then interpreted as a large unsigned value, leading to a heap buffer overflow in a memcpy call.
CVSS: CRITICAL (9.3) EPSS Score: 0.06%
April 1st, 2025 (18 days ago)
|
|
CVE-2025-31612 |
Description: Deserialization of Untrusted Data vulnerability in Sabuj Kundu CBX Poll allows Object Injection. This issue affects CBX Poll: from n/a through 1.2.7.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 1st, 2025 (18 days ago)
|