Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-5639
PHPGurukul Notice Board System forgot-password.php sql injection
Description: A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PHPGurukul Notice Board System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /forgot-password.php. Mit der Manipulation des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.03%

Source: CVE
June 5th, 2025 (4 days ago)

CVE-2025-5638
PHPGurukul Notice Board System admin-profile.php sql injection
Description: A vulnerability has been found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. In PHPGurukul Notice Board System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um eine nicht näher bekannte Funktion der Datei /admin-profile.php. Dank Manipulation des Arguments mobilenumber mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.03%

Source: CVE
June 5th, 2025 (4 days ago)

CVE-2025-3055
WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Deletion
Description: The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_avatar_ajax() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

CVSS: HIGH (8.1)

EPSS Score: 0.53%

Source: CVE
June 5th, 2025 (4 days ago)

CVE-2025-3054
WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload
Description: The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that this requires the 'Private Message' module to be enabled and the Business version of the PRO software to be in use.

CVSS: HIGH (8.8)

EPSS Score: 0.24%

Source: CVE
June 5th, 2025 (4 days ago)
US offers $10M for tips on state hackers tied to RedLine malware
Description: The U.S. Department of State has announced a reward of up to $10 million for any information on government-sponsored hackers with ties to the RedLine infostealer malware operation and its suspected creator, Russian national Maxim Alexandrovich Rudometov. [...]
Source: BleepingComputer
June 5th, 2025 (4 days ago)
Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI
Description: Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems. The security defect, tracked as CVE-2025-20286, carries a CVSS score of 9.9 out of 10.0. It has been described as a static credential vulnerability. "A

CVSS: CRITICAL (9.9)

EPSS Score: 0.13%

Source: TheHackerNews
June 5th, 2025 (4 days ago)
[github.com/kro-run/kro] kro Confused Deputy vulnerability
Description: kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in unauthenticated remote code execution on cluster nodes. References https://nvd.nist.gov/vuln/detail/CVE-2025-48710 https://github.com/kro-run/kro/compare/v0.2.1...v0.2.2 https://orca.security/resources/blog/kubernetes-crd-abstraction-risks-kro https://github.com/advisories/GHSA-7633-x85h-5mqh

CVSS: MEDIUM (4.1)

EPSS Score: 0.08%

Source: Github Advisory Database (Go)
June 5th, 2025 (4 days ago)
[rack] ReDoS Vulnerability in Rack::Multipart handle_mime_head
Description: Summary There is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Details Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Credits Thanks to scyoon for reporting this to the Rails security team References https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw https://nvd.nist.gov/vuln/detail/CVE-2025-49007 https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901 https://github.com/advisories/GHSA-47m2-26rw-j2jw

CVSS: HIGH (7.5)

Source: Github Advisory Database (RubyGems)
June 5th, 2025 (4 days ago)
Cybersecurity Training in Africa Aims to Bolster Professionals' Ranks
Description: The United Nations, Carnegie Mellon University, and private organizations are all aiming to train the next generation of cybersecurity experts, boost economies, and disrupt pipelines to armed groups.
Source: Dark Reading
June 5th, 2025 (4 days ago)

CVE-2025-5637
PCMan FTP Server SYSTEM Command buffer overflow
Description: A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in PCMan FTP Server 2.0.7 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Komponente SYSTEM Command Handler. Dank der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.04%

Source: CVE
June 5th, 2025 (4 days ago)