Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26532 |
Description: Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.
CVSS: LOW (3.1) EPSS Score: 0.03%
February 24th, 2025 (about 2 months ago)
|
|
CVE-2025-26531 |
Description: Insufficient capability checks made it possible to disable badges a user does not have permission to access.
CVSS: LOW (3.1) EPSS Score: 0.03%
February 24th, 2025 (about 2 months ago)
|
|
CVE-2025-26528 |
Description: The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.
CVSS: LOW (3.4) EPSS Score: 0.03%
February 24th, 2025 (about 2 months ago)
|
|
CVE-2025-1412 |
Description: Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-1412
https://mattermost.com/security-updates
https://github.com/mattermost/mattermost/commit/faa7e4f2ea0cca2fd2aba271912b9fc3be788842
https://github.com/advisories/GHSA-rhvr-6w8c-6v7w
CVSS: LOW (3.1) EPSS Score: 0.02%
February 24th, 2025 (about 2 months ago)
|
|
CVE-2025-1632 |
Description: A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine Schwachstelle in libarchive bis 3.7.7 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion list der Datei bsdunzip.c. Durch Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.3) EPSS Score: 0.02%
February 24th, 2025 (about 2 months ago)
|
|
CVE-2025-1412 |
Description: Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot.
CVSS: LOW (3.1) EPSS Score: 0.02%
February 24th, 2025 (about 2 months ago)
|
|
CVE-2025-1577 |
Description: A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /prostatus.php. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine problematische Schwachstelle wurde in code-projects Blood Bank System 1.0 entdeckt. Dies betrifft einen unbekannten Teil der Datei /prostatus.php. Durch die Manipulation des Arguments message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.03%
February 23rd, 2025 (about 2 months ago)
|
|
CVE-2024-45674 |
Description: IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11
stores potentially sensitive information in log files that could be read by a local user.
CVSS: LOW (3.3) EPSS Score: 0.01%
February 22nd, 2025 (about 2 months ago)
|
|
CVE-2025-27105 |
Description: vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write portion of the statement. This issue has been addressed in version 0.4.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: LOW (2.3) EPSS Score: 0.05%
February 21st, 2025 (about 2 months ago)
|
|
CVE-2025-27104 |
Description: vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body (e.g. read a storage variable updated in the loop body) and thus lead to unexpected program behavior. Specifically, reads in iterators which contain an ifexp (e.g. `for s: uint256 in ([read(), read()] if True else [])`) may interleave reads with writes in the loop body. Vyper for loops allow two kinds of iterator targets, namely the `range()` builtin and an iterable type, like SArray and DArray. During codegen, iterable lists are required to not produce any side-effects (in the following code, `range_scope` forces `iter_list` to be parsed in a constant context, which is checked against `is_constant`). However, this does not prevent the iterator from consuming side effects provided by the body of the loop. For SArrays on the other hand, `iter_list` is instantiated in the body of a `repeat` ir, so it can be evaluated several times. This issue is being addressed and is expected to be available in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.
CVSS: LOW (2.3) EPSS Score: 0.05%
February 21st, 2025 (about 2 months ago)
|