Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-29180
In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_website POST...
Description: In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_website POST parameters are directly concatenated into SQL statements without filtering.

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (2 days ago)

CVE-2025-29039
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8
Description: An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8

EPSS Score: 0.2%

Source: CVE
April 17th, 2025 (2 days ago)

CVE-2024-56518
Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document...
Description: Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI.

EPSS Score: 0.06%

Source: CVE
April 17th, 2025 (2 days ago)

CVE-2024-40124
Pydio Core <= 8.2.5 is vulnerable to Cross Site Scripting (XSS) via the New URL Bookmark feature.
Description: Pydio Core <= 8.2.5 is vulnerable to Cross Site Scripting (XSS) via the New URL Bookmark feature.

EPSS Score: 0.02%

Source: CVE
April 17th, 2025 (2 days ago)
🏴‍☠️ Hunters has just published a new victim : HOPI
Description: Exfiltraded data : yes - Encrypted data : no
Source: Ransomware.live
April 17th, 2025 (2 days ago)
Chrome extensions with 6 million installs have hidden tracking code
Description: A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts. [...]
Source: BleepingComputer
April 17th, 2025 (2 days ago)
New “VIP” XorDDoS Malware Targets U.S. in Global Botnet Expansion
Description: A newly upgraded version of a long-running malware strain called XorDDoS is being used to launch powerful distributed denial-of-service (DDoS) attacks, with the United States emerging as the primary target. According to new research from Cisco Talos, over 70% of attempted attacks using the XorDDoS malware between late 2023 and early 2025 were aimed at … The post New “VIP” XorDDoS Malware Targets U.S. in Global Botnet Expansion appeared first on CyberInsider.
Source: CyberInsider
April 17th, 2025 (2 days ago)
Dutch parent company of Hannaford and Stop & Shop confirms data stolen in cyberattack
Description: The INC ransomware gang claimed it was behind the cyberattack, which limited operations last November at some of the company's 2,000 stores across the U.S.
Source: The Record
April 17th, 2025 (2 days ago)

CVE-2025-29043
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234
Description: An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234

EPSS Score: 0.05%

Source: CVE
April 17th, 2025 (2 days ago)

CVE-2025-29042
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c
Description: An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c

EPSS Score: 0.05%

Source: CVE
April 17th, 2025 (2 days ago)