Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Dark Web Launderer Unmasked Through Apple iCloud and Messaging Apps
Description: The dismantling of a sophisticated dark web laundering network tied to over $24 million in illicit funds has revealed just how vulnerable even the most anonymity-conscious actors can be when digital traces are left behind — particularly across encrypted messaging platforms and cloud services. Anurag Pramod Murarka, a 30-year-old Indian national operating under aliases like … The post Dark Web Launderer Unmasked Through Apple iCloud and Messaging Apps appeared first on CyberInsider.
Source: CyberInsider
April 15th, 2025 (7 days ago)

CVE-2025-29281
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files...
Description: In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them.

EPSS Score: 0.08%

SSVC Exploitation: poc

Source: CVE
April 15th, 2025 (7 days ago)

CVE-2025-28145
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in...
Description: Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in /boafrm/formDiskFormat.

EPSS Score: 4.33%

Source: CVE
April 15th, 2025 (7 days ago)

CVE-2025-28137
The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function...
Description: The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

EPSS Score: 0.32%

Source: CVE
April 15th, 2025 (7 days ago)

CVE-2025-27980
cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=.
Description: cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=.

EPSS Score: 0.04%

Source: CVE
April 15th, 2025 (7 days ago)
The AI Tools CBP Is Using to Scan Social Media
Description: Customs and Border Protection released more documents last week that show which AI-powered tools that agency has been using to identify people of interest.
Source: 404 Media
April 15th, 2025 (7 days ago)
[aws-cdk-lib] aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role
Description: Summary The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "constructs," which are organized into a hierarchical tree structure. One of the features of this framework is the ability to call "Aspects," which are mechanisms to set configuration options for all AWS Resources in a particular part of the hierarchy at once. Aspect execution happens in a specific order, and the last Aspect to execute controls the final values in the template. AWS CDK version 2.172.0 introduced a new priority system for Aspects. Prior to this version, CDK would run Aspects based on hierarchical location. The new priority system takes precedence over hierarchical location, altering the invocation order of Aspects. Different priority classes were introduced: Aspects added by CDK APIs were classified as MUTATING (priority 200), while Aspects added directly by the user were classified as DEFAULT (priority 500) unless the user specified otherwise. As a result of this change, CDK apps that use a custom Aspect to assign a default permissions boundary and then use a built-in CDK method to override it on select resources could have unexpected permissions boundaries assigned. The following is an affected code sample: Aspects.of(stack).add(new CustomAspectThatAssignsDefaultPermissionsBoundaries()); ...
Source: Github Advisory Database (NPM)
April 15th, 2025 (7 days ago)
Microsoft: Exchange 2016 and 2019 reach end of support in six months
Description: ​Microsoft warned that Exchange 2016 and Exchange 2019 will reach the end of support six months from now, on October 14. [...]
Source: BleepingComputer
April 15th, 2025 (7 days ago)
[github.com/donknap/dpanel] Dpanel's hard-coded JWT secret leads to remote code execution
Description: Summary The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. Details The Dpanel service, when initiated using its default configuration, includes a hardcoded JWT secret embedded directly within its source code. This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. By forging these tokens, an attacker can successfully bypass authentication mechanisms, impersonate privileged users, and gain unauthorized administrative access. Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. It is recommended to replace the hardcoded secret with a securely generated value and load it from secure configuration storage to mitigate this vulnerability. PoC The core code snippet is shown below: import jwt def generate_jwt(appname): payload = { "SECRET_KEY":"SECRET_VALUE", } print("appname:", appname) print("payload:", str(payload)) token = jwt.encode(payload, SECRET_KEY.format(APP_NAME=appname), algorithm="HS256") return token appname = "SECRET_KEY" token = generate_jwt(appname) print("url token:", token) Impact Attackers who successfully exploit this vulnerability can write arbitrar...
Source: Github Advisory Database (Go)
April 15th, 2025 (7 days ago)
[weblate] VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
Description: Summary When creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the confidential PAT and username are shown in plaintext and get saved into browser history. Moreover, if the request URL is logged, the credentials are written to the logs in plaintext. The problematic URL in question is of this form: https:///create/component/vcs/?repo=https%3A%2F%2F%3A%40github.com%2F%2F.git&project=1&category=&name=&slug=&is_glossary=False&vcs=github&source_language=228&license=&source_component=1#existing If using Weblate official Docker image, nginx logs the URL and the token in plaintext: nginx stdout | 127.0.0.1 - - [04/Apr/2025:10:46:54 +0000] "GET /create/component/vcs/?repo=https%3A%2F%2F%3A%40github.com%2F%2F.git&project=1&category=&name=&slug=&is_glossary=False&vcs=github&source_language=228&license=&source_component=1 HTTP/1.1" 200 17625 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0" Reproduction In a project, create a component which has the Repository push URL setting configured with, for example, a GitHub repository URL including a username and a PAT. In the same project, create another component using the From existing component option and selecting the previous component as the source. Click Continue. Observe that...
Source: Github Advisory Database (PIP)
April 15th, 2025 (7 days ago)