Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Nevada Ready Mix was founded in 1960. The company offers concrete for residential foundations, public works, golf courses, and heavy highway projects. It is headquartered in Nevada, United States.
April 15th, 2025 (7 days ago)
|
|
|
Description: Founded in 1951 and headquartered in St Louis Park, Minnesota, SPS Companies is a wholesale distributor of products and services for use by both residential and commercial contractors. The company focuses on plumbing, mechanical and industrial piping, heating, ventilation, and more.
April 15th, 2025 (7 days ago)
|
|
|
Description: toolsign GmbH is a company that operates in the Consumer Services industry. It employs 10to19 people and has 1Mto5M of revenue. The company is headquartered in Neusorg, Bavaria, Germany.
April 15th, 2025 (7 days ago)
|
|
|
|
Description: Microsoft announced it will begin disabling all ActiveX controls in Windows versions of Microsoft 365 and Office 2024 applications later this month. [...]
April 15th, 2025 (7 days ago)
|
|
Description: Hackers claim to have obtained 4chan's code, emails of moderators, and internal communications.
April 15th, 2025 (7 days ago)
|
CVE-2025-3523 |
Description: When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from untrusted sources. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2.
EPSS Score: 0.03%
April 15th, 2025 (7 days ago)
|
|
CVE-2025-3522 |
Description: Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2.
EPSS Score: 0.03%
April 15th, 2025 (7 days ago)
|
|
CVE-2025-32911 |
Description: A flaw was found in libsoup, which is vulnerable to a use-after-free memory issue not on the heap in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
EPSS Score: 0.06% SSVC Exploitation: none
April 15th, 2025 (7 days ago)
|
|
CVE-2025-2830 |
Description: By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2.
EPSS Score: 0.03%
April 15th, 2025 (7 days ago)
|