Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5702 |
Description: The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.
CVSS: MEDIUM (5.6) EPSS Score: 0.04%
June 5th, 2025 (2 days ago)
|
|
CVE-2025-5679 |
Description: A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in Shenzhen Dashi Tongzhou Information Technology AgileBPM bis 2.5.0 entdeckt. Hiervon betroffen ist die Funktion parseStrByFreeMarker der Datei /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. Durch das Beeinflussen des Arguments str mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
June 5th, 2025 (2 days ago)
|
|
CVE-2025-5674 |
Description: A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file urinalysis_form.php. The manipulation of the argument urinalysis_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in code-projects Patient Record Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei urinalysis_form.php. Mittels dem Manipulieren des Arguments urinalysis_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.03%
June 5th, 2025 (2 days ago)
|
|
CVE-2025-5670 |
Description: A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/manage-card.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PHPGurukul Medical Card Generation System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /admin/manage-card.php. Mit der Manipulation des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.03% SSVC Exploitation: poc
June 5th, 2025 (2 days ago)
|
|
CVE-2025-46258 |
Description: Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0.
CVSS: MEDIUM (5.4) EPSS Score: 0.03% SSVC Exploitation: none
June 5th, 2025 (2 days ago)
|
|
CVE-2025-46257 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.01% SSVC Exploitation: none
June 5th, 2025 (2 days ago)
|
|
CVE-2024-24488 |
Description: An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component.
CVSS: MEDIUM (5.5) EPSS Score: 0.02% SSVC Exploitation: none
June 5th, 2025 (2 days ago)
|
|
CVE-2024-24388 |
Description: Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login.
CVSS: MEDIUM (6.1) EPSS Score: 0.04% SSVC Exploitation: none
June 5th, 2025 (2 days ago)
|
|
CVE-2024-24254 |
Description: PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes.
CVSS: MEDIUM (4.2) EPSS Score: 0.04% SSVC Exploitation: none
June 5th, 2025 (2 days ago)
|
|
CVE-2024-24135 |
Description: Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks.
CVSS: MEDIUM (6.1) EPSS Score: 0.55% SSVC Exploitation: poc
June 5th, 2025 (2 days ago)
|