Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024.
While using malware-laced apps to steal financial information is not a new phenomenon, the new findings from Russian antivirus vendor Doctor Web point to
April 16th, 2025 (6 days ago)
|
CVE-2024-10680 |
Description: The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
April 16th, 2025 (6 days ago)
|
|
CVE-2025-22018 |
Description: In the Linux kernel, the following vulnerability has been resolved:
atm: Fix NULL pointer dereference
When MPOA_cache_impos_rcvd() receives the msg, it can trigger
Null Pointer Dereference Vulnerability if both entry and
holding_time are NULL. Because there is only for the situation
where entry is NULL and holding_time exists, it can be passed
when both entry and holding_time are NULL. If these are NULL,
the entry will be passd to eg_cache_put() as parameter and
it is referenced by entry->use code in it.
kasan log:
[ 3.316691] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006:I
[ 3.317568] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
[ 3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex Not tainted 6.14.0-rc2 #102
[ 3.318601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470
[ 3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80
[ 3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006
[ 3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e
[ 3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030
[ 3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88
[ 3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15
[ 3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff88...
EPSS Score: 0.03%
April 16th, 2025 (6 days ago)
|
|
Description: MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry. [...]
April 16th, 2025 (6 days ago)
|
|
Description: The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures (CVE) program will expire Wednesday, an unprecedented development that could shake up one of the foundational pillars of the global cybersecurity ecosystem.
The 25-year-old CVE program is a valuable tool for vulnerability management, offering a de facto standard to
April 16th, 2025 (6 days ago)
|
|
April 16th, 2025 (6 days ago)
|
|
Description: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)
April 16th, 2025 (6 days ago)
|
|
Description: ibL – Ingenieurbüro für Landentwicklung GmbH – based in Halle (Saale) is a consulting and planning engineering firm that operates primarily in rural areas.
Our work focuses on planning services for land development using geodata.
In selected regions, we act as a suitable agency for determining and reorganizing the ownership of land and buildings based on Section 99 (2) of the Land Consolidation Act and Section 53 of the Agricultural Adjustment Act.
===>
Phone Number: 0345 233 410
Revenue: $5 Million
Industry: Engineering
Employees: 25
Data: 56gb
April 16th, 2025 (6 days ago)
|
|
CVE-2025-3698 |
Description: Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk.
EPSS Score: 0.03%
April 16th, 2025 (6 days ago)
|
|
Description: MITRE’s CVE program has been an important pillar in cybersecurity for over two decades. The lack of certainty surrounding the future of the CVE program creates great uncertainty about how newly discovered vulnerabilities will be cataloged.BackgroundOn April 15, reports circulated that the contract for funding the Common Vulnerabilities and Exposures (CVE) program along with other related programs, such as Common Weakness Enumeration (CWE), would be expiring on April 16. The letter below was sent to CVE Board Members and published on social media and other fora announcing the expiration of these programs:The legitimacy of this letter and its contents was confirmed by cybersecurity journalist Brian Krebs in a post on Mastodon. Tenable has also independently confirmed the letter’s legitimacy.CVE program importanceWhile flawed in some ways, the CVE program, which recently celebrated its 25th anniversary, has been an important pillar in cybersecurity for over two decades. It provides a common taxonomy for cybersecurity solutions and organizations to track vulnerabilities and exposures. Since its launch in 1999, the CVE program has published over 250,000 CVEs as of the end of 2024.Risk to CVE programWith the report that the funding for the CVE program is potentially set to expire on April 16, the biggest concern stems from the fact that CVE Numbering Authorities, or CNAs, will no longer be able to reserve and assign CVEs for newly discovered vulnerabilities. While CNAs typically...
April 16th, 2025 (6 days ago)
|