Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote

CVSS: HIGH (8.6)

EPSS Score: 63.87%

Source: TheHackerNews
March 19th, 2025 (28 days ago)

CVE-2025-0108
Palo Alto Networks tags new firewall bug as exploited in attacks
Description: Palo Alto Networks warns that hackers are actively exploiting a critical authentication bypass flaw (CVE-2025-0108) in PAN-OS firewalls, chaining it with two other vulnerabilities to breach devices in active attacks. [...]

CVSS: HIGH (8.8)

EPSS Score: 96.76%

Source: BleepingComputer
February 19th, 2025 (about 2 months ago)

CVE-2024-7886
Scooter Software Beyond Compare 7zxa.dll uncontrolled search path
Description: A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. The vendor explains that a system must be breached before exploiting this issue. They are not planning on making any changes to address it. In Scooter Software Beyond Compare bis 3.3.5.15075 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion in der Bibliothek 7zxa.dll. Mittels dem Manipulieren mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Zur Zeit ist nicht genau klar, ob diese Schwachstelle in der besagten Form wirklich existiert.

CVSS: HIGH (8.5)

EPSS Score: 0.05%

Source: CVE
January 11th, 2025 (3 months ago)

CVE-2024-54139
Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter
Description: Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the `_table_id` parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the issue.

CVSS: HIGH (7.9)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (4 months ago)