Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32789 |
Description: EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of the sorted list of users. Although unlikely, if an attacker knows the hash value of their password, they can change the password and repeat the sorting until the other user's password hash is fully revealed. This issue is patched in version 9.0.7.
CVSS: LOW (3.1) EPSS Score: 0.03%
April 16th, 2025 (5 days ago)
|
|
CVE-2025-32787 |
Description: SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` does not account for `ParsePacket` returning NULL, resulting in the program crashing. A patched version does not exist at this time.
CVSS: LOW (3.1) EPSS Score: 0.03%
April 16th, 2025 (5 days ago)
|
|
CVE-2025-32783 |
Description: XWiki Platform is a generic wiki platform. A vulnerability in versions from 5.0 to 16.7.1 affects users with Message Stream enabled and a wiki configured as closed from selecting "Prevent unregistered users to view pages" in the Administrations Rights. The vulnerability is that any message sent in a subwiki to "everyone" is actually sent to the farm: any visitor of the main wiki will be able to see that message through the Dashboard, even if the subwiki is configured to be private. This issue will not be patched as Message Stream has been deprecated in XWiki 16.8.0RC1 and is not maintained anymore. A workaround for this issue involves keeping Message Stream disabled by default. It's advised to keep it disabled from Administration > Social > Message Stream.
CVSS: MEDIUM (4.7) EPSS Score: 0.06%
April 16th, 2025 (5 days ago)
|
|
CVE-2025-32433 |
Description: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
CVSS: CRITICAL (10.0) EPSS Score: 0.67%
April 16th, 2025 (5 days ago)
|
|
CVE-2025-31478 |
Description: Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email address domains or invitations being required to join, but has disabled the EmailAuthBackend that is used for email/password authentication. A bug in the Zulip server means that it is possible to create an account in such organizations, without having an account with the configured SSO authentication backend. This issue is patched in version 10.2. A workaround includes requiring invitations to join the organization prevents the vulnerability from being accessed.
CVSS: HIGH (8.2) EPSS Score: 0.04%
April 16th, 2025 (5 days ago)
|
|
CVE-2025-25230 |
Description: Omnissa Horizon Client for Windows contains an LPE Vulnerability. A malicious actor with local access where Horizon Client for Windows is installed may be able to elevate privileges.
CVSS: HIGH (7.8) EPSS Score: 0.01%
April 16th, 2025 (5 days ago)
|
|
Description: Telegram Channel Scraper
April 16th, 2025 (5 days ago)
|
|
Description: Agent Tesla, Remcos RAT and XLoader delivered via a complex phishing campaign. Learn how attackers are using multi-stage delivery to hinder analysis.
The post Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis appeared first on Unit 42.
April 16th, 2025 (5 days ago)
|
|
Description: A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-3730
https://github.com/pytorch/pytorch/issues/150835
https://github.com/pytorch/pytorch/pull/150981
https://vuldb.com/?ctiid.305076
https://vuldb.com/?id.305076
https://vuldb.com/?submit.553645
https://github.com/pytorch/pytorch/commit/01f226bfb8f2c343f5c614a6bbf685d91160f3af
https://github.com/advisories/GHSA-887c-mr87-cxwp
CVSS: MEDIUM (4.8) EPSS Score: 0.01%
April 16th, 2025 (5 days ago)
|
|
Description: The family of Ahold Delhaize serve 72 million customers every week in the United States, Europe and Indonesia. Each brand shares a passion for delivering great food, value and innovations, and for creating inclusive workplaces that provide rewarding professional opportunities.
Ahold Delhaize become a victim of the largest data breach. 6TB sensitive data will be published soon in our blog.
April 16th, 2025 (5 days ago)
|