Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-2331
SourceCodester Tourist Reservation System System.cpp ad_writedata buffer overflow
Description: A vulnerability was found in SourceCodester Tourist Reservation System 1.0. It has been declared as critical. This vulnerability affects the function ad_writedata of the file System.cpp. The manipulation of the argument ad_code leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256282 is the identifier assigned to this vulnerability. In SourceCodester Tourist Reservation System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion ad_writedata der Datei System.cpp. Durch Manipulation des Arguments ad_code mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.07%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (3 days ago)

CVE-2024-20832
Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.
Description: Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.

CVSS: MEDIUM (6.4)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (3 days ago)

CVE-2024-1851
The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on...
Description: The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating product lists.

CVSS: MEDIUM (6.3)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (3 days ago)

CVE-2024-1769
The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description...
Description: The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source.

CVSS: MEDIUM (5.3)

EPSS Score: 0.22%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (3 days ago)

CVE-2025-3696
SourceCodester Web-based Pharmacy Product Management System search_stock. php sql injection
Description: A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This vulnerability affects unknown code of the file /search/search_stock. php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In SourceCodester Web-based Pharmacy Product Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /search/search_stock. php. Durch das Beeinflussen des Arguments Name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE
April 16th, 2025 (3 days ago)

CVE-2025-3694
SourceCodester Web-based Pharmacy Product Management System Login sql injection
Description: A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the component Login Handler. The manipulation of the argument login_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in SourceCodester Web-based Pharmacy Product Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Komponente Login Handler. Durch Manipulieren des Arguments login_email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE
April 16th, 2025 (3 days ago)
[github.com/mattermost/mattermost/server/v8] Mattermost Incorrect Authorization vulnerability
Description: Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived. References https://nvd.nist.gov/vuln/detail/CVE-2025-27571 https://mattermost.com/security-updates https://github.com/advisories/GHSA-h4rr-f37j-4hh7

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: Github Advisory Database (Go)
April 16th, 2025 (3 days ago)
[github.com/mattermost/mattermost/server/v8] Mattermost vulnerable to Observable Timing Discrepancy
Description: Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison. References https://nvd.nist.gov/vuln/detail/CVE-2025-27936 https://mattermost.com/security-updates https://github.com/advisories/GHSA-2j87-p623-8cc2

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

Source: Github Advisory Database (Go)
April 16th, 2025 (3 days ago)
[github.com/mattermost/mattermost-plugin-msteams] Mattermost vulnerable to Observable Timing Discrepancy
Description: Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison. References https://nvd.nist.gov/vuln/detail/CVE-2025-27936 https://mattermost.com/security-updates https://github.com/advisories/GHSA-2j87-p623-8cc2

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

Source: Github Advisory Database (Go)
April 16th, 2025 (3 days ago)

CVE-2025-3692
SourceCodester Online Eyewear Shop Master.php cross site scripting
Description: A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In SourceCodester Online Eyewear Shop 1.0 wurde eine problematische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalität der Datei /oews/classes/Master.php?f=save_product. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (4.8)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE
April 16th, 2025 (3 days ago)