Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-0189

Description: A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teacher_message.php of the component Create Message Handler. The manipulation of the argument Content with the input alert(x) leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249502 is the identifier assigned to this vulnerability. In RRJ Nueva Ecija Engineer Online Portal 1.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei teacher_message.php der Komponente Create Message Handler. Dank der Manipulation des Arguments Content mit der Eingabe alert(x) mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.5)

EPSS Score: 0.07%

SSVC Exploitation: poc

Source: CVE
May 9th, 2025 (29 days ago)

CVE-2024-0557

Description: A vulnerability, which was classified as problematic, was found in DedeBIZ 6.3.0. This affects an unknown part of the component Website Copyright Setting. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250725 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in DedeBIZ 6.3.0 gefunden. Es betrifft eine unbekannte Funktion der Komponente Website Copyright Setting. Mit der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (2.4)

EPSS Score: 0.06%

SSVC Exploitation: poc

Source: CVE
May 9th, 2025 (29 days ago)

CVE-2024-0599

Description: A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java of the component Document Management Page. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250837 was assigned to this vulnerability. In Jspxcms 10.2.0 wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei src\main\java\com\jspxcms\core\web\back\InfoController.java der Komponente Document Management Page. Durch Manipulation des Arguments title mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.5)

EPSS Score: 0.18%

SSVC Exploitation: poc

Source: CVE
May 9th, 2025 (29 days ago)
Description: inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization. References https://nvd.nist.gov/vuln/detail/CVE-2025-47735 https://github.com/Nugine/wgp/issues/1 https://github.com/advisories/GHSA-2w4w-4385-vh4h

CVSS: LOW (2.9)

EPSS Score: 0.02%

Source: Github Advisory Database (Rust)
May 9th, 2025 (29 days ago)
Description: dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8. References https://nvd.nist.gov/vuln/detail/CVE-2025-47736 https://github.com/gwenn/lemon-rs/issues/86 https://github.com/tursodatabase/libsql/issues/2052 https://github.com/gwenn/lemon-rs/pull/8 https://crates.io/crates/libsql-sqlite3-parser https://github.com/advisories/GHSA-8m95-fffc-h4c5

CVSS: LOW (2.9)

EPSS Score: 0.02%

Source: Github Advisory Database (Rust)
May 9th, 2025 (29 days ago)
Description: lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero. References https://nvd.nist.gov/vuln/detail/CVE-2025-47737 https://github.com/Geal/trailer/issues/2 https://crates.io/crates/trailer https://github.com/advisories/GHSA-6x45-r4pr-5362

CVSS: LOW (2.9)

EPSS Score: 0.02%

Source: Github Advisory Database (Rust)
May 9th, 2025 (29 days ago)

CVE-2025-4470

Description: A vulnerability classified as problematic was found in SourceCodester Online Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-student.php. The manipulation of the argument Fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. In SourceCodester Online Student Clearance System 1.0 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /admin/add-student.php. Dank Manipulation des Arguments Fullname mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (2.4)

EPSS Score: 0.03%

Source: CVE
May 9th, 2025 (30 days ago)

CVE-2025-47737

Description: lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero.

CVSS: LOW (2.9)

EPSS Score: 0.02%

Source: CVE
May 9th, 2025 (30 days ago)

CVE-2025-47736

Description: dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8.

CVSS: LOW (2.9)

EPSS Score: 0.02%

Source: CVE
May 9th, 2025 (30 days ago)

CVE-2025-47735

Description: inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization.

CVSS: LOW (2.9)

EPSS Score: 0.02%

Source: CVE
May 9th, 2025 (30 days ago)