Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Posted by Michał Majchrowicz via Fulldisclosure on Jun 03Security Advisory
Vulnerabilities reported to vendor: March 13, 2025
Vendor requested additional information: March 20, 2025
Additional information provided to vendor: March 22, 2025
Vendor confirmed the reported issues but rejected them: March 31, 2025
Additional information provided to vendor: May 6, 2025
Vendor confirmed the reported issues but rejected them: May 15, 2025
Vendor closed the tickets for all reported issues: May 16, 2025
Public...
June 3rd, 2025 (5 minutes ago)
|
|
|
Description: Posted by Andrey Stoykov on Jun 03# Exploit Title: Stored XSS in "Description" Functionality - cubecartv6.5.9
# Date: 05/2025
# Exploit Author: Andrey Stoykov
# Version: 6.5.9
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/
Stored XSS #1:
Steps to Reproduce:
1. Visit "Account" > "Address Book" and choose "Edit"
2. In the "Description" parameter enter the following payload...
June 3rd, 2025 (5 minutes ago)
|
|
Description: Sandhills Medical Foundation, Inc. is a Federally qualified community health center (FQHC) that has been providing comprehensive healthcare services since 1977. With locations in Chesterfield, Kershaw, Lancaster, and Sumter Counties, the organization focuses on primary care medicine, mental health, and supportive services such as healthcare navigation for Medicaid and the Affordable Care Act. The foundation aims to address community healthcare needs by delivering quality and cost-effective services to its patients. It also emphasizes preventive care and coordination of care through a patient-centered medical home approach
June 3rd, 2025 (5 minutes ago)
|
|
|
Description: Posted by Jacek Lipkowski via Fulldisclosure on Jun 03Hi,
I made a novel honeypot for worms called Youpot.
Normally a honeypot will try to implement whatever service it thinks the
attacker would like. For a high interaction or pure honeypot this is often
impossible, because of the thousands of possibilities. Even a simple
telnet server will have thousands of variants: different banners,
different shells, different default passwords, on different IoT devices
etc.
Youpot works around this by...
June 3rd, 2025 (20 minutes ago)
|
|
Description: Crucial for applying Active Directory Group Policy Objects, client-side extensions (CSEs) are powerful but also present a significant, often overlooked, attack vector for persistent backdoors. Rather than cover well-documented common abuses of built-in CSEs, this article demonstrates how to create custom malicious ones. These are harder for defenders to identify than legitimate built-in CSEs used in malicious contexts, which have known globally unique identifiers.What are Group Policy Objects?Group Policy Objects (GPOs), a core feature of Active Directory (AD), allow administrators to centrally manage and configure operating systems, applications and user settings across all computers in a domain by configuring a set of rules and configurations. (Source: Microsoft)It is well-known that attackers with sufficient AD access can abuse GPOs for malicious actions like code execution, malware deployment, immediate scheduled tasks, privilege escalation, and stealthy persistence establishment; these techniques are generally well-documented.Each GPO comprises two main parts:The groupPolicyContainer object (GPC) in AD’s LDAP, holding metadata such as display names and CSE listsThe Group Policy Template (GPT) in AD’s SYSVOL share, containing the actual policy files and scriptsWhat are client-side extensions (CSEs)?Have you ever wondered how the settings defined in a GPO actually get applied on a client computer? The magic behind this process lies in the CSEs.CSEs are critical componen...
June 3rd, 2025 (20 minutes ago)
|
|
Description: Edge computing and stricter regulations may usher in a new era of AI privacy.
June 3rd, 2025 (35 minutes ago)
|
|
|
Description: Manufacturing
Kentucky, United States
<25 Employees
Lumenation is a lighting sales agency serving Kentucky and southern Indiana, specializing in commercial and industrial lighting since 1960.
Revenue <$5 Million
June 3rd, 2025 (about 2 hours ago)
|
|
|
Description: Electricity, Oil & Gas
Australia
<25 Employees
Solar City® is dedicated to assisting towns, cities and city regions in fully integrating renewable energy technologies.
Revenue <$5 Million
June 3rd, 2025 (about 2 hours ago)
|
|
|
Description: Hospitals & Physicians Clinics
New Jersey, United States
<25 Employees
Navesink Rehab is a multidisciplinary rehabilitation center located in Red Bank, New Jersey, offering a range of services including physical therapy, chiropractic care, acupuncture, and treatment for auto accident injuries.
Revenue <$5 Million
June 3rd, 2025 (about 2 hours ago)
|
|
Description: In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption caused — currently looking like hundreds of millions in lost profits for M&S alone.
This coverage is extremely valuable for the cybersecurity community as it raises
June 3rd, 2025 (about 2 hours ago)
|