FediSecfeeds

CVE	CVSS	EPSS	Posts	Repos	Nuclei	Updated	Description
CVE-2025-13245	3.5	0.03%	1	0		2025-11-18T14:06:55.963000	A vulnerability was identified in code-projects Student Information System 2.0.
CVE-2025-13243	6.3	0.03%	1	0		2025-11-18T14:06:55.963000	A vulnerability was found in code-projects Student Information System 2.0. Impac
CVE-2025-13241	7.3	0.03%	1	0		2025-11-18T14:06:55.963000	A flaw has been found in code-projects Student Information System 2.0. This vuln
CVE-2025-13237	7.3	0.03%	1	0		2025-11-18T14:06:55.963000	A security flaw has been discovered in itsourcecode Inventory Management System
CVE-2025-13235	7.3	0.03%	1	0		2025-11-18T14:06:55.963000	A vulnerability was determined in itsourcecode Inventory Management System 1.0.
CVE-2025-13232	3.5	0.03%	1	0		2025-11-18T14:06:55.963000	A flaw has been found in projectsend up to r1720. Impacted is an unknown functio
CVE-2025-13210	4.7	0.03%	1	0		2025-11-18T14:06:55.963000	A security vulnerability has been detected in itsourcecode Inventory Management
CVE-2025-13202	3.5	0.03%	1	0		2025-11-18T14:06:55.963000	A security flaw has been discovered in code-projects Simple Cafe Ordering System
CVE-2025-6171	5.3	0.01%	1	0		2025-11-18T14:06:55.963000	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2
CVE-2025-11865	4.3	0.01%	1	0		2025-11-18T14:06:55.963000	An issue has been discovered in GitLab EE affecting all versions from 18.1 befor
CVE-2025-13190	8.8	0.04%	2	0		2025-11-18T14:06:55.963000	A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. This vulnerability a
CVE-2025-8994	6.5	0.02%	1	0		2025-11-18T14:06:55.963000	The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Man
CVE-2025-64309	8.6	0.04%	1	0		2025-11-18T14:06:55.963000	Brightpick Mission Control discloses device telemetry, configuration, and crede
CVE-2021-4470	0	0.37%	1	0		2025-11-18T14:06:55.963000	TG8 Firewall contains a pre-authentication remote code execution vulnerability i
CVE-2025-9501	9.0	0.83%	3	0		2025-11-18T14:06:29.817000	The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injec
CVE-2025-13223	8.8	0.07%	9	0		2025-11-18T14:06:29.817000	Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote a
CVE-2025-41349	0	0.22%	1	0		2025-11-18T14:06:29.817000	Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInfor
CVE-2025-6670	8.8	0.02%	2	0		2025-11-18T14:06:29.817000	A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple WSO2 produc
CVE-2025-13345	6.3	0.03%	1	0		2025-11-18T14:06:29.817000	A security vulnerability has been detected in SourceCodester Train Station Ticke
CVE-2025-41348	0	0.03%	2	0		2025-11-18T14:06:29.817000	SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This v
CVE-2025-41737	7.5	0.03%	1	0		2025-11-18T14:06:29.817000	Due to webserver misconfiguration an unauthenticated remote attacker is able to
CVE-2025-41736	8.8	0.25%	1	0		2025-11-18T14:06:29.817000	A low privileged remote attacker can upload a new or overwrite an existing pytho
CVE-2025-52578	5.7	0.02%	1	0		2025-11-18T14:06:29.817000	Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerabil
CVE-2025-8693	8.8	0.32%	2	0		2025-11-18T14:06:29.817000	A post-authentication command injection vulnerability in the "priv" parameter of
CVE-2025-13228	8.8	0.07%	2	0		2025-11-18T14:06:29.817000	Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote at
CVE-2025-6599	5.3	0.04%	1	0		2025-11-18T14:06:29.817000	An uncontrolled resource consumption vulnerability in the web server of Zyxel DX
CVE-2025-13306	6.3	0.43%	2	0		2025-11-18T14:06:29.817000	A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822
CVE-2025-31649	8.7	0.01%	2	0		2025-11-18T14:06:29.817000	A hard-coded password vulnerability exists in the ControlVault WBDI Driver funct
CVE-2025-13304	8.8	0.25%	2	0		2025-11-18T14:06:29.817000	A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-
CVE-2025-36460	7.3	0.01%	1	0		2025-11-18T14:06:29.817000	Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault
CVE-2025-36357	8.0	0.06%	1	0		2025-11-18T14:06:29.817000	IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authentic
CVE-2025-34323	0	0.01%	1	0		2025-11-18T14:06:29.817000	Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege
CVE-2025-4321	0	0.02%	1	0		2025-11-18T14:06:29.817000	In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Denial of Serv
CVE-2025-13285	7.3	0.03%	1	0		2025-11-18T14:06:29.817000	A vulnerability was identified in itsourcecode Online Voting System 1.0. The aff
CVE-2025-13278	6.3	0.03%	1	0		2025-11-18T14:06:29.817000	A vulnerability has been found in projectworlds Advanced Library Management Syst
CVE-2025-40936	7.8	0.01%	1	0		2025-11-18T14:06:29.817000	A vulnerability has been identified in PS/IGES Parasolid Translator Component (A
CVE-2025-13274	6.3	0.03%	1	0		2025-11-18T14:06:29.817000	A weakness has been identified in Campcodes School Fees Payment Management Syste
CVE-2025-65073	7.5	0.03%	1	0		2025-11-18T14:06:29.817000	OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /
CVE-2025-13267	6.3	0.03%	1	0		2025-11-18T14:06:29.817000	A vulnerability was detected in SourceCodester Dental Clinic Appointment Reserva
CVE-2025-13284	9.8	0.44%	2	0		2025-11-18T14:06:29.817000	ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowi
CVE-2025-13266	5.3	0.04%	1	0		2025-11-18T14:06:29.817000	A security vulnerability has been detected in wwwlike vlife up to 2.0.1. This is
CVE-2025-13262	7.3	0.05%	1	0		2025-11-18T14:06:29.817000	A vulnerability was determined in lsfusion platform up to 6.1. Affected by this
CVE-2025-13256	6.3	0.03%	1	0		2025-11-18T14:06:29.817000	A weakness has been identified in projectworlds Advanced Library Management Syst
CVE-2025-13254	6.3	0.03%	1	0		2025-11-18T14:06:29.817000	A vulnerability was identified in projectworlds Advanced Library Management Syst
CVE-2025-13251	6.3	0.03%	1	0		2025-11-18T14:06:29.817000	A flaw has been found in WeiYe-Jing datax-web up to 2.1.2. Affected is an unknow
CVE-2025-13247	7.3	0.03%	1	0		2025-11-18T14:06:29.817000	A security flaw has been discovered in PHPGurukul Tourism Management System 1.0.
CVE-2025-48593	8.0	0.02%	1	6		2025-11-18T12:31:19	In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote co
CVE-2025-41350	None	0.22%	1	0		2025-11-18T12:30:25	Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInfor
CVE-2025-13343	3.5	0.03%	1	0		2025-11-18T12:30:25	A security flaw has been discovered in SourceCodester Interview Management Syste
CVE-2025-13344	7.3	0.03%	1	0		2025-11-18T12:30:25	A weakness has been identified in SourceCodester Train Station Ticketing System
CVE-2025-41735	8.8	0.21%	1	0		2025-11-18T12:30:25	A low privileged remote attacker can upload any file to an arbitrary location du
CVE-2025-41734	9.8	0.09%	1	0		2025-11-18T12:30:25	An unauthenticated remote attacker can execute arbitrary php files and gain full
CVE-2025-41733	9.8	0.08%	1	0		2025-11-18T12:30:25	The commissioning wizard on the affected devices does not validate if the device
CVE-2025-12639	4.3	0.03%	1	0		2025-11-18T12:30:25	The wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin fo
CVE-2025-12088	6.4	0.03%	1	0		2025-11-18T12:30:25	The Meta Display Block plugin for WordPress is vulnerable to Stored Cross-Site S
CVE-2025-13069	8.8	0.10%	1	0		2025-11-18T12:30:25	The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbit
CVE-2025-13133	6.6	0.06%	1	0		2025-11-18T12:30:25	The Simple User Import Export plugin for WordPress is vulnerable to CSV Injectio
CVE-2025-12391	5.3	0.04%	1	0		2025-11-18T12:30:24	The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthoriz
CVE-2025-12457	6.4	0.03%	1	0		2025-11-18T12:30:24	The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to Store
