Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-20810 |
Description: Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information.
CVSS: LOW (3.3) EPSS Score: 0.05% SSVC Exploitation: none
April 24th, 2025 (about 1 month ago)
|
|
CVE-2024-1433 |
Description: A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user's home or the installation of third party global themes. Es wurde eine problematische Schwachstelle in KDE Plasma Workspace bis 5.93.0 gefunden. Es geht dabei um die Funktion EventPluginsManager::enabledPlugins der Datei components/calendar/eventpluginsmanager.cpp der Komponente Theme File Handler. Dank der Manipulation des Arguments pluginId mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Patch wird als 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.
CVSS: LOW (3.1) EPSS Score: 0.11% SSVC Exploitation: none
April 24th, 2025 (about 1 month ago)
|
|
CVE-2024-1267 |
Description: A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file create_account.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-253010 is the identifier assigned to this vulnerability. Eine problematische Schwachstelle wurde in CodeAstro Restaurant POS System 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei create_account.php. Durch Beeinflussen des Arguments Full Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.07% SSVC Exploitation: none
April 24th, 2025 (about 1 month ago)
|
|
CVE-2024-1246 |
Description: Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.
CVSS: LOW (2.0) EPSS Score: 0.31% SSVC Exploitation: none
April 24th, 2025 (about 1 month ago)
|
|
CVE-2025-41423 |
Description: Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without channel access or appropriate permissions.
CVSS: LOW (3.1) EPSS Score: 0.02%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-25046 |
Description: IBM InfoSphere Information Server 11.7 DataStage Flow Designer
transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.
CVSS: LOW (3.7) EPSS Score: 0.01%
April 23rd, 2025 (about 2 months ago)
|
|
CVE-2024-58251 |
Description: In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.
CVSS: LOW (2.5) EPSS Score: 0.02%
April 23rd, 2025 (about 2 months ago)
|
|
CVE-2025-46394 |
Description: In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
CVSS: LOW (3.2) EPSS Score: 0.02% SSVC Exploitation: none
April 23rd, 2025 (about 2 months ago)
|
|
CVE-2025-46393 |
Description: In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order).
CVSS: LOW (2.9) EPSS Score: 0.02% SSVC Exploitation: none
April 23rd, 2025 (about 2 months ago)
|
|
CVE-2025-43965 |
Description: In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.
CVSS: LOW (2.9) EPSS Score: 0.02%
April 23rd, 2025 (about 2 months ago)
|