Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-25454 |
Description: Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.
EPSS Score: 0.02%
April 17th, 2025 (2 days ago)
|
|
CVE-2024-55211 |
Description: An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie.
EPSS Score: 0.02%
April 17th, 2025 (2 days ago)
|
|
CVE-2024-53924 |
Description: Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring.
EPSS Score: 0.02%
April 17th, 2025 (2 days ago)
|
|
Description: A new report from iVerify has revealed a far-reaching global surveillance threat enabled by China’s state-owned telecom interconnect providers. By exploiting outdated mobile signaling protocols, entities such as China Mobile International (CMI) and China Telecom Global have gained alarming access to sensitive mobile communications worldwide, with implications ranging from mass user profiling to covert malware …
The post Global Telecom Networks Host Hidden Chinese Surveillance Nodes appeared first on CyberInsider.
April 17th, 2025 (2 days ago)
|
|
Description: Founded in 1964, AccessSMT Holdings is a leading supplier, installer, and project management company that offers hardware, doors, frames, and building materials for the commercial, residential sectors. AccessSMT Holdings is located in Canada. ...
April 17th, 2025 (2 days ago)
|
|
Description: According to a complaint filed by a former employee, cybercriminals exfiltrated records that held personal information like names and Social Security numbers belonging to 76,000 current and former employees of Paradies Shops.
April 17th, 2025 (2 days ago)
|
|
CVE-2025-1863 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Yokogawa
Equipment: GX10, GX20, GP10, GP20, GM Data Acquisition System, DX1000, DX2000, DX1000N, FX1000, μR10000, μR20000, MW100, DX1000T, DX2000T, CX1000, CX2000
Vulnerability: Missing Authentication for Critical Function
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to manipulate information on the affected products.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Yokogawa recorder products are affected:
GX10 / GX20 / GP10 / GP20 Paperless Recorders: Versions R5.04.01 and earlier
GM Data Acquisition System: Versions R5.05.01 and earlier
DX1000 / DX2000 / DX1000N Paperless Recorders: Versions R4.21 and earlier
FX1000 Paperless Recorders: Versions R1.31 and earlier
μR10000 / μR20000 Chart Recorders: Versions R1.51 and earlier
MW100 Data Acquisition Units: All versions
DX1000T / DX2000T Paperless Recorders: All versions
CX1000 / CX2000 Paperless Recorders: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
Authentication is disabled by default on the affected products. When connected to a network with default settings, this could allow anyone to access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.
CVE-2025-1863 has been assigned to this v...
EPSS Score: 0.05%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-29662 |
Description: A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacker to execute system code via remote network access.
EPSS Score: 0.02%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-29661 |
Description: Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run.
EPSS Score: 0.04%
April 17th, 2025 (2 days ago)
|
|
CVE-2025-29181 |
Description: FOXCMS <= V1.25 is vulnerable to SQL Injection via $param['title'] in /admin/util/Field.php.
EPSS Score: 0.03%
April 17th, 2025 (2 days ago)
|