Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1082 |
Description: A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in Mindskip xzs-mysql 学之思开源考试系统 3.9.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /api/admin/question/edit der Komponente Exam Edit Handler. Durch die Manipulation des Arguments title/content mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.07%
February 7th, 2025 (2 months ago)
|
|
CVE-2025-1081 |
Description: A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in Bharti Airtel Xstream Fiber bis 20250123 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente WiFi Password Handler. Mit der Manipulation mit unbekannten Daten kann eine use of weak credentials-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme werden Anpassungen an der Konfiguration empfohlen.
CVSS: LOW (2.3) EPSS Score: 0.05%
February 7th, 2025 (2 months ago)
|
|
CVE-2024-57956 |
Description: Out-of-bounds read vulnerability in the interpreter string module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS: LOW (2.8) EPSS Score: 0.04%
February 7th, 2025 (2 months ago)
|
|
CVE-2024-56467 |
Description: IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVSS: LOW (3.3) EPSS Score: 0.04%
February 7th, 2025 (2 months ago)
|
|
CVE-2025-23415 |
Description: An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser network access VPN client for Windows, macOS and Linux.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS: LOW (3.1) EPSS Score: 0.04%
February 6th, 2025 (2 months ago)
|
|
CVE-2025-20185 |
Description: A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials.
This vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system.
Note: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker.
CVSS: LOW (3.4) EPSS Score: 0.04%
February 6th, 2025 (2 months ago)
|
|
CVE-2024-9097 |
Description: ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.
CVSS: LOW (3.5) EPSS Score: 0.04%
February 6th, 2025 (2 months ago)
|
|
CVE-2024-5528 |
Description: An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages.
CVSS: LOW (3.5) EPSS Score: 0.04%
February 6th, 2025 (2 months ago)
|
|
CVE-2024-53104 |
Description:
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2024-53104 Linux Kernel Out-of-Bounds Write Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CVSS: LOW (0.0)
February 5th, 2025 (2 months ago)
|
|
CVE-2024-53104 |
Description: Linux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physical escalation of privilege.
CVSS: LOW (0.0)
February 5th, 2025 (2 months ago)
|