Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-29984 |
Description: Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVSS: MEDIUM (6.7) EPSS Score: 0.01%
April 15th, 2025 (6 days ago)
|
|
CVE-2025-29983 |
Description: Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVSS: MEDIUM (6.7) EPSS Score: 0.01%
April 15th, 2025 (6 days ago)
|
|
CVE-2025-3613 |
Description: A vulnerability has been found in Demtec Graphytics 5.0.7 and classified as problematic. This vulnerability affects unknown code of the file /visualization. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In Demtec Graphytics 5.0.7 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /visualization. Mittels dem Manipulieren des Arguments description mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.1) EPSS Score: 0.03%
April 15th, 2025 (6 days ago)
|
|
CVE-2025-3612 |
Description: A vulnerability, which was classified as problematic, was found in Demtec Graphytics 5.0.7. This affects an unknown part of the file /visualization of the component HTTP GET Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in Demtec Graphytics 5.0.7 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /visualization der Komponente HTTP GET Parameter Handler. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
April 15th, 2025 (6 days ago)
|
|
CVE-2025-3470 |
Description: The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the s parameter in all versions up to, and including, 2.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: MEDIUM (4.9) EPSS Score: 0.02% SSVC Exploitation: none
April 15th, 2025 (6 days ago)
|
|
CVE-2025-32997 |
Description: In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.
CVSS: MEDIUM (4.0) EPSS Score: 0.03%
April 15th, 2025 (6 days ago)
|
|
CVE-2025-32996 |
Description: In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.
CVSS: MEDIUM (4.0) EPSS Score: 0.04%
April 15th, 2025 (6 days ago)
|
|
CVE-2025-32987 |
Description: Arctera eDiscovery Platform before 10.3.2, when Enterprise Vault Collection Module is used, places a cleartext password on a command line in EVSearcher.
CVSS: MEDIUM (6.0) EPSS Score: 0.01% SSVC Exploitation: none
April 15th, 2025 (6 days ago)
|
|
CVE-2025-3593 |
Description: A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been declared as critical. This vulnerability affects the function Upload of the file /admin/upload/authorImg/. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In ZHENFENG13/code-projects My-Blog-layui 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion Upload der Datei /admin/upload/authorImg/. Durch die Manipulation des Arguments File mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
April 14th, 2025 (6 days ago)
|
|
CVE-2025-3592 |
Description: A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine Schwachstelle in ZHENFENG13/code-projects My-Blog-layui 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/v1/link/edit. Mit der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.1) EPSS Score: 0.03%
April 14th, 2025 (6 days ago)
|