Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-30700 |
Description: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).
CVSS: LOW (3.5) EPSS Score: 0.03%
April 15th, 2025 (about 2 months ago)
|
|
CVE-2025-30681 |
Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
CVSS: LOW (2.7) EPSS Score: 0.04%
April 15th, 2025 (about 2 months ago)
|
|
CVE-2024-42193 |
Description: HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized access.
CVSS: LOW (2.1) EPSS Score: 0.03% SSVC Exploitation: none
April 15th, 2025 (about 2 months ago)
|
|
CVE-2025-32943 |
Description: The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint.
CVSS: LOW (3.7) EPSS Score: 0.06%
April 15th, 2025 (about 2 months ago)
|
|
CVE-2024-45712 |
Description: SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.
CVSS: LOW (2.6) EPSS Score: 0.04%
April 15th, 2025 (about 2 months ago)
|
|
CVE-2025-31494 |
Description: AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graph_id+graph_version. Additionally, there was no check prohibiting users from subscribing with another user's graph_id+graph_version. As a result, node execution updates from one user's graph execution could be received by another user within the same instance. This vulnerability does not occur between different instances or between users and non-users of the platform. Single-user instances are not affected. In private instances with a user white-list, the impact is limited by the fact that all potential unintended recipients of these node execution updates must have been admitted by the administrator. This vulnerability is fixed in 0.6.1.
CVSS: LOW (3.5) EPSS Score: 0.03%
April 15th, 2025 (about 2 months ago)
|
|
CVE-2025-2424 |
Description: Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation.
CVSS: LOW (3.1) EPSS Score: 0.03%
April 14th, 2025 (about 2 months ago)
|
|
CVE-2024-49709 |
Description: Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session cookie value. An attacker with an access to user's browser might set such a cookie, wait until the user logs in and then use the same cookie to take over the account.
Moreover, the system does not destroy the old sessions when creating new ones, what expands the time frame in which an attack might be performed.
This vulnerability has been patched in version 79.0
CVSS: LOW (2.3) EPSS Score: 0.05% SSVC Exploitation: none
April 14th, 2025 (about 2 months ago)
|
|
CVE-2025-24859 |
Description: A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised.
This issue affects Apache Roller versions up to and including 6.1.4.
The vulnerability is fixed in Apache Roller 6.1.5 by implementing centralized session management that properly invalidates all active sessions when passwords are changed or users are disabled.
CVSS: LOW (2.1) EPSS Score: 0.04%
April 14th, 2025 (about 2 months ago)
|
|
CVE-2025-30516 |
Description: Mattermost Mobile Apps versions <=2.25.0 fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications
CVSS: LOW (2.0) EPSS Score: 0.02%
April 14th, 2025 (about 2 months ago)
|