Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-30681 |
Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
CVSS: LOW (2.7) EPSS Score: 0.04%
April 15th, 2025 (2 days ago)
|
|
CVE-2024-42193 |
Description: HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized access.
CVSS: LOW (2.1) EPSS Score: 0.02% SSVC Exploitation: none
April 15th, 2025 (2 days ago)
|
|
CVE-2025-32943 |
Description: The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint.
CVSS: LOW (3.7) EPSS Score: 0.05%
April 15th, 2025 (2 days ago)
|
|
CVE-2024-45712 |
Description: SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.
CVSS: LOW (2.6) EPSS Score: 0.04%
April 15th, 2025 (2 days ago)
|
|
CVE-2025-31494 |
Description: AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graph_id+graph_version. Additionally, there was no check prohibiting users from subscribing with another user's graph_id+graph_version. As a result, node execution updates from one user's graph execution could be received by another user within the same instance. This vulnerability does not occur between different instances or between users and non-users of the platform. Single-user instances are not affected. In private instances with a user white-list, the impact is limited by the fact that all potential unintended recipients of these node execution updates must have been admitted by the administrator. This vulnerability is fixed in 0.6.1.
CVSS: LOW (3.5) EPSS Score: 0.03%
April 15th, 2025 (3 days ago)
|
|
CVE-2025-2424 |
Description: Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation.
CVSS: LOW (3.1) EPSS Score: 0.03%
April 14th, 2025 (3 days ago)
|
|
CVE-2024-49709 |
Description: Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session cookie value. An attacker with an access to user's browser might set such a cookie, wait until the user logs in and then use the same cookie to take over the account.
Moreover, the system does not destroy the old sessions when creating new ones, what expands the time frame in which an attack might be performed.
This vulnerability has been patched in version 79.0
CVSS: LOW (2.3) EPSS Score: 0.04% SSVC Exploitation: none
April 14th, 2025 (3 days ago)
|
|
CVE-2025-30516 |
Description: Mattermost Mobile Apps versions <=2.25.0 fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications
CVSS: LOW (2.0) EPSS Score: 0.01%
April 14th, 2025 (4 days ago)
|
|
CVE-2024-46901 |
Description:
Nessus Plugin ID 234250 with Low Severity
Synopsis
The remote Azure Linux host is missing one or more security updates.
Description
The version of subversion installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46901 advisory. - Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected. (CVE-2024-46901)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/234250
CVSS: LOW (3.1)
April 14th, 2025 (4 days ago)
|
|
CVE-2025-1795 |
Description:
Nessus Plugin ID 234295 with Low Severity
Synopsis
The remote CBL Mariner host is missing one or more security updates.
Description
The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1795 advisory. - During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers. (CVE-2025-1795)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/234295
CVSS: LOW (2.3)
April 14th, 2025 (4 days ago)
|