Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32817 |
Description: A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption.
EPSS Score: 0.01%
April 16th, 2025 (6 days ago)
|
|
CVE-2025-29650 |
Description: SQL Injection vulnerability exists in the TP-Link M7200 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 180127 Rel.55998n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields.
EPSS Score: 0.05%
April 16th, 2025 (6 days ago)
|
|
CVE-2025-29649 |
Description: SQL Injection vulnerability exists in the TP-Link TL-WR840N router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields.
EPSS Score: 0.05%
April 16th, 2025 (6 days ago)
|
|
CVE-2025-29648 |
Description: SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the login fields.
EPSS Score: 0.05%
April 16th, 2025 (6 days ago)
|
|
Description: Trend Micro researchers detailed an emerging ransomware campaign by a new group known as "CrazyHunter" that is targeting critical sectors in Taiwan.
April 16th, 2025 (6 days ago)
|
|
Description: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. ,
References
https://nvd.nist.gov/vuln/detail/CVE-2025-22872
https://go.dev/cl/662715
https://go.dev/issue/73070
https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA
https://pkg.go.dev/vuln/GO-2025-3595
https://github.com/advisories/GHSA-vvgc-356p-c3xw
EPSS Score: 0.01%
April 16th, 2025 (6 days ago)
|
|
|
Description: Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-2564
https://mattermost.com/security-updates
https://github.com/advisories/GHSA-mj2p-v2c2-vh4v
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
April 16th, 2025 (6 days ago)
|
|
Description: Police are starting to realize they can demand footage from driverless cars.
April 16th, 2025 (6 days ago)
|
|
🚨 Marked as known exploited on April 16th, 2025 (6 days ago).
Description: Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation.BackgroundThe Tenable Security Response Team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding changes around the MITRE CVE Program. As the situation continues to evolve, we will continue to provide updates as new information is released.FAQWhat is the current status of the MITRE CVE Program?As of April 16, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has extended funding for the MITRE CVE Program for one year. In a post and update to their website, CISA confirmed the extension, and a spokesperson added that they “executed the option period on the contract to ensure there will be no lapse in critical CVE services.”pic.twitter.com/DYv4uKzLrq— Cybersecurity and Infrastructure Security Agency (@CISAgov) April 16, 2025When did CVE Board Members find out about the expiration of the MITRE CVE Program and other related programs?CVE Board members received a notification from MITRE on April 15, 2025. This notification was circulated on social media and picked up in news articles. Tenable published a blog post about the forthcoming expiration and updated it on April 16 upon news of the subsequent renewal.What is the importance of the CVE Program?The CVE Program provides the industry with a common identifier used for identifying vulnerab...
April 16th, 2025 (6 days ago)
|
|
|
Description: Data from Nelson University contains thousands of personal employee and students records. All data will be published fully on 24 April 2024. If management of University will not pay ransom .Nelson is a publisher of educational products. They ...
April 16th, 2025 (6 days ago)
|