Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0733 |
Description: A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in Postman bis 11.20 für Windows gefunden. Hiervon betroffen ist ein unbekannter Codeblock in der Bibliothek profapi.dll. Durch das Beeinflussen mit unbekannten Daten kann eine untrusted search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen.
CVSS: LOW (2.0) EPSS Score: 0.05%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-0732 |
Description: A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. Eine problematische Schwachstelle wurde in Discord bis 1.0.9177 für Windows entdeckt. Davon betroffen ist unbekannter Code in der Bibliothek profapi.dll. Durch Manipulieren mit unbekannten Daten kann eine untrusted search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar.
CVSS: LOW (2.0) EPSS Score: 0.05%
January 28th, 2025 (3 months ago)
|
|
CVE-2024-43446 |
Description: An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions.
This issue affects:
* OTRS 7.0.X
* OTRS 8.0.X
* OTRS 2023.X
* OTRS 2024.X
* ((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
CVSS: LOW (3.5) EPSS Score: 0.04%
January 28th, 2025 (3 months ago)
|
|
CVE-2024-13450 |
Description: The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The vulnerability can also be exploited in Multisite environments.
CVSS: LOW (3.8) EPSS Score: 0.11%
January 28th, 2025 (3 months ago)
|
|
CVE-2025-24025 |
Description: Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the error modal, which leads to cross-site scripting. Version 4.0.0-beta.380 fixes the issue.
CVSS: LOW (1.3) EPSS Score: 0.04%
January 25th, 2025 (3 months ago)
|
|
CVE-2024-35122 |
Description: IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.
CVSS: LOW (2.8) EPSS Score: 0.04%
January 25th, 2025 (3 months ago)
|
|
CVE-2025-24034 |
Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`.
CVSS: LOW (3.2) EPSS Score: 0.04%
January 24th, 2025 (3 months ago)
|
|
CVE-2024-52328 |
Description: ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.
CVSS: LOW (1.8) EPSS Score: 0.04%
January 24th, 2025 (3 months ago)
|
|
CVE-2024-42186 |
Description: BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation.
CVSS: LOW (2.8) EPSS Score: 0.04%
January 24th, 2025 (3 months ago)
|
|
CVE-2024-42185 |
Description: BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability by injecting malicious XML content, which can lead to various issues including denial of service and unauthorized access.
CVSS: LOW (2.5) EPSS Score: 0.04%
January 24th, 2025 (3 months ago)
|