Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-4839
itwanger paicoding CrossUtil.java cross-domain policy
Description: A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /paicoding-core/src/main/java/com/github/paicoding/forum/core/util/CrossUtil.java. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. In itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /paicoding-core/src/main/java/com/github/paicoding/forum/core/util/CrossUtil.java. Durch das Beeinflussen mit unbekannten Daten kann eine permissive cross-domain policy with untrusted domains-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.1)

EPSS Score: 0.02%

Source: CVE
May 17th, 2025 (21 days ago)

CVE-2025-47931
LibreNMS stored Cross-site Scripting vulnerability in poller group name
Description: LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. LibreNMS v25.5.0 contains a patch for the issue.

CVSS: LOW (2.1)

EPSS Score: 0.0%

Source: CVE
May 17th, 2025 (21 days ago)

CVE-2025-4819
y_project RuoYi Offline Logout batchForceLogout improper authorization
Description: A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in y_project RuoYi 4.8.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei /monitor/online/batchForceLogout der Komponente Offline Logout. Dank der Manipulation des Arguments ids mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.1)

EPSS Score: 0.04%

Source: CVE
May 17th, 2025 (21 days ago)

CVE-2025-48188
libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function,...
Description: libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read.

CVSS: LOW (2.9)

EPSS Score: 0.02%

Source: CVE
May 16th, 2025 (22 days ago)

CVE-2025-22233
Spring Framework DataBinder Case Sensitive Match Exception
Description: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: * 6.2.0 - 6.2.6 * 6.1.0 - 6.1.19 * 6.0.0 - 6.0.27 * 5.3.0 - 5.3.42 * Older, unsupported versions are also affected Mitigation Users of affected versions should upgrade to the corresponding fixed version. Affected version(s)Fix Version Availability 6.2.x 6.2.7 OSS6.1.x 6.1.20 OSS6.0.x 6.0.28 Commercial https://enterprise.spring.io/ 5.3.x 5.3.43 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary. Generally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation. For setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields. Credit This issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation.

CVSS: LOW (3.1)

EPSS Score: 0.05%

Source: CVE
May 16th, 2025 (22 days ago)
[meteor] Meteor Affected By Inefficient Regular Expression Complexity
Description: A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedata_server.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.2 is able to address this issue. The identifier of the patch is f7ea6817b90952baaea9baace2a3b4366fee6a63. It is recommended to upgrade the affected component. References https://nvd.nist.gov/vuln/detail/CVE-2025-4727 https://github.com/meteor/meteor/issues/13713 https://github.com/meteor/meteor/pull/13721 https://github.com/meteor/meteor/commit/f7ea6817b90952baaea9baace2a3b4366fee6a63 https://github.com/meteor/meteor/releases/tag/release/METEOR%403.2.2 https://vuldb.com/?ctiid.309029 https://vuldb.com/?id.309029 https://vuldb.com/?submit.570441 https://github.com/advisories/GHSA-j3v9-6gc7-vf5f

CVSS: LOW (3.7)

EPSS Score: 0.06%

Source: Github Advisory Database (NPM)
May 16th, 2025 (22 days ago)

CVE-2024-0283
Kashipara Food Management System party_details.php cross site scripting
Description: A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file party_details.php. The manipulation of the argument party_name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249838 is the identifier assigned to this vulnerability. In Kashipara Food Management System bis 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei party_details.php. Mittels Manipulieren des Arguments party_name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.5)

EPSS Score: 0.07%

SSVC Exploitation: poc

Source: CVE
May 16th, 2025 (22 days ago)

CVE-2025-47794
Nextcloud Server vulnerable to insecure temporary file creation, race with write access and permission
Description: Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.

CVSS: LOW (2.6)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
May 16th, 2025 (22 days ago)
[vyper] Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Description: Impact concat() may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero: https://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/builtins/functions.py#L560-L562 in practice, it would be very unusual in user code to construct zero-length bytestrings using an expression with side-effects, since zero-length bytestrings are typically constructed with the empty literal b""; the only way to construct an empty bytestring which has side effects would be with the ternary operator introduced in v0.3.8, e.g. b"" if self.do_some_side_effect() else b"". the following example demonstrates how the issue would look in user code counter: public(uint256) @external def test() -> Bytes[256]: a: Bytes[256] = concat(b"" if self.sideeffect() else b"", b"aaaa") return a def sideeffect() -> bool: self.counter += 1 return True the severity assigned is low, since, as mentioned, this would be a very unusual pattern in user-code. Patches fix is tracked in https://github.com/vyperlang/vyper/pull/4644 Workarounds don't have side effects in expressions which construct zero-length bytestrings. References Are there any links users can visit to find out more? References https://github.com/vyperlang/vyper/security/advisories/GHSA-qhr6-mgqr-mchm https://nvd.nist.gov/vuln/detail/CVE-2025-47285 https://github.com/vyperlang...

CVSS: LOW (2.9)

EPSS Score: 0.05%

Source: Github Advisory Database (PIP)
May 16th, 2025 (22 days ago)
[vyper] Vyper's `slice()` may elide side-effects when output length is 0
Description: Impact the slice() builtin can elide side effects when the output length is 0, and the source bytestring is a builtin (msg.data or .code). the reason is that for these source locations, the check that length >= 1 is skipped: https://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/builtins/functions.py#L315-L319 the result is that a 0-length bytestring constructed with slice can be passed to make_byte_array_copier, which elides evaluation of its source argument when the max length is 0: https://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/codegen/core.py#L189-L191 the impact is that side effects in the start argument may be elided when the length argument is 0, e.g. slice(msg.data, self.do_side_effect(), 0). the following example illustrates how the issue would look in user code counter: public(uint256) @external def test() -> Bytes[10]: b: Bytes[10] = slice(msg.data, self.side_effect(), 0) return b def side_effect() -> uint256: self.counter += 1 return 0 the severity assigned is low, since this is not a very useful pattern and unlikely to be found in user code. Patches the fix is tracked in https://github.com/vyperlang/vyper/pull/4645, which disallows any invocation of slice() with length 0, including for the ad hoc locations discussed in this advisory. Workarounds Is there a way for users to fix or remediate the vulnerability without upgrading? References Are there any links users can visi...

CVSS: LOW (2.9)

EPSS Score: 0.06%

Source: Github Advisory Database (PIP)
May 16th, 2025 (22 days ago)