CVE-2025-12691	6.4	0.03%	1	0		2025-11-18T12:30:24	The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPres
CVE-2025-12392	5.3	0.04%	1	0		2025-11-18T12:30:24	The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulne
CVE-2025-12481	4.3	0.03%	1	0		2025-11-18T12:30:24	The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorizatio
CVE-2025-12079	6.1	0.06%	1	0		2025-11-18T12:30:24	The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cros
CVE-2025-40549	9.1	0.07%	1	0		2025-11-18T09:30:59	A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could
CVE-2025-40548	9.1	0.03%	1	0		2025-11-18T09:30:58	A missing validation process exists in Serv U when abused, could give a maliciou
CVE-2025-40547	9.1	0.07%	1	0		2025-11-18T09:30:58	A logic error vulnerability exists in Serv-U which when abused could give a mali
CVE-2025-52457	5.7	0.02%	1	0		2025-11-18T06:30:32	Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker wi
CVE-2025-12974	8.1	0.11%	2	0		2025-11-18T06:30:32	The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads d
CVE-2025-64734	2.4	0.02%	1	0		2025-11-18T06:30:25	Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader
CVE-2025-13230	8.8	0.07%	2	0		2025-11-18T03:32:21	Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote at
CVE-2025-13229	8.8	0.07%	2	0		2025-11-18T03:32:21	Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote at
CVE-2025-13227	8.8	0.07%	2	0		2025-11-18T03:32:21	Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote at
CVE-2025-13226	8.8	0.07%	1	0		2025-11-18T03:32:21	Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote at
CVE-2025-13224	8.8	0.07%	2	0		2025-11-18T03:32:21	Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote a
CVE-2025-12792	3.2	0.01%	1	0		2025-11-18T03:31:25	The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 w
CVE-2025-13323	7.3	0.03%	1	0		2025-11-18T00:30:26	A security flaw has been discovered in code-projects Simple Pizza Ordering Syste
CVE-2025-32089	8.8	0.01%	2	0		2025-11-18T00:30:26	A buffer overflow vulnerability exists in the CvManager_SBI functionality of Del
CVE-2025-13305	8.8	0.25%	3	0		2025-11-18T00:30:26	A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K
CVE-2025-36463	7.3	0.01%	1	0		2025-11-18T00:30:26	Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault
CVE-2025-13325	6.3	0.03%	1	0		2025-11-18T00:30:25	A vulnerability was determined in itsourcecode Student Information System 1.0. T
CVE-2025-36553	8.8	0.01%	1	0		2025-11-18T00:30:25	A buffer overflow vulnerability exists in the CvManager functionality of Dell Co
CVE-2025-31361	8.7	0.01%	2	0		2025-11-18T00:30:25	A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO
CVE-2025-36462	7.3	0.01%	1	0		2025-11-18T00:30:25	Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault
CVE-2025-36461	7.3	0.01%	1	0		2025-11-18T00:30:25	Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault
CVE-2024-44659	9.8	0.03%	1	0		2025-11-17T21:31:31	PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the ema
CVE-2025-63748	8.8	0.04%	1	0		2025-11-17T21:31:23	QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add A
CVE-2025-63747	9.8	0.04%	1	0		2025-11-17T21:31:23	QaTraq 6.9.2 ships with administrative account credentials which are enabled in
CVE-2025-34322	None	0.25%	1	0		2025-11-17T18:30:39	Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command
CVE-2025-13319	8.8	0.07%	1	0		2025-11-17T18:30:38	An injection vulnerability has been discovered in the API feature in Digi On-Pre
CVE-2025-63916	6.5	0.17%	1	0		2025-11-17T18:30:33	MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in
CVE-2025-13288	8.8	0.05%	2	0		2025-11-17T18:30:30	A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts t
CVE-2025-13279	6.3	0.03%	1	0		2025-11-17T15:30:42	A vulnerability was found in code-projects Nero Social Networking Site 1.0. The
CVE-2025-13287	6.3	0.03%	1	0		2025-11-17T15:30:40	A weakness has been identified in itsourcecode Online Voting System 1.0. This af
CVE-2025-13286	6.3	0.03%	1	0		2025-11-17T15:30:40	A security flaw has been discovered in itsourcecode Online Voting System 1.0. Th
CVE-2025-13280	7.3	0.03%	1	0		2025-11-17T15:30:39	A vulnerability was determined in CodeAstro Simple Inventory System 1.0. The imp
CVE-2025-13276	7.3	0.03%	1	0		2025-11-17T12:30:25	A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e
CVE-2025-13275	4.7	0.03%	1	0		2025-11-17T12:30:24	A security vulnerability has been detected in Iqbolshoh php-business-website up
CVE-2025-40834	5.7	0.03%	1	0		2025-11-17T12:30:23	A vulnerability has been identified in Mendix RichText (All versions >= V4.0.0 <
CVE-2025-13277	7.3	0.03%	1	0		2025-11-17T12:30:23	A flaw has been found in code-projects Nero Social Networking Site 1.0. This iss
CVE-2025-13273	6.3	0.03%	1	0		2025-11-17T12:30:23	A security flaw has been discovered in Campcodes School Fees Payment Management
CVE-2025-11681	None	0.04%	2	0		2025-11-17T12:30:15	Denial-of-service condition in M-Files Server versions before 25.11.15392.1 allo
CVE-2025-13270	6.3	0.03%	1	0		2025-11-17T09:30:37	A vulnerability was found in Campcodes School Fees Payment Management System 1.0
CVE-2025-13272	7.3	0.03%	1	0		2025-11-17T09:30:32	A vulnerability was identified in Campcodes School Fees Payment Management Syste
CVE-2025-13271	7.3	0.03%	1	0		2025-11-17T09:30:32	A vulnerability was determined in Campcodes School Fees Payment Management Syste
CVE-2025-13268	6.3	0.04%	1	0		2025-11-17T09:30:32	A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element i
CVE-2025-13269	6.3	0.03%	1	0		2025-11-17T09:30:32	A vulnerability has been found in Campcodes School Fees Payment Management Syste
CVE-2025-13164	4.9	0.03%	1	0		2025-11-17T09:30:32	EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vul
CVE-2025-13165	7.5	0.08%	2	0		2025-11-17T09:30:31	EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing
CVE-2025-13282	8.1	0.21%	2	0		2025-11-17T06:30:21	TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vuln
CVE-2025-60022	4.8	0.02%	1	0		2025-11-17T06:30:21	Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS pri
CVE-2025-13263	6.3	0.03%	1	0		2025-11-17T06:30:21	A vulnerability was identified in SourceCodester Online Magazine Management Syst
CVE-2025-13265	6.3	0.04%	1	0		2025-11-17T06:30:20	A weakness has been identified in lsfusion platform up to 6.1. This vulnerabilit
CVE-2025-13264	6.3	0.03%	1	0		2025-11-17T06:30:20	A security flaw has been discovered in SourceCodester Online Magazine Management
CVE-2025-13283	7.1	0.06%	1	0		2025-11-17T06:30:15	TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Pa
CVE-2025-10460	None	0.06%	1	0		2025-11-17T03:30:30	A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy p
CVE-2025-13257	7.3	0.03%	1	0		2025-11-17T03:30:30	A security vulnerability has been detected in itsourcecode Inventory Management
CVE-2025-13255	6.3	0.03%	1	0		2025-11-17T03:30:29	A security flaw has been discovered in projectworlds Advanced Library Management
CVE-2025-13258	8.8	0.09%	2	0		2025-11-17T03:30:27	A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted eleme
CVE-2025-13253	6.3	0.03%	1	0		2025-11-17T00:31:00	A vulnerability was determined in projectworlds Advanced Library Management Syst
CVE-2025-13252	7.3	0.04%	1	0		2025-11-17T00:30:54	A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec
CVE-2025-13249	6.3	0.03%	1	0		2025-11-16T12:30:31	A security vulnerability has been detected in Jiusi OA up to 20251102. This affe
CVE-2025-13250	6.3	0.03%	1	0		2025-11-16T12:30:31	A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts t
