Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24763 |
Description: Missing Authorization vulnerability in Pascal Casier bbPress API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects bbPress API: from n/a through 1.0.14.
CVSS: MEDIUM (5.3)
June 6th, 2025 (1 day ago)
|
|
CVE-2025-24762 |
Description: Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19.
CVSS: MEDIUM (5.4)
June 6th, 2025 (1 day ago)
|
|
CVE-2025-23971 |
Description: Missing Authorization vulnerability in whassan KI Live Video Conferences allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects KI Live Video Conferences: from n/a through 5.5.15.
CVSS: MEDIUM (5.3)
June 6th, 2025 (1 day ago)
|
|
CVE-2025-23969 |
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences allows Retrieve Embedded Sensitive Data. This issue affects KI Live Video Conferences: from n/a through 5.5.15.
CVSS: MEDIUM (5.3)
June 6th, 2025 (1 day ago)
|
|
June 6th, 2025 (1 day ago)
|
|
Description: Microsoft and CrowdStrike announced an effort to deconflict the overlapping names of threat groups and reduce confusion for companies, but we've been here before.
June 6th, 2025 (1 day ago)
|
|
Description: The Ohio-based Kettering Health system said a recent cyberattack was by the Interlock ransomware gang, which had claimed to steal troves of data from the organization.
June 6th, 2025 (1 day ago)
|
|
Description: Check out a new roadmap for adopting quantum-resistant cryptography. Plus, find out how your company can create a better cybersecurity environment. In addition, MITRE warns about protecting critical infrastructure from cyber war. And get the latest on exposure response strategies and on CISO compensation and job satisfaction.Dive into five things that are top of mind for the week ending June 6.1 - Group releases roadmap for adopting post-quantum cryptographyIs your organization looking for guidance on how to carry out its migration to post-quantum cryptography (PQC)? A group that includes MITRE, Microsoft and IBM just released a roadmap designed to help organizations plan and execute their adoption of PQC.Titled “Post-Quantum Cryptography (PQC) Migration Roadmap,” the 20-page document from the “Post Quantum Cryptography Coalition” breaks down PQC migrations into four major stages:Preparation, which includes identifying the transition’s main goals, assigning a project leader and identifying key stakeholdersBaseline understanding, which includes a comprehensive inventory of the data and assets to be protected, as well as determining required resources and budgets.Planning and execution, which includes collaboration with internal and external partners to either acquire or develop the necessary tools for the migrationMonitoring and evaluation, which includes establishing metrics for tracking the project’s progress and for reassessing cryptographic security, based on the evolut...
June 6th, 2025 (1 day ago)
|
|
CVE-2025-5761 |
Description: A vulnerability, which was classified as critical, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file /edit-family-member.php. The manipulation of the argument memberage leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PHPGurukul BP Monitoring Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /edit-family-member.php. Durch die Manipulation des Arguments memberage mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
June 6th, 2025 (1 day ago)
|
|
CVE-2025-5760 |
Description: The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password‐related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third‐party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password.
CVSS: MEDIUM (4.9) EPSS Score: 0.03%
June 6th, 2025 (1 day ago)
|