Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
May 30th, 2025 (11 days ago)
|
|
Description: The Microsoft Authenticator app is now issuing notifications warning that the password autofill feature is being deprecated in July, suggesting users move to Microsoft Edge instead. [...]
May 30th, 2025 (11 days ago)
|
|
Description: Mozilla has rolled out an emergency Firefox 139.0.1 update after the Tuesday release caused graphical artifacts on PCs with NVIDIA GPUs. [...]
May 30th, 2025 (11 days ago)
|
|
Description: An arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space.
Description
The flagging component doesn't properly validate file paths before copying files. Attackers can send specially crafted requests to the /gradio_api/run/predict endpoint to trigger these file copies.
Source: User-controlled path parameter in the flagging functionality JSON payloadSink: shutil.copy operation in FileData._copy_to_dir() method
The vulnerable code flow:
A JSON payload is sent to the /gradio_api/run/predict endpoint
The path field within FileData object can reference any file on the system
When processing this request, the Component.flag() method creates a GradioDataModel object
The FileData._copy_to_dir() method uses this path without proper validation:
def _copy_to_dir(self, dir: str) -> FileData:
pathlib.Path(dir).mkdir(exist_ok=True)
new_obj = dict(self)
if not self.path:
raise ValueError("Source file path is not set")
new_name = shutil.copy(self.path, dir) # vulnerable sink
new_obj["path"] = new_name
return self.__class__(**new_obj)
The lack of validation allows copying any file the Gradio process can read
PoC
The following script demonstrates the vulnerability by copying /etc/passwd from the server to Gradio's flagged directory:...
May 29th, 2025 (11 days ago)
|
|
|
Description: Summary
A permission verification flaw in Navidrome allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings.
Details
Navidrome supports transcoding functionality which, although disabled by default, should restrict configuration operations to administrators only. However, the application fails to properly validate whether a user has administrative privileges when handling transcoding configuration requests.
The vulnerability exists in the API endpoints that manage transcoding settings. When a regular user sends requests to these endpoints, the application processes them without verifying if the user has administrative privileges, despite the JWT token clearly indicating the user is not an administrator ("adm":false).
The affected endpoints include:
POST /api/transcoding (Create transcoding configuration)
PUT /api/transcoding/:id (Update transcoding configuration)
DELETE /api/transcoding/:id (Delete transcoding configuration)
GET /api/transcoding (List transcoding configurations)
PoC
Set up Navidrome with transcoding enabled
Log in as a regular user (non-administrator)
Send the following HTTP request:
POST /api/transcoding HTTP/1.1
Host: 192.168.199.134:4533
Content-Length: 81
x-nd-client-unique-id: e559d130-4295-401e-b65f-be7fdd564e
accept: application/json
x-nd-authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJh...
May 29th, 2025 (11 days ago)
|
|
|
Description: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104.
Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-46701
https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j
https://github.com/apache/tomcat/commit/0f01966eb60015d975525019e12a087f05ebf01a
https://github.com/apache/tomcat/commit/238d2aa54b99f91d1111467e2237d2244c64e558
https://github.com/apache/tomcat/commit/2c6800111e7d8d8d5403c07978ea9bff3db5a5a5
https://github.com/apache/tomcat/commit/8cb95ff03221067c511b3fa66d4f745bc4b0a605
https://github.com/apache/tomcat/commit/8df00018a252baa9497615d6420fb6c10466fa74
https://github.com/apache/tomcat/commit/fab7247d2f0e3a29d5daef565f829f383e10e5e2
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.41
https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.7
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.105
https://github.com/advisories/GHSA-h2fw-rfh5-95r3
EPSS Score: 0.02%
May 29th, 2025 (11 days ago)
|
|
|
Description: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104.
Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-46701
https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j
https://github.com/apache/tomcat/commit/0f01966eb60015d975525019e12a087f05ebf01a
https://github.com/apache/tomcat/commit/238d2aa54b99f91d1111467e2237d2244c64e558
https://github.com/apache/tomcat/commit/2c6800111e7d8d8d5403c07978ea9bff3db5a5a5
https://github.com/apache/tomcat/commit/8cb95ff03221067c511b3fa66d4f745bc4b0a605
https://github.com/apache/tomcat/commit/8df00018a252baa9497615d6420fb6c10466fa74
https://github.com/apache/tomcat/commit/fab7247d2f0e3a29d5daef565f829f383e10e5e2
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.41
https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.7
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.105
https://github.com/advisories/GHSA-h2fw-rfh5-95r3
EPSS Score: 0.02%
May 29th, 2025 (11 days ago)
|
CVE-2025-31264 |
Description: An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.
EPSS Score: 0.03%
May 29th, 2025 (11 days ago)
|
|
CVE-2025-31263 |
Description: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.
EPSS Score: 0.06%
May 29th, 2025 (11 days ago)
|
|
CVE-2025-31261 |
Description: A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
EPSS Score: 0.01%
May 29th, 2025 (11 days ago)
|