CyberSecurityBoard
Sponsor Register Login

CVE-2025-3400

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. This affects an unknown part of the file /client/UnChkMailApplication.jsp. The manipulation of the argument typename leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Publication date: Tue, 08 Apr 2025 02:00:00 +0000


Cyber News related to CVE-2025-3400

Exploit released for Palo Alto PAN-OS bug used in attacks, patch now - Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software. Tracked as CVE-2024-3400, this security flaw can let unauthenticated threat actors execute arbitrary code as ...
1 year ago Bleepingcomputer.com CVE-2024-3400 CVE-2024-34000
How to track and stop CVE-2024-3400: Palo Alto Devices API Exploit Causing Critical Infrastructure and Enterprise Epidemics - On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. Palo Alto has marked this ...
1 year ago Securityboulevard.com CVE-2024-3400
CVE-2025-40000 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
RansomHub Evolves To Attack Windows, ESXi, Linux and FreeBSD Operating Systems - With RansomHub actively exploiting zero-day vulnerabilities and recruiting displaced ALPHV/LockBit affiliates, organizations must strengthen endpoint security and ensure backup isolation to prevent potential attacks. RansomHub ransomware group ...
10 months ago Cybersecuritynews.com CVE-2024-3400 CVE-2021-42278 CVE-2020-1472 LockBit Ransomhub
CVE-2025-38592 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
CVE-2025-40280 - In the Linux kernel, the following vulnerability has been resolved: ...
2 weeks ago
CVE-2025-0941 - MET ONE 3400+ instruments running software v1.0.41 can, under rare conditions, temporarily store credentials in plain text within the system. This data is not available to unauthenticated users. ...
9 months ago Tenable.com
CVE-2025-3400 - A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. This affects an unknown part of the file /client/UnChkMailApplication.jsp. The manipulation of the argument typename leads to sql injection. It is ...
8 months ago
CVE-2025-0136 - Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS ...
7 months ago
CVE-2025-38139 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
CVE-2025-38443 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
CVE-2025-37824 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
CVE-2025-40309 - In the Linux kernel, the following vulnerability has been resolved: ...
2 weeks ago
23 Vulnerabilities in Black Basta's Chat Logs Exploited in Wild - GreyNoise’s internet-wide telemetry identified exploitation activity for 23 CVEs, including high-severity flaws in Palo Alto Networks PAN-OS, Cisco IOS XE, and Microsoft Exchange Server. These vulnerabilities span enterprise software, security ...
9 months ago Cybersecuritynews.com CVE-2023-36845 CVE-2023-36844 CVE-2023-22515 CVE-2022-26134 CVE-2023-6875 CVE-2021-26855 CVE-2022-41082 CVE-2024-3400 CVE-2024-1709 CVE-2021-44228 CVE-2023-20198 Black Basta
2
Vulnerability Recap 4/15/24: Palo Alto, Microsoft, Ivanti Exploits - Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users' data security. Multiple Vulnerabilities Discovered in LG WebOS Smart TVs. Type of vulnerability: Authorization bypass, ...
1 year ago Esecurityplanet.com CVE-2024-21894 CVE-2024-29990 CVE-2024-3383 CVE-2024-3400
RedTail Malware Abuses Palo Alto Flaw in Latest Cryptomining Campaign - Hackers with possible ties to the notorious North Korea-linked Lazarus Group are exploiting a recent critical vulnerability in Palo Alto Network's PAN-OS software to run a sophisticated cryptomining operation that likely has nation-state backing. In ...
1 year ago Securityboulevard.com CVE-2024-3400 CVE-2023-46805 CVE-2024-21887 Andariel Lazarus Group
CVE-2010-3400 - The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote ...
8 years ago
CVE-2007-3493 - A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the ...
4 years ago
CVE-2022-3401 - The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability ...
3 years ago
Silk Typhoon hackers now target IT supply chains to breach networks - Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. Microsoft reports that ...
9 months ago Bleepingcomputer.com CVE-2024-3400
CVE-2009-3400 - Unspecified vulnerability in the Oracle Advanced Benefits component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. ...
13 years ago
CVE-2013-3400 - The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. ...
12 years ago
CVE-2014-3400 - Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. ...
11 years ago
CVE-2005-3400 - Multiple interpretation error in Fortinet 2.48.0.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be ...
9 years ago
CVE-2016-3400 - NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. ...
8 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)