Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-2826 |
Description: n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are:
* Packets which should be permitted may be dropped and,
* Packets which should be dropped may be permitted.
CVSS: LOW (2.6) EPSS Score: 0.02%
May 27th, 2025 (10 days ago)
|
|
Description: The process_lock crate 0.1.0 for Rust allows data races in unlock.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-48751
https://github.com/tickbh/ProcessLock/issues/1
https://crates.io/crates/process_lock
https://github.com/advisories/GHSA-6v24-6wgf-8vj6
CVSS: LOW (2.9) EPSS Score: 0.02%
May 27th, 2025 (10 days ago)
|
|
|
Description: In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-48752
https://github.com/Forestryks/process-sync-rs/issues/3
https://crates.io/crates/process-sync
https://github.com/advisories/GHSA-mqwx-r894-9hfp
CVSS: LOW (2.9) EPSS Score: 0.02%
May 27th, 2025 (10 days ago)
|
|
|
Description: In the memory_pages crate 0.1.0 for Rust, division by zero can occur.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-48754
https://github.com/FractalFir/memory_pages/issues/1
https://crates.io/crates/memory_pages
https://github.com/advisories/GHSA-5r4r-9fgh-pw53
CVSS: LOW (2.9) EPSS Score: 0.02%
May 27th, 2025 (10 days ago)
|
|
|
Description: In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-48756
https://github.com/maboroshinokiseki/scsir/issues/4
https://crates.io/crates/scsir
https://github.com/advisories/GHSA-cm3g-qm4h-xm6m
CVSS: LOW (2.9) EPSS Score: 0.02%
May 27th, 2025 (10 days ago)
|
|
CVE-2025-48370 |
Description: auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the wrong API function being called. Implementations that follow security best practice and validate user controlled inputs, such as the userId are not affected by this. This issue has been patched in version 2.69.1.
CVSS: LOW (2.7) EPSS Score: 0.11% SSVC Exploitation: none
May 27th, 2025 (10 days ago)
|
|
CVE-2025-2236 |
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could reveal sensitive information while managing and configuring of the external services.
This issue affects Advanced Authentication versions before 6.5.
CVSS: LOW (2.1) EPSS Score: 0.02% SSVC Exploitation: none
May 27th, 2025 (10 days ago)
|
|
CVE-2025-48382 |
Description: Fess is a deployable Enterprise Search Server. Prior to version 14.19.2, the createTempFile() method in org.codelibs.fess.helper.SystemHelper creates temporary files without explicitly setting restrictive permissions. This could lead to potential information disclosure, allowing unauthorized local users to access sensitive data contained in these files. This issue primarily affects environments where Fess is deployed in a shared or multi-user context. Typical single-user or isolated deployments have minimal or negligible practical impact. This issue has been patched in version 14.19.2. A workaround for this issue involves ensuring local access to the environment running Fess is restricted to trusted users only.
CVSS: LOW (1.2) EPSS Score: 0.02%
May 27th, 2025 (11 days ago)
|
|
CVE-2025-26211 |
Description: Gibbon before 29.0.00 allows CSRF.
CVSS: LOW (3.7) EPSS Score: 0.02%
May 27th, 2025 (11 days ago)
|
|
CVE-2025-5204 |
Description: A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::ParseSkinLump_3DGS_MDL7 of the file assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp. The manipulation leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. Es wurde eine Schwachstelle in Open Asset Import Library Assimp 5.4.3 entdeckt. Sie wurde als problematisch eingestuft. Dabei betrifft es die Funktion MDLImporter::ParseSkinLump_3DGS_MDL7 der Datei assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp. Mittels dem Manipulieren mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.3) EPSS Score: 0.01%
May 26th, 2025 (11 days ago)
|