Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
🚨 Marked as known exploited on April 17th, 2025 (2 days ago).
Description: A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. [...]
April 17th, 2025 (2 days ago)
|
|
Description: Vulnerability
A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentials.yml file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticated source.
This impacts the following connectors:
audiocodes_stream
genesys
jambonz
As part of our investigation to resolve this issue, we have also performed a security review of our other voice channel connectors:
browser_audio: Does not support authentication. This is a development channel not intended for production use.
twilio_media_streams, twilio_voice and jambonz: Authentication is currently not supported by these channels, but our investigation has found a way for us to enable it for these voice channel connectors in a future Rasa Pro release.
Fix
The issue has been resolved for audiocodes, audiocodes_stream, and genesys connectors. Fixed versions of Rasa Pro have been released for 3.9.20, 3.10.19, 3.11.7 and 3.12.6. Please update to a fixed release.
If you are using one of the affected connectors, we strongly recommend upgrading to a fixed version. For connectors where authentication is not supported (e.g., Twilio), we suggest taking extra caution and considering other compensating controls if applicable.
References
https://github.com/RasaHQ/rasa-pro-security-advisories/security/advisories/GHSA-7xq5-54jp-2mfg
https://github.com/RasaHQ/security-advisories/security/advi...
April 17th, 2025 (2 days ago)
|
|
Description: In this week’s newsletter, Thorsten muses on how search engines and AI quietly gather your data while trying to influence your buying choices. Explore privacy-friendly alternatives and get the scoop on why it's important to question the platforms you interact with online.
April 17th, 2025 (2 days ago)
|
|
April 17th, 2025 (2 days ago)
|
CVE-2025-29722 |
Description: A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue exists due to missing CSRF protection on sensitive endpoints.
EPSS Score: 0.08%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-28101 |
Description: An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request.
EPSS Score: 0.05%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-25455 |
Description: Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2.
EPSS Score: 0.02%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-25454 |
Description: Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.
EPSS Score: 0.02%
April 17th, 2025 (2 days ago)
|
|
CVE-2024-55211 |
Description: An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie.
EPSS Score: 0.02%
April 17th, 2025 (2 days ago)
|
|
CVE-2024-53924 |
Description: Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring.
EPSS Score: 0.02%
April 17th, 2025 (2 days ago)
|