Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Critical security flaws in dozens of popular Chrome extensions, ranging from hardcoded API credentials to unencrypted data transmissions, collectively affect tens of millions of users. These vulnerabilities expose users to risks, including financial fraud, data profiling, and analytics manipulation. The investigations conducted by Symantec’s Security Technology and Response (STAR) team, highlight how common oversights like …
The post Over 90 Chrome Extensions Found Exposing Sensitive Data and Credentials appeared first on CyberInsider.
June 5th, 2025 (about 17 hours ago)
|
CVE-2025-5661 |
Description: A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in code-projects Traffic Offense Reporting System 1.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /save-settings.php der Komponente Setting Handler. Mittels dem Manipulieren des Arguments site_name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.4) SSVC Exploitation: poc
June 5th, 2025 (about 17 hours ago)
|
|
CVE-2025-5382 |
Description: Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.
CVSS: MEDIUM (6.8) SSVC Exploitation: none
June 5th, 2025 (about 17 hours ago)
|
|
CVE-2025-47827 |
Description: In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
June 5th, 2025 (about 17 hours ago)
|
|
CVE-2025-3768 |
Description: Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.
CVSS: MEDIUM (5.0)
June 5th, 2025 (about 17 hours ago)
|
|
CVE-2025-30084 |
Extension - rsjoomla.com - A reflected XSS vulnerability RSMail! component 3.0.0 - 3.3.13 for Joomla
Description: A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard.
June 5th, 2025 (about 17 hours ago)
|
|
CVE-2025-27754 |
Description: A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affected content.
CVSS: MEDIUM (6.5) SSVC Exploitation: none
June 5th, 2025 (about 17 hours ago)
|
|
CVE-2025-27753 |
Description: A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized input fields, which are used directly in SQL queries. Exploiting this flaw can lead to unauthorized database access, data leakage, or modification of records.
June 5th, 2025 (about 17 hours ago)
|
|
CVE-2025-27445 |
Description: A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files
June 5th, 2025 (about 17 hours ago)
|
|
CVE-2025-0691 |
Description: Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation.
CVSS: MEDIUM (5.0)
June 5th, 2025 (about 17 hours ago)
|