CVE Database V5

Reddit InfoSec News

ThreatFox MISP Feed

CIRCL OSINT Feed

Reddit NetSec

AlienVault OTX General

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

Exploit-DB RSS Feed

A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-5978 is a critical stack-based buffer overflow vulnerability identified in the Tenda FH1202 router, specifically version 1.2.0.14. The flaw exists in the fromVirtualSer function within the /goform/VirtualSer endpoint. This vulnerability arises due to improper handling and validation of the 'page' argument, which an attacker can manipulate to overflow the stack buffer. Exploitation of this vulnerability can be performed remotely without requiring user interaction or prior authentication, making it highly accessible to attackers. The buffer overflow can lead to arbitrary code execution, potentially allowing an attacker to take full control of the affected device. The CVSS 4.0 base score is 8.7 (high severity), reflecting the vulnerability's ease of exploitation (network attack vector, low attack complexity, no privileges or user interaction required) and its significant impact on confidentiality, integrity, and availability. Although no known exploits are currently observed in the wild, the public disclosure of the exploit code increases the risk of imminent attacks. The vulnerability affects a specific firmware version (1.2.0.14) of the Tenda FH1202, a consumer-grade router commonly used in home and small office environments. Given the nature of the flaw, successful exploitation could allow attackers to execute arbitrary commands, disrupt network services, intercept or manipulate traffic, or pivot to other devices within the network, posing a substantial security risk.

Detailed information about CVE-2025-5978: Stack-based Buffer Overflow in Tenda FH1202 affecting Tenda FH1202. Get real-time updates, technical details, and miti

CVE-2025-5978: Stack-based Buffer Overflow in Tenda FH1202 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-5978: Stack-based Buffer Overflow in Tenda FH1202

The ArchiverSpaApi ASP.NET  application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints.

CVE-2025-35940 is a high-severity vulnerability affecting GFI Archiver version 15.7, specifically within the ArchiverSpaApi ASP.NET application. The core issue is the use of a hard-coded JWT (JSON Web Token) signing key, classified under CWE-798 (Use of Hard-coded Credentials). This flaw allows an unauthenticated remote attacker to generate valid JWT tokens because the signing key is embedded in the application code and is not unique or dynamically generated per deployment. Consequently, the attacker can craft verifiable JWT tokens that grant unauthorized access to protected API endpoints of the ArchiverSpaApi, bypassing authentication and authorization controls. The vulnerability has a CVSS 3.1 base score of 8.1, indicating high severity, with attack vector being network-based (AV:N), requiring no privileges (PR:N), no user interaction (UI:N), but with high attack complexity (AC:H). The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), as the attacker can access sensitive archived data, modify or delete records, and disrupt service availability. No patches or exploits in the wild are currently reported, but the presence of hard-coded credentials is a critical security design flaw that can be exploited once the key is discovered or reverse-engineered. The vulnerability affects only version 15.7 of GFI Archiver, a product widely used for email archiving and compliance in enterprise environments.

Detailed information about CVE-2025-35940: CWE-798 Use of Hard-coded Credentials in GFI Archiver affecting GFI Archiver. Get real-time updates, technical detail

CVE-2025-35940: CWE-798 Use of Hard-coded Credentials in GFI Archiver - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-35940: CWE-798 Use of Hard-coded Credentials in GFI Archiver

Two Mirai Botnets, Lzrd and Resgod Spotted Exploiting Wazuh Vulnerability

Source: https://hackread.com/two-mirai-botnets-lzrd-resgod-exploiting-wazuh-flaw/

