Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-22559 |
Description: LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field.
EPSS Score: 0.06% SSVC Exploitation: poc
May 29th, 2025 (11 days ago)
|
|
CVE-2024-22545 |
Description: An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely.
EPSS Score: 0.08% SSVC Exploitation: poc
May 29th, 2025 (11 days ago)
|
|
CVE-2024-0727 |
Description: Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL
to crash leading to a potential Denial of Service attack
Impact summary: Applications loading files in the PKCS12 format from untrusted
sources might terminate abruptly.
A file in PKCS12 format can contain certificates and keys and may come from an
untrusted source. The PKCS12 specification allows certain fields to be NULL, but
OpenSSL does not correctly check for this case. This can lead to a NULL pointer
dereference that results in OpenSSL crashing. If an application processes PKCS12
files from an untrusted source using the OpenSSL APIs then that application will
be vulnerable to this issue.
OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
function is related to writing data we do not consider it security significant.
The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
EPSS Score: 0.16% SSVC Exploitation: none
May 29th, 2025 (11 days ago)
|
|
Description: Threat actors are abusing the trusted Google platform 'Google Apps Script' to host phishing pages, making them appear legitimate and eliminating the risk of them getting flagged by security tools. [...]
May 29th, 2025 (11 days ago)
|
|
CVE-2025-5307 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.4
ATTENTION: Low attack complexity
Vendor: Santesoft
Equipment: Sante DICOM Viewer Pro
Vulnerability: Out-of-bounds Read
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to disclose information or execute arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Santesoft products are affected:
Sante DICOM Viewer Pro: Versions 14.2.1 and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 OUT-OF-BOUNDS READ CWE-125
The affected product contains a memory corruption vulnerability. A local attacker could exploit this issue to potentially disclose information and to execute arbitrary code on affected installations of Sante DICOM Viewer Pro.
CVE-2025-5307 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-5307. A base score of 8.4 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Cyprus
3.4 RESEARCHER
Michael Heinzl reported this vulnerability to CISA.
4. MITIGATIONS
Santesoft recommends users upgrade Sante DICOM Viewer Pro to version v14.2.2.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulne...
EPSS Score: 0.02%
May 29th, 2025 (11 days ago)
|
|
CVE-2025-1907 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Instantel
Equipment: Micromate
Vulnerability: Missing Authentication for Critical Function
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the device's configuration port and execute commands.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Micromate are affected:
Micromate: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected.
CVE-2025-1907 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-1907. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Canada
3.4 RESEARCHER
Souvik Kandar of MicroSec (microsec.io) reported this vulnerability to CISA.
4. MITIGATIONS
Instantel is actively working on a firmware update to address this vulnerability. In the meantime, Micromate users are advised to implement the following workaround measures:
Establish ...
EPSS Score: 0.14%
May 29th, 2025 (11 days ago)
|
|
CVE-2025-41438 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Consilium Safety
Equipment: CS5000 Fire Panel
Vulnerabilities: Initialization of a Resource with an Insecure Default, Use of Hard-coded Credentials
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to gain high-level access to and remotely operate the device, potentially putting it into a non-functional state.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Consilium Safety product is affected:
CS5000 Fire Panel: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 INITIALIZATION OF A RESOURCE WITH AN INSECURE DEFAULT CWE-1188
The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely impact the device's operation if exploited.
CVE-2025-41438 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-41438. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.2.2 USE OF HARD-CODED CREDENTIALS CWE-798
The CS5000 Fire Panel is vulnerable due to a hard-coded password that...
EPSS Score: 0.06%
May 29th, 2025 (11 days ago)
|
|
Description: Safari’s inadequate fullscreen mode indicators can be exploited in advanced Browser-in-the-Middle (BitM) attacks, allowing threat actors to steal user credentials without raising suspicion. While not a technical vulnerability, this design oversight enables attackers to combine legitimate web functionalities with social engineering to create highly convincing phishing setups. The discovery comes from SquareX’s “Year of Browser …
The post Apple Safari Users Vulnerable to Stealthy Browser Attacks appeared first on CyberInsider.
May 29th, 2025 (11 days ago)
|
|
May 29th, 2025 (11 days ago)
|
|
Description: AGME Automated Assembly Solutions design and manufacture special
purpose machines that best meet the automatic assembly needs of d
ifferent industries.
We are going to upload about 10 GB of corporate data. Lot of empl
oyee personal information (DOB, passport id, addresses, phones, e
mails, and so on), projects info, financial data, client data, co
ntracts and agreements, confidential documents, NDAs, etc.
May 29th, 2025 (11 days ago)
|