Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-21595
Junos OS and Junos OS Evolved: In an EVPN-VXLAN scenario specific ARP or NDP packets cause FPC to crash
Description: A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart. This issue does not affect MX Series platforms. Heap size growth on FPC can be seen using below command. user@host> show chassis fpc                     Temp CPU Utilization (%) CPU Utilization (%) Memory   Utilization (%) Slot State           (C) Total Interrupt     1min   5min   15min   DRAM (MB)   Heap   Buffer   0 Online           45     3         0       2       2      2       32768      19       0 <<<<<<< Heap increase in all fPCs This issue affects Junos OS: * All versions before 21.2R3-S7, * 21.4 versions before 21.4R3-S4, * 22.2 versions before 22.2R3-S1,  * 22.3 versions before 22.3R3-S1,  * 22.4 versions before 22.4R2-S2, 22.4R3. and Junos OS Evolved: * All versions before 21.2R3-S7-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO,  * 22.3-EVO versions before 22.3R3-S1-EVO,  * 22.4-EVO versions before 22.4R3-EVO.

CVSS: MEDIUM (6.5)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (13 days ago)
[Microsoft.Identity.Web] Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Description: Impact What kind of vulnerability is it? Who is impacted? Description: This vulnerability affects confidential client applications, including daemons, web apps, and web APIs. Under specific circumstances, sensitive information such as client secrets or certificate details may be exposed in the service logs of these applications. Service logs are intended to be handled securely. Impact: The vulnerability impacts service logs that meet the following criteria: Logging Level: Logs are generated at the information level. Credential Descriptions: containing: Local file paths with passwords. Base64 encoded values. Client secret. Additionally, logs of services using Base64 encoded certificates or certificate paths with password credential descriptions are also affected if the certificates are invalid or expired, regardless of the log level. Note that these credentials are not usable due to their invalid or expired status. If your service logs are handled securely, you are not impacted. Otherwise, the following table shows when you can be impacted   | Log Level Information for Microsoft.Identity.Web | Invalid Certificate -- | -- | -- One of the ClientCredentials credential description has a CredentialSource = Base64Encoded or (CredentialSource = Path) | Impacted | Impacted One of the ClientCredentials credential description is a Client secret (CredentialSource = ClientSecret) | Impacted | Not impacted Other credential descriptions | Not Impacted | Not Impacted Patches Has the...

CVSS: MEDIUM (4.7)

EPSS Score: 0.01%

Source: Github Advisory Database (Nuget)
April 9th, 2025 (13 days ago)
[Microsoft.Identity.Abstractions] Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Description: Impact What kind of vulnerability is it? Who is impacted? Description: This vulnerability affects confidential client applications, including daemons, web apps, and web APIs. Under specific circumstances, sensitive information such as client secrets or certificate details may be exposed in the service logs of these applications. Service logs are intended to be handled securely. Impact: The vulnerability impacts service logs that meet the following criteria: Logging Level: Logs are generated at the information level. Credential Descriptions: containing: Local file paths with passwords. Base64 encoded values. Client secret. Additionally, logs of services using Base64 encoded certificates or certificate paths with password credential descriptions are also affected if the certificates are invalid or expired, regardless of the log level. Note that these credentials are not usable due to their invalid or expired status. If your service logs are handled securely, you are not impacted. Otherwise, the following table shows when you can be impacted   | Log Level Information for Microsoft.Identity.Web | Invalid Certificate -- | -- | -- One of the ClientCredentials credential description has a CredentialSource = Base64Encoded or (CredentialSource = Path) | Impacted | Impacted One of the ClientCredentials credential description is a Client secret (CredentialSource = ClientSecret) | Impacted | Not impacted Other credential descriptions | Not Impacted | Not Impacted Patches Has the...

CVSS: MEDIUM (4.7)

EPSS Score: 0.01%

Source: Github Advisory Database (Nuget)
April 9th, 2025 (13 days ago)

CVE-2025-32694
WordPress Ultimate WP Mail <= 1.3.2 - Open Redirection Vulnerability
Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Rustaurius Ultimate WP Mail allows Phishing. This issue affects Ultimate WP Mail: from n/a through 1.3.2.

CVSS: MEDIUM (4.7)

EPSS Score: 0.03%

Source: CVE
April 9th, 2025 (13 days ago)

CVE-2025-32693
WordPress WebinarPress <= 1.33.27 - Open Redirection Vulnerability
Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress allows Phishing. This issue affects WebinarPress: from n/a through 1.33.27.

CVSS: MEDIUM (4.7)

EPSS Score: 0.03%

Source: CVE
April 9th, 2025 (13 days ago)

CVE-2025-32691
WordPress PowerPress Podcasting <= 11.12.4 - Server Side Request Forgery (SSRF) Vulnerability
Description: Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery. This issue affects PowerPress Podcasting: from n/a through 11.12.4.

CVSS: MEDIUM (4.9)

EPSS Score: 0.03%

Source: CVE
April 9th, 2025 (13 days ago)

CVE-2025-32690
WordPress PowerPress Podcasting <= 11.12.4 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato PowerPress Podcasting allows DOM-Based XSS. This issue affects PowerPress Podcasting: from n/a through 11.12.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 9th, 2025 (13 days ago)

CVE-2025-32684
WordPress MapSVG Lite plugin <= 8.5.32 - Broken Access Control Vulnerability
Description: Missing Authorization vulnerability in RomanCode MapSVG Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MapSVG Lite: from n/a through 8.5.32.

CVSS: MEDIUM (5.0)

EPSS Score: 0.03%

Source: CVE
April 9th, 2025 (13 days ago)

CVE-2025-32683
WordPress MapSVG Lite plugin <= 8.5.32 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG Lite allows DOM-Based XSS. This issue affects MapSVG Lite: from n/a through 8.5.32.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
April 9th, 2025 (13 days ago)

CVE-2025-32680
WordPress Review Stream plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Grade Us, Inc. Review Stream allows Stored XSS. This issue affects Review Stream: from n/a through 1.6.7.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE
April 9th, 2025 (13 days ago)