![]() |
Description: Counter Claims to have Leaked the Data of Smoke's & Jack's Roleplay Forum
March 3rd, 2025 (4 months ago)
|
![]() |
Description: Counter Claims to have Leaked the Data of TXG Corp
March 3rd, 2025 (4 months ago)
|
CVE-2025-27099 |
Description: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timeframe used by other trackers could use this vulnerability to force other tracker administrators to execute uncontrolled code. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740067916 and Tuleap Enterprise Edition 16.4-5 and 16.3-10.
CVSS: MEDIUM (4.8) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|
CVE-2025-27094 |
Description: Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field, the size attribute for the multiselectbox field, the default value, number of rows, and columns attributes for the text field, and the default value, size, and max characters attributes for the string field configurations are lost when added as criteria in a saved report. Additionally, in Tuleap Community Edition versions 16.4.99.1739806825 to 16.4.99.1739877910, this issue could be exploited to prevent access to tracker data by triggering a crash. This vulnerability has been fixed in Tuleap Community Edition 16.4.99.1739877910 and Tuleap Enterprise Edition 16.3-9 and 16.4-4.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|
CVE-2025-25185 |
Description: GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server.
CVSS: HIGH (7.5) EPSS Score: 0.07% SSVC Exploitation: poc
March 3rd, 2025 (4 months ago)
|
CVE-2025-24023 |
Description: Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.
CVSS: LOW (3.7) EPSS Score: 0.05%
March 3rd, 2025 (4 months ago)
|
CVE-2025-1801 |
Description: A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the server to be jeopardized. A user session or confidential data might be vulnerable.
EPSS Score: 0.03% SSVC Exploitation: none
March 3rd, 2025 (4 months ago)
|
CVE-2024-4885 |
🚨 Marked as known exploited on March 3rd, 2025 (4 months ago).
Description: In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The
WhatsUp.ExportUtilities.Export.GetFileWithoutZip
allows execution of commands with iisapppool\nmconsole privileges.
CVSS: CRITICAL (9.8) EPSS Score: 93.68% SSVC Exploitation: active
March 3rd, 2025 (4 months ago)
|
CVE-2024-43169 |
Description: IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.
CVSS: HIGH (8.8) EPSS Score: 0.01%
March 3rd, 2025 (4 months ago)
|
CVE-2024-41771 |
Description: IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
CVSS: HIGH (7.5) EPSS Score: 0.05%
March 3rd, 2025 (4 months ago)
|