Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Federal prosecutors said Matthew Weiss, a former assistant football coach at the University of Michigan, learned hacking skills to breach online databases, primarily targeting "female college athletes."
March 20th, 2025 (30 days ago)
|
CVE-2024-9447 |
Description: An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This could lead to unauthorized access to services and significant data breaches or financial loss.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
March 20th, 2025 (about 1 month ago)
|
|
CVE-2024-9095 |
Description: In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control, allowing any logged-in user to create a Datastream to Google BigQuery and export the entire database. This includes sensitive data such as password hashes and secret API keys. The route is protected by a config check (`config.DATA_WAREHOUSE_EXPORTS_ALLOWED`), but it does not verify the user's access level or implement any access control middleware. This vulnerability can lead to the extraction of sensitive data, disruption of services, credential compromise, and service integrity breaches.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 20th, 2025 (about 1 month ago)
|
|
CVE-2024-6577 |
Description: In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not properly secured or claimed by the appropriate entity. The issue may result in data breaches, exposure of proprietary information, or unauthorized modifications to stored data.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
March 20th, 2025 (about 1 month ago)
|
|
CVE-2024-12869 |
Description: In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed without their consent. This data leakage can facilitate further attacks, such as phishing or spam, and result in loss of trust and potential regulatory issues.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
March 20th, 2025 (about 1 month ago)
|
|
Description: A data breach at the spyware operation SpyX has exposed nearly 2 million user accounts, including thousands of Apple customers, revealing personal information such as email addresses, IP addresses, and even plaintext iCloud credentials. The breach, which dates back to June 2024 but has only now come to light, underscores the ongoing risks associated with …
The post SpyX Spyware Breach Exposes Thousands of Apple iCloud Passwords appeared first on CyberInsider.
March 20th, 2025 (about 1 month ago)
|
|
Description: In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target's email address and plain text Apple password.
March 19th, 2025 (about 1 month ago)
|
|
Description: A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. [...]
March 19th, 2025 (about 1 month ago)
|
|
Description: Alleged Data Breach of Silent Prospector
March 19th, 2025 (about 1 month ago)
|
|
Description: The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach. [...]
March 19th, 2025 (about 1 month ago)
|