Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-25218 |
Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
CVSS: LOW (3.3) EPSS Score: 0.01%
May 6th, 2025 (about 1 month ago)
|
|
CVE-2025-4293 |
Description: A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/group/edit.do of the component Group Edit Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in MRCMS 3.1.3 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /admin/group/edit.do der Komponente Group Edit Page. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.4) EPSS Score: 0.03%
May 5th, 2025 (about 1 month ago)
|
|
CVE-2025-4292 |
Description: A vulnerability has been found in MRCMS 3.1.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/user/edit.do of the component Edit User Page. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In MRCMS 3.1.3 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /admin/user/edit.do der Komponente Edit User Page. Durch Manipulation des Arguments Username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.4) EPSS Score: 0.03%
May 5th, 2025 (about 1 month ago)
|
|
CVE-2025-4287 |
Description: A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue. Eine problematische Schwachstelle wurde in PyTorch 2.6.0+cu124 ausgemacht. Hierbei geht es um die Funktion torch.cuda.nccl.reduce der Datei torch/cuda/nccl.py. Durch Beeinflussen mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur öffentlichen Verfügung. Der Patch wird als 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.
CVSS: LOW (3.3) EPSS Score: 0.01%
May 5th, 2025 (about 1 month ago)
|
|
CVE-2025-4286 |
Description: A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release. Es wurde eine problematische Schwachstelle in Intelbras InControl bis 2.21.59 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Komponente Dispositivos Edição Page. Durch Manipulieren des Arguments Senha de Comunicação mit unbekannten Daten kann eine unprotected storage of credentials-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.7) EPSS Score: 0.03%
May 5th, 2025 (about 1 month ago)
|
|
CVE-2025-46720 |
Description: Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a `where` clause with multiple unique filters (e.g. `id` and `email`), Keystone will attempt to match records even if filtering by the latter fields would normally be rejected by `field.isFilterable` or `list.defaultIsFilterable`. This can allow malicious actors to infer the presence of a particular field value when a filter is successful in returning a result. This affects any project relying on the default or dynamic `isFilterable` behavior (at the list or field level) to prevent external users from using the filtering of fields as a discovery mechanism. While this access control is respected during `findMany` operations, it was not completely enforced during `update` and `delete` mutations when accepting more than one unique `where` values in filters. This has no impact on projects using `isFilterable: false` or `defaultIsFilterable: false` for sensitive fields, or for those who have otherwise omitted filtering by these fields from their GraphQL schema. This issue has been patched in `@keystone-6/core` version 6.5.0. To mitigate this issue in older versions where patching is not a viable pathway, set `isFilterable: false` staticall...
CVSS: LOW (3.1) EPSS Score: 0.03% SSVC Exploitation: none
May 5th, 2025 (about 1 month ago)
|
|
CVE-2025-46553 |
Description: @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue.
CVSS: LOW (2.1) EPSS Score: 0.1% SSVC Exploitation: poc
May 5th, 2025 (about 1 month ago)
|
|
CVE-2024-51991 |
Description: October is a Content Management System (CMS) and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the `media.clean_vectors` configuration enabled. This configuration will sanitize SVG files uploaded using the media manager. This vulnerability allows an authenticated user to bypass this protection by uploading it with a permitted extension (for example, .jpg or .png) and later modifying it to the .svg extension. This vulnerability assumes a trusted user will attack another trusted user and cannot be actively exploited without access to the administration panel and interaction from the other user. This issue has been patched in v3.7.5.
CVSS: LOW (1.1) EPSS Score: 0.05%
May 5th, 2025 (about 1 month ago)
|
|
Description: In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-58253
https://github.com/CasualX/obfstr/issues/60
https://github.com/CasualX/obfstr/compare/v0.4.3...v0.4.4
https://github.com/advisories/GHSA-v2p5-q653-9j99
CVSS: LOW (2.9) EPSS Score: 0.02%
May 5th, 2025 (about 1 month ago)
|
|
CVE-2025-2545 |
Description: Vulnerability in Best Practical Solutions, LLC's Request Tracker v5.0.7, where the Triple DES (3DES) cryptographic algorithm is used within SMIME code to encrypt S/MIME emails. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.
CVSS: LOW (2.3) EPSS Score: 0.02%
May 5th, 2025 (about 1 month ago)
|