Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-24695 |
Description: Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
CVSS: MEDIUM (6.8) EPSS Score: 0.15% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|
|
CVE-2025-29999 |
Description: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 5.4
ATTENTION: Exploitable locally
Vendor: Siemens
Equipment: License Server
Vulnerabilities: Improper Privilege Management, Improper Certificate Validation
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a low-privileged local user to escalate privileges or perform arbitrary code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
License Server (SLS): All versions before V4.3
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269
The affected application searches for executable files in the application folder without proper validation. This could allow an attacker to execute arbitrary code with administrative privileges by placing a malicious executable in the same directory.
CVE-2025-29999 has been assigned to this vulnerability. A CVSS v3 base score of 6.7 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-29999. A base score of 5.4 has been calculated; the CVSS vector string is (AV:L/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:...
CVSS: MEDIUM (6.7) EPSS Score: 0.01%
April 10th, 2025 (11 days ago)
|
|
Description: A Helm contributor discovered that a specially crafted chart archive file can cause Helm to use all available memory and have an out of memory (OOM) termination.
Impact
A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate.
Patches
This issue has been resolved in Helm v3.17.3.
Workarounds
Ensure that any chart archive files being loaded by Helm do not contain files that are large enough to cause the Helm Client or SDK to use up available memory leading to a termination.
For more information
Helm's security policy is spelled out in detail in our SECURITY document.
Credits
Disclosed by Jakub Ciolek at AlphaSense.
References
https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p
https://nvd.nist.gov/vuln/detail/CVE-2025-32386
https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7
https://github.com/advisories/GHSA-4hfp-h4cw-hj8p
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
April 10th, 2025 (11 days ago)
|
|
|
Description: A Helm contributor discovered that a specially crafted JSON Schema within a chart can lead to a stack overflow.
Impact
A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow.
Patches
This issue has been resolved in Helm v3.17.3.
Workarounds
Ensure that the JSON Schema within any charts loaded by Helm does not have a large number of nested references. These JSON Schema files are larger than 10 MiB.
For more information
Helm's security policy is spelled out in detail in our SECURITY document.
Credits
Disclosed by Jakub Ciolek at AlphaSense.
References
https://github.com/helm/helm/security/advisories/GHSA-5xqw-8hwv-wg92
https://nvd.nist.gov/vuln/detail/CVE-2025-32387
https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7
https://github.com/advisories/GHSA-5xqw-8hwv-wg92
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
April 10th, 2025 (11 days ago)
|
|
|
Description: An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report.
The vulnerability is specific to that report and is a result of failure to cast input prior to including it in the grid field.
References
https://www.silverstripe.org/download/security-releases/CVE-2025-25197
References
https://github.com/silverstripe/silverstripe-elemental/security/advisories/GHSA-x8xm-c7p8-2pj2
https://github.com/silverstripe/silverstripe-elemental/pull/1345
https://github.com/FriendsOfPHP/security-advisories/blob/master/dnadesign/silverstripe-elemental/CVE-2025-25197.yaml
https://www.silverstripe.org/download/security-releases/cve-2025-25197
https://github.com/advisories/GHSA-x8xm-c7p8-2pj2
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
April 10th, 2025 (11 days ago)
|
|
|
Description: Impact
A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.
The server-side sanitisation logic has been updated to sanitise against this attack.
Reported by
James Nicoll from Fujitsu Cyber
References
https://www.silverstripe.org/download/security-releases/cve-2025-30148
References
https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387
https://github.com/silverstripe/silverstripe-framework/pull/11682
https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358
https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml
https://www.silverstripe.org/download/security-releases/cve-2025-30148
https://github.com/advisories/GHSA-rhx4-hvx9-j387
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
April 10th, 2025 (11 days ago)
|
|
|
Description: Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled.
This issue affects Apache ActiveMQ Artemis: from 1.5.1 before 2.40.0. It can be mitigated by restricting log access to only trusted users.
Users are recommended to upgrade to version 2.40.0, which fixes the issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-27391
https://lists.apache.org/thread/25p96cvzl1mkt29lwm2d8knklkoqolps
http://www.openwall.com/lists/oss-security/2025/04/09/3
https://github.com/advisories/GHSA-pm4j-p7pm-fpvx
CVSS: MEDIUM (6.8) EPSS Score: 0.02%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-22232 |
Description: Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault.
Your application may be affected by this if the following are true:
* You have Spring Vault on the classpath of your Spring Cloud Config Server and
* You are using the X-CONFIG-TOKEN header to send a Vault token to the Spring Cloud Config Server for the Config Server to use when making requests to Vault and
* You are using the default Spring Vault SessionManager implementation LifecycleAwareSessionManager or a SessionManager implementation that persists the Vault token such as SimpleSessionManager.
In this case the SessionManager persists the first token it retrieves and will continue to use that token even if client requests to the Spring Cloud Config Server include a X-CONFIG-TOKEN header with a different value.
Affected Spring Products and Versions
Spring Cloud Config:
* 2.2.1.RELEASE - 4.2.1
Mitigation
Users of affected versions should upgrade to the corresponding fixed version.
Affected version(s)Fix versionAvailability4.2.x4.2.2OSS4.1.x4.1.6OSS4.0.x4.0.10Commercial3.1.x3.1.10Commercial3.0.x4.1.6OSS2.2.x4.1.6OSS
NOTE: Spring Cloud Config 3.0.x and 2.2.x are no longer under open source or commercial support. Users of these versions are encouraged to upgrade to a supported version.
No other mitigation steps are necessary.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
April 10th, 2025 (11 days ago)
|
|
CVE-2025-32027 |
Description: Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher.
CVSS: MEDIUM (6.1) EPSS Score: 0.03% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|
|
CVE-2025-27692 |
Description: Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution
CVSS: MEDIUM (4.7) EPSS Score: 0.24% SSVC Exploitation: none
April 10th, 2025 (11 days ago)
|