Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3738 |
Description: Vulnerability in Drupal Google Optimize.This issue affects Google Optimize: *.*.
EPSS Score: 0.03%
April 16th, 2025 (6 days ago)
|
|
CVE-2025-3737 |
Description: Vulnerability in Drupal Google Maps: Store Locator.This issue affects Google Maps: Store Locator: *.*.
EPSS Score: 0.03%
April 16th, 2025 (6 days ago)
|
|
CVE-2025-3736 |
Description: Vulnerability in Drupal Simple GTM.This issue affects Simple GTM: *.*.
EPSS Score: 0.03%
April 16th, 2025 (6 days ago)
|
|
CVE-2025-3735 |
Description: Vulnerability in Drupal Panelizer (obsolete).This issue affects Panelizer (obsolete): *.*.
EPSS Score: 0.03%
April 16th, 2025 (6 days ago)
|
|
CVE-2025-3734 |
Description: Allocation of Resources Without Limits or Throttling vulnerability in Drupal Stage File Proxy allows Flooding.This issue affects Stage File Proxy: from 0.0.0 before 3.1.5.
EPSS Score: 0.04%
April 16th, 2025 (6 days ago)
|
|
CVE-2025-3733 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1.
EPSS Score: 0.04%
April 16th, 2025 (6 days ago)
|
|
CVE-2025-2564 |
Description: Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
April 16th, 2025 (6 days ago)
|
|
CVE-2025-20236 |
Description: A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user.
This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user.
CVSS: HIGH (8.8) EPSS Score: 0.1% SSVC Exploitation: none
April 16th, 2025 (6 days ago)
|
|
CVE-2025-20178 |
Description: A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system.
This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root.
CVSS: MEDIUM (6.0) EPSS Score: 0.01% SSVC Exploitation: none
April 16th, 2025 (6 days ago)
|
|
CVE-2025-20150 |
Description: A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts.
This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
April 16th, 2025 (6 days ago)
|