Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
[verbb/formie] Formie has XSS vulnerability for email notification content for preview
Description: Impact It is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means (a delivered email). This would require access to the form's email notification settings. Patches This has been fixed in Formie 2.1.44. Users should ensure they are running at least this version. References https://github.com/verbb/formie/security/advisories/GHSA-2xm2-23ff-p8ww https://nvd.nist.gov/vuln/detail/CVE-2025-32426 https://github.com/advisories/GHSA-2xm2-23ff-p8ww

CVSS: MEDIUM (4.6)

EPSS Score: 0.03%

Source: Github Advisory Database (Composer)
April 11th, 2025 (10 days ago)

CVE-2024-11679
An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with...
Description: An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with elevated privileges to read the contents of memory.

CVSS: MEDIUM (6.7)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
April 11th, 2025 (10 days ago)

CVE-2025-0123
PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures
Description: A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted. In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and install a free Decryption Port Mirror license. The license requirement ensures that this feature can only be used after approved personnel purposefully activate the license. For more information, review how to configure decryption port mirroring https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring . The administrator must obtain network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. Risk of this issue can be greatly reduced by restricting access to the management interface to only trusted administrators and from only internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Customer firewall administrators do not have access to the packet capture feature in Clou...

CVSS: MEDIUM (5.9)

EPSS Score: 0.01%

Source: CVE
April 11th, 2025 (10 days ago)

CVE-2025-0119
Cortex XDR Broker VM: Authenticated Command Injection Vulnerability in Broker VM
Description: A command injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary OS commands with root privileges on the host operating system running Broker VM.

CVSS: MEDIUM (6.3)

EPSS Score: 0.38%

Source: CVE
April 11th, 2025 (10 days ago)

CVE-2025-32080
Cross-origin data leak in mobilefrontend via lazy load images
Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Mobile Frontend Extension allows Shared Resource Manipulation.This issue affects Mediawiki - Mobile Frontend Extension: from 1.39 through 1.43.

CVSS: MEDIUM (6.9)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
April 11th, 2025 (10 days ago)

CVE-2025-32078
XSSes and potential RCE in Special:VersionCompare
Description: Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Version Compare Extension: from 1.39 through 1.43.

CVSS: MEDIUM (6.9)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE
April 11th, 2025 (10 days ago)

CVE-2025-32077
XSSes in Extension:SimpleCalendar
Description: Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Extension:SimpleCalendar allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Extension:SimpleCalendar: from 1.39 through 1.43.

CVSS: MEDIUM (6.9)

EPSS Score: 0.1%

SSVC Exploitation: none

Source: CVE
April 11th, 2025 (10 days ago)

CVE-2025-32076
Evil regex used to process user-provided data in VisualData
Description: Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Visual Data Extension allows HTTP DoS.This issue affects Mediawiki - Visual Data Extension: from 1.39 through 1.43.

CVSS: MEDIUM (6.9)

EPSS Score: 0.1%

SSVC Exploitation: none

Source: CVE
April 11th, 2025 (10 days ago)

CVE-2025-32075
IP and user agent leaks in Extension:Tabs
Description: Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Tabs Extension allows Code Injection.This issue affects Mediawiki - Tabs Extension: from 1.39 through 1.43.

CVSS: MEDIUM (6.9)

EPSS Score: 0.1%

Source: CVE
April 11th, 2025 (10 days ago)

CVE-2025-32072
HTML injection in feed output from i18n message
Description: Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43.

CVSS: MEDIUM (6.9)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE
April 11th, 2025 (10 days ago)