BETA-Cybersecurity-Werkzeug
Schwachstellen-Datenbank mit Threat-Intelligence Informationen
Umfassende Schwachstellendatenbank mit kombinierten Common-Vulnerability-Scoring-System (CVSS)- und Exploit-Prediction-Scoring-System (EPSS)-Bewertungen zur Priorisierung von Sicherheitslücken nach Schweregrad und Exploit-Wahrscheinlichkeit.
Diese Datenbank nutzt das DevGuard Projekt, welches durch die OWASP als Incubating Projekt aufgenommen wurde.
Base CVSS: CVSS (Common Vulnerability Scoring System) ist ein standardisiertes Bewertungssystem zur Quantifizierung der Schwere von Computersicherheitslücken, das Faktoren wie Angriffsvektoren, Komplexität, Auswirkungen und erforderliche Privilegien berücksichtigt.
Angepasster CVSS: Ein angepasster CVSS (Common Vulnerability Scoring System) berücksichtigt den eigenen Schutzbedarf und die aktuelle Bedrohungslage einer Organisation, um die Relevanz und Schwere einer Schwachstelle präziser zu bewerten.
EPSS: EPSS (Exploit Prediction Scoring System) ist ein Modell zur Vorhersage der Wahrscheinlichkeit, dass eine Software-Schwachstelle innerhalb von 30 Tagen ausgenutzt wird, basierend auf verschiedenen technischen und sozialen Faktoren. Mehr Informationen finden Sie auf der Seite der Organisation FIRST.
CVE | Base CVSS | Angepasster CVSS | EPSS | First reported | Message |
|---|---|---|---|---|---|
CVE-2025-3638 | 8.8 | 8.1 | 0.00% | Fri Apr 25 2025 | A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk. |
CVE-2025-29529 | 6.5 | 6.2 | 0.01% | Thu Apr 24 2025 | ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx. |
CVE-2025-28354 | 6.5 | 6 | 0.00% | Fri Apr 25 2025 | An issue in the Printer Manager Systm of Entrust Corp Printer Manager D3.18.4-3 and below allows attackers to execute a directory traversal via a crafted POST request. |
CVE-2025-28076 | 6.5 | 6 | 0.00% | Fri Apr 25 2025 | Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and CO2Scope <= 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) timeago, (2) user, (3) filter, (4) target, (5) p1, (6) p2, (7) p3, (8) p4, (9) p5, (10) p6, (11) p7, (12) p8, (13) p9, (14) p10, (15) p11, (16) p12, (17) p13, (18) p14, (19) p15, (20) p16, (21) p17, (22) p18, (23) p19, or (24) p20 parameter to /api/management/updateihmsettings; the (25) ID, (26) NAME, (27) CPUTHREADNB, (28) RAMCAP, or (29) DISKCAP parameter to /api/capaplan/savetemplates. |
CVE-2025-25777 | 8 | 7.3 | 0.03% | Thu Apr 24 2025 | Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks. |
CVE-2025-3928 | 8.8 | 8.1 | 0.00% | Fri Apr 25 2025 | Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. |
CVE-2025-2070 | 5 | 4.6 | 0.00% | Fri Apr 25 2025 | An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user. |
CVE-2025-2069 | 5 | 4.6 | 0.00% | Fri Apr 25 2025 | A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user. |
CVE-2025-2068 | 5 | 4.6 | 0.00% | Fri Apr 25 2025 | An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user. |
CVE-2025-46618 | 3.5 | 3.2 | 0.00% | Fri Apr 25 2025 | In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab |
CVE-2025-46433 | 4.9 | 4.5 | 0.00% | Fri Apr 25 2025 | In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible |
CVE-2025-46432 | 4.3 | 4 | 0.00% | Fri Apr 25 2025 | In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs |
CVE-2025-43862 | 7.6 | 7 | 0.00% | Fri Apr 25 2025 | Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and changes on the APPSs. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can access Orchestration of the APPs. |
CVE-2025-43016 | 5.4 | 5 | 0.00% | Fri Apr 25 2025 | In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session |
CVE-2025-3647 | 4.3 | 4 | 0.00% | Fri Apr 25 2025 | A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve. |
CVE-2025-3645 | 4.3 | 4 | 0.00% | Fri Apr 25 2025 | A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses. |
CVE-2025-3644 | 4.3 | 4 | 0.00% | Fri Apr 25 2025 | A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify. |
CVE-2025-3643 | 5.4 | 5 | 0.00% | Fri Apr 25 2025 | A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk. |
CVE-2025-3642 | 8.8 | 8.1 | 0.00% | Fri Apr 25 2025 | A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled. |
CVE-2025-3641 | 8.8 | 8.1 | 0.00% | Fri Apr 25 2025 | A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled. |
CVE-2025-3640 | 4.3 | 4 | 0.00% | Fri Apr 25 2025 | A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access. |
CVE-2025-3637 | 3.1 | 2.9 | 0.00% | Fri Apr 25 2025 | A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages. |
CVE-2025-3636 | 4.3 | 4 | 0.00% | Fri Apr 25 2025 | A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks. |
CVE-2025-3635 | 3.5 | 3.2 | 0.00% | Fri Apr 25 2025 | A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks. |
CVE-2025-3628 | 4.3 | 4 | 0.00% | Fri Apr 25 2025 | A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities. |
Showing 1 of 10660 pages (266482 items)