SOS Intelligence

The SOS Intelligence CVE Chatter Weekly Top Ten – 19 May 2025

by Amir Hadzipasic

May 19, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

2. CVE-2024-21060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2024-45332

3. CVE-2024-45332

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

4. CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.

https://nvd.nist.gov/vuln/detail/CVE-2025-27920

5. CVE-2024-21887

https://nvd.nist.gov/vuln/detail/CVE-2024-21887

6. CVE-2020-8516

The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2020-8516

7. CVE-2021-34527

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.

In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):

HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTPrintersPointAndPrint
NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
UpdatePromptSettings = 0 (DWORD) or not defined (default setting)

Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.

UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates.

Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527.

https://nvd.nist.gov/vuln/detail/CVE-2021-34527

8. CVE-2024-3400

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2024-3400

9. CVE-2019-17671

In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.

https://nvd.nist.gov/vuln/detail/CVE-2019-17671

10. CVE-2017-5638

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

https://nvd.nist.gov/vuln/detail/CVE-2017-5638

https://nvd.nist.gov/vuln/detail/CVE-2022-44666

The SOS Intelligence CVE Chatter Weekly Top Ten – 12 May 2025

by Amir Hadzipasic

May 12, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2022-44666

Windows Contacts Remote Code Execution Vulnerability

2. CVE-2023-47246

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

https://nvd.nist.gov/vuln/detail/CVE-2023-47246

3. CVE-2025-29824

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

https://nvd.nist.gov/vuln/detail/CVE-2025-29824

4. CVE-2023-35947

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability.

### Impact

This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip.

* When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions.
* For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read.

To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed.

Gradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build.

### Patches

A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name.

It is recommended that users upgrade to a patched version.

### Workarounds

There is no workaround.

* If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability.
* If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured.

### References

* [CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)](https://cwe.mitre.org/data/definitions/22.html)
* [Gradle Build

https://nvd.nist.gov/vuln/detail/CVE-2023-35947

5. CVE-2025-1323

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the ‘databeat’ parameter in all versions up to, and including, 16.26.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2025-1323

6. CVE-2025-27007

Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82.

https://nvd.nist.gov/vuln/detail/CVE-2025-27007

7. CVE-2024-4577

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use “Best-Fit” behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

https://nvd.nist.gov/vuln/detail/CVE-2024-4577

8. CVE-2021-41773

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration “require all denied”, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.

https://nvd.nist.gov/vuln/detail/CVE-2021-41773

9. CVE-2022-44690

Microsoft SharePoint Server Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2022-44690

10. CVE-2023-21433

Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.

https://nvd.nist.gov/vuln/detail/CVE-2023-21433

Opinion, OSINT

Seeing Clearly: Understanding and Addressing Bias in OSINT

by Daniel Collyer

May 7, 2025

Open-source intelligence (OSINT) has become an essential part of modern investigations, threat analysis, and decision-making. By leveraging publicly available information from the surface web, social media, forums, and more obscure corners of the internet, OSINT practitioners can uncover insights without the need for intrusive or covert methods. But as with any form of intelligence gathering, the process is far from objective.

Bias — whether introduced by the analyst, the tools used, or the sources themselves — can significantly distort findings. In an age where data is vast, varied, and often unverified, understanding and mitigating bias is not just good practice, it’s a necessity.

In this blog post, we’ll explore the different types of bias that can affect OSINT, from unconscious assumptions to platform-driven distortions. We’ll also look at the real-world consequences of unchecked bias and offer practical steps to help analysts and organisations reduce its impact. Because when it comes to intelligence, clarity and objectivity are key — and bias is the silent threat that clouds both.

What Is Bias in OSINT?

Bias, in the context of OSINT, refers to any distortion or influence that affects how information is collected, interpreted, or presented. It can arise from a wide range of sources — the tools we use, the platforms we search, the assumptions we bring with us, and even the way we frame our intelligence requirements.

Importantly, bias isn’t always intentional. Much of it operates at a subconscious level, shaped by cultural norms, past experiences, professional habits, or institutional practices. And in OSINT — where we often deal with vast, unstructured, and fast-moving data — even small biases can significantly skew the outcome of an investigation.

Bias can enter the OSINT process at every stage. It may influence the types of sources we prioritise, the way we interpret ambiguous content, or the confidence we place in particular findings. Analysts may unconsciously favour information that supports a working theory, or dismiss data that doesn’t align with an expected narrative. Meanwhile, digital tools and search algorithms can subtly reinforce these patterns, feeding analysts what they’re likely to click on — not necessarily what’s most accurate or relevant.

Recognising the presence of bias is the first step in mitigating its effects. In the sections that follow, we’ll explore some of the most common types of bias in OSINT work, and how they can impact the quality and reliability of our intelligence.

Types of Bias Common in OSINT

Bias in OSINT can creep in at any stage of the intelligence lifecycle — from the moment an analyst frames a question, to the sources they choose, the tools they rely on, and how they interpret the information gathered. These biases, often unconscious, can impact the reliability, relevance, and objectivity of an intelligence product. Below are the most prevalent types of bias that OSINT practitioners should be aware of, alongside examples and mitigation tips.

Selection Bias

Selection bias arises when the information an analyst collects is not representative of the broader landscape, often because certain types of sources or platforms are favoured over others. This can be due to habit, language familiarity, ease of access, or time constraints.

Example:
An analyst researching political disinformation may rely heavily on Twitter data, missing coordinated narratives being pushed on Telegram or region-specific platforms like VK or Weibo.

Why it matters:
If the selected sources don’t reflect the full spectrum of available information, the resulting intelligence may be incomplete, misleading, or skewed towards a particular narrative or demographic.

How to reduce it:

Use a diverse set of platforms and media types (forums, blogs, videos, alt-tech sites).
Include regional and language-specific sources wherever possible.
Revisit and regularly reassess your go-to sources to prevent over-reliance.

Confirmation Bias

Confirmation bias is the tendency to look for or interpret information in a way that supports an existing hypothesis or belief, while disregarding evidence that contradicts it. This is especially common when an analyst is under pressure to produce a “smoking gun” or validate a stakeholder’s expectations.

Example:
While investigating a suspected nation-state actor, an analyst focuses exclusively on TTPs (Tactics, Techniques, and Procedures) associated with that actor, ignoring signs that the activity could point to a different group or a false flag operation.

Why it matters:
Confirmation bias can lead to poor attribution, misinformed decisions, or ineffective mitigation strategies. It also limits an analyst’s ability to explore alternative hypotheses.

How to reduce it:

Apply structured analytic techniques such as the Analysis of Competing Hypotheses (ACH).
Collaborate with other analysts to test assumptions and encourage critical challenge.
Document reasoning and acknowledge uncertainty in assessments.

Language and Cultural Bias

Language barriers and cultural unfamiliarity can affect how information is gathered and interpreted. Analysts working in a second language — or relying on machine translation — may misread tone, sarcasm, or idiomatic expressions. Cultural norms can also impact how certain behaviours are perceived.

Example:
An English-speaking analyst may misinterpret the tone of Arabic-language social media posts due to literal translation, mistaking satire or frustration for calls to violence.

Why it matters:
Poor interpretation can lead to false positives, mischaracterisation of intent, or overlooking local context. This is particularly critical in geopolitical, extremist, or criminal investigations.

How to reduce it:

Use native speakers or trusted translation partners when possible.
Consult regional experts for cultural insight.
Avoid making assumptions based solely on automated translations or surface-level interpretations.

Tool and Platform Bias

The tools we use to collect and analyse data are not neutral. Search engines, social media platforms, and scraping tools all apply filters, ranking algorithms, and personalisation — often without the user’s awareness. This can prioritise certain types of content and bury others, skewing the analyst’s perception of what is prevalent or important.

Example:
Google search results vary depending on location, search history, and user profile. An analyst may believe a narrative is trending globally when in fact it’s only prominent in their localised feed.

Why it matters:
Platform bias can lead to a false sense of consensus or popularity. It also risks amplifying certain voices while suppressing dissenting ones.

How to reduce it:

Use multiple search engines and anonymised browsers (e.g. Tor or VPNs).
Test queries in incognito/private browsing modes.
Be aware of default settings in commercial tools — understand what’s being excluded or prioritised.

Data Availability Bias

Data availability bias refers to the over-reliance on information that is easiest to find, most recent, or most abundant. Analysts may gravitate towards high-volume data sources (like Reddit or Twitter) because they are continuously updated and easy to search — at the expense of smaller, less visible sources that may be more valuable.

Example:
An OSINT report on cybercriminal activity may cite dozens of tweets and blog posts but fail to include key discussions taking place in closed forums or encrypted messaging groups.

Why it matters:
The quantity of available data doesn’t always equate to quality or relevance. Prioritising what’s visible over what’s essential can distort the intelligence picture and give a false sense of completeness.

