Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-27495
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection...
Description: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateTrace' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25911)

CVSS: CRITICAL (9.8)

EPSS Score: 0.1%

Source: CVE
April 16th, 2025 (6 days ago)

CVE-2025-2291
PgBouncer default auth_query does not take Postgres password expiry into account
Description: Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

CVSS: HIGH (8.1)

EPSS Score: 0.04%

Source: CVE
April 16th, 2025 (6 days ago)

CVE-2025-22872
Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
Description: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. , , etc contexts).

EPSS Score: 0.02%

Source: CVE
April 16th, 2025 (6 days ago)

CVE-2024-53305
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.
Description: An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.

EPSS Score: 0.07%

Source: CVE
April 16th, 2025 (6 days ago)

CVE-2024-53304
An issue in LRQA Nettitude PoshC2 after commit 09ee2cf allows unauthenticated attackers to connect to the C2 server and execute arbitrary commands...
Description: An issue in LRQA Nettitude PoshC2 after commit 09ee2cf allows unauthenticated attackers to connect to the C2 server and execute arbitrary commands via posing as an infected machine.

EPSS Score: 0.05%

Source: CVE
April 16th, 2025 (6 days ago)

CVE-2024-53303
A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated...
Description: A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated attackers to execute arbitrary code via a crafted POST request.

EPSS Score: 0.23%

Source: CVE
April 16th, 2025 (6 days ago)
Apple fixes two zero-days exploited in targeted iPhone attacks
Description: Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones. [...]
Source: BleepingComputer
April 16th, 2025 (6 days ago)

CVE-2021-20035
CISA Adds One Known Exploited Vulnerability to Catalog
🚨 Marked as known exploited on April 16th, 2025 (6 days ago).
Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-20035 SonicWall SMA100 Appliances OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CVSS: MEDIUM (6.5)

Source: All CISA Advisories
April 16th, 2025 (6 days ago)
🏴‍☠️ Akira has just published a new victim : Lamberti Group
Description: The Lamberti Group produces chemical specialties for a broad rang e of applications. We are ready to upload essential corporate documents such as: det ailed financial information, employee personal information, proje cts, customers data, corporate NDA’s, etc.
Source: Ransomware.live
April 16th, 2025 (6 days ago)

CVE-2025-3739
Drupal 8 Google Optimize Hide Page - Critical - Unsupported - SA-CONTRIB-2025-040
Description: Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.This issue affects Drupal 8 Google Optimize Hide Page: *.*.

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
April 16th, 2025 (6 days ago)