Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-7296 |
Description: An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users.
CVSS: LOW (2.7) EPSS Score: 0.01%
March 13th, 2025 (3 months ago)
|
|
CVE-2024-8402 |
Description: An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introduce malicious code.
CVSS: LOW (3.7) EPSS Score: 0.02%
March 13th, 2025 (3 months ago)
|
|
CVE-2024-3141 |
Description: A vulnerability has been found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This vulnerability affects unknown code of the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings of the component Misc Settings Page. The manipulation of the argument WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258916. In Clavister E10 and E80 bis 14.00.10 wurde eine problematische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalität der Datei /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings der Komponente Misc Settings Page. Durch das Beeinflussen des Arguments WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 14.00.11 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgr...
CVSS: LOW (2.4) EPSS Score: 0.38% SSVC Exploitation: poc
March 12th, 2025 (3 months ago)
|
|
CVE-2024-27329 |
Description: PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22285.
CVSS: LOW (3.3) EPSS Score: 0.1% SSVC Exploitation: none
March 12th, 2025 (3 months ago)
|
|
CVE-2025-0883 |
Description: Improper Neutralization of Script in an Error Message Web Page vulnerability in OpenText™ Service Manager.
The vulnerability could reveal sensitive information retained by the browser.
This issue affects Service Manager: 9.70, 9.71, 9.72, 9.80.
CVSS: LOW (2.1) EPSS Score: 0.04%
March 12th, 2025 (3 months ago)
|
|
CVE-2024-13870 |
Description: An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.
CVSS: LOW (1.8) EPSS Score: 0.02%
March 12th, 2025 (3 months ago)
|
|
CVE-2025-24912 |
Description: hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.
CVSS: LOW (3.7) EPSS Score: 0.26%
March 12th, 2025 (3 months ago)
|
|
CVE-2025-0900 |
Description: PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25368.
CVSS: LOW (3.3) EPSS Score: 0.02%
March 11th, 2025 (3 months ago)
|
|
CVE-2024-55592 |
Description: An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests.
CVSS: LOW (3.6) EPSS Score: 0.02%
March 11th, 2025 (3 months ago)
|
|
CVE-2024-21208 |
Description:
Nessus Plugin ID 232564 with Medium Severity
Synopsis
The remote Ubuntu host is missing one or more security updates.
Description
The remote Ubuntu 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7339-1 advisory. Andy Boothe discovered that the Networking component of CRaC JDK 21 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21208) It was discovered that the Hotspot component of CRaC JDK 21 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2024-21210, CVE-2024-21235) It was discovered that the Serialization component of CRaC JDK 21 did not properly handle deserialization under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21217) It was discovered that the Hotspot component of CRaC JDK 21 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2025-21502) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. ...
CVSS: LOW (3.7)
March 11th, 2025 (3 months ago)
|