Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-49007
ReDoS Vulnerability in Rack::Multipart handle_mime_head
Description: Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Version 3.1.16 contains a patch for the vulnerability.

CVSS: MEDIUM (6.6)

EPSS Score: 0.05%

Source: CVE
June 4th, 2025 (5 days ago)
Ransomware Attack Update for the 4th of June 2025
Description: Ransomware Attack Update for the 4th of June 2025
Source: DarkWebInformer
June 4th, 2025 (5 days ago)
Threat Attack Daily - 4th of June 2025
Description: Threat Attack Daily - 4th of June 2025
Source: DarkWebInformer
June 4th, 2025 (5 days ago)

CVE-2025-5690
Cursor allows PostgreSQL Anonymizer masked user to gain unauthorized access to authentic data
Description: PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
June 4th, 2025 (5 days ago)

CVE-2025-5613
PHPGurukul Online Fire Reporting System request-details.php sql injection
Description: A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /request-details.php. The manipulation of the argument requestid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in PHPGurukul Online Fire Reporting System 1.2 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /request-details.php. Durch Manipulieren des Arguments requestid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.03%

Source: CVE
June 4th, 2025 (5 days ago)

CVE-2025-5612
PHPGurukul Online Fire Reporting System reporting.php sql injection
Description: A vulnerability has been found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This vulnerability affects unknown code of the file /reporting.php. The manipulation of the argument fullname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. In PHPGurukul Online Fire Reporting System 1.2 wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /reporting.php. Durch das Manipulieren des Arguments fullname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.03%

Source: CVE
June 4th, 2025 (5 days ago)

CVE-2024-22922
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login...
Description: An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php

EPSS Score: 0.51%

SSVC Exploitation: none

Source: CVE
June 4th, 2025 (5 days ago)

CVE-2024-22903
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.
Description: Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.

EPSS Score: 1.5%

SSVC Exploitation: poc

Source: CVE
June 4th, 2025 (5 days ago)

CVE-2024-22899
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.
Description: Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.

EPSS Score: 12.45%

SSVC Exploitation: poc

Source: CVE
June 4th, 2025 (5 days ago)

CVE-2024-22729
NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.
Description: NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.

CVSS: CRITICAL (9.8)

EPSS Score: 91.17%

SSVC Exploitation: poc

Source: CVE
June 4th, 2025 (5 days ago)