Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
🏴‍☠️ Chaos has just published a new victim : Barnhartcrane.com
Description: Started in 1969 and headquartered in Memphis, Tennessee, Barnhart is a heavy lift and heavy transport company. The company offers a variety of heavy lift and transport services across the United States, including operated crane rental, rigging services, component replacement solutions, industrial storage, and more
Source: Ransomware.live
June 5th, 2025 (3 days ago)
🏴‍☠️ Global has just published a new victim : LS Proline
Description: L&S Proline is a Texas-based company providing turnkey equipment and fabrication solutions for the oil and gas industry, including flow measurement systems, custom enclosures, and structural supports—all built in-house for quality and reliability.
Source: Ransomware.live
June 5th, 2025 (3 days ago)
Trump’s national cyber director nominee grilled about his resume, proposed spending cuts
Description: In his Senate confirmation hearing, national cyber director nominee Sean Cairncross faced questions about his lack of cybersecurity experience and how the government would operate with vastly reduced cybersecurity resources.
Source: The Record
June 5th, 2025 (3 days ago)

CVE-2025-5669
PHPGurukul Medical Card Generation System unreadenq.php sql injection
Description: A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/unreadenq.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Medical Card Generation System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/unreadenq.php. Dank Manipulation des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.03%

Source: CVE
June 5th, 2025 (3 days ago)

CVE-2025-5668
PHPGurukul Medical Card Generation System readenq.php sql injection
Description: A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/readenq.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in PHPGurukul Medical Card Generation System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/readenq.php. Dank der Manipulation des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.03%

Source: CVE
June 5th, 2025 (3 days ago)

CVE-2025-49009
Para Inserts Sensitive Information into Log File for Facebook authentication
Description: Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access token in plain text. Since WARN-level logs are often retained in production and accessible to operators or log aggregation systems, this poses a risk of token exposure. Version 1.50.8 fixes the issue.

CVSS: MEDIUM (6.2)

EPSS Score: 0.01%

Source: CVE
June 5th, 2025 (3 days ago)

CVE-2025-48493
Yii 2 Redis may expose AUTH paramters in logs in case of connection failure
Description: The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.

CVSS: MEDIUM (5.1)

EPSS Score: 0.04%

Source: CVE
June 5th, 2025 (3 days ago)

CVE-2024-22919
swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587.
Description: swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587.

CVSS: HIGH (7.8)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE
June 5th, 2025 (3 days ago)

CVE-2024-22911
A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602.
Description: A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602.

CVSS: HIGH (7.8)

EPSS Score: 0.06%

SSVC Exploitation: poc

Source: CVE
June 5th, 2025 (3 days ago)

CVE-2024-22895
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.
Description: DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.

CVSS: HIGH (8.8)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE
June 5th, 2025 (3 days ago)