Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26480 |
Description: Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
CVSS: MEDIUM (5.3) EPSS Score: 0.06%
April 10th, 2025 (12 days ago)
|
|
CVE-2025-22471 |
Description: Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
CVSS: MEDIUM (6.5) EPSS Score: 0.07%
April 10th, 2025 (12 days ago)
|
|
CVE-2025-32728 |
Description: In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
April 10th, 2025 (12 days ago)
|
|
CVE-2025-32387 |
Description: Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
April 9th, 2025 (12 days ago)
|
|
CVE-2025-32386 |
Description: Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
April 9th, 2025 (12 days ago)
|
|
CVE-2025-24375 |
Description: Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Before revision 221, the method for calling a SQL DDL or python based mysql-shell scripts can leak database users credentials. The method mysql-operator calls mysql-shell application rely on writing to a temporary script file containing the full URI, with user and password. The file can be read by a unprivileged user during the operator runtime, due it being created with read permissions (0x644). On other cases, when calling mysql cli, for one specific case when creating the operator users, the DDL contains said users credentials, which can be leak through the same mechanism of a temporary file. All versions prior to revision 221 for kubernetes and revision 338 for machine operators.
CVSS: MEDIUM (5.0) EPSS Score: 0.01%
April 9th, 2025 (12 days ago)
|
|
CVE-2025-30657 |
Description: An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
When a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it's sent to SRRD it's encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automatically restarts. This issue does not affect traffic forwarding itself.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S10,
* 22.2 versions before 22.2R3-S6,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R1-S2, 23.2R2.
This issue does not affected Junos OS Evolved.
CVSS: MEDIUM (5.3) EPSS Score: 0.05% SSVC Exploitation: none
April 9th, 2025 (12 days ago)
|
|
CVE-2025-32460 |
Description: GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
CVSS: MEDIUM (4.0) EPSS Score: 0.02% SSVC Exploitation: none
April 9th, 2025 (12 days ago)
|
|
CVE-2025-30655 |
Description: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).
When a specific "show bgp neighbor" CLI command is run, the rpd cpu utilization rises and eventually causes a crash and restart. Repeated use of this command will cause a sustained DoS condition.
The device is only affected if BGP RIB sharding and update-threading is enabled.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S8,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2.
and Junos OS Evolved:
* All versions before 21.2R3-S9-EVO,
* from 21.4-EVO before 21.4R3-S8-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S2-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-EVO.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
April 9th, 2025 (12 days ago)
|
|
CVE-2025-30654 |
Description: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information.
Through the execution of a specific show mgd command, a user with limited permissions (e.g., a low-privileged login class user) can access sensitive information such as hashed passwords, that can be used to further impact the system.
This issue affects Junos OS: * All versions before 21.4R3-S10,
* from 22.2 before 22.2R3-S5,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3.
Junos OS Evolved:
* All versions before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S5-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-S3-EVO.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
April 9th, 2025 (12 days ago)
|