Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27893 |
Description: In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via a GenericContent/Record.aspx?id= URI. This enables unauthorized modification of system-generated metadata, compromising data integrity and potentially impacting auditing, compliance, and security controls.
CVSS: LOW (1.8) EPSS Score: 0.01%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2024-28607 |
Description: The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value.
CVSS: LOW (2.9) EPSS Score: 0.02%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2025-27432 |
Description: The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthorized attacker could call each transaction and view the inbound delivery details. This vulnerability has a low impact on the confidentiality with no effect on the integrity and the availability of the application.
CVSS: LOW (2.4) EPSS Score: 0.02%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2025-27430 |
Description: Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability
CVSS: LOW (3.5) EPSS Score: 0.03%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2025-26655 |
Description: SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted.
CVSS: LOW (3.1) EPSS Score: 0.03%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2024-41760 |
Description: IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.
CVSS: LOW (3.7) EPSS Score: 0.03%
March 11th, 2025 (about 1 month ago)
|
|
CVE-2025-27913 |
Description: Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.
CVSS: LOW (2.1) EPSS Score: 0.02%
March 10th, 2025 (about 1 month ago)
|
|
CVE-2024-52905 |
Description: IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.
CVSS: LOW (2.7) EPSS Score: 0.03% SSVC Exploitation: none
March 10th, 2025 (about 1 month ago)
|
|
CVE-2025-2153 |
Description: A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in HDF5 1.14.6 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion H5SM_delete der Datei H5SM.c der Komponente h5 File Handler. Durch das Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.3) EPSS Score: 0.04%
March 10th, 2025 (about 1 month ago)
|
|
CVE-2025-2149 |
Description: A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Eine problematische Schwachstelle wurde in PyTorch 2.6.0+cu124 ausgemacht. Davon betroffen ist die Funktion nnq_Sigmoid der Komponente Quantized Sigmoid Module. Durch die Manipulation des Arguments scale/zero_point mit unbekannten Daten kann eine improper initialization-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.0) EPSS Score: 0.02%
March 10th, 2025 (about 1 month ago)
|