Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3723 |
Description: A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. This issue affects some unknown processing of the component MDTM Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in PCMan FTP Server 2.0.7 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente MDTM Command Handler. Mittels Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.04%
April 16th, 2025 (6 days ago)
|
|
CVE-2025-32817 |
Description: A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption.
EPSS Score: 0.01%
April 16th, 2025 (6 days ago)
|
|
CVE-2025-29650 |
Description: SQL Injection vulnerability exists in the TP-Link M7200 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 180127 Rel.55998n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields.
EPSS Score: 0.05%
April 16th, 2025 (6 days ago)
|
|
CVE-2025-29649 |
Description: SQL Injection vulnerability exists in the TP-Link TL-WR840N router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields.
EPSS Score: 0.05%
April 16th, 2025 (6 days ago)
|
|
CVE-2025-29648 |
Description: SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the login fields.
EPSS Score: 0.05%
April 16th, 2025 (6 days ago)
|
|
Description: Trend Micro researchers detailed an emerging ransomware campaign by a new group known as "CrazyHunter" that is targeting critical sectors in Taiwan.
April 16th, 2025 (6 days ago)
|
|
Description: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. ,
References
https://nvd.nist.gov/vuln/detail/CVE-2025-22872
https://go.dev/cl/662715
https://go.dev/issue/73070
https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA
https://pkg.go.dev/vuln/GO-2025-3595
https://github.com/advisories/GHSA-vvgc-356p-c3xw
EPSS Score: 0.01%
April 16th, 2025 (6 days ago)
|
|
|
Description: Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-2564
https://mattermost.com/security-updates
https://github.com/advisories/GHSA-mj2p-v2c2-vh4v
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
April 16th, 2025 (6 days ago)
|
|
Description: Police are starting to realize they can demand footage from driverless cars.
April 16th, 2025 (6 days ago)
|
|
🚨 Marked as known exploited on April 16th, 2025 (6 days ago).
Description: Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation.BackgroundThe Tenable Security Response Team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding changes around the MITRE CVE Program. As the situation continues to evolve, we will continue to provide updates as new information is released.FAQWhat is the current status of the MITRE CVE Program?As of April 16, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has extended funding for the MITRE CVE Program for one year. In a post and update to their website, CISA confirmed the extension, and a spokesperson added that they “executed the option period on the contract to ensure there will be no lapse in critical CVE services.”pic.twitter.com/DYv4uKzLrq— Cybersecurity and Infrastructure Security Agency (@CISAgov) April 16, 2025When did CVE Board Members find out about the expiration of the MITRE CVE Program and other related programs?CVE Board members received a notification from MITRE on April 15, 2025. This notification was circulated on social media and picked up in news articles. Tenable published a blog post about the forthcoming expiration and updated it on April 16 upon news of the subsequent renewal.What is the importance of the CVE Program?The CVE Program provides the industry with a common identifier used for identifying vulnerab...
April 16th, 2025 (6 days ago)
|