Group name: hunters
Post title: Groupe Delcourt
Info: https://cti.fyi/groups/hunters.html
cti.fyihunters
Recent searches
Search options
Administered by:
#threatintelligence
150 posts17 participants1 post today
Group name: play
Post title: Csm Engineering
Info: https://cti.fyi/groups/play.html
cti.fyiplay
CVE-2025-2941 - WooCommerce Drag and Drop Multiple File Upload Remote File Moving Vulnerability April 05, 2025 at 07:15AM https://ift.tt/ljJIpvu #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2025-2941 - WooCommerce Drag and Drop Multiple File Upload Remote File Moving VulnerabilityThe Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file[] parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move arbitrary files on the server, …
Google Launches Sec-Gemini v1 AI Model for Real Time Cyber Defense
#Cybersecurity #CybersecurityAI #Google #GoogleAI #SecGemini #ThreatIntelligence #AIinSecurity #CyberDefense #Mandiant
CVE-2024-13776 - "ZoomSounds WordPress Wave Audio Player with Playlist Unauthorized Data Modification Vulnerability" April 05, 2025 at 06:15AM https://ift.tt/Vqi47gb #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2024-13776 - "ZoomSounds WordPress Wave Audio Player with Playlist Unauthorized Data Modification Vulnerability"The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'dzsap_delete_notice' AJAX action in all versions up to, and including, 6.91. This makes it possible …
CVE-2021-47667 - ZendTo OS Command Injection Vulnerability April 05, 2025 at 05:15AM https://ift.tt/NbVIKqQ #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2021-47667 - ZendTo OS Command Injection VulnerabilityAn OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp_name parameter when dropping off a file via a POST /dropoff request.
CVE-2025-2933 - "WordPress Email Notifications for Updates Unauthenticated Privilege Escalation" April 05, 2025 at 02:15AM https://ift.tt/kq49R63 #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2025-2933 - "WordPress Email Notifications for Updates Unauthenticated Privilege Escalation"The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and …
Group name: blacksuit
Post title: https://www.mmwec.org
Info: https://cti.fyi/groups/blacksuit.html
www.mmwec.orgMMWEC – MMWEC – The leading provider of public power services in Massachusetts.
Group name: play
Post title: Royal Glass
Info: https://cti.fyi/groups/play.html
cti.fyiplay
CVE-2025-3259 - Tenda RX3 Stack-Based Buffer Overflow Vulnerability April 04, 2025 at 06:15PM https://ift.tt/Y9Sk5qy #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2025-3259 - Tenda RX3 Stack-Based Buffer Overflow VulnerabilityA vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and …
CVE-2025-32149 - Winkm89 TeachPress SQL Injection April 04, 2025 at 04:15PM https://ift.tt/Xw4KMEp #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2025-32149 - Winkm89 TeachPress SQL InjectionImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in winkm89 teachPress allows SQL Injection. This issue affects teachPress: from n/a through 9.0.11.
CVE-2025-32147 - Coothemes Easy WP Optimizer Missing Authorization Vulnerability April 04, 2025 at 04:15PM https://ift.tt/R5dO6iW #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2025-32147 - Coothemes Easy WP Optimizer Missing Authorization VulnerabilityMissing Authorization vulnerability in coothemes Easy WP Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy WP Optimizer: from n/a through 1.1.0.
CVE-2025-32148 - Daisycon SQL Injection April 04, 2025 at 04:15PM https://ift.tt/dfZMBgS #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2025-32148 - Daisycon SQL InjectionImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daisycon Daisycon prijsvergelijkers allows SQL Injection. This issue affects Daisycon prijsvergelijkers: from n/a through 4.8.4.
CVE-2025-32146 - JoomSky JS Job Manager PHP Remote File Inclusion Vulnerability April 04, 2025 at 04:15PM https://ift.tt/PwdtMl3 #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2025-32146 - JoomSky JS Job Manager PHP Remote File Inclusion VulnerabilityImproper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager allows PHP Local File Inclusion. This issue affects JS Job Manager: from n/a through 2.0.2.
CVE-2025-32142 - Stylemix Motors PHP Remote File Inclusion Vulnerability April 04, 2025 at 04:15PM https://ift.tt/uSACt0s #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2025-32142 - Stylemix Motors PHP Remote File Inclusion VulnerabilityImproper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.65.
CVE-2025-32141 - Stylemix MasterStudy LMS PHP Remote File Inclusion Vulnerability April 04, 2025 at 04:15PM https://ift.tt/uOE1XK2 #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2025-32141 - Stylemix MasterStudy LMS PHP Remote File Inclusion VulnerabilityImproper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix MasterStudy LMS allows PHP Local File Inclusion. This issue affects MasterStudy LMS: from n/a through 3.5.23.
CVE-2025-32118 - NiteoThemes CMP Unrestricted File Upload Vulnerability April 04, 2025 at 04:15PM https://ift.tt/V5Oa4Ci #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2025-32118 - NiteoThemes CMP Unrestricted File Upload VulnerabilityUnrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance allows Using Malicious Files. This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.13.
CVE-2025-31480 - Aiven-Extras PostgreSQL Format Function Privilege Escalation April 04, 2025 at 03:15PM https://ift.tt/0JlD4qE #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2025-31480 - Aiven-Extras PostgreSQL Format Function Privilege Escalationaiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and ensure they run the latest version issuing ALTER EXTENSION aiven_extras UPDATE TO …
CVE-2025-27520 - BentoML Remote Code Execution (RCE) via Insecure Deserialization April 04, 2025 at 03:15PM https://ift.tt/StPJCZx #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2025-27520 - BentoML Remote Code Execution (RCE) via Insecure DeserializationBentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. It …
CVE-2024-45199 - Hive JDBC JNDI Injection Remote Code Execution April 03, 2025 at 09:15PM https://ift.tt/gGiZ0of #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2024-45199 - Hive JDBC JNDI Injection Remote Code Executioninsightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution.