Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-21113.
CVSS: HIGH (8.8)
April 30th, 2025 (7 days ago)
|
|
|
Description: This vulnerability allows remote attackers to bypass JavaScript API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-34099.
CVSS: HIGH (7.8)
April 30th, 2025 (7 days ago)
|
|
|
Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-34098.
CVSS: HIGH (7.8)
April 30th, 2025 (7 days ago)
|
CVE-2025-46557 |
Description: XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and from 16.5.0-rc-1 to before 16.10.0-rc-1, a user who can access pages located in the XWiki space (by default, anyone) can access the page XWiki.Authentication.Administration and (unless an authenticator is set in xwiki.cfg) switch to another installed authenticator. Note that, by default, there is only one authenticator available (Standard XWiki Authenticator). So, if no authenticator extension was installed, it's not really possible to do anything for an attacker. Also, in most cases, if an SSO authenticator is installed and utilized (like OIDC or LDAP for example), the worst an attacker can do is break authentication by switching back to the standard authenticator (that's because it's impossible to login to a user which does not have a stored password, and that's usually what SSO authenticator produce). This issue has been patched in versions 15.10.14, 16.4.6, and 16.10.0-rc-1.
CVSS: HIGH (8.4) EPSS Score: 0.03% SSVC Exploitation: none
April 30th, 2025 (7 days ago)
|
|
CVE-2025-32777 |
Description: Volcano is a Kubernetes-native batch scheduling system. Prior to versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2, attacker compromise of either the Elastic service or the extender plugin can cause denial of service of the scheduler. This is a privilege escalation, because Volcano users may run their Elastic service and extender plugins in separate pods or nodes from the scheduler. In the Kubernetes security model, node isolation is a security boundary, and as such an attacker is able to cross that boundary in Volcano's case if they have compromised either the vulnerable services or the pod/node in which they are deployed. The scheduler will become unavailable to other users and workloads in the cluster. The scheduler will either crash with an unrecoverable OOM panic or freeze while consuming excessive amounts of memory. This issue has been patched in versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2.
CVSS: HIGH (8.2) EPSS Score: 0.08%
April 30th, 2025 (7 days ago)
|
|
CVE-2024-9876 |
Description: : Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4.
CVSS: HIGH (8.5) EPSS Score: 0.02% SSVC Exploitation: none
April 30th, 2025 (7 days ago)
|
|
CVE-2024-9468 |
Description: A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.
CVSS: HIGH (8.2) EPSS Score: 0.13% SSVC Exploitation: none
April 30th, 2025 (7 days ago)
|
|
CVE-2025-33074 |
Description: Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.
CVSS: HIGH (7.5) EPSS Score: 0.02% SSVC Exploitation: none
April 30th, 2025 (7 days ago)
|
|
CVE-2025-30391 |
Description: Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.
CVSS: HIGH (8.1) EPSS Score: 0.08% SSVC Exploitation: none
April 30th, 2025 (7 days ago)
|
|
CVE-2025-30389 |
Description: Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVSS: HIGH (8.7) EPSS Score: 0.05% SSVC Exploitation: none
April 30th, 2025 (7 days ago)
|