Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-3723
PCMan FTP Server MDTM Command buffer overflow
Description: A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. This issue affects some unknown processing of the component MDTM Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in PCMan FTP Server 2.0.7 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente MDTM Command Handler. Mittels Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
April 16th, 2025 (3 days ago)
[github.com/mattermost/mattermost/server/v8] Mattermost Incorrect Authorization vulnerability
Description: Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled. References https://nvd.nist.gov/vuln/detail/CVE-2025-2564 https://mattermost.com/security-updates https://github.com/advisories/GHSA-mj2p-v2c2-vh4v

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: Github Advisory Database (Go)
April 16th, 2025 (3 days ago)

CVE-2025-31201
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1,...
🚨 Marked as known exploited on April 17th, 2025 (2 days ago).
Description: This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

CVSS: MEDIUM (6.8)

EPSS Score: 0.5%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (3 days ago)

CVE-2025-39472
WordPress WooCommerce Social Login plugin <= 2.8.2 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in WPWeb WooCommerce Social Login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through 2.8.2.

CVSS: MEDIUM (4.3)

EPSS Score: 0.01%

Source: CVE
April 16th, 2025 (3 days ago)

CVE-2021-20035
CISA Adds One Known Exploited Vulnerability to Catalog
🚨 Marked as known exploited on April 16th, 2025 (3 days ago).
Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-20035 SonicWall SMA100 Appliances OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CVSS: MEDIUM (6.5)

Source: All CISA Advisories
April 16th, 2025 (3 days ago)

CVE-2025-2564
Unauthorized View Access to Archived Channel Member Info
Description: Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
April 16th, 2025 (3 days ago)

CVE-2025-20178
Cisco Secure Network Analytics Privilege Escalation Vulnerability
Description: A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root.

CVSS: MEDIUM (6.0)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (3 days ago)

CVE-2025-20150
Cisco Nexus Dashboard Username Enumeration Vulnerability
Description: A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts.

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

Source: CVE
April 16th, 2025 (3 days ago)

CVE-2024-22314
IBM Storage Defender - Resiliency Service information disclosure
Description: IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CVSS: MEDIUM (5.9)

EPSS Score: 0.02%

Source: CVE
April 16th, 2025 (3 days ago)

CVE-2024-2152
SourceCodester Online Mobile Management Store manage_product.php sql injection
Description: A vulnerability, which was classified as critical, has been found in SourceCodester Online Mobile Management Store 1.0. Affected by this issue is some unknown functionality of the file /admin/product/manage_product.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255584. Eine kritische Schwachstelle wurde in SourceCodester Online Mobile Management Store 1.0 entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /admin/product/manage_product.php. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (4.7)

EPSS Score: 0.05%

SSVC Exploitation: poc

Source: CVE
April 16th, 2025 (3 days ago)