CVE-2025-13248	7.3	0.03%	1	0		2025-11-16T12:30:31	A weakness has been identified in SourceCodester Patients Waiting Area Queue Man
CVE-2025-13246	6.3	0.06%	1	0		2025-11-16T12:30:24	A vulnerability was identified in shsuishang ShopSuite ModulithShop up to 45a993
CVE-2025-13244	4.3	0.03%	1	0		2025-11-16T09:30:21	A vulnerability was determined in code-projects Student Information System 2.0.
CVE-2025-13242	7.3	0.03%	1	0		2025-11-16T09:30:21	A vulnerability has been found in code-projects Student Information System 2.0.
CVE-2025-13240	7.3	0.03%	1	0		2025-11-16T09:30:21	A vulnerability was detected in code-projects Student Information System 2.0. Th
CVE-2025-13239	4.3	0.03%	1	0		2025-11-16T06:31:16	A security vulnerability has been detected in Bdtask/CodeCanyon Isshue Multi Sto
CVE-2025-13238	6.3	0.03%	1	0		2025-11-16T06:31:16	A weakness has been identified in Bdtask Flight Booking Software 4. Affected by
CVE-2025-12482	7.5	0.06%	1	0		2025-11-16T06:31:16	The Booking for Appointments and Events Calendar – Amelia plugin for WordPress i
CVE-2025-13236	6.3	0.03%	1	0		2025-11-16T06:31:16	A vulnerability was identified in itsourcecode Inventory Management System 1.0.
CVE-2025-13234	6.3	0.03%	1	0		2025-11-16T03:30:26	A vulnerability was found in itsourcecode Inventory Management System 1.0. The i
CVE-2025-13233	7.3	0.03%	1	0		2025-11-16T03:30:26	A vulnerability has been found in itsourcecode Inventory Management System 1.0.
CVE-2025-2448	None	0.00%	1	0		2025-11-16T00:31:09	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
CVE-2025-13221	5.3	0.03%	1	0		2025-11-15T21:30:12	A weakness has been identified in Intelbras UnniTI 24.07.11. The affected elemen
CVE-2025-13209	6.3	0.05%	1	0		2025-11-15T21:30:12	A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects t
CVE-2025-13208	6.3	0.03%	1	0		2025-11-15T18:30:27	A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df1
CVE-2025-13201	7.3	0.03%	1	0		2025-11-15T18:30:27	A vulnerability was identified in code-projects Simple Cafe Ordering System 1.0.
CVE-2025-13203	7.3	0.03%	1	0		2025-11-15T18:30:26	A weakness has been identified in code-projects Simple Cafe Ordering System 1.0.
CVE-2025-13200	5.3	0.03%	1	0		2025-11-15T18:30:26	A vulnerability was determined in SourceCodester Farm Management System 1.0. Aff
CVE-2025-13199	5.3	0.01%	1	0		2025-11-15T12:30:31	A vulnerability was found in code-projects Email Logging Interface 2.0. Affected
CVE-2025-13198	4.7	0.03%	1	0		2025-11-15T09:30:31	A vulnerability has been found in DouPHP up to 1.8 Release 20251022. This impact
CVE-2025-7736	3.1	0.01%	1	0		2025-11-15T09:30:31	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9
CVE-2025-6945	3.5	0.02%	1	0		2025-11-15T09:30:31	GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 bef
CVE-2025-7000	4.3	0.01%	1	0		2025-11-15T09:30:31	An issue has been discovered in GitLab CE/EE affecting all versions from 17.6
CVE-2025-2615	4.3	0.01%	1	1		2025-11-15T09:30:31	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7
CVE-2025-11990	3.1	0.01%	1	0		2025-11-15T09:30:31	GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 bef
CVE-2025-12983	3.5	0.02%	1	0		2025-11-15T09:30:31	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9
CVE-2025-13191	8.8	0.04%	2	0		2025-11-15T09:30:31	A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta. This issue affe
CVE-2025-12849	5.3	0.06%	1	0		2025-11-15T09:30:31	The Contest Gallery plugin for WordPress is vulnerable to authorization bypass i
CVE-2025-13189	8.8	0.04%	2	0		2025-11-15T06:30:21	A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects th
CVE-2025-12847	4.3	0.03%	1	0		2025-11-15T06:30:21	The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffi
CVE-2025-12494	4.3	0.03%	1	0		2025-11-15T06:30:21	The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerabl
CVE-2025-65072	None	0.00%	1	0		2025-11-15T06:30:21	Rejected reason: Not used
CVE-2025-65070	None	0.00%	1	0		2025-11-15T06:30:21	Rejected reason: Not used
CVE-2025-65071	0	0.00%	1	0		2025-11-15T04:15:57.573000	Rejected reason: Not used
CVE-2025-64495	8.7	0.03%	1	2		2025-11-15T02:09:31	### Summary The functionality that inserts custom prompts into the chat window
CVE-2025-13188	9.8	0.13%	2	1		2025-11-15T00:30:33	A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this
CVE-2025-55034	8.2	0.04%	1	0		2025-11-15T00:30:33	General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requi
CVE-2025-58083	10.0	0.06%	2	0		2025-11-15T00:30:32	General Industrial Controls Lynx+ Gateway is missing critical authentication i
CVE-2025-9317	8.4	0.01%	2	0		2025-11-15T00:30:32	The vulnerability, if exploited, could allow a miscreant with read access to Ed
CVE-2022-4985	None	0.13%	1	0		2025-11-15T00:30:32	Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500)
CVE-2021-4471	None	0.31%	1	0		2025-11-15T00:30:32	TG8 Firewall exposes a directory such as /data/ over HTTP without authentication
CVE-2021-4469	None	0.30%	1	0		2025-11-15T00:30:32	Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that
CVE-2021-4468	None	0.33%	1	0		2025-11-15T00:30:32	PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over
CVE-2025-64446	9.8	82.39%	7	8	template	2025-11-14T18:31:46	A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1
CVE-2025-59367	0	0.31%	1	1		2025-11-14T16:42:03.187000	An authentication bypass vulnerability has been identified in certain DSL series
CVE-2025-36250	10.0	0.08%	1	1		2025-11-14T00:30:33	IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM
CVE-2025-12762	9.1	0.08%	1	1		2025-11-13T17:39:19	pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnera
CVE-2025-11697	0	0.02%	1	0		2025-11-12T16:19:34.210000	A local code execution security issue exists within Studio 5000® Simulation Inte
CVE-2025-8324	9.8	3.20%	1	0		2025-11-11T15:31:27	Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to U
CVE-2025-11696	None	0.02%	1	0		2025-11-11T15:31:21	A local server-side request forgery (SSRF) security issue exists within Studio 5
CVE-2025-42887	10.0	0.05%	1	0		2025-11-11T03:30:36	Due to missing input sanitation, SAP Solution Manager allows an authenticated at
CVE-2025-39756	None	0.05%	2	0		2025-11-03T18:32:46	In the Linux kernel, the following vulnerability has been resolved: fs: Prevent
CVE-2025-24893	9.8	94.15%	1	39	template	2025-10-30T19:54:05	### Impact Any guest can perform arbitrary remote code execution through a reque
CVE-2025-11705	6.5	0.03%	1	0		2025-10-30T15:05:32.197000	The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulne
CVE-2025-30355	7.1	17.59%	1	0		2025-10-24T19:32:07	### Impact A malicious server can craft events with a `depth` outside the intege
CVE-2025-61884	7.5	41.20%	2	5	template	2025-10-22T00:34:29	Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (com
CVE-2025-61882	9.8	80.76%	3	12	template	2025-10-22T00:34:29	Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business S
CVE-2025-48530	8.1	0.19%	1	0		2025-09-05T19:10:37.743000	In multiple locations, there is a possible condition that results in OOB accesse
CVE-2025-24799	7.5	67.79%	1	5	template	2025-07-31T18:45:03.050000	GLPI is a free asset and IT management software package. An unauthenticated user
CVE-2020-5248	7.2	2.84%	1	2		2024-11-21T05:33:45.710000	GLPI before before version 9.4.6 has a vulnerability involving a default encrypt
CVE-2024-0056	8.7	0.34%	1	0		2024-05-31T20:35:57	Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Fe
CVE-2023-45133	9.4	0.11%	1	0		2024-04-04T14:26:11	### Impact Using Babel to compile code that was specifically crafted by an atta
CVE-2025-8084	0	0.00%	1	0			N/A
CVE-2025-9312	0	0.00%	2	0			N/A
CVE-2024-29889	0	53.22%	1	0	template		N/A
CVE-2025-13310	0	0.00%	1	0			N/A

netsecio@mastodon.social at 2025-11-18T14:26:04.000Z ##

📰 Urgent Patch Required: Critical RCE Flaw in W3 Total Cache WordPress Plugin

🚨 CRITICAL VULNERABILITY: W3 Total Cache WordPress plugin (1M+ sites) has a critical RCE flaw (CVE-2025-9501, CVSS 9.0). Unauthenticated attackers can take over sites via a malicious comment. Update to version 2.8.13 NOW! ⚠️ #WordPress #CyberSecuri...

🔗 https://cyber.netsecops.io/articles/critical-rce-flaw-in-w3-total-cache-wordpress-plugin-endangers-1-million-sites/?utm_source=mastodon&utm…

##

jos1264@social.skynetcloud.site at 2025-11-17T22:15:02.000Z ##

CVE-2025-9501 - W3 Total Cache < 2.8.13 - Unauthenticated Command Injection https://cvefeed.io/vuln/detail/CVE-2025-9501

##

jos1264@social.skynetcloud.site at 2025-11-17T06:50:03.000Z ##

CVE-2025-9501 - W3 Total Cache < 2.8.13 - Unauthenticated Command Injection https://cvefeed.io/vuln/detail/CVE-2025-9501

##

CVE-2025-13223
(8.8 HIGH)

EPSS: 0.07%

updated 2025-11-18T14:06:29.817000

9 posts

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

beyondmachines1 at 2025-11-18T11:01:32.166Z ##

Google releases emergency Chrome update to patch actively exploited vulnerability

Google released an emergency Chrome update on November 17, 2025, patching two high-severity Type Confusion vulnerabilities (CVSS 8.8) in the V8 JavaScript engine, including CVE-2025-13223, a zero-day flaw actively exploited in the wild that was discovered by Google's Threat Analysis Group, suggesting potential use by government-sponsored threat actors or commercial spyware vendors.

**One more time - an urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome, and exploitation is just a visit to a malicious site. DONT WAIT! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-releases-emergency-chrome-update-to-patch-actively-exploited-vulnerability-u-k-i-k-h/gD2P6Ple2L

##

wasm@activitypub.awakari.com at 2025-11-18T12:01:07.000Z ## Google patches yet another exploited Chrome zero-day (CVE-2025-13223) Google has shipped an emergency fix for a Chrome vulnerability (CVE-2025-13223) reported as actively exploited in the wild by i...

#Don't #miss #Hot #stuff #News #0-day #Chrome #security #update #Vivaldi

Origin | Interest | Match ##

jos1264@social.skynetcloud.site at 2025-11-18T12:30:02.000Z ##

Google patches yet another exploited Chrome zero-day (CVE-2025-13223) https://www.helpnetsecurity.com/2025/11/18/chrome-cve-2025-13223-exploited/ #securityupdate #Don'tmiss #Hotstuff #Vivaldi #Chrome #0-day #News

##

beyondmachines1@infosec.exchange at 2025-11-18T11:01:32.000Z ##

Google releases emergency Chrome update to patch actively exploited vulnerability

Google released an emergency Chrome update on November 17, 2025, patching two high-severity Type Confusion vulnerabilities (CVSS 8.8) in the V8 JavaScript engine, including CVE-2025-13223, a zero-day flaw actively exploited in the wild that was discovered by Google's Threat Analysis Group, suggesting potential use by government-sponsored threat actors or commercial spyware vendors.

**One more time - an urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome, and exploitation is just a visit to a malicious site. DONT WAIT! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-releases-emergency-chrome-update-to-patch-actively-exploited-vulnerability-u-k-i-k-h/gD2P6Ple2L

##

wasm@activitypub.awakari.com at 2025-11-18T08:59:04.000Z ## Google fixed the seventh Chrome zero-day in 2025 Google patched two Chrome flaws, including a V8 type-confusion bug, tracked as including CVE-2025-13223, which was exploited in the wild. Google rel...

#Breaking #News #Hacking #Security

Origin | Interest | Match ##

jos1264@social.skynetcloud.site at 2025-11-18T05:30:01.000Z ##

CVE-2025-13223 - Google Chrome V8 Type Confusion Heap Corruption Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-13223

##

secureblue.dev@bsky.brid.gy at 2025-11-18T01:23:15.785Z ##

Trivalent 142.0.7444.175-440855 released: github.com/secureblue/T... chromereleases.googleblog.com/2025/11/stab... This release includes upstream security fixes for multiple CVEs, including CVE-2025-13223. Google is aware of an exploit for CVE-2025-13223 that exists in the wild.

Release 142.0.7444.175-440855 ...

##

jos1264@social.skynetcloud.site at 2025-11-18T00:35:02.000Z ##

CVE-2025-13223 - Google Chrome V8 Type Confusion Heap Corruption Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-13223

##

cR0w@infosec.exchange at 2025-11-17T23:50:00.000Z ##

Patch your chromey things, there's another EITW vuln.

https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html

Google is aware that an exploit for CVE-2025-13223 exists in the wild.

##

CVE-2025-41349
(0 None)

EPSS: 0.22%

updated 2025-11-18T14:06:29.817000

1 posts

Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in '/WinplusPortal/ws/sWinplus. svc/json/savesolpla_post'. This vulnerability could allow a remote user to send a specially crafted query to an authe

jos1264@social.skynetcloud.site at 2025-11-18T14:15:02.000Z ##

CVE-2025-41349 - Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este https://cvefeed.io/vuln/detail/CVE-2025-41349

##

CVE-2025-6670
(8.8 HIGH)

EPSS: 0.02%

updated 2025-11-18T14:06:29.817000

2 posts

A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple WSO2 products due to the use of the HTTP GET method for state-changing operations within admin services, specifically in the event processor of the Carbon console. Although the SameSite=Lax cookie attribute is used as a mitigation, it is ineffective in this context because it allows cookies to be sent with cross-origin top-level

jos1264@social.skynetcloud.site at 2025-11-18T14:15:03.000Z ##

CVE-2025-6670 - Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services https://cvefeed.io/vuln/detail/CVE-2025-6670

##

jos1264@social.skynetcloud.site at 2025-11-18T13:20:02.000Z ##

CVE-2025-6670 - Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services https://cvefeed.io/vuln/detail/CVE-2025-6670

##

CVE-2025-13345
(6.3 MEDIUM)

EPSS: 0.03%

updated 2025-11-18T14:06:29.817000

1 posts

A security vulnerability has been detected in SourceCodester Train Station Ticketing System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_ticket. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

jos1264@social.skynetcloud.site at 2025-11-18T14:15:02.000Z ##

CVE-2025-13345 - SourceCodester Train Station Ticketing System ajax.php sql injection https://cvefeed.io/vuln/detail/CVE-2025-13345

##

CVE-2025-41348
(0 None)

EPSS: 0.03%

updated 2025-11-18T14:06:29.817000

2 posts

SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumper_post'.

updated 2025-11-18T14:06:29.817000

2 posts

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

jos1264@social.skynetcloud.site at 2025-11-18T05:30:03.000Z ##

CVE-2025-8693 - Zyxel DX3300-T0 Command Injection Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-8693

##

jos1264@social.skynetcloud.site at 2025-11-18T03:35:03.000Z ##

CVE-2025-8693 - Zyxel DX3300-T0 Command Injection Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-8693

##

CVE-2025-13228
(8.8 HIGH)

EPSS: 0.07%

updated 2025-11-18T14:06:29.817000

2 posts

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

jos1264@social.skynetcloud.site at 2025-11-18T05:30:02.000Z ##

CVE-2025-13228 - Google Chrome V8 Type Confusion Heap Corruption https://cvefeed.io/vuln/detail/CVE-2025-13228

##

jos1264@social.skynetcloud.site at 2025-11-18T03:35:01.000Z ##

CVE-2025-13228 - Google Chrome V8 Type Confusion Heap Corruption https://cvefeed.io/vuln/detail/CVE-2025-13228

##

CVE-2025-6599
(5.3 MEDIUM)

EPSS: 0.04%

updated 2025-11-18T14:06:29.817000

1 posts

An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.

jos1264@social.skynetcloud.site at 2025-11-18T03:35:03.000Z ##

CVE-2025-6599 - Zyxel DX3301-T0 Slowloris-Style Denial-of-Service Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-6599

##

CVE-2025-13306
(6.3 MEDIUM)

EPSS: 0.43%

updated 2025-11-18T14:06:29.817000

2 posts

A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

jos1264@social.skynetcloud.site at 2025-11-18T03:35:02.000Z ##

CVE-2025-13306 - D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection https://cvefeed.io/vuln/detail/CVE-2025-13306

##

cR0w@infosec.exchange at 2025-11-17T23:51:52.000Z ##

D-Link

https://www.cve.org/CVERecord?id=CVE-2025-13305

https://www.cve.org/CVERecord?id=CVE-2025-13306

cc: @Dio9sys @da_667

#internetOfShit

##

CVE-2025-31649
(8.7 HIGH)

EPSS: 0.01%

updated 2025-11-18T14:06:29.817000

2 posts

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call to trigger this vulnerability.

jos1264@social.skynetcloud.site at 2025-11-18T02:20:02.000Z ##

CVE-2025-31649 - Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability https://cvefeed.io/vuln/detail/CVE-2025-31649

##

jos1264@social.skynetcloud.site at 2025-11-18T00:35:02.000Z ##

CVE-2025-31649 - Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability https://cvefeed.io/vuln/detail/CVE-2025-31649

##

CVE-2025-13304
(8.8 HIGH)

EPSS: 0.25%

updated 2025-11-18T14:06:29.817000

2 posts

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

jos1264@social.skynetcloud.site at 2025-11-18T02:20:02.000Z ##

CVE-2025-13304 - D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow https://cvefeed.io/vuln/detail/CVE-2025-13304

##

updated 2025-11-18T14:06:29.817000

2 posts

ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.

updated 2025-11-18T12:31:19

1 posts

In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

6 repos

https://github.com/letchupkt/CVE-2025-48593

https://github.com/rana3333s/CVE-2025-48593

https://github.com/B1ack4sh/Blackash-CVE-2025-48593

updated 2025-11-18T06:30:32

2 posts

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through the chunked upload mechanism. This makes it possible for unauthenticated attackers to upload executabl

jos1264@social.skynetcloud.site at 2025-11-18T07:40:02.000Z ##

CVE-2025-12974 - Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload https://cvefeed.io/vuln/detail/CVE-2025-12974

##

jos1264@social.skynetcloud.site at 2025-11-18T05:30:03.000Z ##

CVE-2025-12974 - Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload https://cvefeed.io/vuln/detail/CVE-2025-12974

##

CVE-2025-64734
(2.4 LOW)

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

jos1264@social.skynetcloud.site at 2025-11-18T05:30:02.000Z ##

CVE-2025-13226 - Google Chrome V8 Type Confusion Heap Corruption https://cvefeed.io/vuln/detail/CVE-2025-13226

##

CVE-2025-13224
(8.8 HIGH)

EPSS: 0.07%

updated 2025-11-18T03:32:21

2 posts

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

updated 2025-11-18T00:30:26

2 posts

A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call to trigger this vulnerability.

jos1264@social.skynetcloud.site at 2025-11-18T02:20:02.000Z ##

CVE-2025-32089 - Dell ControlVault3 CvManager_SBI buffer overflow vulnerability https://cvefeed.io/vuln/detail/CVE-2025-32089

##

jos1264@social.skynetcloud.site at 2025-11-18T00:35:01.000Z ##

CVE-2025-32089 - Dell ControlVault3 CvManager_SBI buffer overflow vulnerability https://cvefeed.io/vuln/detail/CVE-2025-32089

##

CVE-2025-13305
(8.8 HIGH)

EPSS: 0.25%

updated 2025-11-18T00:30:26

3 posts

A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.

jos1264@social.skynetcloud.site at 2025-11-18T02:20:02.000Z ##

CVE-2025-13305 - D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow https://cvefeed.io/vuln/detail/CVE-2025-13305

##

jos1264@social.skynetcloud.site at 2025-11-18T00:35:02.000Z ##

CVE-2025-13305 - D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow https://cvefeed.io/vuln/detail/CVE-2025-13305

##

cR0w@infosec.exchange at 2025-11-17T23:51:52.000Z ##

updated 2025-11-18T00:30:25

2 posts

A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An attacker can issue an api call to trigger this vulnerability.

updated 2025-11-17T18:30:30

2 posts

A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

jos1264@social.skynetcloud.site at 2025-11-17T16:30:03.000Z ##

CVE-2025-13288 - Tenda CH22 PPTPUserSetting fromPptpUserSetting buffer overflow https://cvefeed.io/vuln/detail/CVE-2025-13288

##

cR0w@infosec.exchange at 2025-11-17T16:07:32.000Z ##

D-Link

updated 2025-11-17T12:30:15

2 posts

Denial-of-service condition in M-Files Server versions before 25.11.15392.1 allows an authenticated user to cause the MFserver process to crash.

cR0w@infosec.exchange at 2025-11-17T14:48:53.000Z ##

updated 2025-11-17T09:30:31

2 posts

EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated remote attackers to send specific requests that result in denial of web service.

jos1264@social.skynetcloud.site at 2025-11-17T10:55:02.000Z ##

CVE-2025-13165 - Digiwin｜EasyFlow GP - Denial of service https://cvefeed.io/vuln/detail/CVE-2025-13165

##

jos1264@social.skynetcloud.site at 2025-11-17T07:35:02.000Z ##

CVE-2025-13165 - Digiwin｜EasyFlow GP - Denial of service https://cvefeed.io/vuln/detail/CVE-2025-13165

##

CVE-2025-13282
(8.1 HIGH)

EPSS: 0.21%

updated 2025-11-17T06:30:21

2 posts

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerabilit

updated 2025-11-17T03:30:27

2 posts

A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.

updated 2025-11-15T09:30:31

1 posts

updated 2025-11-15T09:30:31

2 posts

A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta. This issue affects the function soapcgi_main of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

jos1264@social.skynetcloud.site at 2025-11-15T11:00:02.000Z ##

CVE-2025-13191 - D-Link DIR-816L soap.cgi soapcgi_main stack-based overflow https://cvefeed.io/vuln/detail/CVE-2025-13191

##

jos1264@social.skynetcloud.site at 2025-11-15T09:40:02.000Z ##

CVE-2025-13191 - D-Link DIR-816L soap.cgi soapcgi_main stack-based overflow https://cvefeed.io/vuln/detail/CVE-2025-13191

##

CVE-2025-12849
(5.3 MEDIUM)

EPSS: 0.06%

updated 2025-11-15T09:30:31

1 posts

The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the `cg_check_wp_admin_upload_v10` AJAX action for both authenticated and unauthenticated users without implementing capability checks or nonce verification. This makes it possible for unauthenticated attackers to inject arbitrary WordPr

jos1264@social.skynetcloud.site at 2025-11-15T11:00:02.000Z ##

CVE-2025-12849 - Contest Gallery <= 28.0.2 - Missing Authorization https://cvefeed.io/vuln/detail/CVE-2025-12849

##

CVE-2025-13189
(8.8 HIGH)

EPSS: 0.04%

updated 2025-11-15T06:30:21

2 posts

A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The manipulation of the argument SERVER_ID/HTTP_SID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported b

updated 2025-11-15T02:09:31

1 posts

### Summary The functionality that inserts custom prompts into the chat window is vulnerable to DOM XSS when 'Insert Prompt as Rich Text' is enabled, since the prompt body is assigned to the DOM sink `.innerHtml` without sanitisation. Any user with permissions to create prompts can abuse this to plant a payload that could be triggered by other users if they run the corresponding `/` command to in

2 repos

https://github.com/B1ack4sh/Blackash-CVE-2025-64495

https://github.com/AlphabugX/CVE-2025-64495-POC

DarkWebInformer@infosec.exchange at 2025-11-17T18:45:56.000Z ##

🚨CVE-2025-64495: Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE

CVSS: 8.7

PoC & Advisory: https://github.com/open-webui/open-webui/security/advisories/GHSA-w7xj-8fx7-wfch

FOFA Query: app="Open-WebUI"

FOFA Results: 151,305

##

CVE-2025-13188
(9.8 CRITICAL)

EPSS: 0.13%

updated 2025-11-15T00:30:33

2 posts

A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no lo

1 repos

https://github.com/degeneration1973/CVE-2025-13188-Exploit

cR0w@infosec.exchange at 2025-11-17T16:07:32.000Z ##

D-Link

https://www.cve.org/CVERecord?id=CVE-2025-13188

Tenda

https://www.cve.org/CVERecord?id=CVE-2025-13288

cc: @Dio9sys @da_667

#internetOfShit

##

jos1264@social.skynetcloud.site at 2025-11-15T03:30:02.000Z ##

CVE-2025-13188 - D-Link DIR-816L authentication.cgi authenticationcgi_main stack-based overflow https://cvefeed.io/vuln/detail/CVE-2025-13188

##

CVE-2025-55034
(8.2 HIGH)

EPSS: 0.04%

updated 2025-11-15T00:30:33

1 posts

General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and login.

jos1264@social.skynetcloud.site at 2025-11-15T03:30:03.000Z ##

CVE-2025-55034 - General Industrial Controls Lynx+ Gateway Weak Password Requirements https://cvefeed.io/vuln/detail/CVE-2025-55034

##

CVE-2025-58083
(10.0 CRITICAL)

EPSS: 0.06%

updated 2025-11-15T00:30:32

2 posts

General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.

beyondmachines1@infosec.exchange at 2025-11-16T09:01:31.000Z ##

Critical vulneranilities reported in General Industrial Controls Lynx+ gateway

CISA reports multiple vulnerabilities in General Industrial Controls' Lynx+ Gateway including a critical flaw (CVE-2025-58083) allowing unauthenticated remote device reset and administrative takeover, along with weak password requirements, missing authentication, and cleartext credential transmission in versions R08, V03, V05, and V18. No vendor patches are available.

**If you have General Industrial Controls Lynx+ Gateway devices (versions R08, V03, V05, V18), make sure they are isolates from the internet and are only accessible from trusted networks using VPN for remote access. Since there are no patches available reach out to the vendor for advice. If they refuse to provide patches, actively monitor for unauthorized access or configuration changes and plan a replacement cycle.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulneranilities-reported-in-general-industrial-controls-lynx-gateway-7-f-u-l-m/gD2P6Ple2L

##

jos1264@social.skynetcloud.site at 2025-11-15T03:30:03.000Z ##

CVE-2025-58083 - General Industrial Controls Lynx+ Gateway Missing Authentication for Critical Function https://cvefeed.io/vuln/detail/CVE-2025-58083

##

CVE-2025-9317
(8.4 HIGH)

EPSS: 0.01%

updated 2025-11-15T00:30:32

2 posts

The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes.

updated 2025-11-14T18:31:46

7 posts

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

Nuclei template

8 repos

https://github.com/soltanali0/CVE-2025-64446-Exploit

https://github.com/fevar54/CVE-2025-64446-PoC---FortiWeb-Path-Traversal

https://github.com/D3crypT0r/CVE-2025-64446

https://github.com/sensepost/CVE-2025-64446

https://github.com/B1ack4sh/Blackash-CVE-2025-64446

https://github.com/lincemorado97/CVE-2025-64446

https://github.com/sxyrxyy/CVE-2025-64446-FortiWeb-CGI-Bypass-PoC

https://github.com/verylazytech/CVE-2025-64446

technadu@infosec.exchange at 2025-11-18T07:08:39.000Z ##

CISA has issued a 7-day patch directive for actively exploited Fortinet FortiWeb vulnerability CVE-2025-64446 (rated 9.1 critical).
Researchers have confirmed exploitation, and reports indicate a zero-day version was being sold on underground forums. Hundreds of vulnerable appliances are visible online.
Is this an example of a necessary emergency directive - or a sign that vendors need more transparent patch timelines?

💬 Share your thoughts.
👍 Follow us for more detailed, unbiased cybersecurity coverage.

#Infosec #CISA #Fortinet #CVE202564446 #ThreatHunting #VulnerabilityManagement #CybersecurityNews

##

sans_isc@infosec.exchange at 2025-11-18T02:34:54.000Z ##

Honeypot: FortiWeb CVE-2025-64446 Exploits https://isc.sans.edu/diary/32486

##

ljrk@todon.eu at 2025-11-17T10:41:58.000Z ##

Since @index only posts on X, here's the vid they posted from exploiting the recent FortiNet issue CVE-2025-64446

> another exploited in-the-wild FortiWeb vuln? It must be Thursday!

##

benzogaga33@mamot.fr at 2025-11-17T10:40:02.000Z ##

Fortinet confirme avoir patché une faille zero-day dans FortiWeb : CVE-2025-64446 https://www.it-connect.fr/fortinet-confirme-avoir-patche-une-faille-zero-day-dans-fortiweb-cve-2025-64446/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Fortinet

##

christopherkunz@chaos.social at 2025-11-17T07:37:35.000Z ##

updated 2025-11-03T18:32:46

2 posts

In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INT_MAX When sysctl_nr_open is set to a very high value (for example, 1073741816 as set by systemd), processes attempting to use file descriptors near the limit can trigger massive memory allocation attempts that exceed INT_MAX, resulting in a WARNING in mm/slub.c: WARNI

benc@mastodon.hawaga.org.uk at 2025-11-18T14:17:59.000Z ##

turns out yesterdays problem was systemd defines the value of #infinity and there is this CVE https://www.cve.org/CVERecord?id=CVE-2025-39756

##

benc@mastodon.hawaga.org.uk at 2025-11-18T14:17:59.000Z ##

turns out yesterdays problem was systemd defines the value of #infinity and there is this CVE https://www.cve.org/CVERecord?id=CVE-2025-39756

##

CVE-2025-24893
(9.8 CRITICAL)

EPSS: 94.15%

updated 2025-10-30T19:54:05

1 posts

### Impact Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%2

Nuclei template

39 repos

https://github.com/D3Ext/CVE-2025-24893

https://github.com/AliElKhatteb/CVE-2024-32019-POC

https://github.com/gunzf0x/CVE-2025-24893

https://github.com/IIIeJlyXaKapToIIIKu/CVE-2025-24893-XWiki-unauthenticated-RCE-via-SolrSearch

https://github.com/AliAmouz/CVE2025-24893

https://github.com/Kai7788/CVE-2025-24893-RCE-PoC

https://github.com/zs1n/CVE-2025-24893

https://github.com/Infinit3i/CVE-2025-24893

https://github.com/The-Red-Serpent/CVE-2025-24893

https://github.com/hackersonsteroids/cve-2025-24893

https://github.com/dollarboysushil/CVE-2025-24893-XWiki-Unauthenticated-RCE-Exploit-POC

https://github.com/dhiaZnaidi/CVE-2025-24893-PoC

https://github.com/Hex00-0x4/CVE-2025-24893-XWiki-RCE

https://github.com/Y2F05p2w/CVE-2025-24893

https://github.com/Retro023/CVE-2025-24893-POC

https://github.com/nopgadget/CVE-2025-24893

https://github.com/kimtangker/CVE-2025-24893

https://github.com/ibrahmsql/CVE-2025-24893

https://github.com/x0da6h/POC-for-CVE-2025-24893

https://github.com/80Ottanta80/CVE-2025-24893-PoC

https://github.com/investigato/cve-2025-24893-poc

https://github.com/b0ySie7e/CVE-2025-24893

https://github.com/B1ack4sh/Blackash-CVE-2025-24893

https://github.com/Bishben/xwiki-15.10.8-reverse-shell-cve-2025-24893

https://github.com/gotr00t0day/CVE-2025-24893

https://github.com/ibadovulfat/CVE-2025-24893_HackTheBox-Editor-Writeup

https://github.com/alaxar/CVE-2025-24893

https://github.com/Artemir7/CVE-2025-24893-EXP

https://github.com/AzureADTrent/CVE-2025-24893-Reverse-Shell

https://github.com/CMassa/CVE-2025-24893

https://github.com/rvizx/CVE-2025-24893

https://github.com/mah4nzfr/CVE-2025-24893

https://github.com/iSee857/CVE-2025-24893-PoC

https://github.com/Th3Gl0w/CVE-2025-24893-POC

https://github.com/torjan0/xwiki_solrsearch-rce-exploit

https://github.com/570RMBR3AK3R/xwiki-cve-2025-24893-poc

https://github.com/Yukik4z3/CVE-2025-24893

updated 2025-10-22T00:34:29

2 posts

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access

Nuclei template

5 repos

https://github.com/B1ack4sh/Blackash-CVE-2025-61884

https://github.com/AshrafZaryouh/CVE-2025-61884-At-a-Glance

https://github.com/siddu7575/CVE-2025-61882-CVE-2025-61884

https://github.com/pakagronglb/oracle-security-breaches-analysis-case-study

https://github.com/rxerium/CVE-2025-61882-CVE-2025-61884

technadu at 2025-11-18T11:21:07.127Z ##

Logitech confirms a data breach following CL0P’s claim. Attackers exploited a third-party zero-day tied to the broader Oracle EBS vulnerability campaign (CVE-2025-61884).

Limited employee, consumer & supplier data was exfiltrated, with no sensitive IDs or financial data affected. 🔗 https://www.technadu.com/logitech-confirms-data-breach-after-cl0p-ransomware-claim-impacting-employees-consumers-suppliers/613857/

#Infosec #Logitech #DataBreach #CL0P #ThreatIntel #ZeroDay #SupplyChainSecurity #IncidentResponse

##

technadu@infosec.exchange at 2025-11-18T11:21:07.000Z ##

Logitech confirms a data breach following CL0P’s claim. Attackers exploited a third-party zero-day tied to the broader Oracle EBS vulnerability campaign (CVE-2025-61884).

Limited employee, consumer & supplier data was exfiltrated, with no sensitive IDs or financial data affected. 🔗 https://www.technadu.com/logitech-confirms-data-breach-after-cl0p-ransomware-claim-impacting-employees-consumers-suppliers/613857/

#Infosec #Logitech #DataBreach #CL0P #ThreatIntel #ZeroDay #SupplyChainSecurity #IncidentResponse

##

CVE-2025-61882
(9.8 CRITICAL)

EPSS: 80.76%

updated 2025-10-22T00:34:29

3 posts

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concu

Nuclei template

12 repos

https://github.com/MindflareX/CVE-2025-61882-POC

https://github.com/AshrafZaryouh/CVE-2025-61882-Executive-Summary

https://github.com/BattalionX/http-oracle-ebs-cve-2025-61882.nse

https://github.com/Sachinart/CVE-2025-61882

https://github.com/watchtowrlabs/watchTowr-vs-Oracle-E-Business-Suite-CVE-2025-61882

https://github.com/AdityaBhatt3010/CVE-2025-61882-Oracle-E-Business-Suite-Pre-Auth-RCE-Exploit

https://github.com/zerozenxlabs/CVE-2025-61882-Oracle-EBS

https://github.com/RootAid/CVE-2025-61882

https://github.com/B1ack4sh/Blackash-CVE-2025-61882

https://github.com/siddu7575/CVE-2025-61882-CVE-2025-61884

https://github.com/rxerium/CVE-2025-61882-CVE-2025-61884

https://github.com/GhoStZA-debug/CVE-2025-61882

pentesttools@infosec.exchange at 2025-11-17T13:52:36.000Z ##

🚨 Old vuln, fresh damage - attackers hit Oracle EBS again.

Cl0p just listed nearly 30 new victims, from major companies to universities.
They use CVE-2025-61882, a pre-auth RCE in Oracle E-Business Suite (12.2.3 → 12.2.14) with a CVSS ≈ 9.8.

It’s already on CISA’s KEV list and spreading fast.

Here’s what most security teams face:
🚩 Patching doesn’t prove you’re safe.
🚩 Banner scans miss real exposure.
🚩 You need proof of exploitability, not assumptions.

Use Pentest-Tools.com to stay ahead:
✅ Detect Oracle EBS servers exposed to this RCE with the Network Scanner.
✅ Recreate the attack safely in Sniper: Auto-Exploiter to confirm impact.
✅ Verify your fixes and make sure no asset stays vulnerable.

No noise. No guesswork. Just proof.
Old vulns still do new damage - if you let them.

🔎 CVE-2025-61882 specs: https://pentest-tools.com/vulnerabilities-exploits/oracle-e-business-suite-remote-code-execution_28103
🗞️ Read the news: https://www.securityweek.com/nearly-30-alleged-victims-of-oracle-ebs-hack-named-on-cl0p-ransomware-site/

#infosec #cybersecurity #offensivesecurity #ransomware #incidentresponse

##

beyondmachines1@infosec.exchange at 2025-11-16T20:01:31.000Z ##

NHS investigating potential breach after ransomware group claims breach of Oracle E-Business Suite

The UK's National Health Service is investigating a potential breach after the Cl0p ransomware group claimed to have exploited CVE-2025-61882, a critical unauthenticated remote code execution vulnerability in Oracle's E-Business Suite. The attack is part of a broader campaign affecting over 40 organizations since October. The NHS has not yet confirmed whether any data was stolen.

****
#cybersecurity #infosec #incident #ransomware
https://beyondmachines.net/event_details/nhs-investigating-potential-breach-after-ransomware-group-claims-breach-of-oracle-e-business-suite-q-e-4-y-n/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2025-11-15T14:01:31.000Z ##

Logitech confirms data breach caused by the breach of Oracle E-Business Suite by Clop ransomware gang

Logitech reports a data breach caused by the Clop ransomware gang exploiting a critical Oracle E-Business Suite zero-day vulnerability (CVE-2025-61882 that enables remote code execution. The breach resulted in the theft of approximately 1.8 terabytes of data. The Swiss technology company is among approximately 30 organizations compromised in Clop's widespread Oracle EBS exploitation campaign, which also impacted Harvard University, The Washington Post, and multiple major corporations.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/logitech-confirms-data-breach-caused-by-the-breach-of-oracle-e-business-suite-by-clop-ransomware-gang-f-a-2-p-e/gD2P6Ple2L

##

CVE-2025-48530
(8.1 HIGH)

EPSS: 0.19%

updated 2025-09-05T19:10:37.743000

1 posts

In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. This could lead to remote code execution in combination with other bugs, with no additional execution privileges needed. User interaction is not needed for exploitation.

technadu@infosec.exchange at 2025-11-17T11:33:25.000Z ##

Rust continues to reshape Android’s security posture.

Google reports memory-safety bugs are now under 20%, backed by:
• 1000× reduction in memory-safety bug density vs C/C++
• 4× fewer rollbacks
• Faster reviews + fewer revisions
• Rust moving deeper into kernel, firmware & Android’s security-sensitive apps
A recent “near-miss” RCE (CVE-2025-48530) in unsafe Rust was mitigated by Scudo before reaching public release.

Thoughts from the AppSec community?
Follow @technadu for more unbiased cybersecurity reporting.

#RustLang #MemorySafety #AndroidSecurity #AppSec #InfoSec #DevSecOps #SecureCoding #TechNadu

##

CVE-2025-24799
(7.5 HIGH)

EPSS: 67.79%

updated 2025-07-31T18:45:03.050000

1 posts

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.

