Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3790 |
Description: A vulnerability classified as critical has been found in baseweb JSite 1.0. This affects an unknown part of the file /druid/index.html of the component Apache Druid Monitoring Console. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in baseweb JSite 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /druid/index.html der Komponente Apache Druid Monitoring Console. Dank der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9)
April 18th, 2025 (about 24 hours ago)
|
|
CVE-2025-3789 |
Description: A vulnerability was found in baseweb JSite 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /a/sys/area/save. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine problematische Schwachstelle wurde in baseweb JSite 1.0 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /a/sys/area/save. Durch Beeinflussen des Arguments Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.1) SSVC Exploitation: poc
April 18th, 2025 (about 24 hours ago)
|
|
CVE-2025-32790 |
Description: Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A patched version has not been released. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can export the APP DSL. This vulnerability is fixed in 0.6.13.
CVSS: MEDIUM (6.3) SSVC Exploitation: poc
April 18th, 2025 (about 24 hours ago)
|
|
CVE-2025-25427 |
Description: A Stored cross-site scripting (XSS)
vulnerability in upnp page of the web Interface in TP-Link WR841N <=4.19
allows remote attackers to inject arbitrary JavaScript code via the port
mapping description. This leads to
an execution of the JavaScript payload when the upnp page is loaded.
CVSS: HIGH (8.6) EPSS Score: 0.1% SSVC Exploitation: poc
April 18th, 2025 (about 24 hours ago)
|
|
CVE-2024-46089 |
Description: 74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin.
April 18th, 2025 (about 24 hours ago)
|
|
Description: Judge says tower dumps violate the 4th amendment, but will let the cops do it this one time, as a treat.
April 18th, 2025 (1 day ago)
|
|
Description: Check out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable webinar attendees said about identity security. And get the latest on the MITRE CVE program and on attacks against edge routers.Dive into five things that are top of mind for the week ending April 18.1 - NIST updates Privacy Framework, tailoring it to the Cybersecurity Framework and adding an AI sectionRecognizing the data protection and cyberattack prevention overlap and are deeply intertwined, the U.S. government is aligning two foundational privacy and cybersecurity frameworks.This week, the U.S. National Institute of Standards and Technology (NIST) released a draft update of its Privacy Framework (PFW) that more closely interconnects it with the popular Cybersecurity Framework (CSF), which was updated in 2024.Although the PFW can be used on its own, this updated version makes its use with the CSF “seamless” so that organizations can leverage the two frameworks “to manage the full spectrum of privacy and cybersecurity risks,” Julie Chua, Director of NIST’s Applied Cybersecurity Division, said in a statement.Both frameworks have a “Core” section, which outlines detailed activities and outcomes aimed at helping organizations discuss risk management. “The PFW 1.1 Public Draft Core is realigned with the CSF 2.0 Core in many places, making life easier on users,” NIST said in the...
April 18th, 2025 (1 day ago)
|
|
Description: Hayward Quartz Technology started in Hayward California with a si
mple goal of supporting quartz fabricators with high quality mach
ined quartz products.
We are ready to upload more than 50 GB of corporate documents suc
h as: employee details, financial data, corporate NDA, etc.
April 18th, 2025 (1 day ago)
|
|
Description: Global Media Group (Global Media) is a Portuguese media holding company, owning a portfolio of print and online media outlets, including newspapers and radio stations.
April 18th, 2025 (1 day ago)
|
|
CVE-2024-49808 |
Description: IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
April 18th, 2025 (1 day ago)
|