Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-48931
The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow...
Description: The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables) with low computational effort.

CVSS: LOW (3.2)

EPSS Score: 0.01%

Source: CVE
May 28th, 2025 (9 days ago)

CVE-2025-48930
The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an...
🚨 Marked as known exploited on May 28th, 2025 (9 days ago).
Description: The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues, as exploited in the wild in May 2025.

CVSS: LOW (2.8)

EPSS Score: 0.01%

Source: CVE
May 28th, 2025 (9 days ago)
[hackney] Hackney fails to properly release HTTP connections to the pool
Description: Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release. References https://nvd.nist.gov/vuln/detail/CVE-2025-3864 https://github.com/benoitc/hackney/issues/717 https://cert.pl/en/posts/2025/05/CVE-2025-3864 https://github.com/advisories/GHSA-9fm9-hp7p-53mf

CVSS: LOW (2.3)

EPSS Score: 0.19%

Source: Github Advisory Database (Erlang)
May 28th, 2025 (9 days ago)

CVE-2025-3864
Connection pool exhaustion in hackney
Description: Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release.

CVSS: LOW (2.3)

EPSS Score: 0.19%

Source: CVE
May 28th, 2025 (9 days ago)

CVE-2025-47295
A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a...
Description: A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker's control.

CVSS: LOW (3.7)

EPSS Score: 0.08%

Source: CVE
May 28th, 2025 (9 days ago)

CVE-2025-46777
A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through...
Description: A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log.

CVSS: LOW (2.2)

EPSS Score: 0.03%

Source: CVE
May 28th, 2025 (9 days ago)

CVE-2025-24473
A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow...
Description: A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)

CVSS: LOW (3.7)

EPSS Score: 0.05%

Source: CVE
May 28th, 2025 (9 days ago)

CVE-2024-54020
A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker...
Description: A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.

CVSS: LOW (2.3)

EPSS Score: 0.03%

Source: CVE
May 28th, 2025 (9 days ago)

CVE-2025-2826
n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled ...
Description: n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are: * Packets which should be permitted may be dropped and, * Packets which should be dropped may be permitted.

CVSS: LOW (2.6)

EPSS Score: 0.02%

Source: CVE
May 27th, 2025 (10 days ago)
[process_lock] process_lock has a Potential Unsound issue in unlock
Description: The process_lock crate 0.1.0 for Rust allows data races in unlock. References https://nvd.nist.gov/vuln/detail/CVE-2025-48751 https://github.com/tickbh/ProcessLock/issues/1 https://crates.io/crates/process_lock https://github.com/advisories/GHSA-6v24-6wgf-8vj6

CVSS: LOW (2.9)

EPSS Score: 0.02%

Source: Github Advisory Database (Rust)
May 27th, 2025 (10 days ago)