Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-43966
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
Description: libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.

CVSS: LOW (2.9)

EPSS Score: 0.04%

Source: CVE
April 21st, 2025 (about 2 months ago)

CVE-2025-43964
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
Description: In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.

CVSS: LOW (2.9)

EPSS Score: 0.06%

Source: CVE
April 21st, 2025 (about 2 months ago)

CVE-2025-43963
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not...
Description: In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

CVSS: LOW (2.9)

EPSS Score: 0.05%

Source: CVE
April 21st, 2025 (about 2 months ago)

CVE-2025-43962
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1...
Description: In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.

CVSS: LOW (2.9)

EPSS Score: 0.05%

Source: CVE
April 21st, 2025 (about 2 months ago)

CVE-2025-43961
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
Description: In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.

CVSS: LOW (2.9)

EPSS Score: 0.05%

Source: CVE
April 21st, 2025 (about 2 months ago)

CVE-2025-43955
TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.
Description: TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.

CVSS: LOW (2.2)

EPSS Score: 0.03%

Source: CVE
April 20th, 2025 (about 2 months ago)

CVE-2025-27221
Azure Linux 3.0 Security Update: ruby (CVE-2025-27221)
Description: Nessus Plugin ID 234642 with Low Severity Synopsis The remote Azure Linux host is missing one or more security updates. Description The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27221 advisory. - In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. (CVE-2025-27221)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234642

CVSS: LOW (3.2)

Source: Tenable Plugins
April 20th, 2025 (about 2 months ago)

CVE-2025-3826
SourceCodester Web-based Pharmacy Product Management System add-supplier.php cross site scripting
Description: A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsupplier_name/txtaddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in SourceCodester Web-based Pharmacy Product Management System 1.0 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei add-supplier.php. Durch Beeinflussen des Arguments txtsupplier_name/txtaddress mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (2.4)

EPSS Score: 0.03%

Source: CVE
April 20th, 2025 (about 2 months ago)

CVE-2025-3801
songquanpeng one-api System Setting cross site scripting
Description: A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in songquanpeng one-api bis 0.6.10 ausgemacht. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente System Setting Handler. Durch das Beeinflussen des Arguments Homepage Content mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (2.4)

EPSS Score: 0.03%

Source: CVE
April 19th, 2025 (about 2 months ago)

CVE-2025-3787
PbootCMS Image server-side request forgery
Description: A vulnerability was found in PbootCMS 3.2.5. It has been classified as problematic. Affected is an unknown function of the component Image Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in PbootCMS 3.2.5 ausgemacht. Es betrifft eine unbekannte Funktion der Komponente Image Handler. Durch Manipulieren mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (2.7)

EPSS Score: 0.05%

Source: CVE
April 18th, 2025 (about 2 months ago)