Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-55372 |
Description: Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious files to the server. Once a web shell is installed, the attacker gains the ability to execute arbitrary commands.
EPSS Score: 0.08%
April 16th, 2025 (4 days ago)
|
|
CVE-2024-55371 |
Description: Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authenticated attacker (being an administrator is not required) to upload malicious files to the server. Once a web shell is installed, the attacker gains the ability to execute arbitrary commands.
EPSS Score: 0.06%
April 16th, 2025 (4 days ago)
|
|
Description: Researchers discovered new variants of the malware, which is tied to a China-nexus threat group, targeting Windows environments of critical infrastructure networks in Europe.
April 16th, 2025 (4 days ago)
|
|
|
Description: The attacks have been going on since shortly after Microsoft patched the vulnerability in March.
April 16th, 2025 (4 days ago)
|
|
April 16th, 2025 (4 days ago)
|
|
Description: An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-53305
https://github.com/benbusby/whoogle-search/commit/223f00c3c0533423114f99b30c561278bc0b42ba
https://gist.github.com/fern89/ca5fe76ad81b4bc363e7341e523a1651
https://fern89.github.io/posts/whoogle-rce
https://github.com/advisories/GHSA-2689-cw26-6cpj
EPSS Score: 0.07%
April 16th, 2025 (4 days ago)
|
|
|
|
Description: Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. [...]
April 16th, 2025 (4 days ago)
|
|
Description: The U.S. government has moved to extend MITRE’s contract to operate the Common Vulnerabilities and Exposures (CVE) program, ensuring no break in service following earlier warnings of a potential lapse. The decision temporarily secures the future of one of the cybersecurity industry’s most critical vulnerability coordination systems — but leaves open questions about long-term governance …
The post U.S. Government Extends MITRE Contract, Averting Disruption to CVE Program appeared first on CyberInsider.
April 16th, 2025 (4 days ago)
|
|
Description: The Cybersecurity and Infrastructure Security Agency on Wednesday said that while the scope of the reported Oracle issue remains unconfirmed, it "presents potential risk to organizations and individuals."
April 16th, 2025 (4 days ago)
|