Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
🏴‍☠️ Global has just published a new victim : www.motorworldarc.co.uk
Description: Motor World ARC is a UK-based company specializing in vehicle repairs and automotive services, offering expert solutions for a range of car-related needs. They provide high-quality accident repair, bodywork restoration, and mechanical services, with a commitment to customer satisfaction and precision.
Source: Ransomware.live
June 4th, 2025 (about 9 hours ago)
🏴‍☠️ Global has just published a new victim : Epworth-Hospital
Description: Epworth HealthCare is a leading not-for-profit private hospital group in Victoria, Australia, known for high-quality medical, surgical, and rehabilitation services. Founded in 1920, it operates major hospitals across Melbourne and Geelong.
Source: Ransomware.live
June 4th, 2025 (about 9 hours ago)
Ukraine war spurred infosec vet Mikko Hyppönen to pivot to drones
Source: TheRegister
June 4th, 2025 (about 10 hours ago)

CVE-2025-5574
PHPGurukul Dairy Farm Shop Management System add-company.php sql injection
Description: A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This affects an unknown part of the file /add-company.php. The manipulation of the argument companyname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in PHPGurukul Dairy Farm Shop Management System 1.3 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /add-company.php. Mittels Manipulieren des Arguments companyname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

Source: CVE
June 4th, 2025 (about 10 hours ago)

CVE-2025-5573
D-Link DCS-932L setSystemWizard setSystemControl os command injection
Description: A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. Eine kritische Schwachstelle wurde in D-Link DCS-932L 2.18.01 ausgemacht. Davon betroffen ist die Funktion setSystemWizard/setSystemControl der Datei /setSystemWizard. Mittels dem Manipulieren des Arguments AdminID mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

Source: CVE
June 4th, 2025 (about 10 hours ago)

CVE-2025-5572
D-Link DCS-932L setSystemEmail stack-based overflow
Description: A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. In D-Link DCS-932L 2.18.01 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es die Funktion setSystemEmail der Datei /setSystemEmail. Durch Manipulation des Arguments EmailSMTPPortNumber mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (8.7)

Source: CVE
June 4th, 2025 (about 10 hours ago)

CVE-2025-4580
File Provider <= 1.2.3 - Item Deletion via CSRF
Description: The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Source: CVE
June 4th, 2025 (about 10 hours ago)

CVE-2025-4578
File Provider <= 1.2.3 - Unauthenticated SQLi
Description: The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
Source: CVE
June 4th, 2025 (about 10 hours ago)
Creating the right organisational culture for cyber security
Description: Calling cyber security professionals, culture specialists and leaders to drive uptake of new Cyber security culture principles.
Source: NCSC Alerts and Advisories
June 4th, 2025 (about 10 hours ago)
🏴‍☠️ Sarcoma has just published a new victim : PPM Industries SpA
Description: PPM Industries SpA Adhesive tape PPM Industries As a leading masking tape manufacturer, PPM Industries has been at the forefront of adhesive tape production since 1993. Our expertise in developing high-quality masking and adhesive tape solutions ensures that we meet diverse user requirements and applications across various markets. We pride ourselves on being a trusted partner to B2B customers worldwide, delivering reliable and innovative masking tape products. Trust PPM Industries for adhesive tape solutions you can depend on.Geo: Italy - Leak size: 288 GB Archive - Contains: Files, SQL
Source: Ransomware.live
June 4th, 2025 (about 10 hours ago)