Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-2715
Campcodes Complete Online DJ Booking System user-search.php cross site scripting
Description: A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/user-search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257468. Eine Schwachstelle wurde in Campcodes Complete Online DJ Booking System 1.0 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /admin/user-search.php. Mit der Manipulation des Arguments searchdata mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.5)

EPSS Score: 0.08%

SSVC Exploitation: poc

Source: CVE
April 10th, 2025 (8 days ago)

CVE-2025-32700
AbuseFilter log interfaces expose global private and hidden filters when central DB is not available
Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php, includes/View/AbuseFilterViewExamine.Php. This issue affects AbuseFilter: from >= 1.43.0 before 1.43.1.

CVSS: LOW (2.3)

EPSS Score: 0.08%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (8 days ago)

CVE-2025-32699
Potential javascript injection attack enabled by Unicode normalization in Action API
Description: Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.

CVSS: LOW (2.1)

EPSS Score: 0.09%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (8 days ago)

CVE-2025-32698
LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions
Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.

CVSS: LOW (2.1)

EPSS Score: 0.08%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (8 days ago)

CVE-2025-24866
Unauthorized Access to User Activity Logs API by delegated granular administration roles
Description: Mattermost versions 9.11.x <= 9.11.8  fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs.

CVSS: LOW (2.7)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (9 days ago)

CVE-2025-32382
Snowflake credentials logged by the Metabase backend
Description: Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase (either updating a password or changing password to private key or vice versa), Metabase would not always purge older Snowflake connection details from the application database. In order to remove older and stale connection details, Metabase would try one connection method at a time and purge all the other connection methods from the application database. When Metabase found a connection that worked, it would log (log/infof "Successfully connected, migrating to: %s" (pr-str test-details)) which would then print the username and password to the logger. This is fixed in 52.17.1, 53.9.5 and 54.1.5 in both the OSS and enterprise editions. Versions 51 and lower are not impacted.

CVSS: LOW (1.8)

EPSS Score: 0.05%

Source: CVE
April 10th, 2025 (9 days ago)

CVE-2025-2469
Debug Messages Revealing Unnecessary Information in GitLab
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users.

CVSS: LOW (3.7)

EPSS Score: 0.02%

Source: CVE
April 10th, 2025 (9 days ago)

CVE-2025-32205
WordPress piotnetforms plugin <=1.0.30 - Path Traversal vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms. This issue affects Piotnet Forms: from n/a through 1.0.30.

CVSS: LOW (2.7)

EPSS Score: 0.05%

Source: CVE
April 10th, 2025 (9 days ago)

CVE-2025-26479
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this...
Description: Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues.

CVSS: LOW (3.1)

EPSS Score: 0.03%

Source: CVE
April 10th, 2025 (9 days ago)

CVE-2025-23378
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low...
Description: Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

CVSS: LOW (3.3)

EPSS Score: 0.01%

Source: CVE
April 10th, 2025 (9 days ago)