Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5543 |
Description: A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In TOTOLINK X2000R 1.0.0-B20230726.1108 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente Parent Controls Page. Dank Manipulation des Arguments Device Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.4) EPSS Score: 0.09%
June 3rd, 2025 (2 days ago)
|
|
CVE-2025-5542 |
Description: A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in TOTOLINK X2000R 1.0.0-B20230726.1108 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei /boafrm/formPortFw der Komponente Virtual Server Page. Dank der Manipulation des Arguments service_type mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.4) EPSS Score: 0.09%
June 3rd, 2025 (2 days ago)
|
|
CVE-2025-49000 |
Description: InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a denial-of-service via memory exhaustion. the issue is fixed in versions 0.17.13 and higher. No workaround is available aside from upgrading to the patched version.
CVSS: LOW (3.5) EPSS Score: 0.03%
June 3rd, 2025 (2 days ago)
|
|
CVE-2025-5523 |
Description: A vulnerability classified as problematic has been found in enilu web-flash 1.0. This affects the function fileService.upload of the file src/main/java/cn/enilu/flash/api/controller/FileController/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in enilu web-flash 1.0 entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion fileService.upload der Datei src/main/java/cn/enilu/flash/api/controller/FileController/upload der Komponente File Upload. Dank der Manipulation des Arguments File mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.03%
June 3rd, 2025 (2 days ago)
|
|
CVE-2025-5516 |
Description: A vulnerability, which was classified as problematic, was found in TOTOLINK X2000R 1.0.0-B20230726.1108. This affects an unknown part of the file /boafrm/formFilter of the component URL Filtering Page. The manipulation of the argument URL Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in TOTOLINK X2000R 1.0.0-B20230726.1108 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei /boafrm/formFilter der Komponente URL Filtering Page. Mittels dem Manipulieren des Arguments URL Address mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.4) EPSS Score: 0.09% SSVC Exploitation: poc
June 3rd, 2025 (2 days ago)
|
|
CVE-2024-23553 |
Description: A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute.
CVSS: LOW (3.0) EPSS Score: 0.31% SSVC Exploitation: none
June 3rd, 2025 (2 days ago)
|
|
CVE-2024-22236 |
Description: In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.
CVSS: LOW (3.3) EPSS Score: 0.05% SSVC Exploitation: none
June 3rd, 2025 (2 days ago)
|
|
CVE-2024-20955 |
Description: Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVSS: LOW (3.7) EPSS Score: 0.25% SSVC Exploitation: none
June 3rd, 2025 (2 days ago)
|
|
CVE-2024-20914 |
Description: Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
CVSS: LOW (2.3) EPSS Score: 0.07% SSVC Exploitation: none
June 3rd, 2025 (2 days ago)
|
|
CVE-2024-20912 |
Description: Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
CVSS: LOW (2.7) EPSS Score: 0.18% SSVC Exploitation: none
June 3rd, 2025 (2 days ago)
|