Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-23387 |
Description: A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.
CVSS: MEDIUM (5.3) EPSS Score: 0.09%
April 11th, 2025 (10 days ago)
|
|
CVE-2024-52282 |
Description: A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET
access to the Rancher Manager Apps Catalog to read any sensitive information that are
contained within the Apps’ values. Additionally, the same information
leaks into auditing logs when the audit level is set to equal or above
2.
This issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4.
CVSS: MEDIUM (6.2) EPSS Score: 0.02%
April 11th, 2025 (10 days ago)
|
|
CVE-2025-2128 |
Description: The Cost Calculator Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_ids’ parameter in all versions up to, and including, 3.2.67 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 11th, 2025 (10 days ago)
|
|
CVE-2025-3512 |
Description: There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
April 11th, 2025 (10 days ago)
|
|
CVE-2025-1386 |
Description: When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream.
CVSS: MEDIUM (5.9) EPSS Score: 0.02%
April 11th, 2025 (10 days ago)
|
|
CVE-2025-32809 |
Description: W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choice_fb[], or question_id.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
April 11th, 2025 (11 days ago)
|
|
CVE-2025-26335 |
Description: Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an Insertion of Sensitive Information Into Sent Data vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
CVSS: MEDIUM (5.8) EPSS Score: 0.04%
April 11th, 2025 (11 days ago)
|
|
CVE-2025-0125 |
Description: An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator.
The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue does not affect Cloud NGFW and all Prisma® Access instances.
CVSS: MEDIUM (6.9) EPSS Score: 0.06%
April 11th, 2025 (11 days ago)
|
|
CVE-2025-0124 |
Description: An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files.
The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue affects Cloud NGFW. However, this issue does not affect Prisma® Access software.
CVSS: MEDIUM (5.1) EPSS Score: 0.08%
April 11th, 2025 (11 days ago)
|
|
CVE-2025-0122 |
Description: A denial-of-service (DoS) vulnerability in Palo Alto Networks Prisma® SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet processing capabilities of the device by sending a burst of crafted packets to that device.
CVSS: MEDIUM (5.1) EPSS Score: 0.02%
April 11th, 2025 (11 days ago)
|