Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: The group has been operating since at least 2017, initially breaching systems belonging to the Kurdistan Regional Government and have expanded their reach to the Central Government of Iraq as well as a telecommunications provider in Uzbekistan.
June 5th, 2025 (about 16 hours ago)
|
|
Description: Alleged breach of Slate & Tell – 5M Jewelry Customer Records Exposed
June 5th, 2025 (about 16 hours ago)
|
|
Description: Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.
"Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and Response
June 5th, 2025 (about 16 hours ago)
|
CVE-2025-30184 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: CyberData
Equipment: 011209 SIP Emergency Intercom
Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, SQL Injection, Insufficiently Protected Credentials, Path Traversal: '.../...//'
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or achieve code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following CyberData products are affected:
011209 SIP Emergency Intercom: Versions prior to 22.0.1
3.2 VULNERABILITY OVERVIEW
3.2.1 Authentication Bypass Using an Alternate Path or Channel CWE-288
011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
CVE-2025-30184 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-30184. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.2.2 Missing Authentication for Critical Function CWE-306
011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption.
CVE-2025-26468 has been assign...
June 5th, 2025 (about 16 hours ago)
|
|
Description: HBI Sells smoking accessories to thousands of stores, distributor
s, jobbers and cash & carry outlets nationwide.
We are going to upload about 16 GB of corporate data. There are a
lot of employee personal documents, lots of contracts and agreem
ents, customers data, financial data (audits, payment details, re
ports), NDAs, Minecraft posters, etc.
June 5th, 2025 (about 16 hours ago)
|
|
|
Description: Western Insurance Marketing Corporation
At Western Insurance Marketing, our philosophy is simple: "We make our living with what we get, but we make our lives with what we give!"
Our commitment to exceptional customer service and community engagement has set us apart from other insurance agencies. Serving the diverse and multicultural communities of California, our 30,000+ satisfied clients stand as a testament to our unwavering dedication.
As an independent insurance agency based in Westminster, CA, we cater to both commercial and personal clients, offering a wide range of comprehensive products from the nation's most reputable insurance companies.
Our diverse team of independent agents, with backgrounds spanning various areas of the industry, works tirelessly to ensure that you receive only the highest quality of serviceGeo: USA - Leak size: 77 GB Archive - Contains: Files
June 5th, 2025 (about 16 hours ago)
|
|
CVE-2025-5664 |
Description: A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RESTART Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in FreeFloat FTP Server 1.0 gefunden. Betroffen davon ist ein unbekannter Prozess der Komponente RESTART Command Handler. Durch das Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) SSVC Exploitation: poc
June 5th, 2025 (about 17 hours ago)
|
|
CVE-2025-5663 |
Description: A vulnerability has been found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search-autoortaxi.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Auto Taxi Stand Management System 1.0 wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/search-autoortaxi.php. Mittels Manipulieren des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) SSVC Exploitation: poc
June 5th, 2025 (about 17 hours ago)
|
|
CVE-2025-5623 |
Description: A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. Es wurde eine Schwachstelle in D-Link DIR-816 1.10CNB05 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion qosClassifier der Datei /goform/qosClassifier. Durch das Manipulieren des Arguments dip_address/sip_address mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: CRITICAL (9.8) EPSS Score: 0.06% SSVC Exploitation: poc
June 5th, 2025 (about 17 hours ago)
|
|
CVE-2025-5622 |
Description: A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. Eine Schwachstelle wurde in D-Link DIR-816 1.10CNB05 gefunden. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion wirelessApcli_5g der Datei /goform/wirelessApcli_5g. Mittels Manipulieren des Arguments apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: CRITICAL (9.8) EPSS Score: 0.06% SSVC Exploitation: poc
June 5th, 2025 (about 17 hours ago)
|