Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: www.diyar.com - Architecture, Engineering & Design
June 2nd, 2025 (about 7 hours ago)
|
CVE-2025-5086 |
Description: A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025Â could lead to a remote code execution.
CVSS: CRITICAL (10.0)
June 2nd, 2025 (about 7 hours ago)
|
|
CVE-2025-45387 |
Description: osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
June 2nd, 2025 (about 7 hours ago)
|
|
CVE-2025-27956 |
Description: Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.
June 2nd, 2025 (about 7 hours ago)
|
|
CVE-2025-27955 |
Description: Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.
June 2nd, 2025 (about 7 hours ago)
|
|
CVE-2025-27954 |
Description: An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
June 2nd, 2025 (about 7 hours ago)
|
|
CVE-2025-27953 |
Description: An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
June 2nd, 2025 (about 7 hours ago)
|
|
CVE-2025-23104 |
Description: An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
June 2nd, 2025 (about 7 hours ago)
|
|
CVE-2025-20298 |
Description: In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.
CVSS: HIGH (8.0) SSVC Exploitation: none
June 2nd, 2025 (about 7 hours ago)
|
|
CVE-2025-20297 |
Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component
Description: In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.
CVSS: MEDIUM (4.3) SSVC Exploitation: none
June 2nd, 2025 (about 7 hours ago)
|