The reported security threat involves two Mirai botnets, named Lzrd and Resgod, actively exploiting a vulnerability in Wazuh, an open-source security monitoring platform widely used for intrusion detection, log analysis, and compliance management. Mirai botnets are notorious for leveraging vulnerabilities in Internet of Things (IoT) devices and networked systems to create large-scale distributed denial-of-service (DDoS) attacks. The exploitation of a Wazuh vulnerability by these botnets indicates a shift towards targeting security infrastructure components, which could have significant implications. Although specific technical details about the vulnerability are not provided, the exploitation by botnets suggests the flaw may allow unauthorized remote code execution or command injection, enabling attackers to compromise systems running Wazuh. The absence of affected version details and patch links implies that the vulnerability might be newly discovered or not yet fully disclosed. The threat was first reported via Reddit's InfoSecNews subreddit and referenced by hackread.com, indicating early-stage public awareness with minimal discussion and low Reddit engagement. No known exploits in the wild have been confirmed, but the presence of active botnets exploiting the flaw suggests ongoing malicious activity. Given Wazuh's role in security monitoring, a successful compromise could allow attackers to evade detection, manipulate logs, or use the platform as a foothold for lateral movement within networks. The medium severity rating reflects the potential impact balanced against limited public exploit information and uncertain vulnerability scope.

Detailed information about Two Mirai Botnets, Lzrd and Resgod Spotted Exploiting Wazuh Vulnerability. Get real-time updates, technical details, and mitigation s

Two Mirai Botnets, Lzrd and Resgod Spotted Exploiting Wazuh Vulnerability - Live Threat Intelligence - Threat Radar | OffSeq.com

Two Mirai Botnets, Lzrd and Resgod Spotted Exploiting Wazuh Vulnerability

Reddit Discussion: Two Mirai Botnets, Lzrd and Resgod Spotted Exploiting Wazuh Vulnerability

Microsoft Patch Tuesday – June 2025 - Lansweeper

Source: https://www.lansweeper.com/blog/patch-tuesday/microsoft-patch-tuesday-june-2025/?utm_medium=social&utm_source=reddit&utm_campaign=ls-global-patch-tuesday-2025_06&utm_content=patch-tuesday

The provided information pertains to the Microsoft Patch Tuesday release for June 2025, as reported by Lansweeper via a Reddit InfoSec News post. Patch Tuesday is a monthly event where Microsoft releases security updates addressing vulnerabilities in its software products. These updates typically cover a range of Microsoft products including Windows operating systems, Microsoft Office, and other enterprise software. The June 2025 release is noted as newsworthy but currently has minimal public discussion and no known exploits in the wild. No specific affected versions or detailed technical vulnerabilities are listed in the source, and no Common Vulnerabilities and Exposures (CVE) identifiers or Common Weakness Enumerations (CWEs) are provided. The severity is indicated as medium, suggesting that the patches likely address vulnerabilities that could impact confidentiality, integrity, or availability but are not currently exploited or considered critical. The lack of detailed technical data implies that organizations should prioritize reviewing and applying these patches as part of their routine security maintenance to mitigate potential risks from unpatched vulnerabilities in Microsoft products.

Detailed information about Microsoft Patch Tuesday – June 2025 - Lansweeper. Get real-time updates, technical details, and mitigation strategies.

Microsoft Patch Tuesday – June 2025 - Lansweeper - Live Threat Intelligence - Threat Radar | OffSeq.com

Microsoft Patch Tuesday – June 2025 - Lansweeper

Reddit Discussion: Microsoft Patch Tuesday – June 2025 - Lansweeper

I am a undergrad Computer Science student working with a team looking into building an security tool for developers building AI agent systems. I read this really interesting paper on how to build secure agents that implement Google's new A2A protocol which had some proposed vulnerabilities of codebases implementing A2A.

