Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0883 |
Description: Improper Neutralization of Script in an Error Message Web Page vulnerability in OpenText™ Service Manager.
The vulnerability could reveal sensitive information retained by the browser.
This issue affects Service Manager: 9.70, 9.71, 9.72, 9.80.
CVSS: LOW (2.1) EPSS Score: 0.04%
March 12th, 2025 (about 1 month ago)
|
|
CVE-2024-13870 |
Description: An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.
CVSS: LOW (1.8) EPSS Score: 0.02%
March 12th, 2025 (about 1 month ago)
|
|
CVE-2025-24912 |
Description: hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.
CVSS: LOW (3.7) EPSS Score: 0.26%
March 12th, 2025 (about 1 month ago)
|
|
CVE-2025-0900 |
Description: PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25368.
CVSS: LOW (3.3) EPSS Score: 0.02%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2024-55592 |
Description: An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests.
CVSS: LOW (3.6) EPSS Score: 0.02%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2024-21208 |
Description:
Nessus Plugin ID 232564 with Medium Severity
Synopsis
The remote Ubuntu host is missing one or more security updates.
Description
The remote Ubuntu 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7339-1 advisory. Andy Boothe discovered that the Networking component of CRaC JDK 21 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21208) It was discovered that the Hotspot component of CRaC JDK 21 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2024-21210, CVE-2024-21235) It was discovered that the Serialization component of CRaC JDK 21 did not properly handle deserialization under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21217) It was discovered that the Hotspot component of CRaC JDK 21 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2025-21502) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. ...
CVSS: LOW (3.7)
March 11th, 2025 (about 1 month ago)
|
|
CVE-2024-21208 |
Description:
Nessus Plugin ID 232578 with Medium Severity
Synopsis
The remote Ubuntu host is missing one or more security updates.
Description
The remote Ubuntu 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7338-1 advisory. Andy Boothe discovered that the Networking component of CRaC JDK 17 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21208) It was discovered that the Hotspot component of CRaC JDK 17 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2024-21210, CVE-2024-21235) It was discovered that the Serialization component of CRaC JDK 17 did not properly handle deserialization under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21217) It was discovered that the Hotspot component of CRaC JDK 17 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2025-21502) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. ...
CVSS: LOW (3.7)
March 11th, 2025 (about 1 month ago)
|
|
CVE-2025-27398 |
Description: A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths.
This could allow an authenticated highly-privileged remote attacker to execute a limited set of binaries that are already present on the filesystem.
CVSS: LOW (2.7) EPSS Score: 0.04%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2025-27397 |
Description: A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where they are read.
This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files in the filesystem, if and only if the malicious path ends with 'log' .
CVSS: LOW (3.8) EPSS Score: 0.04%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2025-23384 |
Description: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2.1), SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) (All versions < V8.2.1), SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA...
CVSS: LOW (3.7) EPSS Score: 0.04%
March 11th, 2025 (about 1 month ago)
|