Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Oregon Department of Environmental Quality They think their data hasn't been stolen. They're sorely mistaken.Over 2.5 terabytes of unique data. (SQL, employee data and more)We are waiting for your suggestions.
April 15th, 2025 (8 days ago)
|
|
|
Description: Founded in 1958 in the Buffalo, NY by the Sisters of Mercy, Trocaire College is a private, career-oriented Catholic college that strives to empower students toward personal enrichment, dignity and self-worth through education. A career-oriented institution, Trocaire offers bachelor's degrees, associate degrees and certificate and workforce development programs in healthcare, business, hospitality and technology. Recognizing the individual needs of a diverse student body, Trocaire College provides life learning and development within a community-based environment, preparing students for service in the universal community.
===>
Phone Number:
(716) 826-1200
Revenue: $24.6 Million
Industry: Education
Employees: 217
Data: 310gb
April 15th, 2025 (8 days ago)
|
|
Description: Newhotel Cloud is a comprehensive, cloud-based Property Management System (PMS) developed by Newhotel Software to streamline hotel operations of...
April 15th, 2025 (8 days ago)
|
.jpg)
|
Description: How Platform as a Service (PaaS) can make good security easier to achieve.
April 15th, 2025 (8 days ago)
|
|
Description: The Hertz Corporation has confirmed a data breach resulting from the exploitation of zero-day vulnerabilities in Cleo Communications' file transfer platform, marking the latest fallout in the broader “Cleo campaign” attributed to the Clop ransomware group. The breach, which may have exposed a range of sensitive personal data, affects customers and possibly employees of Hertz, …
The post Hertz Confirms Data Breach Following Clop Ransomware Leaks appeared first on CyberInsider.
April 15th, 2025 (8 days ago)
|
|
April 15th, 2025 (8 days ago)
|
|
Description: Insecure Direct Object Reference on Deporsite by T-INNOVA
Tue, 04/15/2025 - 12:03
Aviso
Affected Resources
GestorFirmaDocumentos Module, v05.29.0907.
Description
INCIBE has coordinated the publication of 2 high severity vulnerabilities that affect the specific module in charge of document signature management GestorFirmaDocumentos, of T-INNOVA, which have been discovered by Carlos Alonso Arranz.These vulnerabilities have been assigned the following codes, CVSS v4.0 base score, CVSS vector and the type of vulnerability CWE of each vulnerability:CVE-2025-3574 y CVE-2025-3575: CVSS v4.0: 8.7 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N. | CWE-639
Identificador
INCIBE-2025-0186
4 - High
Solution
The vulnerabilities have been fixed by the T-INNOVA team in release 2024.02 (DSuite2024 v06.1287 fix2).T-Innova has identified the customers using the affected module, and has applied the corresponding patch.
Detail
Insecure Direct Object Reference (IDOR) vulnerabilities in T-INNOVA's DocumentSignatureManager module could allow an attacker to obtain sensitive information from other users via parameters:CVE-2025-3574: "idUsuario" in the endpoint "/helper/Familia/obtenerFamiliaUsuario".CVE-2025-3575: "idUsuario" in the endpoint "/helper/Familia/establecerUsuarioSeleccion".
...
EPSS Score: 0.05%
April 15th, 2025 (8 days ago)
|
CVE-2025-3576 |
Description: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
EPSS Score: 0.01%
April 15th, 2025 (8 days ago)
|
|
CVE-2024-13610 |
Description: The Simple Social Media Share Buttons WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
April 15th, 2025 (8 days ago)
|
|
CVE-2024-13207 |
Description: The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
April 15th, 2025 (8 days ago)
|