Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-20500 |
Description: A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.
This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.
Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
CVSS: MEDIUM (5.8) EPSS Score: 0.14% SSVC Exploitation: none
June 4th, 2025 (5 days ago)
|
|
CVE-2024-20499 |
Description: Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.
These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.
Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
CVSS: HIGH (8.6) EPSS Score: 0.06% SSVC Exploitation: none
June 4th, 2025 (5 days ago)
|
|
CVE-2024-20498 |
Description: Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.
These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.
Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
CVSS: HIGH (8.6) EPSS Score: 0.06% SSVC Exploitation: none
June 4th, 2025 (5 days ago)
|
|
Description: all-nations-health-center
June 4th, 2025 (5 days ago)
|
|
Description: Impact
On Windows, the shared %PROGRAMDATA% directory is searched for configuration files (SYSTEM_CONFIG_PATH and SYSTEM_JUPYTER_PATH), which may allow users to create configuration files affecting other users.
Only shared Windows systems with multiple users and unprotected %PROGRAMDATA% are affected.
Mitigations
upgrade to jupyter_core>=5.8.1 (5.8.0 is patched but breaks jupyter-server) , or
as administrator, modify the permissions on the %PROGRAMDATA% directory so it is not writable by unauthorized users, or
as administrator, create the %PROGRAMDATA%\jupyter directory with appropriately restrictive permissions, or
as user or administrator, set the %PROGRAMDATA% environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators or the current user)
Credit
Reported via Trend Micro Zero Day Initiative as ZDI-CAN-25932
References
https://github.com/jupyter/jupyter_core/security/advisories/GHSA-33p9-3p43-82vq
https://nvd.nist.gov/vuln/detail/CVE-2025-30167
https://github.com/advisories/GHSA-33p9-3p43-82vq
CVSS: HIGH (7.3) EPSS Score: 0.01%
June 4th, 2025 (5 days ago)
|
|
|
Description: Overview
The Auth0 PHP SDK contains a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data.
Am I Affected?
You are affected by this vulnerability if you meet the following preconditions:
Applications using the Auth0-PHP SDK, versions between 8.0.0-BETA3 to 8.3.0.
Applications using the following SDKs that rely on the Auth0-PHP SDK versions between 8.0.0-BETA3 to 8.3.0:
a. Auth0/symfony,
b. Auth0/laravel-auth0,
c. Auth0/wordpress.
Fix
Upgrade Auth0/Auth0-PHP to 8.3.1.
Acknowledgement
Okta would like to thank Andreas Forsblom for discovering this vulnerability.
References
https://github.com/auth0/auth0-PHP/security/advisories/GHSA-v9m8-9xxp-q492
https://nvd.nist.gov/vuln/detail/CVE-2025-48951
https://github.com/auth0/auth0-PHP/commit/04b1f5daa8bdfebc5e740ec5ca0fb2df1648a715
https://github.com/advisories/GHSA-v9m8-9xxp-q492
CVSS: CRITICAL (9.3) EPSS Score: 0.08%
June 4th, 2025 (5 days ago)
|
|
|
Description: Summary
This affects AES-256-GCM and AES-128-GCM in Deno, introduced by commit 0d1beed. Specifically, the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno correctly threw errors in such cases, as does Node.js.
Without authentication tag verification, AES-GCM degrades to essentially CTR mode, removing integrity protection. Authenticated data set with set_aad is also affected, as it is incorporated into the GCM hash (ghash) but this too is not validated, rendering AAD checks ineffective.
PoC
import { Buffer } from "node:buffer";
import {
createCipheriv,
createDecipheriv,
randomBytes,
scrypt,
} from "node:crypto";
type Encrypted = {
salt: string;
iv: string;
enc: string;
authTag: string;
};
const deriveKey = (key: string, salt: Buffer) =>
new Promise((res, rej) =>
scrypt(key, salt, 32, (err, k) => {
if (err) rej(err);
else res(k);
})
);
async function encrypt(text: string, key: string): Promise {
const salt = randomBytes(32);
const k = await deriveKey(key, salt);
const iv = randomBytes(16);
const enc = createCipheriv("aes-256-gcm", k, iv);
const ciphertext = enc.update(text, "binary", "binary") + enc.final("binary");
return {
salt: salt.toString("binary"),
iv: iv.toString("binary"),
enc: ciphertext,
authTag: enc.getAuthTag().toString("binary"),
};
}
async functio...
CVSS: HIGH (7.7) EPSS Score: 0.05%
June 4th, 2025 (5 days ago)
|
|
|
Description: Summary
This affects AES-256-GCM and AES-128-GCM in Deno, introduced by commit 0d1beed. Specifically, the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno correctly threw errors in such cases, as does Node.js.
Without authentication tag verification, AES-GCM degrades to essentially CTR mode, removing integrity protection. Authenticated data set with set_aad is also affected, as it is incorporated into the GCM hash (ghash) but this too is not validated, rendering AAD checks ineffective.
PoC
import { Buffer } from "node:buffer";
import {
createCipheriv,
createDecipheriv,
randomBytes,
scrypt,
} from "node:crypto";
type Encrypted = {
salt: string;
iv: string;
enc: string;
authTag: string;
};
const deriveKey = (key: string, salt: Buffer) =>
new Promise((res, rej) =>
scrypt(key, salt, 32, (err, k) => {
if (err) rej(err);
else res(k);
})
);
async function encrypt(text: string, key: string): Promise {
const salt = randomBytes(32);
const k = await deriveKey(key, salt);
const iv = randomBytes(16);
const enc = createCipheriv("aes-256-gcm", k, iv);
const ciphertext = enc.update(text, "binary", "binary") + enc.final("binary");
return {
salt: salt.toString("binary"),
iv: iv.toString("binary"),
enc: ciphertext,
authTag: enc.getAuthTag().toString("binary"),
};
}
async functio...
CVSS: HIGH (7.7) EPSS Score: 0.05%
June 4th, 2025 (5 days ago)
|
|
Description: A group Google is tracking as UNC6040 has been tricking users into installing a malicious version of a Salesforce app to gain access to and steal data from the platform.
June 4th, 2025 (5 days ago)
|
|
June 4th, 2025 (5 days ago)
|