Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-28229
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
Description: In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles

CVSS: MEDIUM (6.5)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (7 days ago)

CVE-2024-28122
JWX vulnerable to a denial of service attack using compressed JWE message
Description: JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. This issue has been patched in versions 1.2.29 and 2.0.21.

CVSS: MEDIUM (6.8)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE
April 16th, 2025 (7 days ago)

CVE-2024-28110
Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials
Description: Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When the transport is populated with an authenticated transport, then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to any endpoint it is used to contact. Version 2.15.2 patches this issue.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (7 days ago)

CVE-2024-27915
Sulu grants access to pages regardless of role permissions
Description: Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The problem is patched in versions 2.4.17 and 2.5.13. Some workarounds are available. One may apply the patch to `vendor/symfony/security-http/HttpUtils.php` manually or avoid installing `symfony/security-http` versions greater equal than `v5.4.30` or `v6.3.6`.

CVSS: MEDIUM (6.8)

EPSS Score: 0.09%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (7 days ago)

CVE-2024-27900
Missing Authorization check in SAP ABAP Platform
Description: Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner.

CVSS: MEDIUM (4.3)

EPSS Score: 0.17%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (7 days ago)

CVE-2024-27289
pgx SQL Injection via Line Comment Creation
Description: pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.

CVSS: HIGH (8.1)

EPSS Score: 0.05%

SSVC Exploitation: poc

Source: CVE
April 16th, 2025 (7 days ago)

CVE-2024-27224
In strncpy of strncpy.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege...
Description: In strncpy of strncpy.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (7 days ago)

CVE-2024-27210
In policy_check of fvp.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege...
Description: In policy_check of fvp.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (7 days ago)

CVE-2024-25990
In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bounds write due to a race condition. This could...
Description: In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (7 days ago)

CVE-2024-25849
In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via...
Description: In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (7 days ago)