How to reduce it:

Establish clear intelligence requirements before collection begins.
Allocate time to seek out hard-to-find or niche sources.
Treat gaps in data as a signal — not just an absence.

Together, these biases form a web of influence that can compromise even the most well-intentioned investigations.

Real-World Consequences of Bias in OSINT

Bias in OSINT isn’t just a theoretical concern — it has real-world implications. When unchecked, bias can lead to flawed assessments, damaged reputations, operational missteps, and even legal or ethical breaches. Whether you’re conducting corporate investigations, monitoring geopolitical events, or assessing cyber threats, the integrity of your findings depends on how rigorously you confront bias throughout the process.

Here are some key consequences of biased OSINT!

Flawed Decision-Making

Biased intelligence can feed directly into poor decisions, especially in fast-moving environments where leadership relies heavily on OSINT to shape strategy or response.

Example:
A security team monitoring social unrest misinterprets online sentiment due to over-reliance on English-language Twitter data. As a result, they misjudge the timing and location of protest activity, leading to inadequate resource allocation and reputational damage for the organisation.

Impact:
Misinformed decisions can result in financial losses, safety risks, or missed opportunities to intervene early in an emerging threat.

Inaccurate Attribution and Threat Profiling

In cyber threat intelligence, OSINT is often used to support attribution — linking incidents to actors or groups. Bias in source selection or interpretation can lead to false conclusions about who is behind an attack or what their motives might be.

Example:
An analyst attributes a phishing campaign to a well-known ransomware gang based on superficial similarities to a past incident, without exploring the possibility of copycat tactics. Later evidence reveals the activity was the work of a different actor altogether.

Impact:
Faulty attribution may lead to targeting the wrong group, damaging diplomatic relationships, or overlooking the true threat actor.

Overlooking Emerging Threats

Bias towards mainstream or high-visibility platforms can cause analysts to miss activity in fringe spaces where new narratives or tactics often emerge first.

Example:
While monitoring disinformation around an election, analysts focus on Facebook and YouTube but fail to detect early mobilisation efforts on fringe platforms like 4chan or niche messaging channels.

Impact:
Failure to detect early-stage planning or sentiment shifts can delay mitigation efforts and allow threats to escalate unchecked.

Reputational and Legal Risks

If an organisation bases public statements or internal actions on flawed OSINT, it could face reputational fallout — or worse, legal consequences.

Example:
A company issues a threat advisory naming a suspected actor based on an OSINT report later revealed to be based on misinterpreted data. The accused actor contests the findings publicly, leading to reputational damage and potential liability.

Impact:
Poorly substantiated claims can erode trust in your organisation’s intelligence capabilities and create significant legal exposure.

Analyst Burnout and Operational Inefficiency

Constantly chasing data that confirms a pre-existing view can lead to tunnel vision and missed insight. It also increases cognitive load, as analysts struggle to reconcile contradictory findings with an inflexible narrative.

Example:
An intelligence team spends weeks reinforcing an incorrect assumption because early findings were never challenged. Late-stage doubts lead to rework and missed deadlines.

Impact:
Bias drains time, undermines analyst confidence, and reduces the overall efficiency of the OSINT process.

By understanding and acknowledging these consequences, OSINT professionals can treat bias not just as a theoretical flaw but as a practical risk — one that can and should be actively mitigated. In the next section, we’ll explore how to do exactly that: recognising bias in your own process, and adopting safeguards to reduce its impact.

How to Identify and Mitigate Bias in OSINT Investigations

Tackling bias in OSINT isn’t about eliminating it entirely — that’s virtually impossible. Instead, the goal is to recognise where bias may creep in, actively question your assumptions, and build safeguards into your processes to keep your intelligence as accurate, balanced, and reliable as possible. Below are key strategies for identifying and mitigating bias throughout the OSINT lifecycle.

Develop Self-Awareness and Encourage Critical Thinking

Awareness is the first step. Bias is often unconscious, so analysts must learn to reflect on their own thought processes and remain open to challenge.

Tips:

Ask yourself: “What assumptions am I making here?”
Encourage peer review within your team — a second set of eyes can catch blind spots you might miss.
Maintain a mindset of curiosity over certainty. Avoid becoming too attached to an early hypothesis.

Use Structured Analytic Techniques (SATs)

Structured Analytic Techniques are proven tools to help analysts explore alternative explanations, test assumptions, and reduce cognitive traps.

Recommended techniques:

Analysis of Competing Hypotheses (ACH): List all possible explanations and evaluate evidence for and against each.
Red Teaming: Have a colleague deliberately challenge your assumptions and present counter-arguments.
Devil’s Advocacy: Take an opposing viewpoint to test the strength of your conclusions.

