Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: How human sexuality will outsmart prudish algorithms and hateful politicians; the open source software behind the Ukraine drone attack; and how even pro-AI subreddits are dealing with AI delusions.
June 4th, 2025 (4 days ago)
|
|
Description: Kettering Health - is an organization headquartered in Kettering, Ohio, that operates hospitals, freestanding acute care facilities, clinics, and Kettering College. Kettering Health serves residents of Greater Dayton and surrounding communities. It includes nine hospitals, 12 freestanding acute care facilities, 188 clinics, more than 1,900 physicians, and more than 14,000 employees.
June 4th, 2025 (4 days ago)
|
|
Description: The FBI has issued a public service announcement warning Hedera Hashgraph non-custodial wallet users of a growing scam involving fraudulent non-fungible token (NFT) airdrops that aim to steal cryptocurrency through deceptive reward offers. According to the FBI's Internet Crime Complaint Center (IC3), cybercriminals are exploiting the NFT airdrop feature built into non-custodial cryptocurrency wallets to …
The post FBI Warns of NFT Airdrop Scam Targeting Hedera Hashgraph Wallet Users appeared first on CyberInsider.
June 4th, 2025 (4 days ago)
|
|
Description: Reflected Cross-Site Scripting (XSS) in osCommerce
Wed, 06/04/2025 - 11:50
Aviso
Affected Resources
osCommerce, v4.
Description
INCIBE has coordinated the publication of a medium severity vulnerability affecting osCommerce, an open source eCommerce platform. The vulnerability has been discovered by Gonzalo Aguilar García (6h4ack).This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and vulnerability CWE type:CVE-2025-40674: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79
Identificador
INCIBE-2025-0291
3 - Medium
Solution
There is no reported solution at this time.
Detail
CVE-2025-40674: reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the name of any parameter in /watch/en/about-us. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
References list
osCommerce - Product Web
Etiquetas
0day
CNA
...
June 4th, 2025 (4 days ago)
|
|
June 4th, 2025 (4 days ago)
|
CVE-2025-27444 |
Description: A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filter[dateFrom] GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin or editor privileges to inject arbitrary JavaScript code by crafting a malicious URL.
EPSS Score: 0.03%
June 4th, 2025 (4 days ago)
|
|
|
Description: Motor World ARC is a UK-based company specializing in vehicle repairs and automotive services, offering expert solutions for a range of car-related needs. They provide high-quality accident repair, bodywork restoration, and mechanical services, with a commitment to customer satisfaction and precision.
June 4th, 2025 (4 days ago)
|
|
|
Description: Epworth HealthCare is a leading not-for-profit private hospital group in Victoria, Australia, known for high-quality medical, surgical, and rehabilitation services. Founded in 1920, it operates major hospitals across Melbourne and Geelong.
June 4th, 2025 (4 days ago)
|
|
June 4th, 2025 (4 days ago)
|
|
Description: Calling cyber security professionals, culture specialists and leaders to drive uptake of new Cyber security culture principles.
June 4th, 2025 (4 days ago)
|