CVE Database V5

AlienVault OTX General

Reddit InfoSec News

Exploit-DB RSS Feed

CIRCL OSINT Feed

ThreatFox MISP Feed

Reddit NetSec

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8172 is a SQL Injection vulnerability identified in version 1.0 of the itsourcecode Employee Management System, specifically within an unspecified function in the /admin/index.php file. The vulnerability arises from improper sanitization or validation of the 'Username' parameter, which an attacker can manipulate to inject malicious SQL code. This flaw allows remote attackers to execute arbitrary SQL commands on the backend database without requiring authentication or user interaction. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known exploits have been observed in the wild to date. The CVSS 4.0 base score is 5.3, indicating a medium severity level, reflecting factors such as network attack vector, low attack complexity, no privileges or user interaction required, but limited impact on confidentiality, integrity, and availability. The vulnerability could enable attackers to extract sensitive employee data, modify or delete records, or potentially escalate privileges within the system, depending on the database permissions. Given that the affected component is part of an employee management system, the exposure of personal and organizational data could have significant operational and compliance implications.

Detailed information about CVE-2025-8172: SQL Injection in itsourcecode Employee Management System affecting itsourcecode Employee Management System. Get real-t

CVE-2025-8172: SQL Injection in itsourcecode Employee Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8172: SQL Injection in itsourcecode Employee Management System

BreachForums Resurfaces on Original Dark Web (.onion) Address

Source: https://hackread.com/breachforums-resurface-original-dark-web-onion-address/

BreachForums, a notorious dark web forum known for hosting and sharing stolen data breaches and hacking discussions, has resurfaced on its original .onion dark web address. This forum historically served as a marketplace and discussion platform for cybercriminals to exchange compromised credentials, hacking tools, and exploit information. The reappearance of BreachForums on its original dark web address indicates a potential revival of its activities, which could lead to increased sharing and distribution of stolen data and hacking resources. While no specific vulnerabilities or exploits are detailed in this report, the forum's return may facilitate coordination among threat actors, potentially increasing the volume and sophistication of cyberattacks. The information is sourced from a Reddit InfoSec news post linking to an external article on hackread.com, with minimal technical details and no direct indicators of compromise or exploit code. No known exploits are currently reported in the wild related to this event.

Detailed information about BreachForums Resurfaces on Original Dark Web (.onion) Address. Get real-time updates, technical details, and mitigation strategies.

BreachForums Resurfaces on Original Dark Web (.onion) Address - Live Threat Intelligence - Threat Radar | OffSeq.com

BreachForums Resurfaces on Original Dark Web (.onion) Address

Reddit Discussion: BreachForums Resurfaces on Original Dark Web (.onion) Address

Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element

CVE-2025-46198 is a Cross Site Scripting (XSS) vulnerability identified in the Grav CMS versions 1.7.46, 1.7.47, and 1.7.48. Grav is a flat-file content management system widely used for building websites without a traditional database backend. The vulnerability arises from improper sanitization of user-supplied input that is reflected in the onerror attribute of the HTML img element. An attacker can craft a malicious payload embedded within an image tag's onerror attribute, which executes arbitrary JavaScript code when the image fails to load or triggers the error event. This type of XSS is classified as a reflected or stored XSS depending on how the payload is injected and rendered. Exploiting this vulnerability allows an attacker to execute arbitrary scripts in the context of the victim's browser session, potentially leading to session hijacking, credential theft, defacement, or redirection to malicious sites. The vulnerability affects specific Grav versions, indicating that the issue likely stems from a regression or insufficient input validation in these releases. No official patch links or CVSS score have been published yet, and there are no known exploits in the wild at the time of this report. However, given the nature of XSS vulnerabilities, exploitation is generally straightforward if the attacker can control input that is reflected in the vulnerable attribute. The lack of a CVSS score suggests that the vulnerability is newly disclosed and pending further assessment.

Detailed information about CVE-2025-46198: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-46198: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-46198: n/a

A global buffer overflow vulnerability was found in the soup_header_name_to_string function in Libsoup. The `soup_header_name_to_string` function does not validate the `name` parameter passed in, and directly accesses `soup_header_name_strings[name]`. The value of `name` is controllable, when `name` exceeds the index range of `soup_headr_name_string`, it will cause an out-of-bounds access.

CVE-2025-8197 is a medium severity vulnerability identified in Red Hat Enterprise Linux 10, specifically within the Libsoup library's function soup_header_name_to_string. Libsoup is a GNOME HTTP client/server library used for handling HTTP headers and requests. The vulnerability arises because the soup_header_name_to_string function does not properly validate the 'name' parameter before using it as an index to access the soup_header_name_strings array. If an attacker supplies a 'name' value that exceeds the valid index range, it results in an out-of-bounds write (global buffer overflow). This type of memory corruption can lead to application crashes or potentially enable an attacker to execute arbitrary code or escalate privileges, depending on the context of the vulnerable application. The CVSS v3.1 base score is 5.5, reflecting a medium severity level, with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but causing high impact on availability (A:H). No known exploits are currently reported in the wild. The vulnerability affects Red Hat Enterprise Linux 10, a widely used enterprise-grade Linux distribution, which is commonly deployed in server environments and critical infrastructure. Since Libsoup is often used in network-facing applications or services, exploitation could be triggered locally or via limited access to vulnerable components. The lack of input validation in a core library function indicates a coding flaw that could be leveraged by attackers with local access or limited privileges to disrupt service availability or potentially escalate attacks further if combined with other vulnerabilities.