These methods are particularly valuable in high-stakes or high-uncertainty investigations where bias may have the greatest impact.

Diversify Sources and Tools

One of the most effective ways to reduce selection and tool bias is to cast a wide net. Avoid relying on a narrow set of familiar platforms or sources.

Tips:

Include mainstream, alternative, and fringe platforms in your data collection.
Use both commercial and open-source OSINT tools — each may present data differently.
Search in multiple languages where possible, or use translated queries to gain a broader view.

Regularly audit your sources and collection methods to ensure they remain appropriate for the task.

Separate Collection from Analysis

Where feasible, keep data collection and analysis distinct. This can help prevent your search strategy from being shaped by what you hope to find.

Tips:

Assign data gathering to one team member and analysis to another, if resources allow.
Use neutral search terms during collection to avoid biasing the dataset.
Create a clear intelligence requirement or question to guide your scope objectively.

This separation adds discipline to your workflow and supports a more neutral intelligence product.

Document Your Reasoning and Assumptions

Transparency in your process is essential — both for collaboration and for bias mitigation. Document how conclusions were reached, including what evidence was used, what was discarded, and why.

Benefits:

Makes your work more defensible in the event of challenge or scrutiny.
Helps you revisit past assessments to refine or revise conclusions with new evidence.
Supports better peer review and organisational learning.

Where possible, annotate your findings with source reliability ratings and confidence levels.

Build in Time for Reflection and Review

Tight deadlines often amplify bias, as there’s little opportunity to question results. Wherever possible, build in time to reflect on findings and review them with fresh eyes.

Tips:

Schedule a “cooling-off” period before finalising assessments, especially on complex or high-risk topics.
Use checklists to perform a final bias audit before dissemination.
Encourage cross-team or external feedback if time allows.

Bias in OSINT is inevitable — but it doesn’t have to define the quality of your work. With the right tools, habits, and organisational culture, it’s possible to create intelligence products that are more balanced, resilient, and actionable.

Embedding Bias Awareness into OSINT Workflows and Culture

Bias mitigation shouldn’t just be left to individual analysts — it must be baked into the wider workflows, processes, and culture of any team or organisation that relies on OSINT. When bias awareness becomes part of the operational fabric, the result is more reliable intelligence, better decision-making, and a stronger ethical foundation.

Here’s how teams can embed this mindset more broadly:

Establish Clear Intelligence Requirements

Start with a well-defined intelligence question. Vague or overly broad tasks increase the risk of confirmation bias or irrelevant collection.

What this looks like:

Define the “who, what, when, where, and why” before collection begins.
Break down large requests into smaller, more focused components.
Ensure tasking is reviewed and agreed by relevant stakeholders to reduce personal bias shaping direction.

Standardise Collection and Documentation Processes

Create workflows that encourage consistency and transparency at every stage of the OSINT cycle.

Steps to implement:

Use templates for reporting and note-taking that include fields for source evaluation, confidence levels, and assumptions.
Standardise how tools and sources are chosen and justify their use.
Make documentation a non-negotiable part of your intelligence output.

This not only reduces bias but also improves reproducibility and quality control.

Foster a Culture of Challenge and Peer Review

Healthy teams encourage respectful disagreement and regular feedback. Challenge should be seen not as confrontation, but as a key part of refining thinking.

How to build this in:

Hold regular review sessions or “intelligence stand-ups” where analysts discuss findings and alternative views.
Designate a “red team” or devil’s advocate role for larger projects.
Encourage cross-functional reviews involving technical, regional, or language specialists where possible.

Psychological safety — where analysts feel comfortable voicing concerns or dissent — is key to making this work.

Provide Ongoing Training and Awareness

Bias awareness isn’t a one-off exercise. Continuous professional development helps teams stay sharp, challenge assumptions, and stay updated with new tools or methods.

Training focus areas:

Cognitive bias and structured analytic techniques.
Source validation and reliability frameworks.
Diversity in online platforms and information ecosystems.

Don’t overlook the value of non-technical skills, such as critical thinking, logic, and media literacy.

Use Technology Thoughtfully, Not Blindly

Automated tools can speed up analysis, but they can also entrench bias if they’re not used carefully. Algorithms are only as objective as the data and assumptions behind them.

Best practices:

Understand the limitations of any tool, especially those that involve language processing, sentiment analysis, or trend detection.
Regularly assess whether tools introduce their own selection bias (e.g. geolocation limits, language barriers).
Avoid over-reliance on dashboards or outputs without context — always layer automated findings with human judgment.

