Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-0282 |
Description: A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249837 was assigned to this vulnerability. Es wurde eine Schwachstelle in Kashipara Food Management System bis 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei addmaterialsubmit.php. Mittels dem Manipulieren des Arguments tin mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.07% SSVC Exploitation: poc
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-32415 |
Description: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
CVSS: LOW (2.9) EPSS Score: 0.02%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-26268 |
Description: DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.
CVSS: LOW (3.3) EPSS Score: 0.03%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2024-0349 |
Description: A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability. In SourceCodester Engineers Online Portal 1.0 wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung. Durch Beeinflussen mit unbekannten Daten kann eine sensitive cookie without secure attribute-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.7) EPSS Score: 0.03% SSVC Exploitation: poc
April 17th, 2025 (about 2 months ago)
|
|
CVE-2024-0341 |
Description: A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The identifier VDB-250109 was assigned to this vulnerability. Eine Schwachstelle wurde in Inis bis 2.0.1 ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /app/api/controller/default/File.php der Komponente GET Request Handler. Mit der Manipulation des Arguments path mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.42% SSVC Exploitation: none
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-29931 |
Description: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition.
Successful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted.
CVSS: LOW (3.7) EPSS Score: 0.12%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-26478 |
Description: Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.
CVSS: LOW (3.1) EPSS Score: 0.01%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-1215 |
Description:
Nessus Plugin ID 234509 with Low Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2827 advisory. A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component. (CVE-2025-1215) Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `:display` to a register, Vim will free the register content before storing the new content in the register. Now when redirecting the `:display` command to a register that is being displayed, Vim will free the content while shortly afterwards trying to access it, which leads to a use-after-free. Vim pre 9.1.1115 checks in the ex_display() function, that it does not try to redirect to a register while displaying this register at ...
CVSS: LOW (2.4)
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-2295 |
Description:
Nessus Plugin ID 234516 with Low Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2824 advisory. EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. (CVE-2025-2295)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update edk2' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234516
CVSS: LOW (3.5)
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-24912 |
Description:
Nessus Plugin ID 234531 with Low Severity
Synopsis
The remote Azure Linux host is missing one or more security updates.
Description
The version of wpa_supplicant installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-24912 advisory. - hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server May inject crafted RADIUS packets and force RADIUS authentications to fail. (CVE-2025-24912)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/234531
CVSS: LOW (3.7)
April 17th, 2025 (about 2 months ago)
|