Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-36842 |
Description: An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component.
EPSS Score: 0.1%
April 15th, 2025 (7 days ago)
|
|
CVE-2024-28676 |
Description: DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php.
EPSS Score: 0.26% SSVC Exploitation: poc
April 15th, 2025 (7 days ago)
|
|
CVE-2024-2182 |
Description: A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.
EPSS Score: 0.36% SSVC Exploitation: none
April 15th, 2025 (7 days ago)
|
|
Description: Bolivar Insulation serves all of southwest Missouri including the
areas of Springfield, Bolivar, Branson, Joplin, Columbia and Cam
denton, Missouri for gutter cleaning, repair or new gutter instal
lation.
We are ready to upload more than 9 GB of essential corporate docu
ments such as: financial data (audits, payment details, reports),
contact numbers and e-mail addresses of employees and customers,
SSNâs, driver licenses, passport scans, etc.
April 15th, 2025 (7 days ago)
|
|
|
Description: The company's activities include project planning, construction m
anagement, expertise and consulting in civil engineering and its
specialized fields.
We are ready to upload more than 92 GB of essential corporate doc
uments such as: contact numbers and e-mail addresses of employees
and customers, financial data (audits, payment details, reports)
, corporate NDAâs, etc.
April 15th, 2025 (7 days ago)
|
|
Description: Russia-backed APT29's latest campaign once again uses malicious invites to wine-tasting events as its lure, but this time targets a different set of vintages â errr, victims â and delivers a novel backdoor, GrapeLoader.
April 15th, 2025 (7 days ago)
|
|
|
Description: CISA released nine Industrial Control Systems (ICS) advisories on April 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-25-105-01 Siemens Mendix Runtime
ICSA-25-105-02 Siemens Industrial Edge Device Kit
ICSA-25-105-03 Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX
ICSA-25-105-04 Growatt Cloud Applications
ICSA-25-105-05 Lantronix Xport
ICSA-25-105-06 National Instruments LabVIEW
ICSA-25-105-07 Delta Electronics COMMGR
ICSA-25-105-08 ABB M2M Gateway
ICSA-25-105-09 Mitsubishi Electric Europe B.V. smartRTUÂ
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
April 15th, 2025 (7 days ago)
|
|
CVE-2025-3232 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric Europe B.V.
Equipment: smartRTU
Vulnerability: Missing Authentication for Critical Function, OS Command Injection
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to disclose, tamper with, destroy or delete information in the product, or cause a denial-of service condition on the product.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Mitsubishi Electric Europe reports following versions of smartRTU are affected:
smartRTU: Versions 3.37 and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 Missing Authentication for Critical Function CWE-306
A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands.
CVE-2025-3232 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
A CVSS v4 score has also been calculated forâŻCVE-2025-3232. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H).
3.2.1 Improper Neutralization of Special Elements used in an OS Command CWE-78
A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electr...
April 15th, 2025 (7 days ago)
|
|
CVE-2025-3495 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Delta Electronics
Equipment: COMMGR
Vulnerability: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow for an attacker to remotely access the AS3000Simulator family in the COMMGR software and execute arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of COMMGR, a software management platform that contain virtual PLCs, are affected:
COMMGR (Version 1): All versions
COMMGR (Version 2): All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 USE OF CRYPTOGRAPHICALLY WEAK PSEUDO-RANDOM NUMBER GENERATOR (PRNG) CWE-338
The software uses insufficiently randomized values to generate session IDs. An attacker could easily brute force a session ID and load and execute arbitrary code.
CVE-2025-3495 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated forâŻCVE-2025-3495. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Communications, Critical Manufacturing, Energy, Healthcare and Public Health
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Ta...
EPSS Score: 0.07%
April 15th, 2025 (7 days ago)
|
|
CVE-2025-30511 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Growatt
Equipment: Cloud Applications
Vulnerabilities: Cross-site Scripting, Authorization Bypass Through User-Controlled Key, Insufficient Type Distinction, External Control of System or Configuration Setting
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to compromise confidentiality, achieve cross-site scripting, or code execution on affected devices.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Growatt products are affected:
Growatt cloud portal: Versions prior to 3.6.0
3.2 VULNERABILITY OVERVIEW
3.2.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79
An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant.
CVE-2025-30511 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
A CVSS v4 score has also been calculated forâŻCVE-2025-30511. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.2.2 Authorization Bypass Through User-Controlled Key CWE-639
An unauthenticated attacker can check the existence of usernames in the system by querying an API.
CVE-2025-31933 has been assigned to this vulnerability. A CVSS v3...
EPSS Score: 0.05%
April 15th, 2025 (7 days ago)
|