![]() |
|
![]() |
Description: A threat actor known as “Ay4me” has put up for sale a trove of 318 million records on BreachForums, claiming the data was stolen from Otelier, a cloud-based hotel management platform. The stolen database, totaling 7.8TB, reportedly contains sensitive information from major hotel chains such as Marriott, Hilton, and Hyatt. The data leak was disclosed …
The post Threat Actor Claims Sale of 318 Million Otelier Records appeared first on CyberInsider.
January 21st, 2025 (6 months ago)
|
![]() |
Description: The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests.
The AnyDesk requests claim to be for conducting an audit to assess the "level of security," CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to
January 21st, 2025 (6 months ago)
|
![]() |
January 21st, 2025 (6 months ago)
|
![]() |
Description: FortiWeb provided by Fortinet, Inc. contains an SQL injection vulnerability.
January 21st, 2025 (6 months ago)
|
CVE-2025-24337 |
Description: WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.
CVSS: HIGH (8.4) EPSS Score: 0.05%
January 21st, 2025 (6 months ago)
|
CVE-2025-24014 |
Description: Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.
CVSS: MEDIUM (4.2) EPSS Score: 0.04%
January 21st, 2025 (6 months ago)
|
CVE-2025-24013 |
Description: CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed requests might lead to a DoS scenario if a remote service’s web application firewall interprets them as malicious and blocks further communication with the application. This vulnerability is fixed in 4.5.8.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
January 21st, 2025 (6 months ago)
|
CVE-2025-24010 |
Description: Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 21st, 2025 (6 months ago)
|
CVE-2025-23221 |
Description: Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim’s server into an infinite loop causing Denial of Service. Moreover, this issue can also be maneuvered into performing a Blind SSRF attack. This vulnerability is fixed in 1.0.14, 1.1.11, 1.2.11, and 1.3.4.
CVSS: MEDIUM (5.4) EPSS Score: 0.06%
January 21st, 2025 (6 months ago)
|