CVE Alert: CVE-2025-2028
Vulnerability Summary: CVE-2025-2028 Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY...
Vulnerability Summary: CVE-2025-2028 Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY...
Vulnerability Summary: CVE-2025-50234 MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the...
Vulnerability Summary: CVE-2025-51308 In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could...
Vulnerability Summary: CVE-2025-50286 A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a...
Vulnerability Summary: CVE-2025-51040 Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore.html endpoint in Electrolink 500W, 1kW,...
Vulnerability Summary: CVE-2025-51306 In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue...
Authentication Bypass + exposure of PII + reflected XSS Authentication Bypass + exposure of PII + reflected XSS Researcher: snillx...
Insider threats originate from inside your organization—employees, contractors, or trusted partners. They can be deliberate acts or the result of...
Vulnerability Summary: CVE-2025-48393 The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing...
Vulnerability Summary: CVE-2024-8244 The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible...
Vulnerability Summary: CVE-2025-53786 On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot...
Vulnerability Summary: CVE-2025-50233 A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due...
Vulnerability Summary: CVE-2025-48394 An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing...
Vulnerability Summary: CVE-2025-20215 A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker...
Vulnerability Summary: CVE-2025-8419 A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and...
Vulnerability Summary: CVE-2025-51531 A reflected cross-site scripting (XSS) vulnerability in Sage DPW v2024.12.003 allows attackers to execute arbitrary JavaScript in...
Vulnerability Summary: CVE-2025-51532 Incorrect access control in Sage DPW v2024.12.003 allows unauthorized attackers to access the built-in Database Monitor via...
Vulnerability Summary: CVE-2025-20331 A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated,...
Hey everyone, I'm excited to share something special just for our Patreon community: a brand new video presentation on TruffleHog...
Ransomware Group: D4RK4RMY VICTIM NAME: ONEX CANADA ASSET MANAGEMENT INC NOTE: No files or stolen information are by RedPacket Security....
Ransomware Group: D4RK4RMY VICTIM NAME: TSAI CAPITAL NOTE: No files or stolen information are by RedPacket Security. Any legal issues...
Ransomware Group: D4RK4RMY VICTIM NAME: MAGELLAN FINANCIAL GROUP NOTE: No files or stolen information are by RedPacket Security. Any legal...
Ransomware Group: D4RK4RMY VICTIM NAME: MIZUHA FINANCIAL GROUP NOTE: No files or stolen information are by RedPacket Security. Any legal...
Ransomware Group: D4RK4RMY VICTIM NAME: BRIDGEWATER ASSOCIATES NOTE: No files or stolen information are by RedPacket Security. Any legal issues...