Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27525 |
Description: Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.
CVSS: LOW (3.9) EPSS Score: 0.01%
May 15th, 2025 (24 days ago)
|
|
CVE-2025-32421 |
Description: Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead of standard HTML. This issue was patched in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` header from incoming requests. Applications hosted on Vercel's platform are not affected by this issue, as the platform does not cache responses based solely on `200 OK` status without explicit `cache-control` headers. Those who self-host Next.js deployments and are unable to upgrade immediately can mitigate this vulnerability by stripping the `x-now-route-matches` header from all incoming requests at the content development network and setting `cache-control: no-store` for all responses under risk. The maintainers of Next.js strongly recommend only caching responses with explicit cache-control headers.
CVSS: LOW (3.7) EPSS Score: 0.03%
May 14th, 2025 (24 days ago)
|
|
CVE-2025-0138 |
Description: Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access.
Compute in Prisma Cloud Enterprise Edition is not affected by this issue.
CVSS: LOW (2.0) EPSS Score: 0.05%
May 14th, 2025 (24 days ago)
|
|
CVE-2024-0423 |
Description: A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250442 is the identifier assigned to this vulnerability. Eine problematische Schwachstelle wurde in CodeAstro Online Food Ordering System 1.0 ausgemacht. Dies betrifft einen unbekannten Teil der Datei dishes.php. Mittels dem Manipulieren des Arguments res_id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.15% SSVC Exploitation: poc
May 14th, 2025 (24 days ago)
|
|
CVE-2025-22848 |
Description: Improper conditions check for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.
CVSS: LOW (3.5) EPSS Score: 0.02%
May 13th, 2025 (25 days ago)
|
|
CVE-2025-20616 |
Description: Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVSS: LOW (2.1) EPSS Score: 0.03%
May 13th, 2025 (25 days ago)
|
|
CVE-2025-20076 |
Description: Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS: LOW (2.1) EPSS Score: 0.02%
May 13th, 2025 (25 days ago)
|
|
CVE-2025-20030 |
Description: Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via adjacent access.
CVSS: LOW (2.6) EPSS Score: 0.02%
May 13th, 2025 (25 days ago)
|
|
CVE-2024-31150 |
Description: Out-of-bounds read for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable information disclosure via local access.
CVSS: LOW (3.8) EPSS Score: 0.01%
May 13th, 2025 (25 days ago)
|
|
Description: In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key.
Signing is provided by the itsdangerous library. A list of keys can be passed, and it expects the last (top) key in the list to be the most recent key, and uses that for signing. Flask was incorrectly constructing that list in reverse, passing the signing key first.
Sites that have opted-in to use key rotation by setting SECRET_KEY_FALLBACKS are likely to unexpectedly be signing their sessions with stale keys, and their transition to fresher keys will be impeded. Sessions are still signed, so this would not cause any sort of data integrity loss.
References
https://github.com/pallets/flask/security/advisories/GHSA-4grg-w6v8-c28g
https://nvd.nist.gov/vuln/detail/CVE-2025-47278
https://github.com/pallets/flask/commit/73d6504063bfa00666a92b07a28aaf906c532f09
https://github.com/pallets/flask/releases/tag/3.1.1
https://github.com/advisories/GHSA-4grg-w6v8-c28g
CVSS: LOW (1.8) EPSS Score: 0.02%
May 13th, 2025 (25 days ago)
|