Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22601 |
Description: Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: LOW (3.1) EPSS Score: 0.04%
February 5th, 2025 (3 months ago)
|
|
CVE-2025-22475 |
Description: Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.
CVSS: LOW (3.7) EPSS Score: 0.09%
February 5th, 2025 (3 months ago)
|
|
CVE-2025-20895 |
Description: Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.
CVSS: LOW (3.2) EPSS Score: 0.04%
February 5th, 2025 (3 months ago)
|
|
CVE-2024-56197 |
Description: Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. Users are advised to upgrade. Users unable to upgrade should remove all groups from the the "PM tags allowed for groups" option.
CVSS: LOW (2.2) EPSS Score: 0.04%
February 5th, 2025 (3 months ago)
|
|
CVE-2024-45658 |
Description: IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVSS: LOW (2.7) EPSS Score: 0.05%
February 5th, 2025 (3 months ago)
|
|
CVE-2025-24959 |
Description: zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into `process.env`. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for security-sensitive operations. Applications that process untrusted input and pass it through `dotenv.stringify` are particularly vulnerable. This issue has been patched in version 8.3.2. Users should immediately upgrade to this version to mitigate the vulnerability. If upgrading is not feasible, users can mitigate the vulnerability by sanitizing user-controlled environment variable values before passing them to `dotenv.stringify`. Specifically, avoid using `"`, `'`, and backticks in values, or enforce strict validation of environment variables before usage.
CVSS: LOW (1.0) EPSS Score: 0.04%
February 4th, 2025 (3 months ago)
|
|
CVE-2025-0974 |
Description: A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. This issue affects some unknown processing. The manipulation of the argument li_op/md leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in MaxD Lightning Module 4.43 für OpenCart entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code. Mittels dem Manipulieren des Arguments li_op/md mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.3) EPSS Score: 0.06%
February 4th, 2025 (3 months ago)
|
|
CVE-2025-0148 |
Description: Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access.
CVSS: LOW (2.6) EPSS Score: 0.04%
February 4th, 2025 (3 months ago)
|
|
CVE-2024-53296 |
Description: Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
CVSS: LOW (2.7) EPSS Score: 0.04%
February 2nd, 2025 (3 months ago)
|
|
CVE-2025-24336 |
Description: SXF Common Library handles input data improperly. If a product using the library reads a crafted file, the product may be crashed.
CVSS: LOW (3.3) EPSS Score: 0.04%
February 1st, 2025 (3 months ago)
|