Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5544 |
Description: A vulnerability was found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. It has been rated as problematic. Affected by this issue is the function image of the file src/main/java/cn/gson/oasys/controller/user/UserpanelController.java. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. Eine problematische Schwachstelle wurde in aaluoxiang oa_system bis 5b445a6227b51cee287bd0c7c33ed94b801a82a5 ausgemacht. Hierbei geht es um die Funktion image der Datei src/main/java/cn/gson/oasys/controller/user/UserpanelController.java. Mit der Manipulation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
June 3rd, 2025 (5 days ago)
|
|
CVE-2025-5525 |
Description: A vulnerability was found in Jrohy trojan up to 2.15.3. It has been declared as critical. This vulnerability affects the function LogChan of the file trojan/util/linux.go. The manipulation of the argument c leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. In Jrohy trojan bis 2.15.3 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion LogChan der Datei trojan/util/linux.go. Durch das Manipulieren des Arguments c mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.6) EPSS Score: 0.2%
June 3rd, 2025 (5 days ago)
|
|
CVE-2025-5521 |
Description: A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In WuKongOpenSource WukongCRM 9.0 wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei /system/user/updataPassword. Durch das Beeinflussen mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
June 3rd, 2025 (5 days ago)
|
|
CVE-2025-5520 |
Description: A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 9f5d133657850e6167231527514ee1364d37a884. It is recommended to apply a patch to fix this issue. This is a different issue than CVE-2025-1893. Es wurde eine problematische Schwachstelle in Open5GS bis 2.7.3 ausgemacht. Hiervon betroffen ist die Funktion gmm_state_authentication/emm_state_authentication der Komponente AMF/MME. Durch Manipulieren mit unbekannten Daten kann eine reachable assertion-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. Der Patch wird als 9f5d133657850e6167231527514ee1364d37a884 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.
CVSS: MEDIUM (5.3) EPSS Score: 0.09% SSVC Exploitation: poc
June 3rd, 2025 (5 days ago)
|
|
CVE-2025-48953 |
Description: Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowable file extensions via a manipulated API request. The issue is patched in versions 15.4.2 and 16.0.0. No known workarounds are available.
CVSS: MEDIUM (5.5) EPSS Score: 0.03% SSVC Exploitation: none
June 3rd, 2025 (5 days ago)
|
|
CVE-2025-48950 |
Description: MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the issue.
CVSS: MEDIUM (5.8) EPSS Score: 0.05% SSVC Exploitation: poc
June 3rd, 2025 (5 days ago)
|
|
CVE-2024-23550 |
Description: HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.
CVSS: MEDIUM (6.2) EPSS Score: 0.04% SSVC Exploitation: none
June 3rd, 2025 (5 days ago)
|
|
CVE-2024-22241 |
Description: Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.
CVSS: MEDIUM (4.3) EPSS Score: 3.07% SSVC Exploitation: none
June 3rd, 2025 (5 days ago)
|
|
CVE-2024-22238 |
Description: Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.
CVSS: MEDIUM (6.4) EPSS Score: 1.23% SSVC Exploitation: none
June 3rd, 2025 (5 days ago)
|
|
CVE-2024-20979 |
Description: Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
CVSS: MEDIUM (5.4) EPSS Score: 0.19% SSVC Exploitation: none
June 3rd, 2025 (5 days ago)
|