It mentioned some things like:

\- Validating agent cards

\- Ensuring that repeating tasks don't grant permissions at the wrong time

\- Ensuring that message schemas adhere to

The security threat revolves around potential vulnerabilities in the implementation of Google's A2A (Agent-to-Agent) protocol, which is designed to facilitate secure communication and coordination between AI agents. The discussion originates from a research-oriented Reddit post by an undergraduate computer science student and their team, focusing on developing security tools for AI agent systems leveraging the A2A protocol. The key technical concerns highlighted include validating agent cards to ensure authenticity and authorization, preventing privilege escalation through repeated task execution that might improperly grant permissions, and enforcing strict adherence to message schemas to avoid malformed or malicious data exchanges. These vulnerabilities, if present in codebases implementing the A2A protocol, could lead to unauthorized actions by compromised or malicious agents, potentially undermining the integrity and trustworthiness of AI agent ecosystems. Although no specific affected versions or patches are identified, the research underscores the importance of rigorous validation mechanisms and secure design principles in AI agent communication frameworks. The threat is currently theoretical with no known exploits in the wild and minimal public discussion, but it is relevant given the increasing deployment of AI agents in various sectors.

Detailed information about Research On Developing Secure AI Agents Using Google's A2A Protocol. Get real-time updates, technical details, and mitigation strateg

Research On Developing Secure AI Agents Using Google's A2A Protocol - Live Threat Intelligence - Threat Radar | OffSeq.com

Research On Developing Secure AI Agents Using Google's A2A Protocol

Reddit Discussion: Research On Developing Secure AI Agents Using Google's A2A Protocol

An issue was discovered in Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password.

CVE-2020-21514 is a high-severity vulnerability identified in Fluent-ui version 1.2.2, which allows attackers to escalate privileges and execute arbitrary code due to the presence of a default password. Fluent-ui is a widely used user interface framework, primarily for building web applications. The vulnerability stems from improper credential management, specifically the use of a default password that is either hardcoded or set by default without requiring the user to change it. This weakness enables attackers with network access to authenticate with elevated privileges without needing to guess or brute-force credentials. Once authenticated, the attacker can execute arbitrary code, potentially taking full control of the affected system or application. The CVSS v3.1 base score of 8.8 reflects the critical nature of this vulnerability, with an attack vector of network (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability is categorized under CWE-276, which relates to improper default permissions or credentials. No patches or vendor-specific product details are provided, and no known exploits have been reported in the wild as of the publication date. However, the presence of a default password in a UI framework used in web applications represents a significant risk, especially if deployed in environments accessible from untrusted networks or the internet. Attackers could leverage this flaw to compromise sensitive data, disrupt services, or pivot within a network to further escalate attacks.

Detailed information about CVE-2020-21514: n/a in n/a affecting n/a n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2020-21514: n/a in n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2020-21514: n/a in n/a

An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 (fixed in 17.2), and the KeeperFill Browser Extensions version 16.5.4 (fixed in 17.2), allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. NOTE: the vendor disputes this for two reasons: the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information).

CVE-2023-36266 is a vulnerability identified in Keeper Password Manager for Desktop version 16.10.2 and KeeperFill Browser Extensions version 16.5.4, both of which were addressed in version 17.2. The issue involves the storage of plaintext passwords in memory after a user has logged in, with the potential for this sensitive information to persist even after logout. This vulnerability primarily affects local attackers who have the capability to read arbitrary memory locations on the affected system. The vendor has contested the severity of this issue, arguing that the exposure of plaintext passwords during an active session is inherent to the nature of password managers and that any persistence of data post-logout is due to memory management limitations of web browsers rather than Keeper's technology itself. Despite this dispute, the vulnerability highlights a risk where an attacker with local access and sufficient privileges could extract sensitive credentials from memory, potentially leading to unauthorized access to user accounts and services. The vulnerability does not require remote exploitation or network access, and there are no known exploits in the wild at this time. The lack of a CVSS score indicates that the severity assessment must be inferred from the technical details and potential impact on confidentiality and integrity of user credentials.

Detailed information about CVE-2023-36266: n/a in n/a affecting n/a n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2023-36266: n/a in n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2023-36266: n/a in n/a

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.

