Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-5056	Campcodes Online Shopping Portal edit-products.php sql injection Description: A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-products.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In Campcodes Online Shopping Portal 1.0 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/edit-products.php. Durch das Manipulieren des Arguments Category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.9) Source: CVE May 21st, 2025 (about 2 hours ago)
CVE-2025-47942	Learners on edX Platform can download python_lib.zip Description: The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the python_lib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course problems. This potentially affects any course using custom Python-graded problem blocks. The openedx/configuration repo has had a patch since 2016 in the form of an nginx rule, but this was only intended as a temporary mitigation. As the configuration repo has been deprecated and we have not been able to locate any similar protection in Tutor, it is likely that most deployments have no protection against python_lib.zip being downloaded. The recommended mitigation, implemented in commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, restricts python_lib.zip downloads to just the course team and site staff/superusers. CVSS: MEDIUM (5.3) Source: CVE May 21st, 2025 (about 2 hours ago)
CVE-2025-34027	Versa Concerto Authentication Bypass File Write Remote Code Execution Description: The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation, allowing an unauthenticated actor to achieve remote code execution (RCE).This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable. CVSS: CRITICAL (10.0) Source: CVE May 21st, 2025 (about 2 hours ago)
	Critical Samlify SSO flaw lets attackers log in as admin Description: A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses. [...] Source: BleepingComputer May 21st, 2025 (about 2 hours ago)
	🏴‍☠️ Play has just published a new victim : Greater Seattle Concrete Description: United States Source: Ransomware.live May 21st, 2025 (about 2 hours ago)
	🏴‍☠️ Play has just published a new victim : AttainX Description: United States Source: Ransomware.live May 21st, 2025 (about 2 hours ago)
	🏴‍☠️ Play has just published a new victim : CNHI LLC Description: United States Source: Ransomware.live May 21st, 2025 (about 2 hours ago)
	US teen to plead guilty to extortion attack against PowerSchool Source: TheRegister May 21st, 2025 (about 2 hours ago)
CVE-2025-5053	FreeFloat FTP Server MDIR Command buffer overflow Description: A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in FreeFloat FTP Server 1.0 entdeckt. Dies betrifft einen unbekannten Teil der Komponente MDIR Command Handler. Mit der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.9) Source: CVE May 21st, 2025 (about 3 hours ago)
CVE-2025-5052	FreeFloat FTP Server LS Command buffer overflow Description: A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component LS Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In FreeFloat FTP Server 1.0 wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalität der Komponente LS Command Handler. Dank Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.9) Source: CVE May 21st, 2025 (about 3 hours ago)