Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-43715 |
Description: Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag.
CVSS: HIGH (8.1) EPSS Score: 0.01%
April 17th, 2025 (5 days ago)
|
|
CVE-2025-43708 |
Description: VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an "insecure deserialization" issue.
CVSS: LOW (3.3) EPSS Score: 0.01%
April 17th, 2025 (5 days ago)
|
|
CVE-2025-31340 |
Description: A improper control of filename for include/require statement in PHP program vulnerability in the retrieve course Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to perform arbitrary system commands by running a malicious file.
CVSS: CRITICAL (9.9) EPSS Score: 0.15%
April 17th, 2025 (5 days ago)
|
|
CVE-2025-31339 |
Description: An unrestricted upload of file with dangerous type vulnerability in the course management function of Wisdom Master Pro versions 5.0 through 5.2 allows remote authenticated users to craft a malicious file.
CVSS: MEDIUM (5.3) EPSS Score: 0.15%
April 17th, 2025 (5 days ago)
|
|
CVE-2025-31338 |
Description: A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality.
CVSS: MEDIUM (6.9) EPSS Score: 0.14%
April 17th, 2025 (5 days ago)
|
|
CVE-2025-1290 |
Description: A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure
during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution.
EPSS Score: 0.03%
April 17th, 2025 (5 days ago)
|
|
April 17th, 2025 (5 days ago)
|
|
Description: An Indian disaster-relief flight delivering aid is the latest air-traffic incident, as attacks increase in the Middle East and Myanmar and along the India-Pakistan border.
April 17th, 2025 (5 days ago)
|
|
CVE-2025-2073 |
Description: Out-of-Bounds Read in ip_set_bitmap_ip.c in Google ChromeOS Kernel Versions 6.1, 5.15, 5.10, 5.4, 4.19. on All devices where Termina is used allows an attacker with CAP_NET_ADMIN privileges to cause memory corruption and potentially escalate privileges via crafted ipset commands.
EPSS Score: 0.02%
April 17th, 2025 (5 days ago)
|
|
CVE-2025-1704 |
Description: ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 124.0.6367.34 on Chromebooks allows enrolled users with local access to unenroll devices
and intercept device management requests via loading components from the unencrypted stateful partition.
EPSS Score: 0.02%
April 17th, 2025 (5 days ago)
|