Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
π¨ Marked as known exploited on May 31st, 2025 (1 day ago).
Description: Summary of Releases v10.2.1 & v10.2.2
This month, we've released two new versions of Nuclei Templates, which introduce numerous improvements and new templates for Nuclei users.
Here are some highlighted stats from the combined releases:
π 106 new templates added
π₯ 57 new CVEs covered
π‘οΈ 10 actively exploited KEVs included
π 11 first-time contributions
π° Template Reward program launched
Introduction
The Nuclei Templates v10.2.1 and v10.2.2 were released earlier this Month, introducing
May 31st, 2025 (1 day ago)
|
|
π¨ Marked as known exploited on May 30th, 2025 (2 days ago).
Description: Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild. [...]
May 30th, 2025 (2 days ago)
|
|
π¨ Marked as known exploited on May 29th, 2025 (3 days ago).
Description: π‘ Security Advisory: SQL Injection Vulnerability in Navidrome v0.55.2
Overview
This vulnerability arises due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information.
Details
Vulnerable Component:
API endpoint β /api/artist
Parameter β role
Vulnerability Type:
SQL Injection (stacked queries, UNION queries)
Database Affected:
SQLite (confirmed exploitation via SQLite-specific payloads)
Impact:
Successful exploitation allows an unauthenticated attacker to:
Execute arbitrary SQL commands
Extract or manipulate sensitive data (e.g., user records, playlists)
Potentially escalate privileges or disrupt service availability
Proof of Concept (PoC)
Example Exploit Command:
sqlmap.py -r navi --level 5 --risk 3 -a --banner --batch --tamper charencode --dbms sqlite
Sample Payloads:
Stacked Queries:
http://navidrome/api/artist?_end=15&_order=ASC&_sort=name&_start=0&role=albumartist');SELECT LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2))))--
UNION-Based Query:
http://navidrome.local/api/artist?_end=15&_order=ASC&_sort=name&_start=0&role=albumartist') UNION ALL SELECT 92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,CHAR(113,98,118,98,113)||CHAR(113,84,86,119,114,71,106,104,90,118,120,104,79,66,104,108,121,106,70,68,90,113,104,117,67,98,113,67,103,84,71,...
May 29th, 2025 (3 days ago)
|
|
π¨ Marked as known exploited on May 23rd, 2025 (9 days ago).
Description: Check out expert recommendations for protecting your AI system data. Plus, boost your IT departmentβs cybersecurity skills with a new interactive framework. In addition, learn about a malware campaign targeting critical infrastructure orgs. And get the latest on Russian cyber espionage and on a NIST effort to enhance vulnerability prioritization.Dive into five things that are top of mind for the week ending May 23.1 - Cyber agencies offer AI data security best practicesWith organizations gleefully deploying artificial intelligence (AI) tools to enhance their operations, cybersecurity teams face the critical task of securing AI data.If your organization is looking for guidance on how to protect the data used in AI systems, check out new best practices released this week by cyber agencies from Australia, New Zealand, the U.K. and the U.S.βThis guidance is intended primarily for organizations using AI systems in their operations, with a focus on protecting sensitive, proprietary or mission-critical data,β reads the document titled βAI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems.ββThe principles outlined in this information sheet provide a robust foundation for securing AI data and ensuring the reliability and accuracy of AI-driven outcomes,β it adds.Β By drafting this guidance, the authoring agencies seek to accomplish three goals:Create awareness about data security risks involved in developing, testing and deploying AI systems.Offer bes...
May 23rd, 2025 (9 days ago)
|
CVE-2025-37922 |
π¨ Marked as known exploited on May 20th, 2025 (12 days ago).
Description: In the Linux kernel, the following vulnerability has been resolved:
book3s64/radix : Align section vmemmap start address to PAGE_SIZE
A vmemmap altmap is a device-provided region used to provide
backing storage for struct pages. For each namespace, the altmap
should belong to that same namespace. If the namespaces are
created unaligned, there is a chance that the section vmemmap
start address could also be unaligned. If the section vmemmap
start address is unaligned, the altmap page allocated from the
current namespace might be used by the previous namespace also.
During the free operation, since the altmap is shared between two
namespaces, the previous namespace may detect that the page does
not belong to its altmap and incorrectly assume that the page is a
normal page. It then attempts to free the normal page, which leads
to a kernel crash.
Kernel attempted to read user page (18) - exploit attempt? (uid: 0)
BUG: Kernel NULL pointer dereference on read at 0x00000018
Faulting instruction address: 0xc000000000530c7c
Oops: Kernel access of bad area, sig: 11 [#1]
LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries
CPU: 32 PID: 2104 Comm: ndctl Kdump: loaded Tainted: G W
NIP: c000000000530c7c LR: c000000000530e00 CTR: 0000000000007ffe
REGS: c000000015e57040 TRAP: 0300 Tainted: G W
MSR: 800000000280b033 CR: 84482404
CFAR: c000000000530dfc DAR: 0000000000000018 DSISR: 40000000 IRQMASK: 0
GPR00: c000000000530e00 c000000015e572e0 c000000002c5cb00 c00c00...
EPSS Score: 0.02%
May 20th, 2025 (12 days ago)
|
|
π¨ Marked as known exploited on May 16th, 2025 (17 days ago).
Description: On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. [...]
May 16th, 2025 (17 days ago)
|
|
CVE-2024-23660 |
π¨ Marked as known exploited on May 15th, 2025 (17 days ago).
Description: The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets.
EPSS Score: 0.16% SSVC Exploitation: poc
May 15th, 2025 (17 days ago)
|
|
π¨ Marked as known exploited on May 14th, 2025 (18 days ago).
Description: The security software maker said the vulnerabilities in Endpoint Manager Mobile have been exploited in the wild against "a very limited number of customers" β for now β and stem from open source libraries.
May 14th, 2025 (18 days ago)
|
|
π¨ Marked as known exploited on May 14th, 2025 (19 days ago).
Description: Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild.
Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities lead to remote code execution, 21 of them
May 14th, 2025 (19 days ago)
|
|
π¨ Marked as known exploited on May 13th, 2025 (19 days ago).
Description: Microsoft's Patch Tuesday for May 2025 addresses 78 vulnerabilities across its product suite, including five zero-day vulnerabilities that are already being exploited in the wild. The Windows 11 cumulative update KB5058411 (Build 26100.4061) brings critical fixes for elevation-of-privilege and remote code execution flaws impacting core Windows components. The update was released on May 13, 2025, β¦
The post Microsoft Patches Five Actively Exploited Flaws in May 2025 Windows 11 Update appeared first on CyberInsider.
May 13th, 2025 (19 days ago)
|