Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26269 |
Description: DragonflyDB Dragonfly through 1.28.2 allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.
CVSS: LOW (3.3) EPSS Score: 0.01% SSVC Exploitation: none
April 17th, 2025 (2 days ago)
|
|
CVE-2024-46987 |
Description: Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (7.7) EPSS Score: 0.02% SSVC Exploitation: poc
April 17th, 2025 (2 days ago)
|
|
CVE-2024-46986 |
Description: Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: CRITICAL (10.0) EPSS Score: 86.38% SSVC Exploitation: poc
April 17th, 2025 (2 days ago)
|
|
CVE-2024-22051 |
Description: CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.
EPSS Score: 5.38% SSVC Exploitation: none
April 17th, 2025 (2 days ago)
|
|
CVE-2024-21908 |
Description:
TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
CVSS: MEDIUM (6.1) EPSS Score: 0.27% SSVC Exploitation: none
April 17th, 2025 (2 days ago)
|
|
CVE-2024-21736 |
Description: SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application.
CVSS: MEDIUM (6.4) EPSS Score: 0.04% SSVC Exploitation: none
April 17th, 2025 (2 days ago)
|
|
CVE-2024-21622 |
Description: Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
CVSS: MEDIUM (5.4) EPSS Score: 0.1% SSVC Exploitation: none
April 17th, 2025 (2 days ago)
|
|
CVE-2024-20804 |
Description: Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
CVSS: MEDIUM (4.0) EPSS Score: 0.1% SSVC Exploitation: none
April 17th, 2025 (2 days ago)
|
|
CVE-2024-0296 |
Description: A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. In Totolink N200RE 9.3.5u.6139_B20201216 wurde eine kritische Schwachstelle gefunden. Betroffen ist die Funktion NTPSyncWithHost der Datei /cgi-bin/cstecgi.cgi. Durch Manipulieren des Arguments host_time mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 2.07% SSVC Exploitation: poc
April 17th, 2025 (2 days ago)
|
|
CVE-2024-0290 |
Description: A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. This issue affects some unknown processing of the file stock_edit.php. The manipulation of the argument item_type leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249851. Eine Schwachstelle wurde in Kashipara Food Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei stock_edit.php. Durch Manipulieren des Arguments item_type mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.04% SSVC Exploitation: poc
April 17th, 2025 (2 days ago)
|