In many ways, living here in the future is quite exiting. We have access to the world’s information instantaneously and can get plenty of exciting tools and hardware delivered to …read more
In many ways, living here in the future is quite exiting. We have access to the world’s information instantaneously and can get plenty of exciting tools and hardware delivered to …read more
Worms break ground and fake browser updates march forward in this month’s edition of Intelligence Insights
Worms break ground and fake browser updates march forward in this month’s edition of Intelligence Insights
CVE ID : CVE-2025-2557 Published : March 20, 2025, 7:15 p.m. | 10 hours, 43 minutes ago Description : A vulnerability, which was classified as critical, has been found in Audi UTR Dashcam 2.0. Affected by this issue is some unknown functionality of the component Command API. The manipulation leads to improper access
CVE ID : CVE-2025-2557
Published : March 20, 2025, 7:15 p.m. | 10 hours, 43 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Audi UTR Dashcam 2.0. Affected by this issue is some unknown functionality of the component Command API. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about these issues and acted very professional. Version 2.89 is fixing this issue for new customers and 2.90 is going to fix it for existing customers.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29980 Published : March 20, 2025, 7:15 p.m. | 1 day, 19 hours ago Description : A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended
CVE ID : CVE-2025-29980
Published : March 20, 2025, 7:15 p.m. | 1 day, 19 hours ago
Description : A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30160 Published : March 20, 2025, 7:15 p.m. | 10 hours, 43 minutes ago Description : Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to
CVE ID : CVE-2025-30160
Published : March 20, 2025, 7:15 p.m. | 10 hours, 43 minutes ago
Description : Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. This leads to excessive memory consumption and potential system instability, which can be exploited to disrupt Redlib instances. This vulnerability is fixed in 0.36.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29217 Published : March 20, 2025, 7:15 p.m. | 10 hours, 43 minutes ago Description : Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Severity: 0.0
CVE ID : CVE-2025-29217
Published : March 20, 2025, 7:15 p.m. | 10 hours, 43 minutes ago
Description : Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29218 Published : March 20, 2025, 7:15 p.m. | 10 hours, 43 minutes ago Description : Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Severity: 0.0
CVE ID : CVE-2025-29218
Published : March 20, 2025, 7:15 p.m. | 10 hours, 43 minutes ago
Description : Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS#11 did not properly handle certain return codes when authentication was not possible. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-24531) It was discovered that PAM-PKCS#11 did not require a private key signature for authentication
Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS#11 did not properly handle certain return codes when authentication was not possible. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-24531) It was discovered that PAM-PKCS#11 did not require a private key signature for authentication by default. An attacker could possibly use this issue to bypass authentication. (CVE-2025-24032)
Read more...Today’s reminder of the insider threat, from the U.S. Attorney’s Office for the Eastern District of Virginia: ALEXANDRIA, Va. – A civilian electrical engineer for the Department of Defense pled guilty today to unauthorized removal and retention of classified material. According to court documents, Gokhan Gun, 51, of Falls Church,
Today’s reminder of the insider threat, from the U.S. Attorney’s Office for the Eastern District of Virginia: ALEXANDRIA, Va. – A civilian electrical engineer for the Department of Defense pled guilty today to unauthorized removal and retention of classified material. According to court documents, Gokhan Gun, 51, of Falls Church, was born in Istanbul, Turkey,…
Read more...CVE ID : CVE-2025-2555 Published : March 20, 2025, 6:15 p.m. | 11 hours, 43 minutes ago Description : A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking
CVE ID : CVE-2025-2555
Published : March 20, 2025, 6:15 p.m. | 11 hours, 43 minutes ago
Description : A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about these issues and acted very professional. Version 2.89 is fixing this issue for new customers and 2.90 is going to fix it for existing customers.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…