Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24949 |
Description: In JotUrl 2.0, is possible to bypass security requirements during the password change process.
EPSS Score: 0.04%
April 15th, 2025 (7 days ago)
|
|
CVE-2025-24948 |
Description: In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records.
EPSS Score: 0.04%
April 15th, 2025 (7 days ago)
|
|
CVE-2024-36842 |
Description: An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component.
EPSS Score: 0.1%
April 15th, 2025 (7 days ago)
|
|
CVE-2024-28676 |
Description: DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php.
EPSS Score: 0.26% SSVC Exploitation: poc
April 15th, 2025 (7 days ago)
|
|
CVE-2024-2182 |
Description: A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.
EPSS Score: 0.36% SSVC Exploitation: none
April 15th, 2025 (7 days ago)
|
|
Description: Bolivar Insulation serves all of southwest Missouri including the
areas of Springfield, Bolivar, Branson, Joplin, Columbia and Cam
denton, Missouri for gutter cleaning, repair or new gutter instal
lation.
We are ready to upload more than 9 GB of essential corporate docu
ments such as: financial data (audits, payment details, reports),
contact numbers and e-mail addresses of employees and customers,
SSN’s, driver licenses, passport scans, etc.
April 15th, 2025 (7 days ago)
|
|
|
Description: The company's activities include project planning, construction m
anagement, expertise and consulting in civil engineering and its
specialized fields.
We are ready to upload more than 92 GB of essential corporate doc
uments such as: contact numbers and e-mail addresses of employees
and customers, financial data (audits, payment details, reports)
, corporate NDA’s, etc.
April 15th, 2025 (7 days ago)
|
|
Description: Russia-backed APT29's latest campaign once again uses malicious invites to wine-tasting events as its lure, but this time targets a different set of vintages — errr, victims — and delivers a novel backdoor, GrapeLoader.
April 15th, 2025 (7 days ago)
|
|
|
Description: CISA released nine Industrial Control Systems (ICS) advisories on April 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-25-105-01 Siemens Mendix Runtime
ICSA-25-105-02 Siemens Industrial Edge Device Kit
ICSA-25-105-03 Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX
ICSA-25-105-04 Growatt Cloud Applications
ICSA-25-105-05 Lantronix Xport
ICSA-25-105-06 National Instruments LabVIEW
ICSA-25-105-07 Delta Electronics COMMGR
ICSA-25-105-08 ABB M2M Gateway
ICSA-25-105-09 Mitsubishi Electric Europe B.V. smartRTU
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
April 15th, 2025 (7 days ago)
|
|
CVE-2025-3232 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric Europe B.V.
Equipment: smartRTU
Vulnerability: Missing Authentication for Critical Function, OS Command Injection
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to disclose, tamper with, destroy or delete information in the product, or cause a denial-of service condition on the product.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Mitsubishi Electric Europe reports following versions of smartRTU are affected:
smartRTU: Versions 3.37 and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 Missing Authentication for Critical Function CWE-306
A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands.
CVE-2025-3232 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
A CVSS v4 score has also been calculated for CVE-2025-3232. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H).
3.2.1 Improper Neutralization of Special Elements used in an OS Command CWE-78
A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electr...
April 15th, 2025 (7 days ago)
|