Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-24860	Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions Description: Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. Operators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue. EPSS Score: 0.04% Source: CVE February 5th, 2025 (2 months ago)
CVE-2025-23015	Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Description: Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue. EPSS Score: 0.04% Source: CVE February 5th, 2025 (2 months ago)
	A Threat Actor Claims to have Leaked a 2023 Breach of BodyWeb Description: A Threat Actor Claims to have Leaked a 2023 Breach of BodyWeb Source: DarkWebInformer February 4th, 2025 (2 months ago)
CVE-2025-24860	[org.apache.cassandra:cassandra-all] Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to di... Description: Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. Operators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue. References https://nvd.nist.gov/vuln/detail/CVE-2025-24860 https://lists.apache.org/thread/yjo5on4tf7s1r9qklc4byrz30b8vkm2d http://www.openwall.com/lists/oss-security/2025/02/03/3 https://github.com/advisories/GHSA-3cjf-fwcq-xh22 EPSS Score: 0.04% Source: Github Advisory Database (Maven) February 4th, 2025 (2 months ago)
	Cyber agencies share security guidance for network edge devices Description: Five Eyes cybersecurity agencies in the UK, Australia, Canada, New Zealand, and the U.S. have issued guidance urging makers of network edge devices and appliances to improve forensic visibility to help defenders detect attacks and investigate breaches. [...] Source: BleepingComputer February 4th, 2025 (2 months ago)
	How hackers target your Active Directory with breached VPN passwords Description: As the gateways to corporate networks, VPNs are an attractive target for attackers. Learn from Specops Software about how hackers use compromised VPN passwords and how you can protect your organization. [...] Source: BleepingComputer February 4th, 2025 (2 months ago)
	Managing Software Risk in a World of Exploding Vulnerabilities Description: Organizations and development teams need to evolve from "being prepared" to "managing the risk" of security breaches. Source: Dark Reading February 4th, 2025 (2 months ago)
	Data Breach at Betting Platform 1win Exposed 96 Million Users Description: A massive data breach at online betting platform 1win has now been confirmed by Have I Been Pwned (HIBP), affecting over 96 million users worldwide. The leaked data, which includes email addresses, phone numbers, IP addresses, dates of birth, geographic locations, and SHA-256 hashed passwords, has been circulating on hacking forums since November 2024. Reports … The post Data Breach at Betting Platform 1win Exposed 96 Million Users appeared first on CyberInsider. Source: CyberInsider February 4th, 2025 (2 months ago)
	Grubhub Discloses Data Breach Exposing Customer Information Description: Grubhub has disclosed a data breach stemming from a security incident involving a third-party service provider. The breach resulted in unauthorized access to certain user contact information, including names, email addresses, and phone numbers, as well as partial payment card details for some campus diners. The company took immediate action to contain the breach, terminated … The post Grubhub Discloses Data Breach Exposing Customer Information appeared first on CyberInsider. Source: CyberInsider February 4th, 2025 (2 months ago)
	GrubHub data breach impacts customers, drivers, and merchants Description: Food delivery company GrubHub disclosed a data breach impacting the personal information of an undisclosed number of customers, merchants, and drivers after attackers breached its systems using a service provider account. [...] Source: BleepingComputer February 4th, 2025 (2 months ago)