Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2021-4217
Azure Linux 3.0 Security Update: unzip (CVE-2021-4217)
Description: Nessus Plugin ID 234534 with Low Severity Synopsis The remote Azure Linux host is missing one or more security updates. Description The version of unzip installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-4217 advisory. - A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. (CVE-2021-4217)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234534

CVSS: LOW (3.3)

Source: Tenable Plugins
April 17th, 2025 (about 2 months ago)

CVE-2025-1523
Ultimate Dashboard < 3.8.6 - Admin+ Stored XSS
Description: The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: LOW (3.5)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (about 2 months ago)

CVE-2024-11924
Email Subscribers < 5.7.52 - Admin+ Stored XSS
Description: The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: LOW (3.5)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (about 2 months ago)

CVE-2025-43708
VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when...
Description: VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an "insecure deserialization" issue.

CVSS: LOW (3.3)

EPSS Score: 0.01%

Source: CVE
April 17th, 2025 (about 2 months ago)

CVE-2025-32789
EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function
Description: EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of the sorted list of users. Although unlikely, if an attacker knows the hash value of their password, they can change the password and repeat the sorting until the other user's password hash is fully revealed. This issue is patched in version 9.0.7.

CVSS: LOW (3.1)

EPSS Score: 0.03%

Source: CVE
April 16th, 2025 (about 2 months ago)

CVE-2025-32787
SoftEtherVPN Affected by NULL dereference in DeleteIPv6DefaultRouterInRA
Description: SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` does not account for `ParsePacket` returning NULL, resulting in the program crashing. A patched version does not exist at this time.

CVSS: LOW (3.1)

EPSS Score: 0.03%

Source: CVE
April 16th, 2025 (about 2 months ago)

CVE-2024-58249
In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL.
Description: In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL.

CVSS: LOW (3.7)

EPSS Score: 0.05%

Source: CVE
April 16th, 2025 (about 2 months ago)

CVE-2024-2133
Bdtask Isshue Multi Store eCommerce Shopping Cart Solution Manage Sale Page manage_invoice cross site scripting
Description: A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manage_invoice of the component Manage Sale Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255495. Es wurde eine problematische Schwachstelle in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0 gefunden. Es betrifft eine unbekannte Funktion der Datei /dashboard/Cinvoice/manage_invoice der Komponente Manage Sale Page. Durch das Beeinflussen des Arguments Title mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (2.4)

EPSS Score: 0.05%

SSVC Exploitation: poc

Source: CVE
April 16th, 2025 (about 2 months ago)

CVE-2024-25114
Sensitive Information Disclosure (JailID) to users in Collabora Online
Description: Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should not be given out to the client. In affected versions of Collabora Online it is possible to use the CELL() function, with the "filename" argument, in the spreadsheet component to get a path which includes this JailID. The impact of this vulnerability in its own is low because it requires to be chained with another vulnerability. Users should upgrade to Collabora Online 23.05.9; Collabora Online 22.05.22; Collabora Online 21.11.10 or higher. There are no known workarounds for this vulnerability.

CVSS: LOW (2.6)

EPSS Score: 0.17%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (about 2 months ago)

CVE-2024-2364
Musicshelf Backup androidmanifest.xml backup
Description: A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256320. Es wurde eine problematische Schwachstelle in Musicshelf 1.0/1.1 für Android entdeckt. Es betrifft eine unbekannte Funktion der Datei androidmanifest.xml der Komponente Backup Handler. Durch das Beeinflussen mit unbekannten Daten kann eine exposure of backup file to an unauthorized control sphere-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (1.8)

EPSS Score: 0.02%

SSVC Exploitation: poc

Source: CVE
April 16th, 2025 (about 2 months ago)