Detailed information about CVE-2025-8197: Out-of-bounds Write in Red Hat Red Hat Enterprise Linux 10 affecting Red Hat Red Hat Enterprise Linux 10. Get real-tim

CVE-2025-8197: Out-of-bounds Write in Red Hat Red Hat Enterprise Linux 10 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8197: Out-of-bounds Write in Red Hat Red Hat Enterprise Linux 10

A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php of the component HTTP POST Request Handler. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8166 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /admin/index.php file's HTTP POST request handler. The vulnerability arises from improper sanitization or validation of the 'Username' parameter, which can be manipulated by an attacker to inject malicious SQL commands. This flaw allows remote attackers to execute arbitrary SQL queries on the backend database without requiring authentication or user interaction. Exploiting this vulnerability could lead to unauthorized data access, data modification, or even complete compromise of the underlying database. The CVSS 4.0 score is 6.9 (medium severity), reflecting the ease of exploitation (network attack vector, no privileges or user interaction needed) but limited impact on confidentiality, integrity, and availability (low to medium impact). Although no public exploits are currently known in the wild, the vulnerability has been publicly disclosed, increasing the risk of exploitation. The affected product is niche software used primarily by religious organizations to manage donations, and the vulnerability exists in a core administrative component, potentially exposing sensitive donor and financial data if exploited.

Detailed information about CVE-2025-8166: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-8166: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8166: SQL Injection in code-projects Church Donation System

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - duplicate-data-source modules) allows Absolute Path Traversal. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

CVE-2025-52452 is a path traversal vulnerability (CWE-22) identified in Salesforce Tableau Server, specifically affecting the tabdoc API's duplicate-data-source modules on both Windows and Linux platforms. This vulnerability allows an attacker to perform absolute path traversal by improperly limiting the pathname to restricted directories. Essentially, the application fails to adequately sanitize or validate user-supplied input that specifies file paths, enabling an attacker to access files and directories outside the intended restricted scope. This can lead to unauthorized access to sensitive files on the server's filesystem. The affected versions include all Tableau Server releases prior to 2025.1.3, 2024.2.12, and 2023.3.19, indicating that multiple release branches are impacted. No CVSS score has been assigned yet, and there are no known exploits in the wild at the time of publication. However, path traversal vulnerabilities are generally considered serious because they can lead to information disclosure, potential privilege escalation, or further exploitation depending on the files accessed and the server configuration. Since Tableau Server is a widely used enterprise analytics platform, exploitation could expose sensitive business intelligence data or configuration files, potentially compromising confidentiality and integrity of organizational data.

Detailed information about CVE-2025-52452: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Salesforce Tableau Server af

CVE-2025-52452: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Salesforce Tableau Server - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-52452: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Salesforce Tableau Server

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

CVE-2025-52449 is a vulnerability classified under CWE-434, which involves the unrestricted upload of files with dangerous types in Salesforce Tableau Server. This vulnerability affects Tableau Server versions prior to 2025.1.3, 2024.2.12, and 2023.3.19, across Windows and Linux platforms, specifically impacting the Extensible Protocol Service modules. The core issue is that the server does not properly restrict or validate the types of files that users can upload, allowing an attacker to upload malicious files with deceptive filenames. This can lead to alternative execution paths, effectively enabling remote code execution (RCE) on the affected server. The vulnerability arises because the system fails to enforce adequate file type restrictions and sanitization, allowing attackers to bypass security controls and execute arbitrary code remotely. Although no known exploits are currently reported in the wild, the potential for exploitation is significant given the nature of the vulnerability and the critical role Tableau Server plays in data visualization and business intelligence workflows. The lack of a CVSS score indicates that the vulnerability is newly published and has not yet been fully assessed or exploited. However, the technical details suggest a high-risk scenario due to the possibility of RCE without authentication or user interaction requirements explicitly stated. This vulnerability could be exploited by attackers to gain unauthorized access, execute malicious payloads, and potentially compromise the confidentiality, integrity, and availability of enterprise data and systems hosted on Tableau Server.

