Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-47292

Description: Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor`, allowing any classes and which can be controlled by unauthenticated user. Exploitation of this vulnerability can lead to Remote Code Execution. The vulnerability is fixed in commit 812f2a7d271b76deab1175bdaf2be0b8102dd198.

CVSS: CRITICAL (9.5)

EPSS Score: 0.52%

Source: CVE
May 14th, 2025 (24 days ago)

CVE-2024-24780

Description: Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue.

CVSS: CRITICAL (9.8)

EPSS Score: 0.38%

Source: CVE
May 14th, 2025 (24 days ago)
Description: Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0. "A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to

CVSS: CRITICAL (9.6)

EPSS Score: 8.83%

Source: TheHackerNews
May 14th, 2025 (25 days ago)
Description: Impact Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. Patches Upgrade to v0.10.0 or greater. This vulnerability is not present in versions of OpenPubkey after v0.9.0. References CVE-2025-3757 References https://github.com/openpubkey/openpubkey/security/advisories/GHSA-537f-gxgm-3jjq https://nvd.nist.gov/vuln/detail/CVE-2025-3757 https://github.com/advisories/GHSA-537f-gxgm-3jjq

CVSS: CRITICAL (9.3)

EPSS Score: 0.02%

Source: Github Advisory Database (Go)
May 13th, 2025 (25 days ago)
Description: Impact Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication. Patches The vulnerability does not exist in more recent versions of OPKSSH. his only impacts OPKSSH when used to verify ssh keys on a server, the OPKSSH client is unaffected. To remediate upgrade to a version of OPKSSH v0.5.0 or greater. To determine if you are vulnerable run on your server: opkssh --version If the version is less than 0.5.0 you should upgrade. To upgrade to the latest version run: wget -qO- "https://raw.githubusercontent.com/openpubkey/opkssh/main/scripts/install-linux.sh" | sudo bash References CVE-2025-4658 The upstream vulnerability in OpenPubkey is CVE-2025-3757 and has the security advisory https://github.com/openpubkey/openpubkey/security/advisories/GHSA-537f-gxgm-3jjq References https://github.com/openpubkey/opkssh/security/advisories/GHSA-56wx-66px-9j66 https://nvd.nist.gov/vuln/detail/CVE-2025-4658 https://github.com/openpubkey/opkssh https://github.com/advisories/GHSA-56wx-66px-9j66

CVSS: CRITICAL (9.3)

EPSS Score: 0.03%

Source: Github Advisory Database (Go)
May 13th, 2025 (25 days ago)

CVE-2025-43567

Description: Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

CVSS: CRITICAL (9.3)

EPSS Score: 0.11%

Source: CVE
May 13th, 2025 (25 days ago)

CVE-2025-43564

Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction.

CVSS: CRITICAL (9.1)

EPSS Score: 0.08%

Source: CVE
May 13th, 2025 (25 days ago)

CVE-2025-43563

Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction.

CVSS: CRITICAL (9.1)

EPSS Score: 0.09%

Source: CVE
May 13th, 2025 (25 days ago)

CVE-2025-43562

Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.

CVSS: CRITICAL (9.1)

EPSS Score: 1.04%

Source: CVE
May 13th, 2025 (25 days ago)

CVE-2025-43561

Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authentication mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.

CVSS: CRITICAL (9.1)

EPSS Score: 0.32%

Source: CVE
May 13th, 2025 (25 days ago)