CVE-2023-27535 is an authentication bypass vulnerability identified in libcurl versions prior to 8.0.0, specifically affecting the FTP connection reuse feature. libcurl maintains a connection pool to optimize performance by reusing previously established FTP connections when the current connection parameters match those of an existing connection. However, this vulnerability arises because certain FTP-specific options—namely CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL—were not considered in the connection matching logic. As a result, libcurl could erroneously reuse a connection with mismatched credentials or security settings. This flaw can cause libcurl to send incorrect credentials during subsequent FTP transfers, potentially granting unauthorized access to sensitive data or allowing data exfiltration. The vulnerability is classified under CWE-305 (Authentication Bypass by Primary Weakness), indicating a fundamental flaw in the authentication mechanism. The CVSS v3.1 base score is 5.9 (medium severity), with the vector indicating network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), no integrity impact (I:N), and no availability impact (A:N). No known exploits have been reported in the wild to date. The issue was resolved in libcurl version 8.0.0 by including the previously omitted FTP options in the connection reuse matching criteria, preventing credential mismatches during FTP transfers.

Detailed information about CVE-2023-27535: Authentication Bypass by Primary Weakness (CWE-305) in https://github.com/curl/curl affecting n/a https://github.com/

CVE-2023-27535: Authentication Bypass by Primary Weakness (CWE-305) in https://github.com/curl/curl - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2023-27535: Authentication Bypass by Primary Weakness (CWE-305) in https://github.com/curl/curl

7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur

CVE-2022-29072 is a vulnerability affecting 7-Zip versions up to 21.07 on Windows platforms. The issue arises when a specially crafted file with a .7z extension is dragged into the Help > Contents area of the 7-Zip File Manager (7zFM.exe). This action triggers a heap overflow due to a misconfiguration in the 7z.dll library, which is responsible for handling archive files. The heap overflow can lead to command execution within a child process spawned by 7zFM.exe. While the initial report suggested the possibility of privilege escalation and arbitrary command execution, multiple third-party analyses have contested the privilege escalation aspect, indicating that the exploit may not elevate privileges beyond the current user context. The vulnerability stems from improper input validation and memory management within the 7z.dll component when processing .7z files in a specific UI context. Notably, there are no patches or vendor advisories currently available, and no known exploits have been observed in the wild. The lack of a CVSS score and detailed vendor information limits the granularity of risk assessment, but the technical details indicate a potential for local code execution under the user’s privileges without requiring authentication beyond normal user access. Exploitation requires user interaction, specifically dragging a malicious .7z file into the Help > Contents interface, which may limit automated or remote exploitation vectors.

Detailed information about CVE-2022-29072: n/a in n/a affecting n/a n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2022-29072: n/a in n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2022-29072: n/a in n/a

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

CVE-2021-22945 is a critical double free vulnerability (CWE-415) found in libcurl versions 7.73.0 through 7.78.0 when used to send data to an MQTT server. The flaw arises because libcurl, under certain conditions, erroneously retains a pointer to a memory area that has already been freed. Subsequently, the code attempts to use this dangling pointer to send data and then frees the same memory again. This double free can lead to undefined behavior, including potential memory corruption, application crashes, or exploitation opportunities such as arbitrary code execution. The vulnerability is exploitable remotely without any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact on confidentiality is high since an attacker could potentially execute arbitrary code remotely, compromising the system. The integrity impact is not directly indicated, but availability is high due to possible crashes or denial of service. Although no known exploits are reported in the wild, the high CVSS score of 9.1 reflects the severity and ease of exploitation. The vulnerability specifically affects libcurl's MQTT protocol implementation, which is used in IoT, messaging, and telemetry applications. Since libcurl is widely used as a client-side URL transfer library across many platforms and applications, this vulnerability could have broad implications wherever affected versions are deployed. No official patches are linked in the provided data, but users are advised to upgrade to versions beyond 7.78.0 where the issue is resolved.

Detailed information about CVE-2021-22945: Double Free (CWE-415) in https://github.com/curl/curl affecting n/a https://github.com/curl/curl. Get real-time updat

Title	Severity	Type	Source	Date

Threats Affecting Sweden

Filter Threats

Threats Affecting Sweden