Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-25234 |
Description: Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain access to sensitive networks.
CVSS: HIGH (7.1) EPSS Score: 0.03%
April 17th, 2025 (4 days ago)
|
|
Description: The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware.
This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement
April 17th, 2025 (4 days ago)
|
|
Description: N/A
April 17th, 2025 (4 days ago)
|
|
Description: In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/getparameters.php and tests/_network/postparameters.php, reflect any GET or POST parameters, leading to XSS.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-43717
https://github.com/pear/HTTP_Request2/commit/07925aa77e441dba0ff0fa973a09802729cb838f
https://github.com/pear/HTTP_Request2/commit/265e05f9e08a28a38a57219516a8e4e2dfdbb147
https://github.com/pear/HTTP_Request2/blob/b1c61b71128045734d757c4d3d436457ace80ea7/package.xml#L24
https://github.com/pear/HTTP_Request2/compare/v2.6.0...v2.7.0
https://github.com/advisories/GHSA-w7gh-f2fm-9q8r
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
April 17th, 2025 (4 days ago)
|
|
Description: Thousands tricked by fake reward & toll scam texts. CTM360 exposes PointyPhish & TollShark—SMS phishing campaigns powered by the Darcula PhaaS platform, with 5K+ domains stealing payment info worldwide. [...]
April 17th, 2025 (4 days ago)
|
|
Description: Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyberattack. [...]
April 17th, 2025 (4 days ago)
|
|
Description: Internal Palantir Slack chats and message boards obtained by 404 Media show the contracting giant is helping find the location of people flagged for deportation, that Palantir is now a “more mature partner to ICE,” and how Palantir is addressing employee concerns with discussion groups on ethics.
April 17th, 2025 (4 days ago)
|
|
Description: Former CISA Director Chris Krebs has left a senior position at cybersecurity company SentinelOne to fight back against the Trump administration’s investigation into his activities atop the federal agency.
April 17th, 2025 (4 days ago)
|
|
CVE-2025-29015 |
Description: Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
April 17th, 2025 (4 days ago)
|
|
Description: If security tools are challenging to use, people will look for workarounds to get around the restrictions.
April 17th, 2025 (4 days ago)
|