Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-42178 |
Description: HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution.
CVSS: LOW (2.5) EPSS Score: 0.02%
April 17th, 2025 (1 day ago)
|
|
CVE-2024-42177 |
Description: HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system.
CVSS: LOW (2.6) EPSS Score: 0.03% SSVC Exploitation: none
April 17th, 2025 (1 day ago)
|
|
CVE-2025-26269 |
Description: DragonflyDB Dragonfly through 1.28.2 allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.
CVSS: LOW (3.3) EPSS Score: 0.01% SSVC Exploitation: none
April 17th, 2025 (1 day ago)
|
|
CVE-2024-0282 |
Description: A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249837 was assigned to this vulnerability. Es wurde eine Schwachstelle in Kashipara Food Management System bis 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei addmaterialsubmit.php. Mittels dem Manipulieren des Arguments tin mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.07% SSVC Exploitation: poc
April 17th, 2025 (1 day ago)
|
|
CVE-2025-32415 |
Description: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
CVSS: LOW (2.9) EPSS Score: 0.01%
April 17th, 2025 (1 day ago)
|
|
CVE-2025-26268 |
Description: DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.
CVSS: LOW (3.3) EPSS Score: 0.01%
April 17th, 2025 (1 day ago)
|
|
CVE-2024-0349 |
Description: A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability. In SourceCodester Engineers Online Portal 1.0 wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung. Durch Beeinflussen mit unbekannten Daten kann eine sensitive cookie without secure attribute-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.7) EPSS Score: 0.03% SSVC Exploitation: poc
April 17th, 2025 (1 day ago)
|
|
CVE-2024-0341 |
Description: A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The identifier VDB-250109 was assigned to this vulnerability. Eine Schwachstelle wurde in Inis bis 2.0.1 ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /app/api/controller/default/File.php der Komponente GET Request Handler. Mit der Manipulation des Arguments path mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.42% SSVC Exploitation: none
April 17th, 2025 (1 day ago)
|
|
CVE-2025-29931 |
Description: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition.
Successful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted.
CVSS: LOW (3.7) EPSS Score: 0.09%
April 17th, 2025 (1 day ago)
|
|
CVE-2025-26478 |
Description: Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.
CVSS: LOW (3.1) EPSS Score: 0.01%
April 17th, 2025 (1 day ago)
|