Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-42184 |
Description: BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme.
CVSS: LOW (2.5) EPSS Score: 0.04%
January 24th, 2025 (3 months ago)
|
|
CVE-2024-42183 |
Description: BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls.
CVSS: LOW (2.5) EPSS Score: 0.04%
January 24th, 2025 (3 months ago)
|
|
CVE-2024-42182 |
Description: BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost.
CVSS: LOW (2.5) EPSS Score: 0.04%
January 24th, 2025 (3 months ago)
|
|
CVE-2025-0625 |
Description: A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in CampCodes School Management Software 1.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Komponente Attachment Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine improper control of resource identifiers-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.3) EPSS Score: 0.05%
January 23rd, 2025 (3 months ago)
|
|
CVE-2025-21546 |
Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).
CVSS: LOW (3.8) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|
|
CVE-2025-21520 |
Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).
CVSS: LOW (1.8) EPSS Score: 0.04%
January 22nd, 2025 (3 months ago)
|
|
CVE-2024-45687 |
Description: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Payara Server: from 4.1.151 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0; Payara Micro: from 4.1.152 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0.
CVSS: LOW (2.4) EPSS Score: 0.05%
January 22nd, 2025 (3 months ago)
|
|
CVE-2024-13524 |
Description: A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. The vendor disagrees that this issue is "something worth reporting, as every attack surface requires privileged access/user compromise". In obsproject OBS Studio bis 30.0.2 für Windows wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht näher bekannte Funktion. Mittels dem Manipulieren mit unbekannten Daten kann eine untrusted search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Als bestmögliche Massnahme wird Patching empfohlen.
CVSS: LOW (2.0) EPSS Score: 0.05%
January 21st, 2025 (3 months ago)
|
|
CVE-2025-0575 |
Description: A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. This vulnerability affects unknown code of the component Rooting Detection. The manipulation leads to protection mechanism failure. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In Union Bank of India Vyom 8.0.34 für Android wurde eine problematische Schwachstelle gefunden. Es geht um eine nicht näher bekannte Funktion der Komponente Rooting Detection. Mittels Manipulieren mit unbekannten Daten kann eine protection mechanism failure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (1.8) EPSS Score: 0.05%
January 20th, 2025 (3 months ago)
|
|
CVE-2025-0567 |
Description: A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This vulnerability affects unknown code in the library profapi.dll of the component Installer. The manipulation leads to untrusted search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult. In Epic Games Launcher bis 17.2.1 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion in der Bibliothek profapi.dll der Komponente Installer. Mittels dem Manipulieren mit unbekannten Daten kann eine untrusted search path-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig.
CVSS: LOW (2.0) EPSS Score: 0.05%
January 20th, 2025 (3 months ago)
|