Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
[yiisoft/yii2-redis] Yii 2 Redis may expose AUTH paramters in logs in case of connection failure
Description: Impact On failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. References https://github.com/yiisoft/yii2-redis/security/advisories/GHSA-g3p6-82vc-43jh https://github.com/yiisoft/yii2-redis/commit/962252d2c57c187181e67bb66da3f27b4698358d https://github.com/advisories/GHSA-g3p6-82vc-43jh
Source: Github Advisory Database (Composer)
June 5th, 2025 (3 days ago)
BidenCash busted as Feds nuke stolen credit card bazaar
Source: TheRegister
June 5th, 2025 (3 days ago)
Designing a Windows Service for Security
Description: Designing a security-focused Windows Service? Learn more from ThreatLocker about the core components for real-time monitoring, threat detection, and system hardening to defend against malware and ransomware. [...]
Source: BleepingComputer
June 5th, 2025 (3 days ago)
Hacker selling critical Roundcube webmail exploit as tech info disclosed
🚨 Marked as known exploited on June 5th, 2025 (3 days ago).
Description: Hackers are actively exploiting CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. [...]

CVSS: CRITICAL (9.9)

EPSS Score: 1.49%

Source: BleepingComputer
June 5th, 2025 (3 days ago)

CVE-2025-5667
FreeFloat FTP Server REIN Command buffer overflow
Description: A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component REIN Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in FreeFloat FTP Server 1.0 ausgemacht. Es geht hierbei um eine nicht näher spezifizierte Funktion der Komponente REIN Command Handler. Durch Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.04%

Source: CVE
June 5th, 2025 (3 days ago)

CVE-2025-5666
FreeFloat FTP Server XMKD Command buffer overflow
Description: A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component XMKD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In FreeFloat FTP Server 1.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht näher bekannte Funktion der Komponente XMKD Command Handler. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.04%

SSVC Exploitation: poc

Source: CVE
June 5th, 2025 (3 days ago)

CVE-2025-5665
FreeFloat FTP Server XCWD Command buffer overflow
Description: A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component XCWD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in FreeFloat FTP Server 1.0 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Komponente XCWD Command Handler. Durch Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.04%

SSVC Exploitation: poc

Source: CVE
June 5th, 2025 (3 days ago)
Iran-linked hackers target Kurdish and Iraqi officials in long-running cyberespionage campaign
Description: The group has been operating since at least 2017, initially breaching systems belonging to the Kurdistan Regional Government and have expanded their reach to the Central Government of Iraq as well as a telecommunications provider in Uzbekistan.
Source: The Record
June 5th, 2025 (3 days ago)
Alleged breach of Slate & Tell – 5M Jewelry Customer Records Exposed
Description: Alleged breach of Slate & Tell – 5M Jewelry Customer Records Exposed
Source: DarkWebInformer
June 5th, 2025 (3 days ago)
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials
Description: Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and Response
Source: TheHackerNews
June 5th, 2025 (3 days ago)