Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3556 |
Description: A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. In ScriptAndTools eCommerce-website-in-PHP 3.0 wurde eine problematische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/login.php. Durch das Manipulieren mit unbekannten Daten kann eine improper restriction of excessive authentication attempts-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar.
CVSS: MEDIUM (6.3) EPSS Score: 0.05%
April 14th, 2025 (7 days ago)
|
|
CVE-2025-3555 |
Description: A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in ScriptAndTools eCommerce-website-in-PHP 3.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei /login.php. Mittels Manipulieren mit unbekannten Daten kann eine improper restriction of excessive authentication attempts-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen.
CVSS: MEDIUM (6.3) EPSS Score: 0.05%
April 14th, 2025 (7 days ago)
|
|
CVE-2025-32093 |
Description: Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system administrators via improper permission validation.
CVSS: MEDIUM (4.7) EPSS Score: 0.03%
April 14th, 2025 (7 days ago)
|
|
CVE-2025-3554 |
Description: A vulnerability was found in phpshe 1.8. It has been rated as problematic. This issue affects some unknown processing of the file api.php?mod=cron&act=buyer. The manipulation of the argument act leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in phpshe 1.8 ausgemacht. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei api.php?mod=cron&act=buyer. Mittels dem Manipulieren des Arguments act mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
April 14th, 2025 (7 days ago)
|
|
CVE-2025-3553 |
Description: A vulnerability was found in phpshe 1.8. It has been declared as critical. This vulnerability affects the function pe_delete of the file /admin.php?mod=brand&act=del. The manipulation of the argument brand_id[] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In phpshe 1.8 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion pe_delete der Datei /admin.php?mod=brand&act=del. Durch Manipulation des Arguments brand_id[] mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
April 14th, 2025 (7 days ago)
|
|
CVE-2025-3552 |
Description: A vulnerability was found in Lingxing ERP 2. It has been classified as critical. This affects an unknown part of the file /Api/TinyMce/UploadAjax.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine Schwachstelle in Lingxing ERP 2 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /Api/TinyMce/UploadAjax.ashx. Durch die Manipulation des Arguments File mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.04%
April 14th, 2025 (7 days ago)
|
|
CVE-2024-6531 |
Description:
Nessus Plugin ID 234242 with Medium Severity
Synopsis
The remote Debian host is missing a security-related update.
Description
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4125 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4125-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucaris April 13, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : twitter-bootstrap4 Version : 4.5.2+dfsg1-8~deb11u2 CVE ID : CVE-2024-6531 Debian Bug : 1084059 Bootstrap (formerly Twitter Bootstrap), a free and open-source CSS framework, was affected by a XSS vulnerability in the carousel component. If you use bootstrap through a module bundler, you may need to rebuild your application. For Debian 11 bullseye, this problem has been fixed in version 4.5.2+dfsg1-8~deb11u2. We recommend that you upgrade your twitter-bootstrap4 packages. For the detailed security status of twitter-bootstrap4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/twitter-bootstrap4 Further information about Debian LTS security advisories, how to apply these updates to your...
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
April 14th, 2025 (7 days ago)
|
|
CVE-2024-56326 |
Description:
Nessus Plugin ID 234243 with Medium Severity
Synopsis
The remote Debian host is missing one or more security-related updates.
Description
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4126 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4126-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro April 13, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : jinja2 Version : 2.11.3-1+deb11u3 CVE ID : CVE-2024-56326 CVE-2025-27516 Debian Bug : #1091331, #1099690 A couple of vulnerabilities were found in jinja2, a template engine. The rendering of untrusted templates could lead to attackers executing arbitrary Python code. CVE-2024-56326 Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which exe...
CVSS: MEDIUM (5.4)
April 14th, 2025 (7 days ago)
|
|
CVE-2024-6484 |
Description:
Nessus Plugin ID 234244 with Medium Severity
Synopsis
The remote Debian host is missing one or more security-related updates.
Description
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4124 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4124-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucaris April 13, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : twitter-bootstrap3 Version : 3.4.1+dfsg-2+deb11u1 CVE ID : CVE-2024-6484 CVE-2024-6485 Debian Bug : 1084060 Bootstrap (formerly Twitter Bootstrap), a free and open-source CSS framework, was affected by XSS vulnerabilities. If you use bootstrap through a module bundler, you may need to rebuild your application. For Debian 11 bullseye, these problems have been fixed in version 3.4.1+dfsg-2+deb11u1. We recommend that you upgrade your twitter-bootstrap3 packages. For the detailed security status of twitter-bootstrap3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/twitter-bootstrap3 Further information about Debian LTS security advisories, how to apply these update...
CVSS: MEDIUM (6.4)
April 14th, 2025 (7 days ago)
|
|
CVE-2024-45700 |
Description:
Nessus Plugin ID 234247 with High Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d4263ef3ef advisory. Update to 6.0.39 (CVE-2024-45700, CVE-2024-36469, CVE-2024-42325, CVE-2024-45699)Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected 1:zabbix package.
Read more at https://www.tenable.com/plugins/nessus/234247
CVSS: MEDIUM (6.0) EPSS Score: 0.03%
April 14th, 2025 (7 days ago)
|