Reflect and Evolve

Build regular retrospectives into your team’s rhythm. Reflect on where bias may have influenced past projects, and use that to refine future practice.

Prompts to consider:

Were any key perspectives or sources missed?
Were assumptions tested adequately?
How did the team handle dissent or uncertainty?

This institutional learning helps embed bias mitigation into your organisational muscle memory.

By putting these cultural and procedural supports in place, organisations move beyond individual effort and towards systemic resilience. When bias awareness becomes a shared value — not just a box-ticking exercise — the result is a more ethical, accurate, and credible OSINT function.

SOS Intelligence Ransomware Statistics October 23

The Value of Bias-Aware OSINT

Bias is an unavoidable part of human thinking, and by extension, of open-source intelligence. But acknowledging its presence isn’t a weakness — it’s a strength. When analysts and organisations recognise where bias can occur and actively work to reduce its influence, the result is not only better intelligence but also more ethical, credible, and impactful work.

Bias-aware OSINT isn’t about striving for some mythical state of total objectivity. Instead, it’s about developing good habits: questioning assumptions, diversifying sources, documenting reasoning, and creating space for challenge and reflection. It’s about embedding checks and balances into both individual workflows and team culture.

In an era where misinformation spreads quickly and decision-makers rely heavily on timely, accurate information, the stakes for getting OSINT right have never been higher. Building bias-aware practices into your investigations isn’t just good tradecraft — it’s an essential part of being a responsible intelligence professional.

By staying curious, critical, and collaborative, we can all do our part to ensure the intelligence we produce stands up to scrutiny and serves its intended purpose — helping others make better-informed decisions.

Header photo by Christian Lue on Unsplash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

The SOS Intelligence CVE Chatter Weekly Top Ten – 05 May 2025

by Amir Hadzipasic

May 5, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

2. CVE-2024-21060

3. CVE-2024-10687

https://nvd.nist.gov/vuln/detail/CVE-2022-32666

4. CVE-2022-32666

In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014.

5. CVE-2021-32789

woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.

https://nvd.nist.gov/vuln/detail/CVE-2021-32789

6. CVE-2025-2783

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2025-2783

7. CVE-2025-1323

https://nvd.nist.gov/vuln/detail/CVE-2025-1323

8. CVE-2025-32658

Deserialization of Untrusted Data vulnerability in wpWax HelpGent allows Object Injection. This issue affects HelpGent: from n/a through 2.2.4.

https://nvd.nist.gov/vuln/detail/CVE-2025-32658

9. CVE-2025-39462

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in teamzt Smart Agreements allows PHP Local File Inclusion. This issue affects Smart Agreements: from n/a through 1.0.3.

https://nvd.nist.gov/vuln/detail/CVE-2025-39462

10. CVE-2024-3400

Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2024-3400

https://nvd.nist.gov/vuln/detail/CVE-2024-3400

The SOS Intelligence CVE Chatter Weekly Top Ten – 28 April 2025

by Amir Hadzipasic

April 28, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2024-3400

Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

2. CVE-2024-21887

https://nvd.nist.gov/vuln/detail/CVE-2024-21887

3. CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

https://nvd.nist.gov/vuln/detail/CVE-2025-32433

4. CVE-2024-10687

5. CVE-2024-21060

https://nvd.nist.gov/vuln/detail/CVE-2023-22047

6. CVE-2023-22047

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

7. CVE-2022-40684

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

https://nvd.nist.gov/vuln/detail/CVE-2022-40684

8. CVE-2019-1181

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.

https://nvd.nist.gov/vuln/detail/CVE-2019-1181

9. CVE-2006-5051

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

https://nvd.nist.gov/vuln/detail/CVE-2006-5051

10. CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

https://nvd.nist.gov/vuln/detail/CVE-2025-2704

Opinion, OSINT, Tips

Evaluating OSINT: Why It Matters and How to Do It Right

by Daniel Collyer

April 22, 2025

Open Source Intelligence (OSINT) has become a cornerstone of modern intelligence work — from cyber threat analysis to corporate due diligence and investigative journalism. With a wealth of publicly available information just a few clicks away, the real challenge no longer lies in accessing data, but in determining its value.

Not all sources are equal, and not all information should be trusted at face value. In an age of misinformation, spoofed identities, and manipulated content, the ability to critically evaluate OSINT is essential. Whether you’re conducting research for a security operation or building a threat profile, understanding how to assess the credibility, accuracy, and relevance of your findings is what turns raw data into actionable intelligence.

In this blog, we’ll explore why evaluation is such a crucial stage in the OSINT process, introduce key criteria and techniques for assessing intelligence, and provide practical advice to help you strengthen your evaluation skills.

Why Evaluation Matters in OSINT

The open nature of OSINT is both its greatest strength and its biggest vulnerability. While the accessibility of public data allows for rich and diverse intelligence gathering, it also means the information collected can be incomplete, misleading, outdated, or deliberately false. Without rigorous evaluation, even the most promising-looking data can lead analysts down the wrong path.

In security contexts, acting on flawed intelligence can have serious consequences — from reputational damage and wasted resources to operational failure or legal risk. A single unverified claim from an untrustworthy source can compromise an entire investigation or response effort.

It’s also important to distinguish between data, information, and intelligence. OSINT collection yields data — raw, unprocessed facts. When those facts are organised and given context, they become information. But it’s only through evaluation — the process of assessing accuracy, reliability, and relevance — that information is transformed into intelligence that decision-makers can act on with confidence.

In short, evaluation is what separates noise from insight. It’s not just a good practice — it’s a critical step that determines the overall value and credibility of your intelligence output.

Core Evaluation Criteria

Evaluating OSINT effectively requires a structured approach. Rather than relying on gut instinct or assumptions, analysts should assess each piece of information against a set of established criteria. This ensures consistency, reduces bias, and increases the likelihood that your final intelligence product will be trusted and actionable.

Here are five key criteria that can guide your evaluation process:

1. Relevance

Does the information directly relate to your intelligence requirement or objective? OSINT can be full of interesting but tangential details. Focusing only on what is relevant ensures your analysis remains targeted and efficient.

2. Reliability

Is the source trustworthy? Consider the origin of the data — is it a reputable website, a verified account, or a known organisation? Or is it an anonymous post on a forum with no verifiable backing? The credibility of the source often dictates the reliability of the information it provides.

3. Accuracy

Is the information factually correct? Has it been corroborated by other sources? Are there inconsistencies, errors, or signs of manipulation? Verifying accuracy is especially important when dealing with fast-moving events or user-generated content.

4. Timeliness

Is the data current? Outdated information can skew your analysis, particularly in areas like cybersecurity or geopolitical monitoring where things change rapidly. Always check publication dates and consider whether the information still reflects the present reality.

5. Objectivity

Is the content neutral, or does it show bias? Be wary of emotionally charged language, persuasive tone, or content designed to provoke. Identifying whether the source has an agenda can help you judge how much weight to give the information.

Using the Admiralty Code

One widely recognised method for evaluating sources and information is the Admiralty Code, also known as the NATO Source Reliability and Information Credibility grading system. It uses a two-part alphanumeric rating to assess:

Source Reliability (A–F) – how dependable the source is based on past performance, access to information, and known biases.
Information Credibility (1–6) – how believable the information is, based on corroboration, plausibility, and consistency with known facts.

For example, a rating of A1 indicates a highly reliable source providing confirmed information, while E5 might flag a questionable source offering unconfirmed or implausible content. While originally designed for military intelligence, the Admiralty Code can be adapted to OSINT workflows to provide a quick yet effective way of scoring confidence in your findings.

By combining the Admiralty Code with the core evaluation criteria above, analysts can create a more transparent, defensible assessment process that supports better decision-making.

Source Evaluation Techniques

Once you’ve identified what you’re looking for and established your evaluation criteria, the next step is to put those principles into practice. Evaluating sources effectively requires both critical thinking and a methodical approach. Below are some techniques that can help analysts assess the credibility, authenticity, and relevance of open source material.

1. Corroboration Across Multiple Sources

One of the most effective ways to validate information is through corroboration. Can the same information be found across multiple independent, reputable sources? If different, unrelated sources are reporting the same facts, confidence in the information naturally increases. Be mindful, however, of information echo chambers — where multiple outlets are simply republishing or citing the same original (and possibly flawed) source.

2. Trace the Original Source

Always seek the original source of information rather than relying on summaries, screenshots, or secondary reporting. When analysing a news story, forum post, or leaked document, trace it back to its origin to assess context, authenticity, and potential manipulation. Metadata, timestamps, and file properties can offer valuable clues in verifying source integrity.

3. Use of Source Grading Systems

Incorporating a formal source grading system, such as the Admiralty Code, adds structure to your evaluation. Assigning a reliability and credibility rating to each source not only helps prioritise information but also makes your intelligence product more transparent and defensible.

4. Evaluate Digital Footprints

For online content, take time to assess the digital presence of the source. Does a social media profile show a consistent identity over time, or does it exhibit signs of automation or inauthentic behaviour? Techniques such as reverse image searches, domain registration checks (WHOIS), and historical snapshots (via the Wayback Machine) can help verify source history and legitimacy.

5. Consider the Source’s Motivation and Bias

Understanding why a source is publishing certain information can help contextualise its reliability. Is the content investigative, promotional, political, or satirical? Is it user-generated or professionally produced? Analysing tone, language, and publication history can reveal bias or intent that may affect credibility.

6. Balance Automation with Human Judgement

While automated tools like browser plugins, scraping utilities, and AI classifiers can assist in sorting and filtering OSINT, human evaluation remains essential. Algorithms can flag suspicious patterns, but they may miss nuance, satire, or contextual subtleties. The most effective OSINT analysts use tools to support — not replace — critical thinking.

By applying these techniques consistently, analysts can reduce the risk of misinformation, increase the quality of their assessments, and build intelligence that decision-makers can trust. Evaluation isn’t just a stage in the process — it’s an ongoing discipline throughout the lifecycle of any OSINT investigation.

Practical Tips for Evaluators

Even with a solid framework and a set of reliable techniques, OSINT evaluation often comes down to the fine details — the subtle clues, the consistency checks, and the instinct honed by experience. This section offers practical, hands-on advice to help you refine your evaluation skills and avoid common pitfalls.

1. Keep an Evaluation Log

Maintain a record of how you’ve assessed each source — including decisions around credibility, context, and any verification steps taken. This is especially important in collaborative environments or when intelligence may need to be defended later. Tools like analyst notebooks, spreadsheets, or structured databases can help you track this clearly.

2. Use Source Checklists

Create a simple checklist to run through each time you assess a source. This could include prompts like:

Does the source have a known history or digital presence?
Is the information supported by others?
Can I identify any potential bias?
What’s the Admiralty Code rating?
Having a repeatable checklist reduces oversight and builds consistency in your process.

3. Beware of Confirmation Bias

It’s easy to give more weight to information that aligns with your assumptions or desired outcomes. Make a conscious effort to challenge your own conclusions by seeking contradictory or alternative views. A good analyst considers what’s missing, not just what’s present.

4. Apply Lateral Reading

When evaluating websites or media content, use lateral reading — that is, open other tabs to research the author, domain, or claims from outside sources rather than staying within the original source’s ecosystem. This is especially useful when verifying unfamiliar outlets or detecting disinformation.

5. Factor in Context and Culture

Context matters. A piece of content that appears misleading may be satire, a mistranslation, or culturally specific. Understanding the context in which content was created — including language, location, and intended audience — can significantly impact how it should be interpreted and evaluated.

6. Treat OSINT Like Evidence

Approach OSINT evaluation with the same care and scrutiny as if you were handling physical evidence. Every claim should be backed by verification or flagged as unconfirmed. If there are gaps or assumptions, make them explicit. This rigour supports better intelligence products and protects your credibility as an analyst.

While critical thinking is at the heart of any good OSINT evaluation, the right tools can streamline your workflow, support verification, and uncover valuable context. These tools don’t replace human judgement — but they do enhance your ability to assess the reliability, credibility, and relevance of open source material.

Below is a selection of tools, grouped by function, that can support your evaluation efforts:

Source Verification and Reputation

WHOIS Lookup (e.g. Whois.domaintools.com, ViewDNS.info)
Check domain registration details to assess how long a site has been active and who owns it.
Wayback Machine (archive.org)
View historical versions of web pages to track changes or confirm the existence of content at a given time.
DomainTools Iris or RiskIQ PassiveTotal
More advanced tools for investigating infrastructure, subdomains, and digital footprints of websites.

Media and Content Verification

Google Reverse Image Search / TinEye / Yandex
Check whether images are original or reused across different contexts, possibly indicating misinformation.
InVID / WeVerify Toolkit
Useful for verifying videos and images from social media, checking for manipulation or date/location mismatches.
Metadata Extractors (e.g. ExifTool)
Analyse image and file metadata to identify origin, device, and timestamps — where available.

Social Media Evaluation

Account Analysis Tools (e.g. WhoisThisProfile, Social Searcher)
Evaluate the activity and legitimacy of social media accounts by checking post history, bio details, and follower patterns.
Hoaxy
Visualises how information spreads across Twitter — useful for identifying echo chambers, bots, or coordinated disinformation.

Information Cross-Referencing

Google Advanced Search / Operators
Use search modifiers (like site:, intitle:, or filetype:) to hone in on credible or official sources.
OSINT Framework (osintframework.com)
Not a tool itself, but a curated directory of tools and resources for various OSINT tasks — including evaluation and verification.

Structured Evaluation and Analysis

Maltego
Helps visualise and map relationships between entities (people, domains, IPs, etc.), useful for contextualising source networks.
Hunchly
A browser plugin that automatically captures and logs every page you visit, supporting transparency and traceability in your investigations.
IntelTechniques Workbook / Casefile
Structured templates and tools from the OSINT community that support methodical evaluation and reporting.

Case Study: Misidentification in the Boston Marathon Bombing

The 2013 Boston Marathon bombing provides a powerful example of how poor OSINT evaluation can lead to serious consequences. In the immediate aftermath of the attack, online communities — particularly Reddit — attempted to crowdsource intelligence to help identify the perpetrators.

The OSINT Effort

Amateur investigators analysed photos, videos, and social media posts to spot “suspicious” individuals in the crowd. One person in particular, Sunil Tripathi, a missing university student, was misidentified as a suspect based on vague visual similarities and unverified assumptions.

Reddit threads, Twitter posts, and even some journalists picked up on the speculation, causing his name and photo to circulate rapidly online. This led to distress for his family, public confusion, and the further spread of misinformation.

What Went Wrong?

No Source Validation: The photos used were low-resolution and out of context. No effort was made to verify the original source or timestamp.
Lack of Corroboration: Claims were amplified without independent verification or official confirmation.
Confirmation Bias: Users were looking for someone who looked like they could be a suspect, rather than critically evaluating the data.
Absence of a Structured Framework: There was no use of a system like the Admiralty Code to assess source reliability or information credibility.

The Impact

Authorities later confirmed that Tripathi had no involvement in the bombing — he had sadly died by suicide prior to the attack. The incident highlighted how untrained use of OSINT and failure to properly evaluate information can lead to serious reputational harm, emotional trauma, and the derailment of actual investigations.

This case shows that while open source intelligence can be powerful, it must be used responsibly. Without evaluation, it’s just noise — and in high-stakes situations, that noise can do real damage.

Conclusion: Evaluation Is the Heart of Effective OSINT

Open source intelligence has become a cornerstone of modern investigations, from cybersecurity and law enforcement to journalism and corporate risk. But the sheer volume of available information means that gathering data is no longer the hard part — evaluating it is.

As we’ve seen, the effectiveness of OSINT hinges not on what you collect, but on how you assess it. Poorly evaluated intelligence can mislead, cause harm, or result in missed opportunities. In contrast, well-evaluated OSINT builds clarity, confidence, and strategic value.

Whether you’re using the Admiralty Code, applying structured frameworks, or leveraging specialised tools, the goal remains the same: to produce intelligence that is accurate, reliable, and actionable. Evaluation isn’t a final step in the OSINT process — it’s woven throughout.

In an age where misinformation spreads faster than truth, the ability to critically evaluate open source material isn’t just a skill — it’s a responsibility.

Header Photo by Mike Kononov on Unsplash, balance Photo by Jeremy Thomas on Unsplash and tools Photo by Immo Wegmann on Unsplash.

https://nvd.nist.gov/vuln/detail/CVE-2019-16275

The SOS Intelligence CVE Chatter Weekly Top Ten – 21 April 2025

by Amir Hadzipasic

April 21, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2019-16275

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.

2. CVE-2021-35587

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2021-35587

3. CVE-2023-39810

An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.

https://nvd.nist.gov/vuln/detail/CVE-2023-39810

4. CVE-2018-17144

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

5. CVE-2023-27997

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

https://nvd.nist.gov/vuln/detail/CVE-2023-27997

6. CVE-2025-31201

This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

https://nvd.nist.gov/vuln/detail/CVE-2025-31201

7. CVE-2025-3248

Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.

https://nvd.nist.gov/vuln/detail/CVE-2025-3248

8. CVE-2024-10687

9. CVE-2024-21060

https://nvd.nist.gov/vuln/detail/CVE-2022-47522

10. CVE-2022-47522

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target’s MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target’s original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client’s pairwise encryption key.

The SOS Intelligence CVE Chatter Weekly Top Ten – 14 April 2025

by Amir Hadzipasic

April 14, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2024-10687

2. CVE-2024-21060