##
Updated at UTC 2025-09-18T04:55:26.329639
CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
---|---|---|---|---|---|---|---|
CVE-2025-23316 | 9.8 | 0.00% | 1 | 0 | 2025-09-17T22:15:37.260000 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in | |
CVE-2025-10644 | 9.4 | 0.00% | 1 | 0 | 2025-09-17T21:15:37.807000 | Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication By | |
CVE-2025-10643 | 9.1 | 0.00% | 1 | 0 | 2025-09-17T21:15:37.653000 | Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulne | |
CVE-2025-59340 | 9.8 | 0.00% | 1 | 0 | 2025-09-17T20:15:36.430000 | jinjava is a Java-based template engine based on django template syntax, adapted | |
CVE-2025-37123 | 8.8 | 0.17% | 2 | 0 | 2025-09-17T15:30:32 | A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnec | |
CVE-2025-37125 | 7.5 | 0.03% | 2 | 0 | 2025-09-17T15:30:32 | A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect | |
CVE-2025-37130 | 6.5 | 0.03% | 2 | 0 | 2025-09-17T15:30:32 | A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow | |
CVE-2025-37127 | 7.3 | 0.03% | 2 | 0 | 2025-09-17T15:30:32 | A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConn | |
CVE-2025-37126 | 7.2 | 0.11% | 2 | 0 | 2025-09-17T15:30:32 | A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways C | |
CVE-2025-37129 | 6.7 | 0.01% | 2 | 0 | 2025-09-17T15:30:32 | A vulnerable feature in the command line interface of EdgeConnect SD-WAN could a | |
CVE-2025-37131 | 4.9 | 0.03% | 2 | 0 | 2025-09-17T15:30:32 | A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote t | |
CVE-2025-34183 | 0 | 0.20% | 1 | 0 | 2025-09-17T15:15:42.780000 | Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its ser | |
CVE-2025-49728 | 4.0 | 0.03% | 2 | 0 | 2025-09-17T14:18:55.093000 | Cleartext storage of sensitive information in Microsoft PC Manager allows an una | |
CVE-2025-9447 | 7.8 | 0.01% | 2 | 0 | 2025-09-17T14:18:55.093000 | An Out-Of-Bounds Read vulnerability affecting the PAR file reading procedure in | |
CVE-2025-37124 | 8.6 | 0.04% | 2 | 0 | 2025-09-17T14:18:55.093000 | A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unaut | |
CVE-2025-37128 | 6.8 | 0.08% | 2 | 0 | 2025-09-17T14:18:55.093000 | A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gatewa | |
CVE-2025-8894 | 7.8 | 0.01% | 1 | 0 | 2025-09-17T14:18:55.093000 | A maliciously crafted PDF file, when parsed through certain Autodesk products, c | |
CVE-2025-9971 | 9.8 | 0.13% | 1 | 0 | 2025-09-17T12:30:58 | Certain models of Industrial Cellular Gateway developed by Planet Technology hav | |
CVE-2025-59458 | 8.4 | 0.00% | 2 | 0 | 2025-09-17T09:30:51 | In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.28 | |
CVE-2025-59455 | 4.2 | 0.00% | 2 | 0 | 2025-09-17T09:30:51 | In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due | |
CVE-2025-9449 | 7.8 | 0.01% | 2 | 0 | 2025-09-17T09:30:51 | A Use After Free vulnerability affecting the PAR file reading procedure in SOLID | |
CVE-2025-59457 | 7.7 | 0.00% | 2 | 0 | 2025-09-17T09:30:50 | In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed creden | |
CVE-2025-59456 | 5.5 | 0.00% | 2 | 0 | 2025-09-17T09:30:50 | In JetBrains TeamCity before 2025.07.2 path traversal was possible during projec | |
CVE-2025-9242 | None | 0.28% | 1 | 0 | 2025-09-17T09:30:50 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remot | |
CVE-2025-9450 | 7.8 | 0.01% | 2 | 0 | 2025-09-17T09:30:45 | A Use of Uninitialized Variable vulnerability affecting the JT file reading proc | |
CVE-2025-47967 | 4.7 | 0.07% | 2 | 0 | 2025-09-16T21:32:59 | Insufficient ui warning of dangerous operations in Microsoft Edge for Android al | |
CVE-2025-34184 | None | 0.63% | 1 | 0 | 2025-09-16T21:32:54 | Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS comm | |
CVE-2025-56706 | 8.0 | 0.10% | 1 | 0 | 2025-09-16T18:16:01.670000 | Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) | |
CVE-2025-8893 | 7.8 | 0.01% | 1 | 0 | 2025-09-16T15:32:45 | A maliciously crafted PDF file, when parsed through certain Autodesk products, c | |
CVE-2025-26710 | 3.5 | 0.02% | 1 | 0 | 2025-09-16T15:32:43 | There is an an information disclosure vulnerability in ZTE T5400. Due to imprope | |
CVE-2025-26711 | 5.7 | 0.02% | 1 | 0 | 2025-09-16T15:32:43 | There is an unauthorized access vulnerability in ZTE T5400. Due to improper perm | |
CVE-2025-43300 | 8.8 | 0.32% | 9 | 4 | 2025-09-16T14:08:16.943000 | An out-of-bounds write issue was addressed with improved bounds checking. This i | |
CVE-2025-59056 | 0 | 0.05% | 1 | 0 | 2025-09-16T12:49:16.060000 | FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, | |
CVE-2025-59331 | 0 | 0.05% | 1 | 0 | 2025-09-16T12:49:16.060000 | is-arrayish checks if an object can be used like an Array. On 8 September 2025, | |
CVE-2025-59144 | 0 | 0.05% | 1 | 0 | 2025-09-16T12:49:16.060000 | debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing | |
CVE-2025-59330 | None | 0.05% | 1 | 0 | 2025-09-15T23:58:07 | ### Impact On 8 September 2025, an npm publishing account for `error-ex` was tak | |
CVE-2025-59162 | None | 0.05% | 1 | 0 | 2025-09-15T23:32:38 | ### Impact On 8 September 2025, the npm publishing account for `color-convert` w | |
CVE-2025-59145 | None | 0.05% | 1 | 0 | 2025-09-15T22:03:30 | ### Impact On 8 September 2025, an npm publishing account for `color-name` was t | |
CVE-2025-59143 | None | 0.05% | 1 | 0 | 2025-09-15T21:59:09 | ### Impact On 8 September 2025, the npm publishing account for `color` was taken | |
CVE-2025-59142 | None | 0.05% | 1 | 0 | 2025-09-15T21:59:05 | ### Impact On 8 September 2025, the npm publishing account for `color-string` wa | |
CVE-2025-59141 | None | 0.05% | 1 | 0 | 2025-09-15T21:59:00 | ### Impact On 8 September 2025, the npm publishing account for `simple-swizzle` | |
CVE-2025-59140 | None | 0.05% | 1 | 0 | 2025-09-15T21:58:59 | ### Impact On 8 September 2025, the npm publishing account for `backslash` was t | |
CVE-2025-59360 | 9.8 | 0.48% | 1 | 0 | 2025-09-15T21:07:43 | The killProcesses mutation in Chaos Controller Manager is vulnerable to OS comma | |
CVE-2025-59359 | 9.8 | 0.48% | 1 | 1 | 2025-09-15T21:07:17 | The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command in | |
CVE-2025-59358 | 7.5 | 0.03% | 1 | 0 | 2025-09-15T21:06:37 | The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server wi | |
CVE-2025-6202 | None | 0.01% | 3 | 0 | 2025-09-15T18:32:08 | Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhamm | |
CVE-2025-58434 | 9.8 | 3.40% | 2 | 0 | template | 2025-09-15T15:31:16 | ### Summary The `forgot-password` endpoint in Flowise returns sensitive informa |
CVE-2025-58364 | 6.5 | 0.03% | 2 | 0 | 2025-09-15T15:22:38.297000 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik | |
CVE-2025-40300 | 0 | 0.04% | 3 | 0 | 2025-09-15T15:22:38.297000 | In the Linux kernel, the following vulnerability has been resolved: x86/vmscape | |
CVE-2025-59361 | 9.8 | 0.48% | 1 | 0 | 2025-09-15T15:21:42.937000 | The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS comma | |
CVE-2025-10442 | 6.3 | 2.35% | 1 | 0 | 2025-09-15T15:21:42.937000 | A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects t | |
CVE-2025-10443 | 8.8 | 0.09% | 1 | 0 | 2025-09-15T15:21:42.937000 | A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. Th | |
CVE-2025-4234 | 0 | 0.01% | 1 | 0 | 2025-09-15T15:21:42.937000 | A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can | |
CVE-2025-10440 | 6.3 | 0.43% | 1 | 0 | 2025-09-15T12:31:31 | A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, D | |
CVE-2025-10441 | 6.3 | 0.43% | 1 | 0 | 2025-09-15T12:31:31 | A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/1 | |
CVE-2025-10432 | 9.8 | 0.05% | 1 | 0 | 2025-09-15T09:30:29 | A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affect | |
CVE-2025-9086 | 7.5 | 0.05% | 1 | 0 | 2025-09-12T18:32:16 | 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is re | |
CVE-2025-10148 | 5.3 | 0.03% | 2 | 0 | 2025-09-12T18:32:11 | curl's websocket code did not update the 32 bit mask pattern for each new outgo | |
CVE-2025-9556 | 9.8 | 0.06% | 1 | 0 | 2025-09-12T15:31:42 | Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in | |
CVE-2025-5086 | 9.0 | 63.95% | 9 | 2 | template | 2025-09-12T13:40:47.133000 | A deserialization of untrusted data vulnerability affecting DELMIA Apriso from R |
CVE-2025-10266 | 9.8 | 0.08% | 1 | 0 | 2025-09-12T12:30:30 | NUP Pro developed by NewType Infortech has a SQL Injection vulnerability, allowi | |
CVE-2025-21043 | 8.8 | 0.10% | 10 | 0 | 2025-09-12T09:30:38 | Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 al | |
CVE-2025-9918 | 0 | 0.34% | 1 | 0 | 2025-09-11T17:14:10.147000 | A Path Traversal vulnerability in the archive extraction component in Google Sec | |
CVE-2025-10200 | 8.8 | 0.07% | 2 | 0 | 2025-09-11T17:14:10.147000 | Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339. | |
CVE-2025-10250 | 5.0 | 0.02% | 1 | 0 | 2025-09-11T12:31:30 | A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.0 | |
CVE-2025-55976 | 8.4 | 0.01% | 1 | 0 | 2025-09-10T21:31:21 | Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/w | |
CVE-2025-54236 | 9.1 | 0.33% | 10 | 1 | 2025-09-10T20:40:02 | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, | |
CVE-2025-29927 | 9.1 | 92.08% | 2 | 100 | template | 2025-09-10T15:49:40.637000 | Next.js is a React framework for building full-stack web applications. Starting |
CVE-2025-9994 | 9.8 | 0.06% | 1 | 0 | 2025-09-10T14:15:44.493000 | The Amp’ed RF BT-AP 111 Bluetooth access point's HTTP admin interface does not h | |
CVE-2025-10159 | 9.8 | 0.16% | 1 | 0 | 2025-09-09T21:30:39 | An authentication bypass vulnerability allows remote attackers to gain administr | |
CVE-2025-55234 | 8.8 | 0.53% | 1 | 1 | 2025-09-09T18:31:31 | SMB Server might be susceptible to relay attacks depending on the configuration. | |
CVE-2025-54911 | 7.3 | 0.06% | 1 | 0 | 2025-09-09T18:31:27 | Use after free in Windows BitLocker allows an authorized attacker to elevate pri | |
CVE-2025-40804 | 9.1 | 0.04% | 1 | 0 | 2025-09-09T16:28:43.660000 | A vulnerability has been identified in SIMATIC Virtualization as a Service (SIVa | |
CVE-2025-40795 | 9.8 | 0.15% | 1 | 0 | 2025-09-09T09:31:19 | A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMA | |
CVE-2025-42944 | 10.0 | 0.04% | 2 | 1 | 2025-09-09T03:30:19 | Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated atta | |
CVE-2025-49457 | 9.6 | 0.09% | 1 | 0 | 2025-09-08T15:44:28.283000 | Untrusted search path in certain Zoom Clients for Windows may allow an unauthent | |
CVE-2025-55241 | 9.0 | 0.08% | 5 | 0 | 2025-09-05T17:47:10.303000 | Azure Entra Elevation of Privilege Vulnerability | |
CVE-2025-55190 | 9.9 | 0.04% | 3 | 0 | 2025-09-05T17:47:10.303000 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In ver | |
CVE-2025-38494 | None | 0.03% | 2 | 0 | 2025-08-28T15:31:40 | In the Linux kernel, the following vulnerability has been resolved: HID: core: | |
CVE-2025-5821 | 9.8 | 0.22% | 2 | 0 | 2025-08-25T20:24:45.327000 | The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass | |
CVE-2025-53187 | 7.0 | 0.08% | 1 | 0 | 2025-08-21T12:31:42 | Improper Control of Generation of Code ('Code Injection') vulnerability in ABB A | |
CVE-2025-53136 | 5.5 | 0.06% | 10 | 0 | 2025-08-12T18:31:31 | Exposure of sensitive information to an unauthorized actor in Windows NT OS Kern | |
CVE-2025-54381 | 9.9 | 0.29% | 2 | 2 | 2025-08-05T15:41:26.900000 | BentoML is a Python library for building online serving systems optimized for AI | |
CVE-2025-32711 | 9.3 | 0.40% | 1 | 1 | 2025-08-04T18:15:34.497000 | Ai command injection in M365 Copilot allows an unauthorized attacker to disclose | |
CVE-2025-49704 | 8.8 | 70.38% | 1 | 0 | 2025-07-30T01:00:01.490000 | Improper control of generation of code ('code injection') in Microsoft Office Sh | |
CVE-2025-53771 | 6.3 | 7.02% | 1 | 2 | 2025-07-22T21:32:17 | Improper limitation of a pathname to a restricted directory ('path traversal') i | |
CVE-2025-24919 | 8.2 | 0.15% | 1 | 0 | 2025-06-14T00:30:28 | A deserialization of untrusted input vulnerability exists in the cvhDecapsulateC | |
CVE-2025-3052 | 8.3 | 0.02% | 1 | 0 | 2025-06-10T21:31:31 | An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for co | |
CVE-2025-31324 | 10.0 | 30.27% | 1 | 19 | template | 2025-05-02T15:31:16 | SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper a |
CVE-2021-39275 | 9.8 | 44.80% | 2 | 0 | 2025-05-01T15:39:40.260000 | ap_escape_quotes() may write beyond the end of a buffer when given malicious inp | |
CVE-2025-24132 | 6.5 | 0.01% | 1 | 2 | 2025-05-01T15:31:39 | The issue was addressed with improved memory handling. This issue is fixed in Ai | |
CVE-2024-50302 | 5.5 | 0.30% | 1 | 0 | 2025-03-10T20:26:51.137000 | In the Linux kernel, the following vulnerability has been resolved: HID: core: | |
CVE-2025-21692 | 7.8 | 0.03% | 1 | 1 | 2025-02-21T18:32:16 | In the Linux kernel, the following vulnerability has been resolved: net: sched: | |
CVE-2025-0108 | 9.1 | 94.01% | 1 | 6 | template | 2025-02-20T03:32:03 | An authentication bypass in the Palo Alto Networks PAN-OS software enables an un |
CVE-2020-1350 | 10.0 | 93.32% | 1 | 17 | 2025-02-07T18:32:09 | A remote code execution vulnerability exists in Windows Domain Name System serve | |
CVE-2024-7344 | 8.2 | 0.08% | 6 | 0 | 2025-01-22T15:41:04.577000 | Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execut | |
CVE-2024-50264 | 7.8 | 0.02% | 1 | 0 | 2024-12-11T15:15:14.343000 | In the Linux kernel, the following vulnerability has been resolved: vsock/virti | |
CVE-2024-0132 | 9.1 | 5.24% | 1 | 2 | 2024-10-29T19:48:12 | NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use | |
CVE-2024-40766 | 9.3 | 9.41% | 4 | 0 | 2024-09-06T18:32:29 | An improper access control vulnerability has been identified in the SonicWall So | |
CVE-2024-42531 | 9.8 | 0.29% | 1 | 0 | 2024-08-23T21:31:47 | Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to ac | |
CVE-2024-41623 | 9.8 | 0.43% | 1 | 0 | 2024-08-23T18:32:59 | An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a l | |
CVE-2021-40438 | 9.1 | 94.44% | 2 | 10 | template | 2024-07-24T18:32:20 | A crafted request uri-path can cause mod_proxy to forward the request to an orig |
CVE-2024-31497 | None | 18.16% | 1 | 5 | 2024-04-17T00:31:29 | In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an | |
CVE-2010-1378 | 9.8 | 0.23% | 1 | 0 | 2024-02-23T05:05:13 | OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithme | |
CVE-2024-21907 | 7.5 | 3.03% | 1 | 0 | 2024-01-03T20:06:37 | Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due t | |
CVE-2023-2668 | 6.3 | 0.12% | 1 | 0 | 2023-11-10T05:03:55 | A vulnerability was found in SourceCodester Lost and Found Information System 1. | |
CVE-2020-14198 | 7.5 | 2.21% | 1 | 0 | 2023-01-31T05:02:37 | Bitcoin Core 0.20.0 allows remote denial of service. | |
CVE-2025-10585 | 0 | 0.00% | 2 | 0 | N/A | ||
CVE-2025-10155 | 0 | 0.26% | 1 | 0 | N/A | ||
CVE-2025-59334 | 0 | 0.12% | 1 | 0 | N/A | ||
CVE-2025-58060 | 0 | 0.02% | 2 | 0 | N/A | ||
CVE-2025-55211 | 0 | 0.05% | 1 | 0 | N/A | ||
CVE-2025-57819 | 0 | 37.34% | 3 | 9 | template | N/A |
updated 2025-09-17T22:15:37.260000
1 posts
🔴 CVE-2025-23316: NVIDIA Triton Inference Server (pre-25.08) suffers from CRITICAL OS Command Injection via Python backend—attackers can trigger RCE, DoS, & data leaks. Patch now & restrict API access! https://radar.offseq.com/threat/cve-2025-23316-cwe-78-improper-neutralization-of-s-cd4be2a2 #OffSeq #NVIDIA #Vuln #AIsecurity
##updated 2025-09-17T21:15:37.807000
1 posts
🚨 CVE-2025-10644 (CRITICAL, 9.4 CVSS) affects Wondershare Repairit 6.5.2—incorrect SAS token privileges enable unauthenticated remote code execution. Restrict access, monitor endpoints, and prep for patch. Details: https://radar.offseq.com/threat/cve-2025-10644-cwe-266-incorrect-privilege-assignm-899b2543 #OffSeq #Vuln #SupplyChain
##updated 2025-09-17T21:15:37.653000
1 posts
🚨 CRITICAL: CVE-2025-10643 in Wondershare Repairit 6.5.2 allows remote auth bypass via misassigned permissions. No patch yet—audit, segment, and restrict access. Monitor for exploitation. More: https://radar.offseq.com/threat/cve-2025-10643-cwe-732-incorrect-permission-assign-8d9fd377 #OffSeq #Vulnerability #Infosec #CVE202510643
##updated 2025-09-17T20:15:36.430000
1 posts
⚠️ CRITICAL: CVE-2025-59340 in HubSpot jinjava (<2.8.1) allows RCE via unsafe deserialization—attackers can escape the sandbox and access local files. Patch to 2.8.1+ ASAP. Full details: https://radar.offseq.com/threat/cve-2025-59340-cwe-1336-improper-neutralization-of-b51614b8 #OffSeq #CVE202559340 #Java #AppSec
##updated 2025-09-17T15:30:32
2 posts
Oh there's more.
https://www.cve.org/CVERecord?id=CVE-2025-37123
##Oh there's more.
https://www.cve.org/CVERecord?id=CVE-2025-37123
##updated 2025-09-17T15:30:32
2 posts
Oh there's more.
https://www.cve.org/CVERecord?id=CVE-2025-37123
##Oh there's more.
https://www.cve.org/CVERecord?id=CVE-2025-37123
##updated 2025-09-17T15:30:32
2 posts
HPE published some post-auth CVEs in their SD-WAN product.
https://www.cve.org/CVERecord?id=CVE-2025-37126
https://www.cve.org/CVERecord?id=CVE-2025-37127
https://www.cve.org/CVERecord?id=CVE-2025-37128
https://www.cve.org/CVERecord?id=CVE-2025-37129
##HPE published some post-auth CVEs in their SD-WAN product.
https://www.cve.org/CVERecord?id=CVE-2025-37126
https://www.cve.org/CVERecord?id=CVE-2025-37127
https://www.cve.org/CVERecord?id=CVE-2025-37128
https://www.cve.org/CVERecord?id=CVE-2025-37129
##updated 2025-09-17T15:30:32
2 posts
HPE published some post-auth CVEs in their SD-WAN product.
https://www.cve.org/CVERecord?id=CVE-2025-37126
https://www.cve.org/CVERecord?id=CVE-2025-37127
https://www.cve.org/CVERecord?id=CVE-2025-37128
https://www.cve.org/CVERecord?id=CVE-2025-37129
##HPE published some post-auth CVEs in their SD-WAN product.
https://www.cve.org/CVERecord?id=CVE-2025-37126
https://www.cve.org/CVERecord?id=CVE-2025-37127
https://www.cve.org/CVERecord?id=CVE-2025-37128
https://www.cve.org/CVERecord?id=CVE-2025-37129
##updated 2025-09-17T15:30:32
2 posts
HPE published some post-auth CVEs in their SD-WAN product.
https://www.cve.org/CVERecord?id=CVE-2025-37126
https://www.cve.org/CVERecord?id=CVE-2025-37127
https://www.cve.org/CVERecord?id=CVE-2025-37128
https://www.cve.org/CVERecord?id=CVE-2025-37129
##HPE published some post-auth CVEs in their SD-WAN product.
https://www.cve.org/CVERecord?id=CVE-2025-37126
https://www.cve.org/CVERecord?id=CVE-2025-37127
https://www.cve.org/CVERecord?id=CVE-2025-37128
https://www.cve.org/CVERecord?id=CVE-2025-37129
##updated 2025-09-17T15:30:32
2 posts
HPE published some post-auth CVEs in their SD-WAN product.
https://www.cve.org/CVERecord?id=CVE-2025-37126
https://www.cve.org/CVERecord?id=CVE-2025-37127
https://www.cve.org/CVERecord?id=CVE-2025-37128
https://www.cve.org/CVERecord?id=CVE-2025-37129
##HPE published some post-auth CVEs in their SD-WAN product.
https://www.cve.org/CVERecord?id=CVE-2025-37126
https://www.cve.org/CVERecord?id=CVE-2025-37127
https://www.cve.org/CVERecord?id=CVE-2025-37128
https://www.cve.org/CVERecord?id=CVE-2025-37129
##updated 2025-09-17T15:30:32
2 posts
HPE published some post-auth CVEs in their SD-WAN product.
https://www.cve.org/CVERecord?id=CVE-2025-37126
https://www.cve.org/CVERecord?id=CVE-2025-37127
https://www.cve.org/CVERecord?id=CVE-2025-37128
https://www.cve.org/CVERecord?id=CVE-2025-37129
##HPE published some post-auth CVEs in their SD-WAN product.
https://www.cve.org/CVERecord?id=CVE-2025-37126
https://www.cve.org/CVERecord?id=CVE-2025-37127
https://www.cve.org/CVERecord?id=CVE-2025-37128
https://www.cve.org/CVERecord?id=CVE-2025-37129
##updated 2025-09-17T15:15:42.780000
1 posts
🚨 CVE-2025-34183: Ilevia EVE X1 Server ≤4.7.18.0.eden logs plaintext creds in .log files—unauth’d remote attackers can compromise systems. Restrict log access & monitor for abuse until patched. https://radar.offseq.com/threat/cve-2025-34183-cwe-532-insertion-of-sensitive-info-d37fa94d #OffSeq #CVE202534183 #vuln #infosec
##updated 2025-09-17T14:18:55.093000
2 posts
Microsoft updated its security guide yesterday with two entries: https://msrc.microsoft.com/update-guide #Microsoft #cybersecurity #infosec
Microsoft PC Manager Security Feature Bypass Vulnerability CVE-2025-49728 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49728
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
CVE-2025-47967 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967 #Microsoft #cybersecurity #infosec
Microsoft updated its security guide yesterday with two entries: https://msrc.microsoft.com/update-guide #Microsoft #cybersecurity #infosec
Microsoft PC Manager Security Feature Bypass Vulnerability CVE-2025-49728 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49728
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
CVE-2025-47967 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967 #Microsoft #cybersecurity #infosec
updated 2025-09-17T14:18:55.093000
2 posts
Some SOLIDWORKS CVEs for those that are interested.
https://www.cve.org/CVERecord?id=CVE-2025-9447
##Some SOLIDWORKS CVEs for those that are interested.
https://www.cve.org/CVERecord?id=CVE-2025-9447
##updated 2025-09-17T14:18:55.093000
2 posts
Oh there's more.
https://www.cve.org/CVERecord?id=CVE-2025-37123
##Oh there's more.
https://www.cve.org/CVERecord?id=CVE-2025-37123
##updated 2025-09-17T14:18:55.093000
2 posts
HPE published some post-auth CVEs in their SD-WAN product.
https://www.cve.org/CVERecord?id=CVE-2025-37126
https://www.cve.org/CVERecord?id=CVE-2025-37127
https://www.cve.org/CVERecord?id=CVE-2025-37128
https://www.cve.org/CVERecord?id=CVE-2025-37129
##HPE published some post-auth CVEs in their SD-WAN product.
https://www.cve.org/CVERecord?id=CVE-2025-37126
https://www.cve.org/CVERecord?id=CVE-2025-37127
https://www.cve.org/CVERecord?id=CVE-2025-37128
https://www.cve.org/CVERecord?id=CVE-2025-37129
##updated 2025-09-17T14:18:55.093000
1 posts
A couple whoopsies in some Autodesk products.
##updated 2025-09-17T12:30:58
1 posts
🚨 CRITICAL: CVE-2025-9971 in Planet ICG-2510WG-LTE (EU/US) exposes industrial gateways to unauthenticated remote manipulation (CWE-306). No patch — segment networks & restrict access now. https://radar.offseq.com/threat/cve-2025-9971-cwe-306-missing-authentication-for-c-bf9a01c7 #OffSeq #ICS #Vuln #CVE20259971
##updated 2025-09-17T09:30:51
2 posts
Anoyone care about Jetbrains?
https://www.jetbrains.com/privacy-security/issues-fixed
https://www.cve.org/CVERecord?id=CVE-2025-59455
https://www.cve.org/CVERecord?id=CVE-2025-59456
##Anoyone care about Jetbrains?
https://www.jetbrains.com/privacy-security/issues-fixed
https://www.cve.org/CVERecord?id=CVE-2025-59455
https://www.cve.org/CVERecord?id=CVE-2025-59456
##updated 2025-09-17T09:30:51
2 posts
Anoyone care about Jetbrains?
https://www.jetbrains.com/privacy-security/issues-fixed
https://www.cve.org/CVERecord?id=CVE-2025-59455
https://www.cve.org/CVERecord?id=CVE-2025-59456
##Anoyone care about Jetbrains?
https://www.jetbrains.com/privacy-security/issues-fixed
https://www.cve.org/CVERecord?id=CVE-2025-59455
https://www.cve.org/CVERecord?id=CVE-2025-59456
##updated 2025-09-17T09:30:51
2 posts
Some SOLIDWORKS CVEs for those that are interested.
https://www.cve.org/CVERecord?id=CVE-2025-9447
##Some SOLIDWORKS CVEs for those that are interested.
https://www.cve.org/CVERecord?id=CVE-2025-9447
##updated 2025-09-17T09:30:50
2 posts
Anoyone care about Jetbrains?
https://www.jetbrains.com/privacy-security/issues-fixed
https://www.cve.org/CVERecord?id=CVE-2025-59455
https://www.cve.org/CVERecord?id=CVE-2025-59456
##Anoyone care about Jetbrains?
https://www.jetbrains.com/privacy-security/issues-fixed
https://www.cve.org/CVERecord?id=CVE-2025-59455
https://www.cve.org/CVERecord?id=CVE-2025-59456
##updated 2025-09-17T09:30:50
2 posts
Anoyone care about Jetbrains?
https://www.jetbrains.com/privacy-security/issues-fixed
https://www.cve.org/CVERecord?id=CVE-2025-59455
https://www.cve.org/CVERecord?id=CVE-2025-59456
##Anoyone care about Jetbrains?
https://www.jetbrains.com/privacy-security/issues-fixed
https://www.cve.org/CVERecord?id=CVE-2025-59455
https://www.cve.org/CVERecord?id=CVE-2025-59456
##updated 2025-09-17T09:30:50
1 posts
🚨 CVE-2025-9242: CRITICAL out-of-bounds write in WatchGuard Fireware OS (11.10.2–11.12.4_Update1, 12.0–12.11.3, 2025.1). Remote unauthenticated code execution via IKEv2 VPN w/ dynamic peers. Isolate & monitor now! https://radar.offseq.com/threat/cve-2025-9242-cwe-787-out-of-bounds-write-in-watch-1286bb67 #OffSeq #WatchGuard #Vuln #InfoSec
##updated 2025-09-17T09:30:45
2 posts
Some SOLIDWORKS CVEs for those that are interested.
https://www.cve.org/CVERecord?id=CVE-2025-9447
##Some SOLIDWORKS CVEs for those that are interested.
https://www.cve.org/CVERecord?id=CVE-2025-9447
##updated 2025-09-16T21:32:59
2 posts
Microsoft updated its security guide yesterday with two entries: https://msrc.microsoft.com/update-guide #Microsoft #cybersecurity #infosec
Microsoft PC Manager Security Feature Bypass Vulnerability CVE-2025-49728 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49728
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
CVE-2025-47967 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967 #Microsoft #cybersecurity #infosec
Microsoft updated its security guide yesterday with two entries: https://msrc.microsoft.com/update-guide #Microsoft #cybersecurity #infosec
Microsoft PC Manager Security Feature Bypass Vulnerability CVE-2025-49728 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49728
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
CVE-2025-47967 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967 #Microsoft #cybersecurity #infosec
updated 2025-09-16T21:32:54
1 posts
🚨 CVE-2025-34184 (CRITICAL): Ilevia EVE X1 Server ≤4.7.18.0.eden is vulnerable to unauthenticated OS command injection via 'passwd' in /ajax/php/login.php. No patch—immediate isolation & WAF rules advised. https://radar.offseq.com/threat/cve-2025-34184-cwe-78-improper-neutralization-of-s-22f44d2e #OffSeq #Vulnerability #Infosec
##updated 2025-09-16T18:16:01.670000
1 posts
updated 2025-09-16T15:32:45
1 posts
A couple whoopsies in some Autodesk products.
##updated 2025-09-16T15:32:43
1 posts
updated 2025-09-16T15:32:43
1 posts
updated 2025-09-16T14:08:16.943000
9 posts
4 repos
https://github.com/XiaomingX/CVE-2025-43300-exp
https://github.com/hunters-sec/CVE-2025-43300
>new zero click exploit
>look inside
>media decoder vuln
every single time!
analysis: https://blog.quarkslab.com/patch-analysis-of-Apple-iOS-CVE-2025-43300.html
https://www.whatsapp.com/security/advisories/2025?lang=en_US
https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-43300.md
Apple releases security updates for iOS 18.7, macOS, iPadOS, and releases iOS 26 and macOS 26
Apple released critical security updates for iOS, iPadOS, and macOS addressing CVE-2025-43300, an actively exploited zero-day vulnerability in the ImageIO framework that was chained with a WhatsApp flaw in sophisticated spyware attacks targeting fewer than 200 high-profile individuals globally. The updates patch 13 additional vulnerabilities including privilege escalation flaws.
**Another big OS release from Apple. If you haven't updated your Apple devices with the emergency patch, update now to fix the exploited CVE-2025-43300. Even if you did patch, the regular update is a smart choice. Maybe wait and don't install iOS 26/ macOS Tahoe 26 until immediately, wait a month so you can see if anything bad happens.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-releases-security-updates-for-ios-18-7-macos-ipados-and-releases-ios-26-and-macos-26-o-h-7-y-q/gD2P6Ple2L
Apple Backports Fix per CVE-2025-43300 sfruttato in un attacco spyware sofisticato https://ransomfeed.it/news.php?id_news=nid&nid=230
##Apple releases security updates for iOS 18.7, macOS, iPadOS, and releases iOS 26 and macOS 26
Apple released critical security updates for iOS, iPadOS, and macOS addressing CVE-2025-43300, an actively exploited zero-day vulnerability in the ImageIO framework that was chained with a WhatsApp flaw in sophisticated spyware attacks targeting fewer than 200 high-profile individuals globally. The updates patch 13 additional vulnerabilities including privilege escalation flaws.
**Another big OS release from Apple. If you haven't updated your Apple devices with the emergency patch, update now to fix the exploited CVE-2025-43300. Even if you did patch, the regular update is a smart choice. Maybe wait and don't install iOS 26/ macOS Tahoe 26 until immediately, wait a month so you can see if anything bad happens.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-releases-security-updates-for-ios-18-7-macos-ipados-and-releases-ios-26-and-macos-26-o-h-7-y-q/gD2P6Ple2L
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack https://thehackernews.com/2025/09/apple-backports-fix-for-cve-2025-43300.html
##Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack https://thehackernews.com/2025/09/apple-backports-fix-for-cve-2025-43300.html
##Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack https://thehackernews.com/2025/09/apple-backports-fix-for-cve-2025-43300.html
##📣 EMERGENCY UPDATE 📣
Apple pushed additional updates for a zero-day that may have been actively exploited.
🐛 CVE-2025-43300 (ImageIO) additional patches:
- iOS and iPadOS 15.8.5
- iOS and iPadOS 16.7.12
CISA warns of Apple zero-day used in targeted cyberattacks | The Record from Recorded Future News
A recently disclosed vulnerability affecting Apple products has prompted an order for government organizations to patch the bug.
The Cybersecurity and Infrastructure Security Agency (CISA) gave civilian federal agencies until September 11 to implement a fix for CVE-2025-43300 — a vulnerability affecting popular brands of Apple phones, iPads and Macbooks.
##updated 2025-09-16T12:49:16.060000
1 posts
updated 2025-09-16T12:49:16.060000
1 posts
updated 2025-09-16T12:49:16.060000
1 posts
* contains malware after npm account takeover
https://www.cve.org/CVERecord?id=CVE-2025-59140
https://www.cve.org/CVERecord?id=CVE-2025-59141
https://www.cve.org/CVERecord?id=CVE-2025-59142
https://www.cve.org/CVERecord?id=CVE-2025-59143
##updated 2025-09-15T23:58:07
1 posts
updated 2025-09-15T23:32:38
1 posts
* contains malware after npm account takeover
https://www.cve.org/CVERecord?id=CVE-2025-59140
https://www.cve.org/CVERecord?id=CVE-2025-59141
https://www.cve.org/CVERecord?id=CVE-2025-59142
https://www.cve.org/CVERecord?id=CVE-2025-59143
##updated 2025-09-15T22:03:30
1 posts
updated 2025-09-15T21:59:09
1 posts
* contains malware after npm account takeover
https://www.cve.org/CVERecord?id=CVE-2025-59140
https://www.cve.org/CVERecord?id=CVE-2025-59141
https://www.cve.org/CVERecord?id=CVE-2025-59142
https://www.cve.org/CVERecord?id=CVE-2025-59143
##updated 2025-09-15T21:59:05
1 posts
* contains malware after npm account takeover
https://www.cve.org/CVERecord?id=CVE-2025-59140
https://www.cve.org/CVERecord?id=CVE-2025-59141
https://www.cve.org/CVERecord?id=CVE-2025-59142
https://www.cve.org/CVERecord?id=CVE-2025-59143
##updated 2025-09-15T21:59:00
1 posts
* contains malware after npm account takeover
https://www.cve.org/CVERecord?id=CVE-2025-59140
https://www.cve.org/CVERecord?id=CVE-2025-59141
https://www.cve.org/CVERecord?id=CVE-2025-59142
https://www.cve.org/CVERecord?id=CVE-2025-59143
##updated 2025-09-15T21:58:59
1 posts
* contains malware after npm account takeover
https://www.cve.org/CVERecord?id=CVE-2025-59140
https://www.cve.org/CVERecord?id=CVE-2025-59141
https://www.cve.org/CVERecord?id=CVE-2025-59142
https://www.cve.org/CVERecord?id=CVE-2025-59143
##updated 2025-09-15T21:07:43
1 posts
updated 2025-09-15T21:07:17
1 posts
1 repos
https://github.com/mrk336/Cluster-Chaos-Exploiting-CVE-2025-59359-for-Kubernetes-Takeover
updated 2025-09-15T21:06:37
1 posts
updated 2025-09-15T18:32:08
3 posts
Tiens, la recherche de l'EPFZ "Phoenix" (CVE-2025-6202) montre que des DIMM DDR5 (produites entre le 2021-1 et 2024-12) de SK Hynix, un de plus grand fabricant mondial de DRAM restent vulnérables au Rowhammer malgré des contre-mesures avancées intégrées dans la puce.
"Phoenix: Rowhammer Attacks on DDR5 with Self-Correcting Synchronization"
👇
https://comsec.ethz.ch/research/dram/phoenix/
⬇️
https://comsec-files.ethz.ch/papers/phoenix_sp26.pdf
⬇️
https://github.com/comsec-group/phoenix
Les chercheurs ont trouvé deux nouveaux schémas d’attaque et une méthode de synchronisation qui contournent les protections intégrées au DRAM.
Les bit-flips obtenus sont exploitables : lecture/écriture arbitraire via PTE, vol de clés RSA/SSH, et escalation vers root (moyenne ≈ 5 min 😵 ). L’ECC embarquée ne suffit pas.
Les auteurs recommandent et démontrent qu’un refresh ×3 empêche Phoenix de provoquer des bit-flips sur leurs tests, au prix d’une surcharge de perf mesurée (+~8%).
Modules DRAM non patchables — risque long terme selon les scenarios de la menace sur nos différents datacenters ou ordis...
PoC
👇
https://github.com/comsec-group/phoenix/tree/main/poc
https://vulnerability.circl.lu/vuln/CVE-2025-6202
#CyberVeille #DDR5 #DIMM #Phoenix #Hynix #Rowhammer #CVE_2025_6202
##"Phoenix is currently tracked as CVE-2025-6202 and received a high-severity score. It affects all DIMM RAM modules produced between January 2021 and December 2024."
New Phoenix attack bypasses Rowhammer defenses in DDR5 memory
https://www.bleepingcomputer.com/news/security/new-phoenix-attack-bypasses-rowhammer-defenses-in-ddr5-memory/
NB: "Rowhammer is a DRAM disturbance error that was first publicly reported in 2014 on DDR3"
Another rowhammer CVE.
##updated 2025-09-15T15:31:16
2 posts
Critical FlowiseAI password reset flaw exposes accounts to complete takeover
FlowiseAI has disclosed a critical vulnerability (CVE-2025-58434) in its password reset mechanism that allows unauthenticated attackers to compromise user accounts by exploiting valid reset tokens leaked in API response.
**THIS ONE IS URGENT AND IMPORTANT! Immediately upgrade to FlowiseAI 3.0.6 or later, because all your user accounts are exposed to account takeover. If you can't upgrade right away, disable public access to the /api/v1/account/forgot-password endpoint until you can patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-flowiseai-password-reset-flaw-exposes-accounts-to-complete-takeover-l-l-h-0-f/gD2P6Ple2L
CVE-2025-58434: Critical FlowiseAI Flaw Enables Full Account Takeover https://thecyberexpress.com/cve-2025-58434/ #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #Vulnerability #APIendpoints #CVE202558434 #CyberNews #FlowiseAI
##updated 2025-09-15T15:22:38.297000
2 posts
Vulnerabilities reported in CUPS system for Linux
Two vulnerabilities affect Linux CUPS printing systems: CVE-2025-58060 allows authentication bypass to gain unauthorized administrative access, while CVE-2025-58364 enables remote denial-of-service attacks through crafted printer responses. The authentication bypass has been patched in CUPS version 2.4.13, but the DoS vulnerability remains unpatched.
**Finally not an urgent patch. Ideally, if not used disable cups-browsed and plan an update of the cups packages.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/vulnerabilities-reported-in-cups-system-for-linux-s-1-6-5-c/gD2P6Ple2L
updated 2025-09-15T15:22:38.297000
3 posts
VMScape : Linux se protège de la nouvelle vulnérabilité ciblant les CPU Intel et AMD https://www.it-connect.fr/vmscape-linux-kvm-qemu-cve-2025-40300/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Cloud #Linux
##Mitigations for #vmscape have been merged to #Linux mainline and included in new stable and longterm #kernel versions released about an hour ago (like 6.16.7 or 6.12.47).
Vmscape is a vulnerability that essentially takes Spectre-v2 and attacks host userspace from a guest. It particularly affects hypervisors like #QEMU.
For more details see this #LinuxKernel merge commit https://git.kernel.org/torvalds/c/223ba8ee0a3986718c874b66ed24e7f87f6b8124, the doc changes in contains at https://git.kernel.org/torvalds/c/9969779d0803f5dcd4460ae7aca2bc3fd91bff12, or the following page from those that published the vulnerability:
It is tracked as #CVE-2025-40300
##updated 2025-09-15T15:21:42.937000
1 posts
updated 2025-09-15T15:21:42.937000
1 posts
Tenda
https://www.cve.org/CVERecord?id=CVE-2025-10443
https://www.cve.org/CVERecord?id=CVE-2025-10442
https://www.cve.org/CVERecord?id=CVE-2025-10432
D-Link
https://www.cve.org/CVERecord?id=CVE-2025-10441
https://www.cve.org/CVERecord?id=CVE-2025-10440
Intelbras
##updated 2025-09-15T15:21:42.937000
1 posts
Tenda
https://www.cve.org/CVERecord?id=CVE-2025-10443
https://www.cve.org/CVERecord?id=CVE-2025-10442
https://www.cve.org/CVERecord?id=CVE-2025-10432
D-Link
https://www.cve.org/CVERecord?id=CVE-2025-10441
https://www.cve.org/CVERecord?id=CVE-2025-10440
Intelbras
##updated 2025-09-15T15:21:42.937000
1 posts
PAN published some advisories today including a sev:LOW 0.5
for logging user creds in plaintext logs. Yes, I typed that correctly. They gave it a CVSS-BT score of 0.5
.
updated 2025-09-15T12:31:31
1 posts
Tenda
https://www.cve.org/CVERecord?id=CVE-2025-10443
https://www.cve.org/CVERecord?id=CVE-2025-10442
https://www.cve.org/CVERecord?id=CVE-2025-10432
D-Link
https://www.cve.org/CVERecord?id=CVE-2025-10441
https://www.cve.org/CVERecord?id=CVE-2025-10440
Intelbras
##updated 2025-09-15T12:31:31
1 posts
Tenda
https://www.cve.org/CVERecord?id=CVE-2025-10443
https://www.cve.org/CVERecord?id=CVE-2025-10442
https://www.cve.org/CVERecord?id=CVE-2025-10432
D-Link
https://www.cve.org/CVERecord?id=CVE-2025-10441
https://www.cve.org/CVERecord?id=CVE-2025-10440
Intelbras
##updated 2025-09-15T09:30:29
1 posts
Tenda
https://www.cve.org/CVERecord?id=CVE-2025-10443
https://www.cve.org/CVERecord?id=CVE-2025-10442
https://www.cve.org/CVERecord?id=CVE-2025-10432
D-Link
https://www.cve.org/CVERecord?id=CVE-2025-10441
https://www.cve.org/CVERecord?id=CVE-2025-10440
Intelbras
##updated 2025-09-12T18:32:16
1 posts
CVE-2025-9086: Out of bounds read for cookie path
Severity: Low
##updated 2025-09-12T18:32:11
2 posts
oops I got the affected version range wrong for CVE-2025-10148, it has now been updated
##CVE-2025-10148: predictable WebSocket mask
Severity: Low
##updated 2025-09-12T15:31:42
1 posts
LangChainGo template injection vulnerability enables arbitrary file access
LangChainGo is reporting a critical server-side template injection vulnerability (CVE-2025-9556) that allows attackers to read arbitrary files by injecting malicious Jinja2 directives like {% include '/etc/passwd' %} through the prompt interface.
**Another URGENT advisory. If you're using LangChainGo, immediately upgrade to version 0.18.2 or later because the template engine allows attackers to send template injection in the chat prompt and read any file on your server. Isolating doesn't help much, your users are your potential attackers.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/langchaingo-template-injection-vulnerability-enables-arbitrary-file-access-r-8-5-0-k/gD2P6Ple2L
updated 2025-09-12T13:40:47.133000
9 posts
2 repos
Critical flaw in DELMIA Apriso manufacturing software under active exploitation
CISA has issued an urgent warning about threat actors actively exploiting CVE-2025-5086, a critical deserialization vulnerability in DELMIA Apriso manufacturing software that enables remote code execution.
**If you use DELMIA Apriso factory software (any version from 2020 to 2025), make sure it's isolated and accessible only from trusted networks. Then check for security patches from Dassault Systèmes and apply them right away. Attackers are actively exploiting this system.**
#cybersecurity #infosec #advisory #ransomware
https://beyondmachines.net/event_details/critical-flaw-in-delmia-apriso-manufacturing-software-under-active-exploitation-q-y-9-u-w/gD2P6Ple2L
⚠️ CISA alert: Active exploitation of CVE-2025-5086 (RCE in Dassault DELMIA Apriso).
💡 Affects 2020–2025 releases
💡 Exploit = malicious SOAP requests → .NET payload execution
💡 Used in aerospace, auto, high-tech, and manufacturing sectors
💡 Patch deadline for U.S. agencies: Oct 2
Private enterprises should move with the same urgency.
👉 Follow @technadu for vulnerability + KEV updates.
Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning – Source:thehackernews.com https://ciso2ciso.com/critical-cve-2025-5086-in-delmia-apriso-actively-exploited-cisa-issues-warning-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Critical
##A critical bug in DELMIA Apriso now lets hackers remotely hijack systems—with malicious SOAP requests already in play. Is your production line prepared for this high-stakes vulnerability?
#cve20255086
#delmiaapriso
#cybersecurity
#vulnerability
#remotecodeexecution
🚨 CISA adds CVE-2025-5086 (Dassault DELMIA Apriso deserialization flaw) to the Known Exploited Vulnerabilities Catalog after active exploitation evidence.
⚠️ BOD 22-01 requires U.S. federal agencies to patch, but CISA urges all orgs to prioritize.
Do KEVs get top priority in your patching strategy?
👉 Follow @technadu for more updates.
##Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning https://thehackernews.com/2025/09/critical-cve-2025-5086-in-delmia-apriso.html
##Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning https://thehackernews.com/2025/09/critical-cve-2025-5086-in-delmia-apriso.html
##CISA has updated the KEV catalogue.
CVE-2025-5086: Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-5086
There are also several industrial advisories: https://www.cisa.gov/news-events/cybersecurity-advisories
From yesterday:
CISA Presents Vision for the Common Vulnerabilities and Exposures (CVE) Program https://www.cisa.gov/news-events/news/cisa-presents-vision-common-vulnerabilities-and-exposures-cve-program
The Mandate, Mission, and Momentum to lead the CVE Program into the Future belongs to CISA https://www.cisa.gov/news-events/news/mandate-mission-and-momentum-lead-cve-program-future-belongs-cisa #CISA #cybersecurity #infosec
##CVE ID: CVE-2025-5086
Vendor: Dassault Systèmes
Product: DELMIA Apriso
Date Added: 2025-09-11
Notes: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-5086 ; https://nvd.nist.gov/vuln/detail/CVE-2025-5086
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-5086
updated 2025-09-12T12:30:30
1 posts
🚨 CVE-2025-10266: CRITICAL SQL Injection in NewType Infortech NUP Portal (ver 0) lets unauthenticated attackers remotely access, modify, or delete DB data. No patch yet—enforce WAFs, restrict access, monitor logs. https://radar.offseq.com/threat/cve-2025-10266-cwe-89-improper-neutralization-of-s-cd78c7fe #OffSeq #SQLInjection #Vulnerability
##updated 2025-09-12T09:30:38
10 posts
Samsung has patched CVE-2025-21043, a critical Android image parsing vulnerability reported by WhatsApp in which attackers used malicious images in live attacks.
Read: https://hackread.com/samsung-android-image-parsing-vulnerability-attacks/
##Patchez votre appareil Samsung – CVE-2025-21043 : cette faille zero-day est activement exploitée ! https://www.it-connect.fr/samsung-cve-2025-21043-patch-android-septembre/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Samsung
##Samsung patches critical Vulnerability exploited in targeted attacks on Galaxy devices
Samsung patched multiple critical vulnerabilities in its September 2025 Security Maintenance Release, including an actively exploited zero-day vulnerability (CVE-2025-21043) in the libimagecodec.quram.so image parsing library that allows remote code execution on Samsung Galaxy devices.
**If you have a Samsung phone, keep up with the updates and make sure to update to the September 2025 patch when it's available. All Samsung phones have a flaw that's actively exploited. Waiting for an hour for the update to finish is easier hoping you won't be hacked.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/samsung-patches-critical-vulnerability-exploited-in-targeted-attacks-on-galaxy-devices-u-8-2-f-4/gD2P6Ple2L
Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks – Source:thehackernews.com https://ciso2ciso.com/samsung-fixes-critical-zero-day-cve-2025-21043-exploited-in-android-attacks-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Samsung
##Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks https://thehackernews.com/2025/09/samsung-fixes-critical-zero-day-cve.html
##Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks https://thehackernews.com/2025/09/samsung-fixes-critical-zero-day-cve.html
##Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks https://thehackernews.com/2025/09/samsung-fixes-critical-zero-day-cve.html
##updated 2025-09-11T17:14:10.147000
1 posts
LOL nice ../ Google LMAO
##A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a malicious ZIP archive containing path traversal sequences.
updated 2025-09-11T17:14:10.147000
2 posts
Google releases urgent Chrome update, patches critical vulnerability
Google released a critical Chrome security update addressing CVE-2025-10200, a use-after-free vulnerability in ServiceWorker that could enable remote code execution, along with a high-severity inappropriate implementation flaw in Mojo. The company is withholding detailed vulnerability information until the majority of users receive the automatic security patches.
**Once again - an critical patch for Chrome - Google is patching an critica flaw in Chrome. Not exploited yet, but the reward for the bug was huge, so there is a real danger of this flaw being exploited. Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-releases-urgent-chrome-update-patches-critical-vulnerability-a-u-u-k-s/gD2P6Ple2L
updated 2025-09-11T12:31:30
1 posts
The write-up on GitHub and the description in the CVE don't really match, but either way, go hack some EOL DJI shit.
https://github.com/ByteMe1001/DJI-Enhanced-WiFi-Weak-Cryptography
##updated 2025-09-10T21:31:21
1 posts
Tenda
https://www.cve.org/CVERecord?id=CVE-2025-10443
https://www.cve.org/CVERecord?id=CVE-2025-10442
https://www.cve.org/CVERecord?id=CVE-2025-10432
D-Link
https://www.cve.org/CVERecord?id=CVE-2025-10441
https://www.cve.org/CVERecord?id=CVE-2025-10440
Intelbras
##updated 2025-09-10T20:40:02
10 posts
1 repos
SessionReaper, unauthenticated RCE in Magento & Adobe Commerce (CVE-2025-54236) https://sansec.io/research/sessionreaper
##Adobe releases September 2025 patches for multiple products, warns of critical flaw in Adobe Commerce/Magento
Adobe's September 2025 security updates include a critical emergency patch for the "SessionReaper" vulnerability (CVE-2025-54236) affecting Commerce and Magento platforms, which allows unauthenticated attackers to take control of customer accounts through the REST API and is expected to enable automated large-scale account takeovers and fraudulent transactions. The patch release also addresses multiple critical vulnerabilities in Acrobat, Premiere Pro, ColdFusion, and Experience Manager.
**If you are using Adobe Commerce/Magento this advisory is URGENT AND IMPORTANT - Patch your Commerce/Magento IMMEDIATELY. For everyone else, high priority patching is Adobe Acrobat/Reader and Cold Fusion. Then review the advisory for the rest of the Adobe products you use.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/adobe-releases-september-2025-patches-for-multiple-products-v-5-g-g-3/gD2P6Ple2L
Adobe Issues Urgent Patch for ‘SessionReaper’ Vulnerability in Commerce and Magento https://thecyberexpress.com/adobe-commerce-flaw-cve-2025-54236/ #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #AdobeCommerce #SessionReaper #CVE202554236 #CyberNews #Magento
##⚠️ si tu administres (ou sais que) ton site e-commerce tourne sur Magento / Adobe Commerce : c’est LE moment de le mettre à jour
Une faille critique baptisée SessionReaper (CVE-2025-54236) a été rendue publique. Elle permet à un attaquant, sans aucune authentification, de prendre le contrôle d’une boutique en ligne, d’accéder aux comptes clients… et dans certains cas d’exécuter du code à distance sur le serveur.
👉 En clair : risque important de vol d’infos de paiement, compromission massive de boutiques, déploiement de malwares.
Adobe a publié un patch d’urgence hors calendrier
👇
https://helpx.adobe.com/security/products/magento/apsb25-88.html
⬇️
https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397
Selon la société spécialisée Sansec:
« Cela n’aide pas que le patch Adobe ait fuité accidentellement la semaine dernière, donc il est possible que des acteurs malveillants travaillent déjà sur un code d’exploitation. »
(https://sansec.io/research/sessionreaper)
Qui est concerné ?
Adobe Commerce (tous déploiements) : 2.4.9-alpha2 et toutes les versions antérieures jusqu’à 2.4.4-p15 inclus
Magento Open Source : mêmes versions affectées
Adobe Commerce B2B : 1.5.3-alpha2 et antérieures jusqu’à 1.3.3-p15 inclus
Module Custom Attributes Serializable : 0.1.0 → 0.4.0
Que faire ?
Appliquer dès que possible le patch 👉 Adobe APSB25-88
Tester vos personnalisations : ce correctif désactive certaines fonctions internes, certains modules tiers risquent de casser
Si vous ne pouvez patcher dans les prochaines heures → activez un WAF (Fastly ou Sansec Shield). Adobe a déjà poussé de nouvelles règles WAF côté Cloud.
⚡ L’historique montre que les failles Magento de ce type (Shoplift 2015, TrojanOrder 2022, CosmicSting 2024…) sont exploitées (en masse) très rapidement et récursivement.
( https://vulnerability.circl.lu/vuln/CVE-2025-54236 )
#Magento #CyberVeille #AdobeCommerce #Cyberveille #CVE_2025_54236
##Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts https://thehackernews.com/2025/09/adobe-commerce-flaw-cve-2025-54236-lets.html
##Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts https://thehackernews.com/2025/09/adobe-commerce-flaw-cve-2025-54236-lets.html
##Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts https://thehackernews.com/2025/09/adobe-commerce-flaw-cve-2025-54236-lets.html
##Adobe patches critical SessionReaper flaw in Magento eCommerce platform
Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper...
🔗️ [Bleepingcomputer] https://link.is.it/mmUoFw
##Adobe patches critical SessionReaper flaw in Magento eCommerce platform
[...] Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of " the most severe" flaws in the history of the product.
##Should you find yourself in the unfortunate position of running (or being otherwise responsible for) a Magento / Adobe Commerce platform...you may wanna update _today_
https://sansec.io/research/sessionreaper
TL;DR CVE-2025-54236: possible unauthenticated RCE and customer account takeover
##updated 2025-09-10T15:49:40.637000
2 posts
100 repos
https://github.com/elshaheedy/CVE-2025-29927-Sigma-Rule
https://github.com/olimpiofreitas/CVE-2025-29927-scanner
https://github.com/m2hcz/PoC-for-Next.js-Middleware
https://github.com/aleongx/CVE-2025-29927
https://github.com/TheresAFewConors/CVE-2025-29927-Testing
https://github.com/kuzushiki/CVE-2025-29927-test
https://github.com/0xPThree/next.js_cve-2025-29927
https://github.com/Nekicj/CVE-2025-29927-exploit
https://github.com/Heimd411/CVE-2025-29927-PoC
https://github.com/nicknisi/next-attack
https://github.com/YEONDG/nextjs-cve-2025-29927
https://github.com/fahimalshihab/NextBypass
https://github.com/b4sh0xf/PoC-CVE-2025-29927
https://github.com/l1uk/nextjs-middleware-exploit
https://github.com/enochgitgamefied/NextJS-CVE-2025-29927
https://github.com/moften/CVE-2025-29927
https://github.com/iSee857/CVE-2025-29927
https://github.com/pickovven/vulnerable-nextjs-14-CVE-2025-29927
https://github.com/maronnjapan/claude-create-CVE-2025-29927
https://github.com/furmak331/CVE-2025-29927
https://github.com/BilalGns/CVE-2025-29927
https://github.com/Balajih4kr/cve-2025-29927
https://github.com/dedibagus/cve-2025-29927-poc
https://github.com/hed1ad/CVE-2025-29927
https://github.com/strobes-security/nextjs-vulnerable-app
https://github.com/mickhacking/Thank-u-Next
https://github.com/6mile/nextjs-CVE-2025-29927
https://github.com/emadshanab/CVE-2025-29927
https://github.com/lem0n817/CVE-2025-29927
https://github.com/mhamzakhattak/CVE-2025-29927
https://github.com/jmbowes/NextSecureScan
https://github.com/Knotsecurity/CVE-2025-29927-NextJs-Middleware-Simulation
https://github.com/0xPb1/Next.js-CVE-2025-29927
https://github.com/kh4sh3i/CVE-2025-29927
https://github.com/sagsooz/CVE-2025-29927
https://github.com/EQSTLab/CVE-2025-29927
https://github.com/0xnxt1me/CVE-2025-29927
https://github.com/arvion-agent/next-CVE-2025-29927
https://github.com/aydinnyunus/CVE-2025-29927
https://github.com/lirantal/vulnerable-nextjs-14-CVE-2025-29927
https://github.com/jeymo092/cve-2025-29927
https://github.com/MKIRAHMET/CVE-2025-29927-PoC
https://github.com/gotr00t0day/CVE-2025-29927
https://github.com/pixilated730/NextJS-Exploit-
https://github.com/ticofookfook/poc-nextjs-CVE-2025-29927
https://github.com/t3tra-dev/cve-2025-29927-demo
https://github.com/AnonKryptiQuz/NextSploit
https://github.com/Kamal-Hegazi/CVE-2025-29927-Next.js-Middleware-Authorization-Bypass
https://github.com/UNICORDev/exploit-CVE-2025-29927
https://github.com/rgvillanueva28/vulnbox-easy-CVE-2025-29927
https://github.com/adjscent/vulnerable-nextjs-14-CVE-2025-29927
https://github.com/serhalp/test-cve-2025-29927
https://github.com/Neoxs/nextjs-middleware-vuln-poc
https://github.com/Oyst3r1ng/CVE-2025-29927
https://github.com/Jull3Hax0r/next.js-exploit
https://github.com/alastair66/CVE-2025-29927
https://github.com/yugo-eliatrope/test-cve-2025-29927
https://github.com/SugiB3o/vulnerable-nextjs-14-CVE-2025-29927
https://github.com/ricsirigu/CVE-2025-29927
https://github.com/zs1n/CVE-2025-29927
https://github.com/c0dejump/CVE-2025-29927-check
https://github.com/alihussainzada/CVE-2025-29927-PoC
https://github.com/newweshi/CVE-2025-29927
https://github.com/sn1p3rt3s7/NextJS_CVE-2025-29927
https://github.com/ValGrace/middleware-auth-bypass
https://github.com/Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-29927
https://github.com/w2hcorp/CVE-2025-29927-PoC
https://github.com/ayato-shitomi/WebLab_CVE-2025-29927
https://github.com/Gokul-Krishnan-V-R/cve-2025-29927
https://github.com/sahbaazansari/CVE-2025-29927
https://github.com/aleongx/CVE-2025-29927_Scanner
https://github.com/darklotuskdb/nextjs-CVE-2025-29927-hunter
https://github.com/ethanol1310/POC-CVE-2025-29927-
https://github.com/websecnl/CVE-2025-29927-PoC-Exploit
https://github.com/pouriam23/Next.js-Middleware-Bypass-CVE-2025-29927-
https://github.com/MuhammadWaseem29/CVE-2025-29927-POC
https://github.com/kOaDT/poc-cve-2025-29927
https://github.com/0xWhoknows/CVE-2025-29927
https://github.com/ferpalma21/Automated-Next.js-Security-Scanner-for-CVE-2025-29927
https://github.com/RoyCampos/CVE-2025-29927
https://github.com/Ademking/CVE-2025-29927
https://github.com/0xcucumbersalad/cve-2025-29927
https://github.com/AventurineJ/CVE-2025-29927-Research
https://github.com/R3verseIN/Nextjs-middleware-vulnerable-appdemo-CVE-2025-29927
https://github.com/luq0x/0xMiddleware
https://github.com/fourcube/nextjs-middleware-bypass-demo
https://github.com/nocomp/CVE-2025-29927-scanner
https://github.com/enochgitgamefied/NextJS-CVE-2025-29927-Docker-Lab
https://github.com/dante01yoon/CVE-2025-29927
https://github.com/Kamal-418/Vulnerable-Lab-NextJS-CVE-2025-29927
https://github.com/yuzu-juice/CVE-2025-29927_demo
https://github.com/Grand-Moomin/Vuln-Next.js-CVE-2025-29927
https://github.com/Hirainsingadia/CVE-2025-29927
https://github.com/rubbxalc/CVE-2025-29927
https://github.com/Eve-SatOrU/POC-CVE-2025-29927
https://github.com/EarthAngel666/x-middleware-exploit
https://github.com/takumade/ghost-route
https://github.com/HoumanPashaei/CVE-2025-29927
🚨CVE-2025-29927: Next.js Middleware Bypass Vulnerability
PoC: https://github.com/AnonKryptiQuz/NextSploit
Credit: youtube.com/@aungsec
##🚨CVE-2025-29927: Next.js Middleware Bypass Vulnerability
PoC: https://github.com/AnonKryptiQuz/NextSploit
Credit: youtube.com/@aungsec
##updated 2025-09-10T14:15:44.493000
1 posts
Critical authentication bypass flaw reported in Amp'ed RF BT-AP 111 Bluetooth access point
Security researchers discovered a critical vulnerability (CVE-2025-9994) in the Amp'ed RF BT-AP 111 Bluetooth Access Point that completely lacks authentication controls, allowing any network user to access and modify all administrative settings through the HTTP interface. The vendor is not esponsive to security disclosures and no firmware updates are available.
**If you have Amp'ed RF BT-AP 111 Bluetooth Access Points, make sure they are isolated on a separate VLAN since they have no authentication protection on their admin interface, and there is no vendor patch. Consider replacing these devices entirely.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaw-reported-in-amp-ed-rf-bt-ap-111-bluetooth-access-point-b-9-a-0-z/gD2P6Ple2L
updated 2025-09-09T21:30:39
1 posts
Sophos patches critical authentication bypass flaw in AP6 Series wireless access points
Sophos patched a critical vulnerability (CVE-2025-10159) in its AP6 Series Wireless Access Points that could allow attackers to gain complete administrative control over affected devices running firmware prior to version 1.7.2563. The vulnerability requires access to the device's management IP address.
**If you have Sophos AP6 Series Wireless Access Points, first make sure the management port is isolated from the internet and accessible only from trusted networks. The check that they're running firmware version 1.7.2563 (MR7) or newer. If not, manually upgrade to the latest firmware.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sophos-patches-critical-authentication-bypass-flaw-in-ap6-series-wireless-access-points-b-a-9-9-g/gD2P6Ple2L
updated 2025-09-09T18:31:31
1 posts
1 repos
https://github.com/mrk336/Patch-the-Path-CVE-2025-55234-Detection-Defense
Microsoft's September 2025 Patch Tuesday patches 81 vulnerabilities, 13 critical, two publicly disclosed
Microsoft's September 2025 Patch Tuesday addressed 81 security vulnerabilities including two zero-day flaws—a Windows SMB elevation of privilege vulnerability (CVE-2025-55234) enabling authentication relay attacks and a Newtonsoft.Json issue in SQL Server (CVE-2024-21907) causing denial of service. The update included 13 critical vulnerabilities spanning Windows graphics components, Microsoft Office applications, Azure cloud services, and Hyper-V virtualization platform.
**This month prioritize Windows and Microsoft SQL Server for patching - most critical and zero-days vulnerabilities affect these flaws. Then focus on the Microsoft Office and Azure products.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-s-september-2025-patch-tuesday-patches-81-vulnerabilities-13-critical-two-publicly-disclosed-5-4-6-6-c/gD2P6Ple2L
updated 2025-09-09T18:31:27
1 posts
updated 2025-09-09T16:28:43.660000
1 posts
Critical vulnerability reported in Siemens SIMATIC Virtualization Service
Siemens disclosed a critical vulnerability (CVE-2025-40804) in its SIMATIC Virtualization as a Service (SIVaaS) platform that allows unauthenticated remote access to network shares containing critical industrial automation. The vulnerability affects all SIVaaS versions. There is no software patch, the fix is manual reconfiguration.
**If you have Siemens SIMATIC Virtualization as a Service (SIVaaS) systems, make sure they are isolated from any untrusted networks because they're exposing critical data on network shares. Then contact Siemens Technical Support since there's no software patch - they need to provide manual configuration fixes.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerability-reported-in-siemens-simatic-virtualization-service-s-7-7-f-l/gD2P6Ple2L
updated 2025-09-09T09:31:19
1 posts
Multiple vulnerabilities in Siemens User Management Component affect industrial control systems
Siemens disclosed multiple critical vulnerabilities in its User Management Component (UMC), including a stack-based buffer overflow (CVE-2025-40795) that allows unauthenticated remote attackers to execute arbitrary code with full system privileges. Patches are available for standalone UMC installations but Siemens has no planned fixes for embedded systems like SIMATIC PCS neo V4.1 and V5.0.
**If you have Siemens User Management Component (UMC), limit access to TCP ports 4002 and 4004 only to necessary systems. Then where possible, plan a quick update to version 2.15.1.3. Be aware that SIMATIC PCS neo V4.1 and V5.0 systems can't be patched and should be isolated from untrusted networks.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/multiple-vulnerabilities-in-siemens-user-management-component-affect-industrial-control-systems-u-s-d-4-y/gD2P6Ple2L
updated 2025-09-09T03:30:19
2 posts
1 repos
SAP fixes multiple critical flaws in September 2025 patch day, including maximum severity NetWeaver flaw
SAP's September 2025 Security Patch Day addressed 21 new vulnerabilities including a critical maximum-severity flaw (CVE-2025-42944) in SAP NetWeaver that allows unauthenticated attackers to achieve remote code execution through insecure deserialization.
**If you run SAP systems, review the advisory to check if you are affected. First priority is NetWeaver. Make sure the RMI-P4 port is isolated from the internet and accessible only from trusted systems. Then prioritize patching NetWeaver, it's already being targeted so we know hackers love it.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-fixes-multiple-critical-flaws-in-september-2025-patch-day-including-maximum-severity-netweaver-flaw-i-p-7-j-o/gD2P6Ple2L
updated 2025-09-08T15:44:28.283000
1 posts
Zoom releases multiple patches for Windows and macOS clients, at least one critical
Zoom patched multiple vulnerabilities across its Windows and macOS client applications, with the most critical being CVE-2025-49457, an untrusted search path vulnerability in Windows clients that allows unauthenticated attackers to conduct privilege escalation attacks via network access.
**If you're using Zoom products on Windows or macOS, update to the latest version (6.3.10 or newer). Prioritize Windows systems first since they face the highest risk (critical flaw), and ensure all Zoom products including Workplace, Rooms, and VDI clients are updated across your organization.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/zoom-releases-multiple-patches-for-windows-and-macos-clients-at-least-one-critical-1-t-1-8-3/gD2P6Ple2L
updated 2025-09-05T17:47:10.303000
5 posts
LOLSOB :lolsob: 🤦♂️ microsoft
🥸 ᴀᴄᴛᴏʀ ᴛᴏᴋᴇɴs 🥸
⬇️
"...Cette faille aurait pu me permettre de compromettre chaque tenant Entra ID dans le monde (sauf probablement ceux déployés dans les clouds nationaux). Si vous êtes administrateur Entra ID et que vous lisez ceci, oui, cela signifie un accès complet à votre tenant. La vulnérabilité se composait de deux éléments : des jetons d’impersonation non documentés, appelés “Actor tokens”, que Microsoft utilise en backend pour la communication service-à-service (S2S). De plus, il y avait une faille critique dans l’API (legacy) Azure AD Graph qui ne validait pas correctement le tenant d’origine, permettant l’utilisation de ces jetons pour un accès cross-tenant."
❗
👇
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
⬇️
https://cve.circl.lu/vuln/CVE-2025-55241#sightings
Dirk-jan Mollema, who discovered Zerologon (the most impactful on prem Active Directory vulnerability ever), has discovered an Azure Active Directory (EntraID) vulnerability which allowed anybody to take over any tenant - access any Microsoft 365 resource, basically. CVE-2025-55241
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
Edit: Tom Tervoort discovered ZeroLogon and Dirk-jan expanded upon it.
##So the other day I tooted that it is still magic that MSFT reports a CVE in Azure with a score of 10.0. But no clue or thing that you as a customer can do or should check for.
Today I learned that due to a researcher the problem in CVE-2025-55241 is resolved by MSFT.
Read the article of Dirk-jan and get surprised:
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
##LOLSOB :lolsob: 🤦♂️ microsoft
🥸 ᴀᴄᴛᴏʀ ᴛᴏᴋᴇɴs 🥸
⬇️
"...Cette faille aurait pu me permettre de compromettre chaque tenant Entra ID dans le monde (sauf probablement ceux déployés dans les clouds nationaux). Si vous êtes administrateur Entra ID et que vous lisez ceci, oui, cela signifie un accès complet à votre tenant. La vulnérabilité se composait de deux éléments : des jetons d’impersonation non documentés, appelés “Actor tokens”, que Microsoft utilise en backend pour la communication service-à-service (S2S). De plus, il y avait une faille critique dans l’API (legacy) Azure AD Graph qui ne validait pas correctement le tenant d’origine, permettant l’utilisation de ces jetons pour un accès cross-tenant."
❗
👇
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
⬇️
https://cve.circl.lu/vuln/CVE-2025-55241#sightings
Dirk-jan Mollema, who discovered Zerologon (the most impactful on prem Active Directory vulnerability ever), has discovered an Azure Active Directory (EntraID) vulnerability which allowed anybody to take over any tenant - access any Microsoft 365 resource, basically. CVE-2025-55241
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
Edit: Tom Tervoort discovered ZeroLogon and Dirk-jan expanded upon it.
##updated 2025-09-05T17:47:10.303000
3 posts
updated 2025-08-28T15:31:40
2 posts
I also suspect that the CVE-2025-38494/5 fix is what actually fixes CVE-2024-50302.
Assuming the used chain was portable enough to also cover devices with CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y, replacing kmalloc with kzalloc possibly did nothing.
##Wrote a trigger for CVE-2025-38494/5 (an integer underflow in the HID subsystem) that leaks 64 KB of OOB memory over USB.
Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels).
https://github.com/xairy/kernel-exploits/tree/master/CVE-2025-38494
##updated 2025-08-25T20:24:45.327000
2 posts
Case Theme User WordPress plugin flaw enables authentication bypass
A critical authentication bypass vulnerability (CVE-2025-5821) in the Case Theme User WordPress plugin allows attackers to hijack any user account, including administrators, by simply knowing victim email addresses due to flawed Facebook social login logic. The flaw has been actively exploited since August 2025.
**If you're using the Case Theme User WordPress plugin, THIS IS URGENT. Your site is under attack. Immediately update to version 1.0.4 or later. Also check your audit logs for suspicious user account creation and unusual admin activity around that time.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/case-theme-user-wordpress-plugin-flaw-enables-authentication-bypass-a-q-p-i-0/gD2P6Ple2L
Case Theme User WordPress plugin flaw enables authentication bypass
A critical authentication bypass vulnerability (CVE-2025-5821) in the Case Theme User WordPress plugin allows attackers to hijack any user account, including administrators, by simply knowing victim email addresses due to flawed Facebook social login logic. The flaw has been actively exploited since August 2025.
**If you're using the Case Theme User WordPress plugin, THIS IS URGENT. Your site is under attack. Immediately update to version 1.0.4 or later. Also check your audit logs for suspicious user account creation and unusual admin activity around that time.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/case-theme-user-wordpress-plugin-flaw-enables-authentication-bypass-a-q-p-i-0/gD2P6Ple2L
updated 2025-08-21T12:31:42
1 posts
Critical vulnerabilities reported in ABB Cylon Aspect building management systems
ABB patched multiple critical vulnerabilities in its Cylon Aspect Building Management System, including a severe authentication bypass (CVE-2025-53187) caused by debugging code mistakenly left in production firmware that could allow attackers complete control over critical building operations like HVAC, lighting, and fire safety systems. ABB released firmware version 3.08.04-s01 to address the most critical flaw but the other authentication and buffer overflow vulnerabilities are not patched.
**If you have ABB Cylon Aspect Building Management Systems make sure the systems are isolated from the internet. Then immediately update firmware to version 3.08.04-s01 to fix critical authentication bypass vulnerabilities that could give attackers complete control of your building systems.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-reported-in-abb-cylon-aspect-building-management-systems-a-w-z-s-6/gD2P6Ple2L
updated 2025-08-12T18:31:31
10 posts
NT OS Kernel Information Disclosure Vulnerability
Link: https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/
Discussion: https://news.ycombinator.com/item?id=45213299
NT OS Kernel Information Disclosure Vulnerability https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/
##NT OS Kernel Information Disclosure Vulnerability
Link: https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/
Discussion: https://news.ycombinator.com/item?id=45213299
NT OS Kernel Information Disclosure Vulnerability
https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/
#ycombinator
NT OS Kernel Information Disclosure Vulnerability
Link: https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/
Comments: https://news.ycombinator.com/item?id=45213299
Windows KASLR Bypass – CVE-2025-53136
https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/
#ycombinator
NT OS Kernel Information Disclosure Vulnerability
https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/
##Windows KASLR Bypass – CVE-2025-53136
https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/
#HackerNews #Windows #KASLR #Bypass #CVE-2025-53136 #Cybersecurity #Vulnerability #Exploit #Hacking
##Windows KASLR Bypass - CVE-2025-53136 https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/
##updated 2025-08-05T15:41:26.900000
2 posts
2 repos
Tenable: How Tenable Found a Way To Bypass a Patch for BentoML’s Server-Side Request Forgery Vulnerability CVE-2025-54381 https://www.tenable.com/blog/how-tenable-bypassed-patch-for-bentoml-ssrf-vulnerability-CVE-2025-54381 @tenable #cybersecurity #infosec #opensource
##Tenable: How Tenable Found a Way To Bypass a Patch for BentoML’s Server-Side Request Forgery Vulnerability CVE-2025-54381 https://www.tenable.com/blog/how-tenable-bypassed-patch-for-bentoml-ssrf-vulnerability-CVE-2025-54381 @tenable #cybersecurity #infosec #opensource
##updated 2025-08-04T18:15:34.497000
1 posts
1 repos
EchoLeak: The First Real-World Zero-Click Prompt Injection Exploit in a Production LLM System
Pavan Reddy, Aditya Sanjay Gujral
https://arxiv.org/abs/2509.10540 https://arxiv.org/pdf/2509.10540 https://arxiv.org/html/2509.10540
arXiv:2509.10540v1 Announce Type: new
Abstract: Large language model (LLM) assistants are increasingly integrated into enterprise workflows, raising new security concerns as they bridge internal and external data sources. This paper presents an in-depth case study of EchoLeak (CVE-2025-32711), a zero-click prompt injection vulnerability in Microsoft 365 Copilot that enabled remote, unauthenticated data exfiltration via a single crafted email. By chaining multiple bypasses-evading Microsofts XPIA (Cross Prompt Injection Attempt) classifier, circumventing link redaction with reference-style Markdown, exploiting auto-fetched images, and abusing a Microsoft Teams proxy allowed by the content security policy-EchoLeak achieved full privilege escalation across LLM trust boundaries without user interaction. We analyze why existing defenses failed, and outline a set of engineering mitigations including prompt partitioning, enhanced input/output filtering, provenance-based access control, and strict content security policies. Beyond the specific exploit, we derive generalizable lessons for building secure AI copilots, emphasizing the principle of least privilege, defense-in-depth architectures, and continuous adversarial testing. Our findings establish prompt injection as a practical, high-severity vulnerability class in production AI systems and provide a blueprint for defending against future AI-native threats.
toXiv_bot_toot
##updated 2025-07-30T01:00:01.490000
1 posts
We’ve added full support for Microsoft SharePoint authentication bypass & remote code execution (CVE-2025-53771 & CVE-2025-49704)
🟠 Network Scanner → Detect vulnerable SharePoint instances at scale
🔴 Sniper: Auto-Exploiter → Validate real exploitability with automated proof
Why it matters: attackers can bypass authentication and run arbitrary code, directly impacting business-critical collaboration platforms.
✅ Detect. Exploit. Report. With evidence you can trust.
👉 More details here: https://pentest-tools.com/vulnerabilities-exploits/microsoft-sharepoint-authentication-bypass-and-remote-code-execution_27620
##updated 2025-07-22T21:32:17
1 posts
2 repos
We’ve added full support for Microsoft SharePoint authentication bypass & remote code execution (CVE-2025-53771 & CVE-2025-49704)
🟠 Network Scanner → Detect vulnerable SharePoint instances at scale
🔴 Sniper: Auto-Exploiter → Validate real exploitability with automated proof
Why it matters: attackers can bypass authentication and run arbitrary code, directly impacting business-critical collaboration platforms.
✅ Detect. Exploit. Report. With evidence you can trust.
👉 More details here: https://pentest-tools.com/vulnerabilities-exploits/microsoft-sharepoint-authentication-bypass-and-remote-code-execution_27620
##updated 2025-06-14T00:30:28
1 posts
💥 An RCE in your SIEM means attackers could own your monitoring.
Detect and validate the impact of Fortinet FortiSIEM (CVE-2025-24919) with our new module, now live in both:
1️⃣ Network Scanner
2️⃣ Sniper: Auto-Exploiter
Full vulnerability details here 👉 https://pentest-tools.com/vulnerabilities-exploits/fortinet-fortisiem-remote-code-execution_27619
##updated 2025-06-10T21:31:31
1 posts
This relates to CVE-2025-3052.
Binerly, from yesterday: Signed and Dangerous: BYOVD Attacks on Secure Boot https://www.binarly.io/blog/signed-and-dangerous-byovd-attacks-on-secure-boot #cybersecurity #infosec
##updated 2025-05-02T15:31:16
1 posts
19 repos
https://github.com/Alizngnc/SAP-CVE-2025-31324
https://github.com/ODST-Forge/CVE-2025-31324_PoC
https://github.com/nullcult/CVE-2025-31324-File-Upload
https://github.com/Onapsis/Onapsis-Mandiant-CVE-2025-31324-Vuln-Compromise-Assessment
https://github.com/JonathanStross/CVE-2025-31324
https://github.com/rf-peixoto/sap_netweaver_cve-2025-31324-
https://github.com/moften/CVE-2025-31324-NUCLEI
https://github.com/sug4r-wr41th/CVE-2025-31324
https://github.com/antichainalysis/sap-netweaver-0day-CVE-2025-31324
https://github.com/NULLTRACE0X/CVE-2025-31324
https://github.com/respondiq/jsp-webshell-scanner
https://github.com/abrewer251/CVE-2025-31324_PoC_SAP
https://github.com/rxerium/CVE-2025-31324
https://github.com/harshitvarma05/CVE-2025-31324-Exploits
https://github.com/redrays-io/CVE-2025-31324
https://github.com/Onapsis/Onapsis_CVE-2025-31324_Scanner_Tools
https://github.com/moften/CVE-2025-31324
https://github.com/nairuzabulhul/nuclei-template-cve-2025-31324-check
As a follow up thread to this - if you use SAP Netweaver and present it directly to the internet, either patch CVE-2025-31324 or put a very robust mitigation in place in front of the SAP webapp.
Patching rate is still absolutely abysmal, vast majority of orgs years behind any patching.
https://cyberplace.social/@GossiTheDog/115142288361584633
updated 2025-05-01T15:39:40.260000
2 posts
Critical Apache HTTP Server vulnerabilities reported in Siemens Industrial Network Management Systems
CISA warns of Siemens critical vulnerabilities (CVE-2021-39275 CVE-2021-40438) in Apache HTTP Server components embedded in industrial network management products like RUGGEDCOM NMS and SINEC NMS, enabling remote code execution and server-side request forgery attacks.
**If you're using Siemens industrial network products, make sure they are isolated from the internet and accessible only from trusted networks. Then plan update for SINEC NMS to V1.0.3+ and SINEMA Remote Connect Server to V3.1+. For RUGGEDCOM NMS and SINEMA Server V14 there are no planned fixes. All you can do isolate them, then check with the vendor again.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-apache-http-server-vulnerabilities-reported-in-siemens-industrial-network-management-systems-g-o-o-g-g/gD2P6Ple2L
Critical Apache HTTP Server vulnerabilities reported in Siemens Industrial Network Management Systems
CISA warns of Siemens critical vulnerabilities (CVE-2021-39275 CVE-2021-40438) in Apache HTTP Server components embedded in industrial network management products like RUGGEDCOM NMS and SINEC NMS, enabling remote code execution and server-side request forgery attacks.
**If you're using Siemens industrial network products, make sure they are isolated from the internet and accessible only from trusted networks. Then plan update for SINEC NMS to V1.0.3+ and SINEMA Remote Connect Server to V3.1+. For RUGGEDCOM NMS and SINEMA Server V14 there are no planned fixes. All you can do isolate them, then check with the vendor again.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-apache-http-server-vulnerabilities-reported-in-siemens-industrial-network-management-systems-g-o-o-g-g/gD2P6Ple2L
updated 2025-05-01T15:31:39
1 posts
2 repos
Pwn My Ride: Apple CarPlay RCE - iAP2 protocol and CVE-2025-24132 Explained https://www.oligo.security/blog/pwn-my-ride-exploring-the-carplay-attack-surface
##updated 2025-03-10T20:26:51.137000
1 posts
I also suspect that the CVE-2025-38494/5 fix is what actually fixes CVE-2024-50302.
Assuming the used chain was portable enough to also cover devices with CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y, replacing kmalloc with kzalloc possibly did nothing.
##updated 2025-02-21T18:32:16
1 posts
1 repos
🚨 Proof of concept exploit source code for CVE-2025-21692 Linux Kernel up to 6.13.0
GitHub: https://github.com/volticks/CVE-2025-21692-poc
Write-up: https://volticks.github.io/CVE-2025-21692-nday-writeup
##updated 2025-02-20T03:32:03
1 posts
6 repos
https://github.com/fr4nc1stein/CVE-2025-0108-SCAN
https://github.com/becrevex/CVE-2025-0108
https://github.com/sohaibeb/CVE-2025-0108
https://github.com/barcrange/CVE-2025-0108-Authentication-Bypass-checker
updated 2025-02-07T18:32:09
1 posts
17 repos
https://github.com/mr-r3b00t/CVE-2020-1350
https://github.com/connormcgarr/CVE-2020-1350
https://github.com/tinkersec/cve-2020-1350
https://github.com/maxpl0it/CVE-2020-1350-DoS
https://github.com/captainGeech42/CVE-2020-1350
https://github.com/corelight/SIGRed
https://github.com/jmaddington/dRMM-CVE-2020-1350-response
https://github.com/simeononsecurity/CVE-2020-1350-Fix
https://github.com/graph-inc/CVE-2020-1350
https://github.com/gdwnet/cve-2020-1350
https://github.com/ZephrFish/CVE-2020-1350_HoneyPoC
https://github.com/ejlevin99/CVE---2020---1350
https://github.com/psc4re/NSE-scripts
https://github.com/T13nn3s/CVE-2020-1350
https://github.com/zoomerxsec/Fake_CVE-2020-1350
SigRed: CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability https://fortiguard.fortinet.com/threat-signal-report/3577
##updated 2025-01-22T15:41:04.577000
6 posts
ESET Research introduces HybridPetya, a Petya/NotPetya copycat discovered on VirusTotal in Feb 2025. It encrypts the NTFS MFT and can compromise UEFI systems, weaponizing CVE-2024-7344 to bypass Secure Boot on outdated machines. https://www.welivesecurity.com/en/eset-research/introducing-hybridpetya-petya-notpetya-copycat-uefi-secure-boot-bypass/
##🚨 HybridPetya ransomware bypasses UEFI Secure Boot via CVE-2024-7344.
- EFI System Partition infection
- Petya/NotPetya-style destructive encryption
- Fake CHKDSK + ransom note ($1,000 BTC)
- Found on VirusTotal; not yet seen in active attacks
Mitigation: apply Jan 2025 Microsoft patch + keep offline backups.
Follow @technadu for ransomware and infosec updates.
#HybridPetya #Ransomware #CyberSecurity #UEFI #InfoSec #ThreatIntel
##New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit – Source:thehackernews.com https://ciso2ciso.com/new-hybridpetya-ransomware-bypasses-uefi-secure-boot-with-cve-2024-7344-exploit-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #HybridPetya
##@GabrielKerneis @mjg59 wouldn't that also block the attack described in that post? https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/ says that this was relying on a bug in stuff signed with a "third-party UEFI certificate"
##New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit https://thehackernews.com/2025/09/new-hybridpetya-ransomware-bypasses.html
##New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit https://thehackernews.com/2025/09/new-hybridpetya-ransomware-bypasses.html
##updated 2024-12-11T15:15:14.343000
1 posts
Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel https://a13xp0p0v.github.io/2025/09/02/kernel-hack-drill-and-CVE-2024-50264.html
##updated 2024-10-29T19:48:12
1 posts
2 repos
This repo demonstrates CVE-2024-0132, a container escape in NVIDIA Container Toolkit
It swaps directory contents during validation, causing the toolkit to mount the entire host filesystem into the container instead of just a library file
##updated 2024-09-06T18:32:29
4 posts
A tiny flaw in SonicWall’s SSLVPN is giving Akira ransomware a free pass—hackers are exploiting it with simple HTTP requests and 100+ companies have already paid the price. Is your network prepared?
##Akira ransomware exploiting critical SonicWall SSLVPN bug again
The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized...
🔗️ [Bleepingcomputer] https://link.is.it/1ekh5P
##Australia Warns of Ransomware Attacks Exploiting SonicWall VPN Flaw CVE-2024-40766 https://thecyberexpress.com/sonicwall-ssl-vpn-flaw-cve-2024-40766/ #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202440766 #CyberNews #SonicWall #ACSC #ASD
##Australian Cyber Authorities Warn of Active Exploitation of SonicWall SSL Vulnerability (CVE-2024-40766)
ASD’s ACSC confirms active exploitation of CVE-2024-40766 in SonicWall SSL VPNs. Urges urgent patching, MFA, and access controls for Aussie orgs.
🔗️ [Cyble] https://link.is.it/eSrark
##updated 2024-08-23T21:31:47
1 posts
IoTFuzzSentry: A Protocol Guided Mutation Based Fuzzer for Automatic Vulnerability Testing in Commercial IoT Devices
Priyanka Rushikesh Chaudhary, Rajib Ranjan Maiti
https://arxiv.org/abs/2509.09158 https://arxiv.org/pdf/2509.09158 https://arxiv.org/html/2509.09158
arXiv:2509.09158v1 Announce Type: new
Abstract: Protocol fuzzing is a scalable and cost-effective technique for identifying security vulnerabilities in deployed Internet of Things devices. During their operational phase, IoT devices often run lightweight servers to handle user interactions, such as video streaming or image capture in smart cameras. Implementation flaws in transport or application-layer security mechanisms can expose IoT devices to a range of threats, including unauthorized access and data leakage. This paper addresses the challenge of uncovering such vulnerabilities by leveraging protocol fuzzing techniques that inject crafted transport and application-layer packets into IoT communications. We present a mutation-based fuzzing tool, named IoTFuzzSentry, to identify specific non-trivial vulnerabilities in commercial IoT devices. We further demonstrate how these vulnerabilities can be exploited in real-world scenarios. We integrated our fuzzing tool into a well-known testing tool Cotopaxi and evaluated it with commercial-off-the-shelf IoT devices such as IP cameras and Smart Plug. Our evaluation revealed vulnerabilities categorized into 4 types (IoT Access Credential Leakage, Sneak IoT Live Video Stream, Creep IoT Live Image, IoT Command Injection) and we show their exploits using three IoT devices. We have responsibly disclosed all these vulnerabilities to the respective vendors. So far, we have published two CVEs, CVE-2024-41623 and CVE-2024-42531, and one is awaiting. To extend the applicability, we have investigated the traffic of six additional IoT devices and our analysis shows that these devices can have similar vulnerabilities, due to the presence of a similar set of application protocols. We believe that IoTFuzzSentry has the potential to discover unconventional security threats and allow IoT vendors to strengthen the security of their commercialized IoT devices automatically with negligible overhead.
toXiv_bot_toot
##updated 2024-08-23T18:32:59
1 posts
IoTFuzzSentry: A Protocol Guided Mutation Based Fuzzer for Automatic Vulnerability Testing in Commercial IoT Devices
Priyanka Rushikesh Chaudhary, Rajib Ranjan Maiti
https://arxiv.org/abs/2509.09158 https://arxiv.org/pdf/2509.09158 https://arxiv.org/html/2509.09158
arXiv:2509.09158v1 Announce Type: new
Abstract: Protocol fuzzing is a scalable and cost-effective technique for identifying security vulnerabilities in deployed Internet of Things devices. During their operational phase, IoT devices often run lightweight servers to handle user interactions, such as video streaming or image capture in smart cameras. Implementation flaws in transport or application-layer security mechanisms can expose IoT devices to a range of threats, including unauthorized access and data leakage. This paper addresses the challenge of uncovering such vulnerabilities by leveraging protocol fuzzing techniques that inject crafted transport and application-layer packets into IoT communications. We present a mutation-based fuzzing tool, named IoTFuzzSentry, to identify specific non-trivial vulnerabilities in commercial IoT devices. We further demonstrate how these vulnerabilities can be exploited in real-world scenarios. We integrated our fuzzing tool into a well-known testing tool Cotopaxi and evaluated it with commercial-off-the-shelf IoT devices such as IP cameras and Smart Plug. Our evaluation revealed vulnerabilities categorized into 4 types (IoT Access Credential Leakage, Sneak IoT Live Video Stream, Creep IoT Live Image, IoT Command Injection) and we show their exploits using three IoT devices. We have responsibly disclosed all these vulnerabilities to the respective vendors. So far, we have published two CVEs, CVE-2024-41623 and CVE-2024-42531, and one is awaiting. To extend the applicability, we have investigated the traffic of six additional IoT devices and our analysis shows that these devices can have similar vulnerabilities, due to the presence of a similar set of application protocols. We believe that IoTFuzzSentry has the potential to discover unconventional security threats and allow IoT vendors to strengthen the security of their commercialized IoT devices automatically with negligible overhead.
toXiv_bot_toot
##updated 2024-07-24T18:32:20
2 posts
10 repos
https://github.com/Kashkovsky/CVE-2021-40438
https://github.com/sergiovks/CVE-2021-40438-Apache-2.4.48-SSRF-exploit
https://github.com/Cappricio-Securities/CVE-2021-40438
https://github.com/xiaojiangxl/CVE-2021-40438
https://github.com/BabyTeam1024/CVE-2021-40438
https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-40438-exploitation-attempt
https://github.com/ericmann/apache-cve-poc
https://github.com/yakir2b/check-point-gateways-rce
Critical Apache HTTP Server vulnerabilities reported in Siemens Industrial Network Management Systems
CISA warns of Siemens critical vulnerabilities (CVE-2021-39275 CVE-2021-40438) in Apache HTTP Server components embedded in industrial network management products like RUGGEDCOM NMS and SINEC NMS, enabling remote code execution and server-side request forgery attacks.
**If you're using Siemens industrial network products, make sure they are isolated from the internet and accessible only from trusted networks. Then plan update for SINEC NMS to V1.0.3+ and SINEMA Remote Connect Server to V3.1+. For RUGGEDCOM NMS and SINEMA Server V14 there are no planned fixes. All you can do isolate them, then check with the vendor again.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-apache-http-server-vulnerabilities-reported-in-siemens-industrial-network-management-systems-g-o-o-g-g/gD2P6Ple2L
Critical Apache HTTP Server vulnerabilities reported in Siemens Industrial Network Management Systems
CISA warns of Siemens critical vulnerabilities (CVE-2021-39275 CVE-2021-40438) in Apache HTTP Server components embedded in industrial network management products like RUGGEDCOM NMS and SINEC NMS, enabling remote code execution and server-side request forgery attacks.
**If you're using Siemens industrial network products, make sure they are isolated from the internet and accessible only from trusted networks. Then plan update for SINEC NMS to V1.0.3+ and SINEMA Remote Connect Server to V3.1+. For RUGGEDCOM NMS and SINEMA Server V14 there are no planned fixes. All you can do isolate them, then check with the vendor again.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-apache-http-server-vulnerabilities-reported-in-siemens-industrial-network-management-systems-g-o-o-g-g/gD2P6Ple2L
updated 2024-04-17T00:31:29
1 posts
5 repos
https://github.com/sh1k4ku/CVE-2024-31497
https://github.com/HugoBond/CVE-2024-31497-POC
https://github.com/edutko/cve-2024-31497
On the Security of SSH Client Signatures
Fabian B\"aumer, Marcus Brinkmann, Maximilian Radoy, J\"org Schwenk, Juraj Somorovsky
https://arxiv.org/abs/2509.09331 https://arxiv.org/pdf/2509.09331 https://arxiv.org/html/2509.09331
arXiv:2509.09331v1 Announce Type: new
Abstract: Administrators and developers use SSH client keys and signatures for authentication, for example, to access internet backbone servers or to commit new code on platforms like GitHub. However, unlike servers, SSH clients cannot be measured through internet scans. We close this gap in two steps. First, we collect SSH client public keys. Such keys are regularly published by their owners on open development platforms like GitHub and GitLab. We systematize previous non-academic work by subjecting these keys to various security tests in a longitudinal study. Second, in a series of black-box lab experiments, we analyze the implementations of algorithms for SSH client signatures in 24 popular SSH clients for Linux, Windows, and macOS.
We extracted 31,622,338 keys from three public sources in two scans. Compared to previous work, we see a clear tendency to abandon RSA signatures in favor of EdDSA signatures. Still, in January 2025, we found 98 broken short keys, 139 keys generated from weak randomness, and 149 keys with common or small factors-the large majority of the retrieved keys exposed no weakness.
Weak randomness can not only compromise a secret key through its public key, but also through signatures. It is well-known that a bias in random nonces in ECDSA can reveal the secret key through public signatures. For the first time, we show that the use of deterministic nonces in ECDSA can also be dangerous: The private signing key of a PuTTY client can be recovered from just 58 valid signatures if ECDSA with NIST curve P-521 is used. PuTTY acknowledged our finding in CVE-2024-31497, and they subsequently replaced the nonce generation algorithm.
toXiv_bot_toot
##updated 2024-02-23T05:05:13
1 posts
I rummaged through my personal archives to find the security vulnerability that launched my security research career at Apple: https://ryan.govost.es/2009/apple-openssl-bug/
OpenSSL
CVE-ID: CVE-2010-1378
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A remote user may bypass TLS authentication or spoof a trusted server
Description: An arithmetic issue exists in OpenSSL's certificate validation. A remote user may bypass certificate validation steps, and cause OpenSSL to accept any certificate signed by a trusted root as valid. This issue is addressed through improved certificate validation. This issue does not affect systems prior to Mac OS X v10.6. This issue only affects the Mac OS X distribution of OpenSSL.
Credit to Ryan Govostes of RPISEC for reporting this issue.
updated 2024-01-03T20:06:37
1 posts
Microsoft's September 2025 Patch Tuesday patches 81 vulnerabilities, 13 critical, two publicly disclosed
Microsoft's September 2025 Patch Tuesday addressed 81 security vulnerabilities including two zero-day flaws—a Windows SMB elevation of privilege vulnerability (CVE-2025-55234) enabling authentication relay attacks and a Newtonsoft.Json issue in SQL Server (CVE-2024-21907) causing denial of service. The update included 13 critical vulnerabilities spanning Windows graphics components, Microsoft Office applications, Azure cloud services, and Hyper-V virtualization platform.
**This month prioritize Windows and Microsoft SQL Server for patching - most critical and zero-days vulnerabilities affect these flaws. Then focus on the Microsoft Office and Azure products.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-s-september-2025-patch-tuesday-patches-81-vulnerabilities-13-critical-two-publicly-disclosed-5-4-6-6-c/gD2P6Ple2L
updated 2023-11-10T05:03:55
1 posts
updated 2023-01-31T05:02:37
1 posts
Trivalent 140.0.7339.185-439535 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
This release includes upstream security fixes for several CVEs, including CVE-2025-10585. Google is aware of an exploit for CVE-2025-10585 that exists in the wild.
Release 140.0.7339.185-439535 ...
Trivalent 140.0.7339.185-439535 released:
github.com/secureblue/T...
chromereleases.googleblog.com/2025/09/stab...
This release includes upstream security fixes for several CVEs, including CVE-2025-10585. Google is aware of an exploit for CVE-2025-10585 that exists in the wild.
Release 140.0.7339.185-439535 ...
🚨 CVE-2025-10155 (CRITICAL, CVSS 9.3) in mmaitre314 picklescan ≤0.0.30: Improper input validation lets attackers bypass pickle file security via PyTorch extensions, enabling remote code execution. Stop using vulnerable versions now! https://radar.offseq.com/threat/cve-2025-10155-cwe-20-improper-input-validation-in-aa0633e3 #OffSeq #Python #RCE
##🔒 CRITICAL: CVE-2025-59334 in mohammadzain2008 Linkr (<2.0.1) allows file injection via unverified manifests—risk of remote code execution if exploited. Update to 2.0.1+ ASAP. Details: https://radar.offseq.com/threat/cve-2025-59334-cwe-347-improper-verification-of-cr-c0a08755 #OffSeq #Vuln #AppSec #CVE2025_59334
##Vulnerabilities reported in CUPS system for Linux
Two vulnerabilities affect Linux CUPS printing systems: CVE-2025-58060 allows authentication bypass to gain unauthorized administrative access, while CVE-2025-58364 enables remote denial-of-service attacks through crafted printer responses. The authentication bypass has been patched in CUPS version 2.4.13, but the DoS vulnerability remains unpatched.
**Finally not an urgent patch. Ideally, if not used disable cups-browsed and plan an update of the cups packages.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/vulnerabilities-reported-in-cups-system-for-linux-s-1-6-5-c/gD2P6Ple2L
3 posts
9 repos
https://github.com/brokendreamsclub/CVE-2025-57819
https://github.com/B1ack4sh/Blackash-CVE-2025-57819
https://github.com/xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
https://github.com/rxerium/CVE-2025-57819
https://github.com/Sucuri-Labs/CVE-2025-57819-ioc-check
https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819
https://github.com/net-hex/CVE-2025-57819
https://github.com/ImBIOS/lab-cve-2025-57819
https://github.com/MuhammadWaseem29/SQL-Injection-and-RCE_CVE-2025-57819
You Already Have Our Data, Take Our Phone Calls Too (FreePBX CVE-2025-57819)
#HackerNews #You #Already #Have #Our #Data #Take #Our #Phone #Calls #Too #FreePBX #CVE-2025-57819 #Cybersecurity #Vulnerability #DataPrivacy #TechNews
##Another absolute banger from Watchtowr. I always smile when I see this merry band show up in the Intel feed.
Exploring how attackers exploited a 0-day in FreePBX:
##You Already Have Our Personal Data, Take Our Phone Calls Too (FreePBX CVE-2025-57819) - watchTowr Labs https://labs.watchtowr.com/you-already-have-our-personal-data-take-our-phone-calls-too-freepbx-cve-2025-57819/
##