Nuclei template

5 repos

https://github.com/MatheuZSecurity/Exploit-CVE-2025-24799

https://github.com/Rosemary1337/CVE-2025-24799

https://github.com/airbus-cert/CVE-2025-24799-scanner

https://github.com/MuhammadWaseem29/CVE-2025-24799

https://github.com/nak000/CVE-2025-24799-sqli

beyondmachines1@infosec.exchange at 2025-11-17T19:01:32.000Z ##

Eurofiber France reports data breach exposing data of 3,600+ organizations

Eurofiber France, a major fiber optic infrastructure provider, suffered a data breach after attackers exploited SQL injection vulnerabilities (CVE-2024-29889 and CVE-2025-24799) in outdated GLPI software to steal approximately 10,000 password hashes, SSH keys, VPN configurations, API credentials, and sensitive infrastructure data affecting roughly 3,600 customers including critical European organizations like Airbus, Thales, French government agencies, and major banks.

**If you are a user of Eurofiber, time to reset ALL credentials related to your Eurofiber hosting. And start a very deep internal audit, since your credentials may have already been compromised and used to breach your organization.**
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/eurofiber-france-reports-data-breach-exposing-data-of-3600-organizations-6-9-4-b-q/gD2P6Ple2L

##

CVE-2020-5248
(7.2 HIGH)

EPSS: 2.84%

updated 2024-11-21T05:33:45.710000

1 posts

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data must be reencrypted with the new key. Problem is we can not know which columns or rows in the database ar

CVE-2025-13310 - Apache HTTP Server Unauthenticated Remote Code Execution https://cvefeed.io/vuln/detail/CVE-2025-13310

##

CVE-2025-13245(3.5 LOW)

EPSS: 0.03%

CVE-2025-13243(6.3 MEDIUM)

EPSS: 0.03%

CVE-2025-13241(7.3 HIGH)

EPSS: 0.03%

CVE-2025-13237(7.3 HIGH)

EPSS: 0.03%

CVE-2025-13235(7.3 HIGH)

EPSS: 0.03%

CVE-2025-13232(3.5 LOW)

EPSS: 0.03%

CVE-2025-13210(4.7 MEDIUM)

EPSS: 0.03%

CVE-2025-13202(3.5 LOW)

EPSS: 0.03%

CVE-2025-6171(5.3 MEDIUM)

EPSS: 0.01%

CVE-2025-11865(4.3 MEDIUM)

EPSS: 0.01%

CVE-2025-13190(8.8 HIGH)

EPSS: 0.04%

CVE-2025-8994(6.5 MEDIUM)

EPSS: 0.02%

CVE-2025-64309(8.6 HIGH)

EPSS: 0.04%

CVE-2021-4470(0 None)

EPSS: 0.37%

CVE-2025-9501(9.0 CRITICAL)

EPSS: 0.83%

CVE-2025-13223(8.8 HIGH)

EPSS: 0.07%

CVE-2025-41349(0 None)

EPSS: 0.22%

CVE-2025-6670(8.8 HIGH)

EPSS: 0.02%

CVE-2025-13345(6.3 MEDIUM)

EPSS: 0.03%

CVE-2025-41348(0 None)

EPSS: 0.03%

CVE-2025-41737(7.5 HIGH)

EPSS: 0.03%

CVE-2025-41736(8.8 HIGH)

EPSS: 0.25%

CVE-2025-52578(5.7 MEDIUM)

EPSS: 0.02%

CVE-2025-8693(8.8 HIGH)

EPSS: 0.32%

CVE-2025-13228(8.8 HIGH)

EPSS: 0.07%

CVE-2025-6599(5.3 MEDIUM)

EPSS: 0.04%

CVE-2025-13306(6.3 MEDIUM)

EPSS: 0.43%

CVE-2025-31649(8.7 HIGH)

EPSS: 0.01%

CVE-2025-13304(8.8 HIGH)

EPSS: 0.25%

CVE-2025-36460(7.3 HIGH)

EPSS: 0.01%

CVE-2025-36357(8.0 HIGH)

EPSS: 0.06%

CVE-2025-34323(0 None)

EPSS: 0.01%

CVE-2025-4321(0 None)

EPSS: 0.02%

CVE-2025-13285(7.3 HIGH)

EPSS: 0.03%

CVE-2025-13278(6.3 MEDIUM)

EPSS: 0.03%

CVE-2025-40936(7.8 HIGH)

EPSS: 0.01%

CVE-2025-13274(6.3 MEDIUM)

EPSS: 0.03%

CVE-2025-65073(7.5 HIGH)

EPSS: 0.03%

CVE-2025-13267(6.3 MEDIUM)

EPSS: 0.03%

CVE-2025-13284(9.8 CRITICAL)

EPSS: 0.44%

CVE-2025-13245
(3.5 LOW)

CVE-2025-13243
(6.3 MEDIUM)

CVE-2025-13241
(7.3 HIGH)

CVE-2025-13237
(7.3 HIGH)

CVE-2025-13235
(7.3 HIGH)

CVE-2025-13232
(3.5 LOW)

CVE-2025-13210
(4.7 MEDIUM)

CVE-2025-13202
(3.5 LOW)

CVE-2025-6171
(5.3 MEDIUM)

CVE-2025-11865
(4.3 MEDIUM)

CVE-2025-13190
(8.8 HIGH)

CVE-2025-8994
(6.5 MEDIUM)

CVE-2025-64309
(8.6 HIGH)

CVE-2021-4470
(0 None)

CVE-2025-9501
(9.0 CRITICAL)

CVE-2025-13223
(8.8 HIGH)

CVE-2025-41349
(0 None)

CVE-2025-6670
(8.8 HIGH)

CVE-2025-13345
(6.3 MEDIUM)

CVE-2025-41348
(0 None)

CVE-2025-41737
(7.5 HIGH)

CVE-2025-41736
(8.8 HIGH)

CVE-2025-52578
(5.7 MEDIUM)

CVE-2025-8693
(8.8 HIGH)

CVE-2025-13228
(8.8 HIGH)

CVE-2025-6599
(5.3 MEDIUM)

CVE-2025-13306
(6.3 MEDIUM)

CVE-2025-31649
(8.7 HIGH)

CVE-2025-13304
(8.8 HIGH)

CVE-2025-36460
(7.3 HIGH)

CVE-2025-36357
(8.0 HIGH)

CVE-2025-34323
(0 None)

CVE-2025-4321
(0 None)

CVE-2025-13285
(7.3 HIGH)

CVE-2025-13278
(6.3 MEDIUM)

CVE-2025-40936
(7.8 HIGH)

CVE-2025-13274
(6.3 MEDIUM)

CVE-2025-65073
(7.5 HIGH)

CVE-2025-13267
(6.3 MEDIUM)

CVE-2025-13284
(9.8 CRITICAL)

CVE-2025-13266
(5.3 MEDIUM)

CVE-2025-13262
(7.3 HIGH)

CVE-2025-13256
(6.3 MEDIUM)

CVE-2025-13254
(6.3 MEDIUM)

CVE-2025-13251
(6.3 MEDIUM)

CVE-2025-13247
(7.3 HIGH)

CVE-2025-48593
(8.0 HIGH)

CVE-2025-13343
(3.5 LOW)

CVE-2025-13344
(7.3 HIGH)

CVE-2025-41735
(8.8 HIGH)

CVE-2025-41734
(9.8 CRITICAL)

CVE-2025-41733
(9.8 CRITICAL)

CVE-2025-12639
(4.3 MEDIUM)

CVE-2025-12088
(6.4 MEDIUM)

CVE-2025-13069
(8.8 HIGH)

CVE-2025-13133
(6.6 MEDIUM)

CVE-2025-12391
(5.3 MEDIUM)

CVE-2025-12457
(6.4 MEDIUM)

CVE-2025-12691
(6.4 MEDIUM)

CVE-2025-12392
(5.3 MEDIUM)

CVE-2025-12481
(4.3 MEDIUM)

CVE-2025-12079
(6.1 MEDIUM)

CVE-2025-40549
(9.1 CRITICAL)

CVE-2025-40548
(9.1 CRITICAL)

CVE-2025-40547
(9.1 CRITICAL)

CVE-2025-52457
(5.7 MEDIUM)

CVE-2025-12974
(8.1 HIGH)

CVE-2025-64734
(2.4 LOW)

CVE-2025-13230
(8.8 HIGH)

CVE-2025-13229
(8.8 HIGH)

CVE-2025-13227
(8.8 HIGH)

CVE-2025-13226
(8.8 HIGH)

CVE-2025-13224
(8.8 HIGH)

CVE-2025-12792
(3.2 LOW)