Detailed information about CVE-2025-52449: CWE-434 Unrestricted Upload of File with Dangerous Type in Salesforce Tableau Server affecting Salesforce Tableau Ser

CVE-2025-52449: CWE-434 Unrestricted Upload of File with Dangerous Type in Salesforce Tableau Server - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-52449: CWE-434 Unrestricted Upload of File with Dangerous Type in Salesforce Tableau Server

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS Server modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

CVE-2025-52455 is a Server-Side Request Forgery (SSRF) vulnerability identified in Salesforce Tableau Server, specifically affecting the EPS Server modules on both Windows and Linux platforms. SSRF vulnerabilities occur when an attacker can manipulate a server to make HTTP requests to arbitrary domains or internal systems, potentially bypassing network access controls. In this case, the vulnerability allows resource location spoofing, which means an attacker could trick the Tableau Server into fetching resources from unintended or malicious locations. The affected versions include all releases prior to 2025.1.3, 2024.2.12, and 2023.3.19, indicating that multiple release branches are impacted. The vulnerability is classified under CWE-918, which covers SSRF issues. No CVSS score has been assigned yet, and no known exploits are reported in the wild. The vulnerability was reserved in mid-June 2025 and published in late July 2025. The lack of a CVSS score suggests that the assessment is recent and still under evaluation. SSRF vulnerabilities can be leveraged to access internal services behind firewalls, perform port scanning, or exploit other vulnerabilities in internal systems, potentially leading to data exposure or further compromise. Given Tableau Server's role in data visualization and business intelligence, exploitation could lead to unauthorized access to sensitive business data or internal network reconnaissance.

Detailed information about CVE-2025-52455: CWE-918 Server-Side Request Forgery (SSRF) in Salesforce Tableau Server affecting Salesforce Tableau Server. Get real

CVE-2025-52455: CWE-918 Server-Side Request Forgery (SSRF) in Salesforce Tableau Server - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-52455: CWE-918 Server-Side Request Forgery (SSRF) in Salesforce Tableau Server

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

CVE-2025-52454 is a Server-Side Request Forgery (SSRF) vulnerability identified in Salesforce Tableau Server, specifically affecting the Amazon S3 Connector modules on Windows and Linux platforms. SSRF vulnerabilities occur when an attacker can manipulate a server to send crafted requests to unintended locations, potentially accessing internal resources or external systems that are otherwise inaccessible. In this case, the vulnerability allows Resource Location Spoofing, meaning an attacker could trick Tableau Server into making unauthorized requests to arbitrary locations. This could lead to unauthorized access to internal services, data exfiltration, or further network reconnaissance. The affected versions include all Tableau Server releases prior to 2025.1.3, 2024.2.12, and 2023.3.19, indicating that multiple release branches are impacted. The vulnerability is categorized under CWE-918, which covers SSRF issues. No CVSS score has been assigned yet, and there are no known exploits in the wild at the time of publication. The vulnerability was reserved in mid-June 2025 and published in late July 2025. The lack of a patch link suggests that fixes may be included in the referenced version updates but are not explicitly linked in the provided data. Given the nature of Tableau Server as a widely used enterprise analytics platform, exploitation could allow attackers to pivot into internal networks or access sensitive data repositories connected via the Amazon S3 Connector, which is commonly used for cloud storage integration.

Detailed information about CVE-2025-52454: CWE-918 Server-Side Request Forgery (SSRF) in Salesforce Tableau Server affecting Salesforce Tableau Server. Get real

CVE-2025-52454: CWE-918 Server-Side Request Forgery (SSRF) in Salesforce Tableau Server - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-52454: CWE-918 Server-Side Request Forgery (SSRF) in Salesforce Tableau Server

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

CVE-2025-52453 is a Server-Side Request Forgery (SSRF) vulnerability identified in Salesforce Tableau Server, specifically affecting the Flow Data Source modules on Windows and Linux platforms. SSRF vulnerabilities occur when an attacker can manipulate a server to make unintended requests to internal or external resources, potentially bypassing network access controls. In this case, the vulnerability allows an attacker to perform Resource Location Spoofing, which means the attacker can trick the Tableau Server into fetching resources from locations of their choosing. This can lead to unauthorized internal network scanning, data exfiltration, or interaction with internal services that are otherwise inaccessible externally. The affected versions include all releases prior to 2025.1.3, 2024.2.12, and 2023.3.19, indicating multiple branches of Tableau Server are impacted. No public exploits are currently known, and no CVSS score has been assigned yet. However, the vulnerability is significant because Tableau Server is often deployed in enterprise environments with access to sensitive business intelligence data and internal networks. Exploitation could allow attackers to pivot within an organization’s infrastructure or access sensitive data indirectly through the server. The vulnerability is categorized under CWE-918, which highlights the risk of SSRF leading to unauthorized resource access or network reconnaissance. Since Tableau Server is a critical analytics platform, this SSRF flaw could be leveraged to compromise confidentiality and integrity of data, as well as availability if used to trigger denial-of-service conditions.

Detailed information about CVE-2025-52453: CWE-918 Server-Side Request Forgery (SSRF) in Salesforce Tableau Server affecting Salesforce Tableau Server. Get real

Title	Severity	Type	Source	Date

Threats Affecting Sweden

Filter Threats

Threats Affecting Sweden

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility