| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-53933 | 8.8 | 0.27% | 1 | 0 | 2025-12-24T16:52:17.043000 | Serendipity 2.4.0 contains a remote code execution vulnerability that allows aut | |
| CVE-2025-14879 | 9.8 | 0.06% | 2 | 0 | 2025-12-24T15:19:01.640000 | A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown f | |
| CVE-2025-14878 | 9.8 | 0.06% | 2 | 0 | 2025-12-24T15:18:36.810000 | A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unk | |
| CVE-2025-64465 | 7.8 | 0.02% | 1 | 0 | 2025-12-24T15:11:06.627000 | There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR() | |
| CVE-2025-64469 | 7.8 | 0.02% | 1 | 0 | 2025-12-24T15:09:34.350000 | There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile: | |
| CVE-2025-14900 | 4.7 | 0.03% | 1 | 0 | 2025-12-24T15:01:29.060000 | A security vulnerability has been detected in CodeAstro Real Estate Management S | |
| CVE-2023-52163 | 8.8 | 21.42% | 4 | 0 | 2025-12-24T11:36:59.630000 | Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injectio | |
| CVE-2025-47372 | 9.0 | 0.02% | 1 | 0 | 2025-12-24T00:31:18 | Memory Corruption when a corrupted ELF image with an oversized file size is read | |
| CVE-2025-15046 | 9.8 | 0.09% | 1 | 0 | 2025-12-24T00:30:29 | A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is | |
| CVE-2025-15048 | 7.3 | 1.54% | 1 | 0 | 2025-12-23T23:15:44.167000 | A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown | |
| CVE-2025-15047 | 9.8 | 0.09% | 1 | 0 | 2025-12-23T22:15:51.860000 | A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown funct | |
| CVE-2025-14926 | 7.8 | 0.07% | 1 | 0 | 2025-12-23T21:30:41 | Hugging Face Transformers SEW convert_config Code Injection Remote Code Executio | |
| CVE-2025-14930 | 7.8 | 0.21% | 1 | 0 | 2025-12-23T21:30:41 | Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Exe | |
| CVE-2025-14927 | 7.8 | 0.07% | 1 | 0 | 2025-12-23T21:30:41 | Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execut | |
| CVE-2025-14922 | 7.8 | 0.21% | 1 | 0 | 2025-12-23T21:30:41 | Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Ex | |
| CVE-2025-14920 | 7.8 | 0.21% | 1 | 0 | 2025-12-23T21:30:41 | Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remo | |
| CVE-2025-14931 | 10.0 | 1.40% | 1 | 0 | 2025-12-23T21:30:41 | Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data | |
| CVE-2025-15045 | 9.8 | 0.09% | 1 | 0 | 2025-12-23T21:30:41 | A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknow | |
| CVE-2025-15044 | 9.8 | 0.09% | 1 | 0 | 2025-12-23T21:30:41 | A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown fun | |
| CVE-2025-14921 | 7.8 | 0.21% | 1 | 0 | 2025-12-23T21:30:40 | Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data | |
| CVE-2025-14928 | 7.8 | 0.07% | 1 | 0 | 2025-12-23T21:30:40 | Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execu | |
| CVE-2025-14925 | 7.8 | 0.21% | 1 | 1 | 2025-12-23T21:30:40 | Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution | |
| CVE-2025-14924 | 7.8 | 0.21% | 1 | 0 | 2025-12-23T21:30:40 | Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote | |
| CVE-2025-29228 | 9.8 | 0.27% | 1 | 0 | 2025-12-23T21:30:28 | Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClo | |
| CVE-2025-14929 | 7.8 | 0.21% | 1 | 0 | 2025-12-23T21:15:48.240000 | Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrus | |
| CVE-2025-45493 | 6.5 | 2.71% | 1 | 0 | 2025-12-23T18:30:35 | Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface param | |
| CVE-2025-50526 | 9.8 | 0.29% | 1 | 0 | 2025-12-23T18:30:35 | Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerab | |
| CVE-2025-68381 | 6.5 | 0.05% | 1 | 0 | 2025-12-23T17:42:32.230000 | Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated | |
| CVE-2025-13941 | 8.8 | 0.01% | 1 | 0 | 2025-12-23T17:35:55.073000 | A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor | |
| CVE-2025-66520 | 6.3 | 0.03% | 1 | 0 | 2025-12-23T17:33:58.673000 | A stored cross-site scripting (XSS) vulnerability exists in the Portfolio featur | |
| CVE-2025-68475 | 7.5 | 0.08% | 1 | 0 | 2025-12-23T16:01:13 | Hi Fedify team! 👋 Thank you for your work on Fedify—it's a fantastic library fo | |
| CVE-2025-14964 | 9.8 | 0.08% | 1 | 0 | 2025-12-23T14:52:09.593000 | A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affe | |
| CVE-2025-68613 | 9.9 | 0.22% | 3 | 12 | template | 2025-12-23T14:51:52.650000 | n8n is an open source workflow automation platform. Versions starting with 0.211 |
| CVE-2025-65857 | 7.5 | 0.03% | 1 | 1 | 2025-12-23T14:51:52.650000 | An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.00080 | |
| CVE-2025-14299 | 0 | 0.06% | 1 | 0 | 2025-12-23T14:51:52.650000 | The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length h | |
| CVE-2025-46295 | 9.8 | 0.33% | 1 | 0 | 2025-12-23T14:50:09.840000 | Apache Commons Text versions prior to 1.10.0 included interpolation features tha | |
| CVE-2025-37164 | 10.0 | 77.21% | 5 | 2 | template | 2025-12-23T12:15:45.053000 | A remote code execution issue exists in HPE OneView. |
| CVE-2023-53974 | 7.5 | 0.12% | 1 | 0 | 2025-12-23T00:30:38 | D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability th | |
| CVE-2025-3699 | 9.8 | 0.17% | 1 | 0 | 2025-12-23T00:15:43.540000 | Missing Authentication for Critical Function vulnerability in Mitsubishi Electri | |
| CVE-2025-14882 | None | 0.04% | 1 | 0 | 2025-12-20T17:41:17 | An API endpoint allowed access to sensitive files from other users by knowing th | |
| CVE-2025-14881 | None | 0.04% | 1 | 0 | 2025-12-20T17:39:03 | Multiple API endpoints allowed access to sensitive files from other users by kno | |
| CVE-2025-63389 | None | 0.30% | 1 | 0 | 2025-12-20T05:37:50 | A critical authentication bypass vulnerability exists in Ollama platform's API e | |
| CVE-2025-68398 | 9.1 | 0.15% | 1 | 0 | 2025-12-20T05:26:43 | ### Impact It was possible to overwrite Git configuration remotely and override | |
| CVE-2025-68129 | 6.8 | 0.06% | 1 | 0 | 2025-12-20T05:14:17 | ### Description In applications built with the Auth0-PHP SDK, the audience valid | |
| CVE-2025-8065 | None | 0.02% | 1 | 0 | 2025-12-20T03:31:40 | A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. | |
| CVE-2025-14300 | None | 0.04% | 1 | 0 | 2025-12-20T03:31:40 | The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper a | |
| CVE-2025-63390 | 5.3 | 0.06% | 1 | 0 | 2025-12-20T00:31:32 | An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the / | |
| CVE-2025-68161 | None | 0.04% | 2 | 0 | 2025-12-19T22:08:03 | The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does | |
| CVE-2025-14733 | 9.8 | 30.80% | 7 | 3 | 2025-12-19T21:30:19 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remot | |
| CVE-2025-34436 | 8.8 | 0.10% | 1 | 0 | 2025-12-19T21:30:17 | AVideo versions prior to 20.0 allow any authenticated user to upload files into | |
| CVE-2025-34437 | 8.8 | 0.10% | 1 | 0 | 2025-12-19T19:15:51.223000 | AVideo versions prior to 20.1 permit any authenticated user to upload comment im | |
| CVE-2025-10910 | 0 | 0.19% | 2 | 0 | 2025-12-19T19:15:47.710000 | A flaw in the binding process of Govee’s cloud platform and devices allows a rem | |
| CVE-2025-65567 | 7.5 | 0.05% | 1 | 0 | 2025-12-19T18:32:20 | A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface comp | |
| CVE-2025-65565 | 7.5 | 0.06% | 1 | 0 | 2025-12-19T18:32:19 | A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface comp | |
| CVE-2025-65564 | 7.5 | 0.06% | 1 | 0 | 2025-12-19T18:32:19 | A denial-of-service vulnerability exists in the omec-upf (upf-epc-pfcpiface) in | |
| CVE-2025-52692 | 8.8 | 0.01% | 1 | 0 | 2025-12-19T18:31:18 | Successful exploitation of the vulnerability could allow an attacker with local | |
| CVE-2025-65568 | 7.5 | 0.05% | 1 | 0 | 2025-12-19T18:15:50.713000 | A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface comp | |
| CVE-2025-41697 | 6.8 | 0.02% | 1 | 0 | 2025-12-19T18:12:09.187000 | An attacker can use an undocumented UART port on the PCB as a side-channel to | |
| CVE-2025-41694 | 6.5 | 0.11% | 1 | 0 | 2025-12-19T18:12:00.187000 | A low privileged remote attacker can run the webshell with an empty command cont | |
| CVE-2025-14847 | 7.5 | 0.03% | 5 | 0 | 2025-12-19T18:00:18.330000 | Mismatched length fields in Zlib compressed protocol headers may allow a read of | |
| CVE-2025-66908 | 5.3 | 0.04% | 1 | 0 | 2025-12-19T18:00:18.330000 | Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file t | |
| CVE-2025-66909 | 7.5 | 0.08% | 1 | 0 | 2025-12-19T18:00:18.330000 | Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompres | |
| CVE-2025-1885 | 5.4 | 0.03% | 1 | 0 | 2025-12-19T18:00:18.330000 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Restajet In | |
| CVE-2025-11747 | 6.4 | 0.03% | 1 | 0 | 2025-12-19T18:00:18.330000 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site | |
| CVE-2025-65041 | 10.0 | 0.08% | 2 | 0 | 2025-12-19T18:00:18.330000 | Improper authorization in Microsoft Partner Center allows an unauthorized attack | |
| CVE-2025-64677 | 8.2 | 0.07% | 1 | 0 | 2025-12-19T18:00:18.330000 | Improper neutralization of input during web page generation ('cross-site scripti | |
| CVE-2025-34452 | 0 | 0.42% | 1 | 0 | 2025-12-19T18:00:18.330000 | Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a com | |
| CVE-2025-67745 | 7.1 | 0.02% | 1 | 0 | 2025-12-19T18:00:18.330000 | MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting | |
| CVE-2025-64236 | 9.8 | 0.09% | 1 | 0 | 2025-12-19T18:00:18.330000 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Amento | |
| CVE-2025-41749 | 7.1 | 0.09% | 1 | 0 | 2025-12-19T16:46:12.343000 | An XSS vulnerability in port_util.php can be used by an unauthenticated remote a | |
| CVE-2025-41748 | 7.1 | 0.09% | 1 | 0 | 2025-12-19T16:45:58.910000 | An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remot | |
| CVE-2025-41752 | 7.1 | 0.09% | 1 | 0 | 2025-12-19T16:45:51.260000 | An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote | |
| CVE-2025-1928 | 9.1 | 0.05% | 1 | 0 | 2025-12-19T15:31:25 | Improper Restriction of Excessive Authentication Attempts vulnerability in Resta | |
| CVE-2025-1927 | 7.1 | 0.01% | 1 | 0 | 2025-12-19T12:31:33 | Cross-Site Request Forgery (CSRF) vulnerability in Restajet Information Technolo | |
| CVE-2025-66522 | 6.3 | 0.03% | 1 | 0 | 2025-12-19T09:30:40 | A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs func | |
| CVE-2025-14151 | 6.1 | 0.09% | 1 | 0 | 2025-12-19T09:30:39 | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site S | |
| CVE-2025-66521 | 6.3 | 0.02% | 1 | 0 | 2025-12-19T09:30:39 | A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com | |
| CVE-2025-68490 | None | 0.00% | 1 | 0 | 2025-12-19T06:30:34 | Rejected reason: Not used | |
| CVE-2025-68489 | None | 0.00% | 1 | 0 | 2025-12-19T06:30:34 | Rejected reason: Not used | |
| CVE-2025-68487 | None | 0.00% | 1 | 0 | 2025-12-19T06:30:34 | Rejected reason: Not used | |
| CVE-2025-68491 | 0 | 0.00% | 1 | 0 | 2025-12-19T04:16:02.150000 | Rejected reason: Not used | |
| CVE-2025-68488 | 0 | 0.00% | 1 | 0 | 2025-12-19T04:16:01.953000 | Rejected reason: Not used | |
| CVE-2025-11774 | 8.3 | 0.03% | 2 | 0 | 2025-12-19T03:31:23 | Improper Neutralization of Special Elements used in an OS Command ('OS Command I | |
| CVE-2025-14908 | 6.3 | 0.06% | 1 | 0 | 2025-12-19T03:31:23 | A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected eleme | |
| CVE-2025-14899 | 4.7 | 0.03% | 1 | 0 | 2025-12-19T03:31:23 | A weakness has been identified in CodeAstro Real Estate Management System 1.0. T | |
| CVE-2025-67843 | 8.3 | 0.23% | 1 | 0 | 2025-12-19T03:31:18 | A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engin | |
| CVE-2025-64675 | 8.3 | 0.06% | 1 | 0 | 2025-12-19T00:31:52 | Improper neutralization of input during web page generation ('cross-site scripti | |
| CVE-2025-68382 | 6.5 | 0.05% | 1 | 0 | 2025-12-19T00:31:47 | Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perfor | |
| CVE-2025-65037 | 10.0 | 0.10% | 1 | 0 | 2025-12-19T00:31:47 | Improper control of generation of code ('code injection') in Azure Container App | |
| CVE-2025-64663 | 10.0 | 0.06% | 1 | 0 | 2025-12-19T00:31:47 | Custom Question Answering Elevation of Privilege Vulnerability | |
| CVE-2025-13427 | None | 0.14% | 1 | 0 | 2025-12-19T00:31:46 | An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger a | |
| CVE-2025-64676 | 7.2 | 0.10% | 1 | 0 | 2025-12-19T00:31:46 | '.../...//' in Microsoft Purview allows an authorized attacker to execute code o | |
| CVE-2025-68463 | 4.9 | 0.04% | 1 | 0 | 2025-12-18T22:16:30 | Bio.Entrez in Biopython through 1.86 allows doctype XXE. | |
| CVE-2025-53000 | None | 0.02% | 1 | 0 | 2025-12-18T22:03:09 | ### Summary On Windows, converting a notebook containing SVG output to a PDF re | |
| CVE-2025-64374 | 10.0 | 0.05% | 1 | 0 | 2025-12-18T21:32:49 | Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes | |
| CVE-2025-14739 | None | 0.02% | 1 | 0 | 2025-12-18T21:31:50 | Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allo | |
| CVE-2025-66397 | 8.3 | 0.04% | 1 | 0 | 2025-12-18T19:07:25.637000 | ChurchCRM is an open-source church management system. Prior to version 6.5.3, th | |
| CVE-2025-14884 | 7.2 | 0.27% | 2 | 0 | 2025-12-18T18:30:38 | A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue | |
| CVE-2025-14896 | 7.5 | 0.04% | 1 | 0 | 2025-12-18T18:30:37 | due to insufficient sanitazation in Vega’s `convert()` function when `safeMode` | |
| CVE-2025-14738 | None | 0.07% | 1 | 0 | 2025-12-18T18:30:37 | Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows | |
| CVE-2025-14737 | None | 0.73% | 1 | 0 | 2025-12-18T18:30:37 | Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authen | |
| CVE-2025-63391 | 7.5 | 0.10% | 1 | 0 | 2025-12-18T18:30:37 | An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 in the /api | |
| CVE-2025-68275 | 4.8 | 0.03% | 1 | 0 | 2025-12-18T18:27:40.170000 | ChurchCRM is an open-source church management system. Versions prior to 6.5.3 ha | |
| CVE-2025-68399 | 5.4 | 0.03% | 1 | 0 | 2025-12-18T16:47:11.970000 | ChurchCRM is an open-source church management system. In versions prior to 6.5.4 | |
| CVE-2025-59374 | 9.8 | 35.96% | 5 | 0 | 2025-12-18T15:42:03.790000 | "UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were | |
| CVE-2025-20393 | 10.0 | 7.05% | 11 | 4 | 2025-12-18T15:41:16.840000 | Cisco is aware of a potential vulnerability. Cisco is currently investigat | |
| CVE-2025-64466 | 7.8 | 0.02% | 1 | 0 | 2025-12-18T15:30:52 | There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedPro | |
| CVE-2025-64468 | 7.8 | 0.02% | 1 | 0 | 2025-12-18T15:30:51 | There is a use-after-free vulnerability in sentry!sentry_span_set_data() when pa | |
| CVE-2025-13110 | 4.3 | 0.03% | 1 | 0 | 2025-12-18T15:30:51 | The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is | |
| CVE-2025-14618 | 4.3 | 0.03% | 1 | 0 | 2025-12-18T15:30:51 | The Sweet Energy Efficiency plugin for WordPress is vulnerable to unauthorized a | |
| CVE-2025-65007 | None | 0.05% | 1 | 0 | 2025-12-18T15:30:51 | In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of | |
| CVE-2025-64467 | 7.8 | 0.02% | 1 | 0 | 2025-12-18T15:30:45 | There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsr | |
| CVE-2025-14277 | 4.3 | 0.03% | 1 | 0 | 2025-12-18T15:30:43 | The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Se | |
| CVE-2025-68459 | 7.2 | 0.24% | 2 | 0 | 2025-12-18T15:07:42.550000 | RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networ | |
| CVE-2025-68462 | 3.2 | 0.02% | 1 | 0 | 2025-12-18T15:07:42.550000 | Freedombox before 25.17.1 does not set proper permissions for the backups-data d | |
| CVE-2025-12885 | 6.4 | 0.03% | 1 | 0 | 2025-12-18T15:07:42.550000 | The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for | |
| CVE-2025-14202 | 0 | 0.05% | 2 | 0 | 2025-12-18T15:07:42.550000 | A vulnerability in the file upload at bookmark + asset rendering pipeline allows | |
| CVE-2025-68435 | 9.1 | 0.09% | 2 | 0 | 2025-12-18T15:07:42.550000 | Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19. | |
| CVE-2025-14437 | 7.5 | 0.08% | 1 | 0 | 2025-12-18T15:07:18.427000 | The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Info | |
| CVE-2025-40602 | 6.6 | 1.86% | 3 | 2 | 2025-12-18T12:30:33 | A local privilege escalation vulnerability due to insufficient authorization in | |
| CVE-2025-47387 | 7.8 | 0.02% | 1 | 0 | 2025-12-18T06:30:19 | Memory Corruption when processing IOCTLs for JPEG data without verification. | |
| CVE-2025-47382 | 7.8 | 0.02% | 1 | 0 | 2025-12-18T06:30:19 | Memory corruption while loading an invalid firmware in boot loader. | |
| CVE-2025-14856 | 6.3 | 0.05% | 1 | 0 | 2025-12-18T03:30:18 | A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The a | |
| CVE-2025-14841 | 3.3 | 0.01% | 1 | 0 | 2025-12-18T03:30:18 | A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the fu | |
| CVE-2025-14837 | 4.7 | 0.05% | 1 | 0 | 2025-12-18T00:34:16 | A vulnerability has been found in ZZCMS 2025. Affected by this issue is the func | |
| CVE-2025-67073 | 9.8 | 0.20% | 1 | 0 | 2025-12-17T21:30:56 | A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in | |
| CVE-2025-59718 | 9.8 | 5.95% | 3 | 2 | 2025-12-17T13:54:45.390000 | A improper verification of cryptographic signature vulnerability in Fortinet For | |
| CVE-2025-68154 | 8.1 | 0.06% | 1 | 0 | 2025-12-16T22:37:26 | ## Summary The `fsSize()` function in `systeminformation` is vulnerable to **OS | |
| CVE-2025-68260 | None | 0.02% | 3 | 0 | 2025-12-16T15:30:56 | In the Linux kernel, the following vulnerability has been resolved: rust_binder | |
| CVE-2025-59719 | 9.8 | 0.07% | 2 | 0 | 2025-12-09T18:30:52 | An improper verification of cryptographic signature vulnerability in Fortinet Fo | |
| CVE-2025-41746 | 7.1 | 0.09% | 1 | 0 | 2025-12-09T18:30:45 | An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated rem | |
| CVE-2025-41745 | 7.1 | 0.09% | 1 | 0 | 2025-12-09T18:30:44 | An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remo | |
| CVE-2025-41696 | 4.6 | 0.02% | 1 | 0 | 2025-12-09T18:30:44 | An attacker can use an undocumented UART port on the PCB as a side-channel with | |
| CVE-2025-41750 | 7.1 | 0.09% | 1 | 0 | 2025-12-09T18:30:44 | An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote | |
| CVE-2025-41751 | 7.1 | 0.09% | 1 | 0 | 2025-12-09T18:30:44 | An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remot | |
| CVE-2025-41695 | 7.1 | 0.09% | 1 | 0 | 2025-12-09T18:30:44 | An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote at | |
| CVE-2025-41747 | 7.1 | 0.09% | 1 | 0 | 2025-12-09T18:30:44 | An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated re | |
| CVE-2025-41692 | 6.8 | 0.02% | 1 | 0 | 2025-12-09T18:30:43 | A high privileged remote attacker with admin privileges for the webUI can brute- | |
| CVE-2025-41693 | 4.3 | 0.23% | 1 | 0 | 2025-12-09T18:30:43 | A low privileged remote attacker can use the ssh feature to execute commands dir | |
| CVE-2025-55182 | 10.0 | 46.72% | 3 | 100 | template | 2025-12-09T16:53:25 | ### Impact There is an unauthenticated remote code execution vulnerability in R |
| CVE-2025-37899 | 7.8 | 0.01% | 1 | 2 | 2025-12-07T00:30:55 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix | |
| CVE-2025-66471 | None | 0.02% | 1 | 0 | 2025-12-05T18:33:09 | ### Impact urllib3's [streaming API](https://urllib3.readthedocs.io/en/2.5.0/ad | |
| CVE-2025-65945 | 7.5 | 0.01% | 1 | 1 | 2025-12-04T22:50:04 | ### Overview An improper signature verification vulnerability exists when using | |
| CVE-2025-34352 | None | 0.02% | 1 | 0 | 2025-12-02T21:31:37 | JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninsta | |
| CVE-2025-40300 | None | 0.06% | 1 | 0 | 2025-11-17T18:30:25 | In the Linux kernel, the following vulnerability has been resolved: x86/vmscape | |
| CVE-2025-7962 | 7.5 | 0.01% | 1 | 0 | 2025-11-13T18:36:55.173000 | In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing th | |
| CVE-2025-63666 | 9.8 | 0.09% | 1 | 1 | 2025-11-13T18:31:03 | Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the | |
| CVE-2025-11953 | 9.8 | 0.49% | 1 | 3 | 2025-11-13T16:25:27 | The Metro Development Server, which is opened by the React Native CLI, binds to | |
| CVE-2025-9242 | 9.8 | 73.45% | 1 | 2 | template | 2025-11-13T15:31:32 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remot |
| CVE-2025-12480 | 9.1 | 78.02% | 1 | 0 | template | 2025-11-12T15:32:32 | Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access |
| CVE-2025-59287 | 9.8 | 75.42% | 1 | 21 | template | 2025-11-12T14:33:19.727000 | Deserialization of untrusted data in Windows Server Update Service allows an una |
| CVE-2025-53057 | 5.9 | 0.09% | 1 | 0 | 2025-11-03T18:32:51 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Ente | |
| CVE-2025-53066 | 7.5 | 0.09% | 1 | 0 | 2025-11-03T18:16:57.227000 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Ente | |
| CVE-2019-10758 | 9.9 | 94.36% | 1 | 3 | template | 2025-10-27T17:12:23.890000 | mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints |
| CVE-2025-31324 | 10.0 | 40.17% | 1 | 19 | template | 2025-10-22T00:34:21 | SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper a |
| CVE-2025-23006 | 9.8 | 56.66% | 1 | 0 | 2025-10-22T00:34:17 | Pre-authentication deserialization of untrusted data vulnerability has been iden | |
| CVE-2024-53704 | 9.8 | 93.97% | 1 | 1 | template | 2025-10-22T00:34:16 | An Improper Authentication vulnerability in the SSLVPN authentication mechanism |
| CVE-2025-50165 | 9.8 | 3.84% | 1 | 1 | 2025-08-12T18:31:39 | Untrusted pointer dereference in Microsoft Graphics Component allows an unauthor | |
| CVE-2025-25231 | 7.5 | 10.75% | 1 | 1 | template | 2025-08-11T21:31:39 | Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerabil |
| CVE-2025-24294 | 7.5 | 0.04% | 1 | 0 | 2025-07-16T14:15:23.037000 | The attack vector is a potential Denial of Service (DoS). The vulnerability is c | |
| CVE-2025-30026 | None | 0.03% | 1 | 0 | 2025-07-11T06:30:36 | The AXIS Camera Station Server had a flaw that allowed to bypass authentication | |
| CVE-2025-30023 | 9.1 | 1.92% | 1 | 0 | 2025-07-11T06:30:36 | The communication protocol used between client and server had a flaw that could | |
| CVE-2025-6514 | 9.7 | 0.73% | 1 | 2 | 2025-07-09T18:08:46 | mcp-remote is exposed to OS command injection when connecting to untrusted MCP s | |
| CVE-2025-49146 | 8.2 | 0.01% | 1 | 0 | 2025-06-11T16:17:03 | ### Impact When the PostgreSQL JDBC driver is configured with channel binding se | |
| CVE-2025-5516 | 2.4 | 0.05% | 1 | 0 | 2025-06-03T18:30:53 | A vulnerability, which was classified as problematic, was found in TOTOLINK X200 | |
| CVE-2025-5499 | 7.3 | 0.11% | 1 | 0 | 2025-06-03T15:31:27 | A vulnerability classified as critical has been found in slackero phpwcms up to | |
| CVE-2025-29970 | 7.8 | 0.07% | 1 | 0 | 2025-05-19T14:20:49.300000 | Use after free in Microsoft Brokering File System allows an authorized attacker | |
| CVE-2025-2039 | 4.7 | 0.10% | 2 | 3 | 2025-05-13T20:57:18.117000 | A vulnerability classified as critical has been found in code-projects Blood Ban | |
| CVE-2025-32210 | 6.5 | 0.04% | 1 | 0 | 2025-04-10T09:30:32 | Missing Authorization vulnerability in CreativeMindsSolutions CM Registration an | |
| CVE-2024-44067 | 8.4 | 0.04% | 1 | 0 | 2024-08-20T21:31:36 | The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in | |
| CVE-2025-3716 | 0 | 0.00% | 2 | 2 | N/A | ||
| CVE-2026-00001 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-66209 | 0 | 0.57% | 1 | 1 | N/A | ||
| CVE-2025-14269 | 0 | 0.00% | 1 | 1 | N/A | ||
| CVE-2025-14282 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-66387 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-66478 | 0 | 0.00% | 1 | 100 | N/A | ||
| CVE-2025-63821 | 0 | 0.00% | 1 | 1 | N/A | ||
| CVE-2025-63820 | 0 | 0.00% | 1 | 1 | N/A | ||
| CVE-2025-66029 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2025-68434 | 0 | 0.07% | 1 | 1 | N/A | ||
| CVE-2025-68147 | 0 | 0.03% | 1 | 1 | N/A | ||
| CVE-2025-68401 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2025-68400 | 0 | 0.03% | 1 | 0 | N/A |
updated 2025-12-24T16:52:17.043000
1 posts
CVE-2023-53933 - Serendipity 2.4.0 Authenticated Remote Code Execution via File Upload https://cvefeed.io/vuln/detail/CVE-2023-53933
##updated 2025-12-24T15:19:01.640000
2 posts
CVE-2025-14879 - Tenda WH450 HTTP Request onSSIDChange stack-based overflow https://cvefeed.io/vuln/detail/CVE-2025-14879
##Tenda
https://www.cve.org/CVERecord?id=CVE-2025-14879
D-Link
##updated 2025-12-24T15:18:36.810000
2 posts
CVE-2025-14878 - Tenda WH450 HTTP Request wirelessRestart stack-based overflow https://cvefeed.io/vuln/detail/CVE-2025-14878
##Tenda
##updated 2025-12-24T15:11:06.627000
1 posts
CVE-2025-64465 - Out-of-Bounds Read in lvre!DataSizeTDR() in NI LabVIEW https://cvefeed.io/vuln/detail/CVE-2025-64465
##updated 2025-12-24T15:09:34.350000
1 posts
CVE-2025-64469 - Stack-based Buffer Overflow in LVResource::DetachResource() in NI LabVIEW https://cvefeed.io/vuln/detail/CVE-2025-64469
##updated 2025-12-24T15:01:29.060000
1 posts
CVE-2025-14900 - CodeAstro Real Estate Management System Administrator Endpoint userdelete.php sql injection https://cvefeed.io/vuln/detail/CVE-2025-14900
##updated 2025-12-24T11:36:59.630000
4 posts
CISA reports actively exploted flaw in Digiever Network Video Recorder
CISA warns of active exploitation of CVE-2023-52163, a missing authorization vulnerability in Digiever DS-2105 Pro network video recorders that allows authenticated attackers to execute arbitrary commands and is being weaponized by Mirai-style botnets targeting IoT devices.
**If you have Digiever DS-2105 Pro network video recorders, make sure they are isolated from the internet and ensure they're only accessible from trusted internal networks. Since this device is end-of-life, there are no security patches for this flaw and is being actively exploited, plan to replace it as soon as possible. Until it's replaced keep it completely isolated behind strict network segmentation.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisa-reports-actively-exploted-flaw-in-digiever-network-video-recorder-p-u-l-4-1/gD2P6Ple2L
🚨 CISA has added on vulnerability to the KEV Catalog
CVE-2023-52163: Digiever DS-2105 Pro Missing Authorization Vulnerability
CVSS: 5.9
https://darkwebinformer.com/cisa-kev-catalog/
Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
##CVE ID: CVE-2023-52163
Vendor: Digiever
Product: DS-2105 Pro
Date Added: 2025-12-22
Notes: https://www.digiever.com/tw/support/faq-content.php?FAQ=217 ; https://nvd.nist.gov/vuln/detail/CVE-2023-52163
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2023-52163
CISA has added one vulnerability to the KEV catalogue.
CVE-2023-52163: Digiever DS-2105 Pro Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-52163 #CISA #vulnerability #infosec
##updated 2025-12-24T00:31:18
1 posts
CVE-2025-47372 - Buffer Copy Without Checking Size of Input in Boot https://cvefeed.io/vuln/detail/CVE-2025-47372
##updated 2025-12-24T00:30:29
1 posts
updated 2025-12-23T23:15:44.167000
1 posts
updated 2025-12-23T22:15:51.860000
1 posts
updated 2025-12-23T21:30:41
1 posts
Go hack more AI shit. 🥳
https://www.cve.org/CVERecord?id=CVE-2025-14920
https://www.cve.org/CVERecord?id=CVE-2025-14921
https://www.cve.org/CVERecord?id=CVE-2025-14922
https://www.cve.org/CVERecord?id=CVE-2025-14924
https://www.cve.org/CVERecord?id=CVE-2025-14925
https://www.cve.org/CVERecord?id=CVE-2025-14926
https://www.cve.org/CVERecord?id=CVE-2025-14927
https://www.cve.org/CVERecord?id=CVE-2025-14928
https://www.cve.org/CVERecord?id=CVE-2025-14929
##updated 2025-12-23T21:30:41
1 posts
Go hack more AI shit. 🥳
https://www.cve.org/CVERecord?id=CVE-2025-14920
https://www.cve.org/CVERecord?id=CVE-2025-14921
https://www.cve.org/CVERecord?id=CVE-2025-14922
https://www.cve.org/CVERecord?id=CVE-2025-14924
https://www.cve.org/CVERecord?id=CVE-2025-14925
https://www.cve.org/CVERecord?id=CVE-2025-14926
https://www.cve.org/CVERecord?id=CVE-2025-14927
https://www.cve.org/CVERecord?id=CVE-2025-14928
https://www.cve.org/CVERecord?id=CVE-2025-14929
##updated 2025-12-23T21:30:41
1 posts
Go hack more AI shit. 🥳
https://www.cve.org/CVERecord?id=CVE-2025-14920
https://www.cve.org/CVERecord?id=CVE-2025-14921
https://www.cve.org/CVERecord?id=CVE-2025-14922
https://www.cve.org/CVERecord?id=CVE-2025-14924
https://www.cve.org/CVERecord?id=CVE-2025-14925
https://www.cve.org/CVERecord?id=CVE-2025-14926
https://www.cve.org/CVERecord?id=CVE-2025-14927
https://www.cve.org/CVERecord?id=CVE-2025-14928
https://www.cve.org/CVERecord?id=CVE-2025-14929
##updated 2025-12-23T21:30:41
1 posts
Go hack more AI shit. 🥳
https://www.cve.org/CVERecord?id=CVE-2025-14920
https://www.cve.org/CVERecord?id=CVE-2025-14921
https://www.cve.org/CVERecord?id=CVE-2025-14922
https://www.cve.org/CVERecord?id=CVE-2025-14924
https://www.cve.org/CVERecord?id=CVE-2025-14925
https://www.cve.org/CVERecord?id=CVE-2025-14926
https://www.cve.org/CVERecord?id=CVE-2025-14927
https://www.cve.org/CVERecord?id=CVE-2025-14928
https://www.cve.org/CVERecord?id=CVE-2025-14929
##updated 2025-12-23T21:30:41
1 posts
Go hack more AI shit. 🥳
https://www.cve.org/CVERecord?id=CVE-2025-14920
https://www.cve.org/CVERecord?id=CVE-2025-14921
https://www.cve.org/CVERecord?id=CVE-2025-14922
https://www.cve.org/CVERecord?id=CVE-2025-14924
https://www.cve.org/CVERecord?id=CVE-2025-14925
https://www.cve.org/CVERecord?id=CVE-2025-14926
https://www.cve.org/CVERecord?id=CVE-2025-14927
https://www.cve.org/CVERecord?id=CVE-2025-14928
https://www.cve.org/CVERecord?id=CVE-2025-14929
##updated 2025-12-23T21:30:41
1 posts
Go hack more AI shit. 🥳
https://www.cve.org/CVERecord?id=CVE-2025-14920
https://www.cve.org/CVERecord?id=CVE-2025-14921
https://www.cve.org/CVERecord?id=CVE-2025-14922
https://www.cve.org/CVERecord?id=CVE-2025-14924
https://www.cve.org/CVERecord?id=CVE-2025-14925
https://www.cve.org/CVERecord?id=CVE-2025-14926
https://www.cve.org/CVERecord?id=CVE-2025-14927
https://www.cve.org/CVERecord?id=CVE-2025-14928
https://www.cve.org/CVERecord?id=CVE-2025-14929
##updated 2025-12-23T21:30:41
1 posts
updated 2025-12-23T21:30:41
1 posts
updated 2025-12-23T21:30:40
1 posts
Go hack more AI shit. 🥳
https://www.cve.org/CVERecord?id=CVE-2025-14920
https://www.cve.org/CVERecord?id=CVE-2025-14921
https://www.cve.org/CVERecord?id=CVE-2025-14922
https://www.cve.org/CVERecord?id=CVE-2025-14924
https://www.cve.org/CVERecord?id=CVE-2025-14925
https://www.cve.org/CVERecord?id=CVE-2025-14926
https://www.cve.org/CVERecord?id=CVE-2025-14927
https://www.cve.org/CVERecord?id=CVE-2025-14928
https://www.cve.org/CVERecord?id=CVE-2025-14929
##updated 2025-12-23T21:30:40
1 posts
Go hack more AI shit. 🥳
https://www.cve.org/CVERecord?id=CVE-2025-14920
https://www.cve.org/CVERecord?id=CVE-2025-14921
https://www.cve.org/CVERecord?id=CVE-2025-14922
https://www.cve.org/CVERecord?id=CVE-2025-14924
https://www.cve.org/CVERecord?id=CVE-2025-14925
https://www.cve.org/CVERecord?id=CVE-2025-14926
https://www.cve.org/CVERecord?id=CVE-2025-14927
https://www.cve.org/CVERecord?id=CVE-2025-14928
https://www.cve.org/CVERecord?id=CVE-2025-14929
##updated 2025-12-23T21:30:40
1 posts
1 repos
Go hack more AI shit. 🥳
https://www.cve.org/CVERecord?id=CVE-2025-14920
https://www.cve.org/CVERecord?id=CVE-2025-14921
https://www.cve.org/CVERecord?id=CVE-2025-14922
https://www.cve.org/CVERecord?id=CVE-2025-14924
https://www.cve.org/CVERecord?id=CVE-2025-14925
https://www.cve.org/CVERecord?id=CVE-2025-14926
https://www.cve.org/CVERecord?id=CVE-2025-14927
https://www.cve.org/CVERecord?id=CVE-2025-14928
https://www.cve.org/CVERecord?id=CVE-2025-14929
##updated 2025-12-23T21:30:40
1 posts
Go hack more AI shit. 🥳
https://www.cve.org/CVERecord?id=CVE-2025-14920
https://www.cve.org/CVERecord?id=CVE-2025-14921
https://www.cve.org/CVERecord?id=CVE-2025-14922
https://www.cve.org/CVERecord?id=CVE-2025-14924
https://www.cve.org/CVERecord?id=CVE-2025-14925
https://www.cve.org/CVERecord?id=CVE-2025-14926
https://www.cve.org/CVERecord?id=CVE-2025-14927
https://www.cve.org/CVERecord?id=CVE-2025-14928
https://www.cve.org/CVERecord?id=CVE-2025-14929
##updated 2025-12-23T21:30:28
1 posts
updated 2025-12-23T21:15:48.240000
1 posts
Go hack more AI shit. 🥳
https://www.cve.org/CVERecord?id=CVE-2025-14920
https://www.cve.org/CVERecord?id=CVE-2025-14921
https://www.cve.org/CVERecord?id=CVE-2025-14922
https://www.cve.org/CVERecord?id=CVE-2025-14924
https://www.cve.org/CVERecord?id=CVE-2025-14925
https://www.cve.org/CVERecord?id=CVE-2025-14926
https://www.cve.org/CVERecord?id=CVE-2025-14927
https://www.cve.org/CVERecord?id=CVE-2025-14928
https://www.cve.org/CVERecord?id=CVE-2025-14929
##updated 2025-12-23T18:30:35
1 posts
updated 2025-12-23T18:30:35
1 posts
updated 2025-12-23T17:42:32.230000
1 posts
CVE-2025-68381 - Packetbeat Improper Bounds Check https://cvefeed.io/vuln/detail/CVE-2025-68381
##updated 2025-12-23T17:35:55.073000
1 posts
CVE-2025-13941 - Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-13941
##updated 2025-12-23T17:33:58.673000
1 posts
CVE-2025-66520 - Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Portfolio SVG Handling https://cvefeed.io/vuln/detail/CVE-2025-66520
##updated 2025-12-23T16:01:13
1 posts
updated 2025-12-23T14:52:09.593000
1 posts
updated 2025-12-23T14:51:52.650000
3 posts
12 repos
https://github.com/Ashwesker/Blackash-CVE-2025-68613
https://github.com/intbjw/CVE-2025-68613-poc-via-copilot
https://github.com/intelligent-ears/CVE-2025-68613
https://github.com/rxerium/CVE-2025-68613
https://github.com/secjoker/CVE-2025-68613
https://github.com/GnuTLam/POC-CVE-2025-68613
https://github.com/ali-py3/Exploit-CVE-2025-68613
https://github.com/r4j3sh-com/CVE-2025-68613-n8n-lab
https://github.com/manyaigdtuw/CVE-2025-68613_Scanner
https://github.com/nehkark/CVE-2025-68613
si vous utilisez n8n… ⚠️
Une vulnérabilité critique ( CVE-2025-68613 ) permet à un utilisateur connecté de détourner un workflow pour exécuter des commandes sur le serveur qui héberge n8n.
Concrètement, une automatisation mal conçue (ou malveillante) peut sortir du cadre prévu et donner accès au système :
données manipulées par les workflows
modification ou suppression des automatisations
et potentiellement contrôle complet du serveur
La faille touche de nombreuses versions (depuis 0.211.0) et est très sévère, surtout si n8n est exposé à Internet ou utilisé par plusieurs personnes.
✅ Solution : mettre à jour rapidement vers les versions corrigées (≥ 1.120.4 / 1.121.1 / 1.122.0).
En attendant, restreignez au maximum les droits de création/édition des workflows
👉 Si n8n est critique dans votre infra, c’est une priorité de sécurité.
"Remote Code Execution via Expression Injection "
👇
https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
🔍
⬇️
https://github.com/rxerium/CVE-2025-68613
🔍
⬇️
"n8n CVE-2025-68613 RCE Exploitation: A Detailed Guide"
👇
https://blog.securelayer7.net/cve-2025-68613-n8n-rce-exploitation/
@cR0w well there WAS this... https://nvd.nist.gov/vuln/detail/CVE-2025-68613
##Critical remote code execution flaw reported in n8n workflow automation platform
n8n's workflow automation platform reports a critical vulnerability (CVE-2025-68613, CVSS 10.0) allowing authenticated attackers to execute arbitrary code with full system privileges, potentially exposing sensitive workflows, API credentials, and corporate networks.
**If you're running self-hosted n8n, plan a quick upgrade to version 1.120.4, 1.121.1, or 1.122.0 to patch CVE-2025-68613. Until you upgrade, restrict workflow editing permissions to fully trusted users only.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-reported-in-n8n-workflow-automation-platform-m-b-x-5-d/gD2P6Ple2L
updated 2025-12-23T14:51:52.650000
1 posts
1 repos
updated 2025-12-23T14:51:52.650000
1 posts
updated 2025-12-23T14:50:09.840000
1 posts
Critical remote code execution flaw reported in Apache Commons Text library
Apache Commons Text versions prior to 1.10.0 contain a critical remote code execution vulnerability (CVE-2025-46295,) that allows attackers to inject malicious code through the text-substitution API when processing untrusted input. The flaw was patched in late 2022 but is not updated in many deployed applications.
**If you use Apache Commons Text in your Java applications, check your version immediately and upgrade to at least version 1.10.0 (or preferably 1.15.0). Thi flaw allows remote code execution, so treat this update as very important. Exploits will start soon.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-reported-in-apache-commons-text-library-d-k-v-h-p/gD2P6Ple2L
updated 2025-12-23T12:15:45.053000
5 posts
2 repos
⚪ Critical RCE Bug Patched in HPE OneView
🗨️ Hewlett Packard Enterprise (HPE) developers have released patches for a critical remote code execution vulnerability discovered in the OneView IT infrastructure management software. The issue is tracked as CVE-2025-37164 (a maximum score of 10.0 on the CVSS scale) and can be exploited without authen…
##⚪ Critical RCE Bug Patched in HPE OneView
🗨️ Hewlett Packard Enterprise (HPE) developers have released patches for a critical remote code execution vulnerability discovered in the OneView IT infrastructure management software. The issue is tracked as CVE-2025-37164 (a maximum score of 10.0 on the CVSS scale) and can be exploited without authen…
##@christopherkunz yeah... Rapid7 have a write up, I'd love to know how HPE ended up adding this feature https://www.rapid7.com/blog/post/etr-cve-2025-37164-critical-unauthenticated-rce-affecting-hewlett-packard-enterprise-oneview/
##HPE OneView CVE-2025-37164 worth paying attention to
- Widely used enterprise management software
- HPE added a REST command, executeCommand, which requires no authentication to execute commands. Obviously, this is dumb and now patched out
- Being on OneView allows attacker to access VMware, 3PAR storage etc by design
- Expect exploitation in the wild as it's so simple
- The vulnerability (executeCommand) was introduced around 2020, feels like a vulndoor
Shodan dork: product:"HPE OneView"
##Critical remote code execution flaw reported in HPE OneView
HPE OneView has a critical unauthenticated remote code execution vulnerability (CVE-2025-37164) with a maximum CVSS score of 10.0, affecting all versions prior to 11.00. HPE has released version 11.00 as a patch and provides hotfixes for older versions to address this severe security flaw.
**Make sure all HPE OneView systems are isolated from the internet and accessible only from trusted networks. Reach out to HPE for details and plan a quick upgrade to version 11.00 or apply the appropriate hotfix for your current version (5.20-10.20).**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-reported-in-hpe-oneview-b-i-c-y-p/gD2P6Ple2L
updated 2025-12-23T00:30:38
1 posts
updated 2025-12-23T00:15:43.540000
1 posts
Critical authentication bypass flaw reported in Mitsubishi Electric air conditioning systems
Mitsubishi Electric disclosed a critical authentication bypass vulnerability (CVE-2025-3699) affecting multiple commercial air conditioning system models, allowing remote attackers to gain unauthorized control, manipulate operations, and potentially disrupt critical facilities like data centers and hospitals.
**If you have Mitsubishi Electric air conditioning systems review this advisory in detail to check if your system is affected. Make sure that the isolate the HVAC from the internet and ensure they're only accessible from trusted internal networks or through VPN. Since most models won't receive security fixes, network isolation is your primary protection.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaw-reported-in-mitsubishi-electric-air-conditioning-systems-g-j-c-h-u/gD2P6Ple2L
updated 2025-12-20T17:41:17
1 posts
CVE-2025-14882 - Insecure direct object reference https://cvefeed.io/vuln/detail/CVE-2025-14882
##updated 2025-12-20T17:39:03
1 posts
CVE-2025-14881 - Insecure direct object reference https://cvefeed.io/vuln/detail/CVE-2025-14881
##updated 2025-12-20T05:37:50
1 posts
Go hack more AI shit.
https://www.cve.org/CVERecord?id=CVE-2025-63389
##A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.
updated 2025-12-20T05:26:43
1 posts
CVE-2025-68398 - Weblate has git config file overwrite vulnerability that leads to remote code execution https://cvefeed.io/vuln/detail/CVE-2025-68398
##updated 2025-12-20T05:14:17
1 posts
CVE-2025-68129 - Auth0-PHP SDK has Improper Audience Validation https://cvefeed.io/vuln/detail/CVE-2025-68129
##updated 2025-12-20T03:31:40
1 posts
updated 2025-12-20T03:31:40
1 posts
updated 2025-12-20T00:31:32
1 posts
updated 2025-12-19T22:08:03
2 posts
1000 yard stare
##For my fellow Log4j victims celebrating 4 years #log4shell PTSD: CVE-2025-68161
"The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName configuration attribute or the log4j2.sslVerifyHostName system property is set to true."
https://logging.apache.org/security.html#CVE-2025-68161
(It's not that terrible. Seeing the string "log4j" just makes me twitch. :-)
##updated 2025-12-19T21:30:19
7 posts
3 repos
https://github.com/Ashwesker/Blackash-CVE-2025-14733
🚨 CISA has added 1 vulnerability to the KEV Catalog
CVE-2025-14733: WatchGuard Firebox Out of Bounds Write Vulnerability
CVSS: 9.3
##CVE ID: CVE-2025-14733
Vendor: WatchGuard
Product: Firebox
Date Added: 2025-12-19
Notes: Check for signs of potential compromise on all internet accessible instances after applying mitigations. For more information please see: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027 ; https://nvd.nist.gov/vuln/detail/CVE-2025-14733
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-14733
Critical actively exploited flaw in WatchGuard Fireware OS enables remote code execution through VPN service
WatchGuard patched a critical vulnerability (CVE-2025-14733) in Fireware OS that allows remote unauthenticated attackers to execute arbitrary code on devices with IKEv2 VPN configurations. The flaw is actively being exploited in the wild.
**If you have WatchGuard Firebox firewalls, you are under attack. Make a very quick update to the latest security updates from WatchGuard. After patching, change all passwords and security keys stored on the device, especially if you've ever used IKEv2 VPN configurations (even if now deleted). Old settings can still leave your firewall vulnerable.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-flaw-in-watchguard-fireware-os-enables-remote-code-execution-through-vpn-service-n-s-w-d-7/gD2P6Ple2L
Analysis of CVE-2025-14733, a critical WatchGuard Firebox security vulnerability. Learn why unauthenticated RCE persists even after deleting vulnerable VPN configurations.
#SecurityLand #CyberWatch #ZeroDay #Watchguard #SecurityVulnerability #Firewall #CVE
Read More: https://www.security.land/watchguard-cve-2025-14733-critical-vulnerability-analysis/
##Hackers can now take over WatchGuard Firebox firewalls with zero passwords needed, putting entire networks at risk. Is your organization’s gateway already compromised?
##CVE-2025-14733 - WatchGuard Firebox iked Out of Bounds Write Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-14733
##CVE-2025-14733 - WatchGuard Firebox iked Out of Bounds Write Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-14733
##updated 2025-12-19T21:30:17
1 posts
CVE-2025-34436 - AVideo < 20.0 IDOR Arbitrary File Upload https://cvefeed.io/vuln/detail/CVE-2025-34436
##updated 2025-12-19T19:15:51.223000
1 posts
CVE-2025-34437 - AVideo < 20.0 IDOR Arbitrary Comment Image Upload https://cvefeed.io/vuln/detail/CVE-2025-34437
##updated 2025-12-19T19:15:47.710000
2 posts
CVE-2025-10910 - Gaining remote control over Govee devices https://cvefeed.io/vuln/detail/CVE-2025-10910
##https://cert.pl/en/posts/2025/12/CVE-2025-10910/
##A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to bind an existing, online Govee device to the attacker’s account, resulting in full control of the device and removal of the device from its legitimate owner’s account.
updated 2025-12-19T18:32:20
1 posts
CVE-2025-65567 - OmeC-Project UPF Denial-of-Service Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-65567
##updated 2025-12-19T18:32:19
1 posts
CVE-2025-65565 - "OmeC-Project UPF pfcpiface Denial-of-Service Vulnerability" https://cvefeed.io/vuln/detail/CVE-2025-65565
##updated 2025-12-19T18:32:19
1 posts
CVE-2025-65564 - OmeC UPF Denial-of-Service Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-65564
##updated 2025-12-19T18:31:18
1 posts
CVE-2025-52692 - Bypass Authentication https://cvefeed.io/vuln/detail/CVE-2025-52692
##updated 2025-12-19T18:15:50.713000
1 posts
CVE-2025-65568 - OmeC-Project UPF pfcpiface Denial-of-Service Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-65568
##updated 2025-12-19T18:12:09.187000
1 posts
Phoenix Contact
CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, CVE-2025-41745, CVE-2025-41746, CVE-2025-41747, CVE-2025-41748, CVE-2025-41749, CVE-2025-41750, CVE-2025-41751, CVE-2025-41752
##updated 2025-12-19T18:12:00.187000
1 posts
Phoenix Contact
CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, CVE-2025-41745, CVE-2025-41746, CVE-2025-41747, CVE-2025-41748, CVE-2025-41749, CVE-2025-41750, CVE-2025-41751, CVE-2025-41752
##updated 2025-12-19T18:00:18.330000
5 posts
RE: https://infosec.exchange/@BleepingComputer/115774980868695049
So slopmachines are writing articles BleepingComputer now?
1) CVE-2025-14847 is not an RCE, it’s memory disclosure at best
2) CVE-2019-10758 is not mongodb vuln, it’s fucking 3rd party “MongoDB Admin GUI” application
Like everything in this article is a lie and no amount of substances would explain this. Only plausible explanation is llm?
Fuck, what sources you can somewhat trust now, without non-stop fact checking?
##🚨 CVE-2025-14847: Critical Unauthenticated MongoDB RCE Heap Memory Leak Exposes Sensitive Data
CVSS: 8.7
Vulnerable versions include:
▪️MongoDB 3.6.x
▪️MongoDB 4.0.x
▪️MongoDB 4.2.x
▪️MongoDB 4.4.x ≤ 4.4.29
▪️MongoDB 5.0.x ≤ 5.0.31
▪️MongoDB 6.0.x ≤ 6.0.26
▪️MongoDB 7.0.x ≤ 7.0.26
▪️MongoDB 8.0.x ≤ 8.0.16
▪️MongoDB 8.2.x ≤ 8.2.2
Fixed versions:
▪️4.4.30
▪️5.0.32
▪️6.0.27
▪️7.0.28
▪️8.0.17
▪️8.2.3
https://www.upwind.io/feed/cve-2025-14847-mongodb-zlib-memory-disclosure
##A single bug in MongoDB now lets hackers take over servers with just one packet—no password needed. Is your data at risk? Find out how this flaw could impact thousands of organizations and what you can do about it.
##A single bug in MongoDB is letting hackers take over servers without a password and attacks are already underway. Is your data safe? Find out what you need to know before it is too late
##🚨 CVE-2025-14847: Critical Unauthenticated MongoDB RCE Heap Memory Leak Exposes Sensitive Data
CVSS: 8.7
Vulnerable versions include:
▪️MongoDB 3.6.x
▪️MongoDB 4.0.x
▪️MongoDB 4.2.x
▪️MongoDB 4.4.x ≤ 4.4.29
▪️MongoDB 5.0.x ≤ 5.0.31
▪️MongoDB 6.0.x ≤ 6.0.26
▪️MongoDB 7.0.x ≤ 7.0.26
▪️MongoDB 8.0.x ≤ 8.0.16
▪️MongoDB 8.2.x ≤ 8.2.2
Fixed versions:
▪️4.4.30
▪️5.0.32
▪️6.0.27
▪️7.0.28
▪️8.0.17
▪️8.2.3
https://www.upwind.io/feed/cve-2025-14847-mongodb-zlib-memory-disclosure
##updated 2025-12-19T18:00:18.330000
1 posts
updated 2025-12-19T18:00:18.330000
1 posts
updated 2025-12-19T18:00:18.330000
1 posts
CVE-2025-1885 - Open Redirect in Restajet's Online Food Delivery System https://cvefeed.io/vuln/detail/CVE-2025-1885
##updated 2025-12-19T18:00:18.330000
1 posts
CVE-2025-11747 - Colibri Page Builder <= 1.0.345 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode https://cvefeed.io/vuln/detail/CVE-2025-11747
##updated 2025-12-19T18:00:18.330000
2 posts
🚨 CRITICAL vuln: CVE-2025-65041 in Microsoft Partner Center enables unauthenticated remote privilege escalation (CVSS 10). No patch yet—segment networks, enforce MFA, and monitor for abuse. Stay updated! https://radar.offseq.com/threat/cve-2025-65041-cwe-285-improper-authorization-in-m-738f9e8a #OffSeq #Microsoft #CloudSecurity #CVE2025_65041
##CVE-2025-65041 - Microsoft Partner Center Elevation of Privilege Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-65041
##updated 2025-12-19T18:00:18.330000
1 posts
CVE-2025-64677 - Office Out-of-Box Experience Spoofing Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-64677
##updated 2025-12-19T18:00:18.330000
1 posts
CVE-2025-34452 - Streama Subtitle Download Path Traversal and SSRF Leading to Arbitrary File Write https://cvefeed.io/vuln/detail/CVE-2025-34452
##updated 2025-12-19T18:00:18.330000
1 posts
CVE-2025-67745 - Myhoard logs backup encryption key in plain text https://cvefeed.io/vuln/detail/CVE-2025-67745
##updated 2025-12-19T18:00:18.330000
1 posts
CVE-2025-64236 - WordPress Tuturn plugin < 3.6 - Broken Authentication vulnerability https://cvefeed.io/vuln/detail/CVE-2025-64236
##updated 2025-12-19T16:46:12.343000
1 posts
Phoenix Contact
CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, CVE-2025-41745, CVE-2025-41746, CVE-2025-41747, CVE-2025-41748, CVE-2025-41749, CVE-2025-41750, CVE-2025-41751, CVE-2025-41752
##updated 2025-12-19T16:45:58.910000
1 posts
Phoenix Contact
CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, CVE-2025-41745, CVE-2025-41746, CVE-2025-41747, CVE-2025-41748, CVE-2025-41749, CVE-2025-41750, CVE-2025-41751, CVE-2025-41752
##updated 2025-12-19T16:45:51.260000
1 posts
Phoenix Contact
CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, CVE-2025-41745, CVE-2025-41746, CVE-2025-41747, CVE-2025-41748, CVE-2025-41749, CVE-2025-41750, CVE-2025-41751, CVE-2025-41752
##updated 2025-12-19T15:31:25
1 posts
CVE-2025-1928 - Improper Authentication in Restajet's Online Food Delivery System https://cvefeed.io/vuln/detail/CVE-2025-1928
##updated 2025-12-19T12:31:33
1 posts
CVE-2025-1927 - CSRF in Restajet's Online Food Delivery System https://cvefeed.io/vuln/detail/CVE-2025-1927
##updated 2025-12-19T09:30:40
1 posts
CVE-2025-66522 - Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Digital IDs Common Name Field https://cvefeed.io/vuln/detail/CVE-2025-66522
##updated 2025-12-19T09:30:39
1 posts
CVE-2025-14151 - SlimStat Analytics <= 5.3.2 - Unauthenticated Stored Cross-Site Scripting https://cvefeed.io/vuln/detail/CVE-2025-14151
##updated 2025-12-19T09:30:39
1 posts
CVE-2025-66521 - Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Trusted Certificates Feature https://cvefeed.io/vuln/detail/CVE-2025-66521
##updated 2025-12-19T06:30:34
1 posts
CVE-2025-68490 - Apache HTTP Server Cross-Site Request Forgery https://cvefeed.io/vuln/detail/CVE-2025-68490
##updated 2025-12-19T06:30:34
1 posts
CVE-2025-68489 - Apache HTTP Server Cross-Site Request Forgery https://cvefeed.io/vuln/detail/CVE-2025-68489
##updated 2025-12-19T06:30:34
1 posts
CVE-2025-68487 - Apache HTTP Server Cross-Site Request Forgery https://cvefeed.io/vuln/detail/CVE-2025-68487
##updated 2025-12-19T04:16:02.150000
1 posts
CVE-2025-68491 - Apache HTTP Server Buffer Overflow Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-68491
##updated 2025-12-19T04:16:01.953000
1 posts
CVE-2025-68488 - Apache HTTP Server Authentication Bypass https://cvefeed.io/vuln/detail/CVE-2025-68488
##updated 2025-12-19T03:31:23
2 posts
CVE-2025-11774 - Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suite, Mobile HMI, and MC Works64 https://cvefeed.io/vuln/detail/CVE-2025-11774
##CVE-2025-11774 - Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suite, Mobile HMI, and MC Works64 https://cvefeed.io/vuln/detail/CVE-2025-11774
##updated 2025-12-19T03:31:23
1 posts
CVE-2025-14908 - JeecgBoot Multi-Tenant Management SysTenantController.java improper authentication https://cvefeed.io/vuln/detail/CVE-2025-14908
##updated 2025-12-19T03:31:23
1 posts
CVE-2025-14899 - CodeAstro Real Estate Management System Administrator Endpoint stateadd.php sql injection https://cvefeed.io/vuln/detail/CVE-2025-14899
##updated 2025-12-19T03:31:18
1 posts
CVE-2025-67843 - Mintlify Platform SSTI Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-67843
##updated 2025-12-19T00:31:52
1 posts
CVE-2025-64675 - Azure Cosmos DB Spoofing Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-64675
##updated 2025-12-19T00:31:47
1 posts
CVE-2025-68382 - Packetbeat Out-of-bounds Read https://cvefeed.io/vuln/detail/CVE-2025-68382
##updated 2025-12-19T00:31:47
1 posts
CVE-2025-65037 - Azure Container Apps Remote Code Execution Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-65037
##updated 2025-12-19T00:31:47
1 posts
CVE-2025-64663 - Custom Question Answering Elevation of Privilege Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-64663
##updated 2025-12-19T00:31:46
1 posts
CVE-2025-13427 - Authentication Bypass in Dialogflow CX Messenger https://cvefeed.io/vuln/detail/CVE-2025-13427
##updated 2025-12-19T00:31:46
1 posts
Microsoft patched several sev:CRIT cloud vulns, including this ../ in Purview. LMAO.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64676
##updated 2025-12-18T22:16:30
1 posts
CVE-2025-68463 - Biopython Bio.Entrez XXE Injection https://cvefeed.io/vuln/detail/CVE-2025-68463
##updated 2025-12-18T22:03:09
1 posts
CVE-2025-53000 - nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows https://cvefeed.io/vuln/detail/CVE-2025-53000
##updated 2025-12-18T21:32:49
1 posts
Critical arbitrary file upload flaw reported in WordPress Motors theme
A critical vulnerability (CVE-2025-64374) in the Motors WordPress theme versions 5.6.81 and below allows any authenticated user with Subscriber-level access to upload and activate malicious plugins, potentially leading to complete website takeover due to missing permission checks.
**If you're using the Motors WordPress theme (version 5.6.81 or below), this is important and probably urgent. Plan a quick upgrade to version 5.6.82 or later. Review all user accounts with Subscriber-level or higher privileges and check for any unauthorized plugins that may have been installed.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-arbitrary-file-upload-flaw-reported-in-wordpress-motors-theme-5-2-b-q-8/gD2P6Ple2L
updated 2025-12-18T21:31:50
1 posts
updated 2025-12-18T19:07:25.637000
1 posts
CVE-2025-66397 - ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control https://cvefeed.io/vuln/detail/CVE-2025-66397
##updated 2025-12-18T18:30:38
2 posts
CVE-2025-14884 - D-Link DIR-605 Firmware Update Service command injection https://cvefeed.io/vuln/detail/CVE-2025-14884
##Tenda
https://www.cve.org/CVERecord?id=CVE-2025-14879
D-Link
##updated 2025-12-18T18:30:37
1 posts
CVE-2025-14896 - Vega Remote File Inclusion Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-14896
##updated 2025-12-18T18:30:37
1 posts
updated 2025-12-18T18:30:37
1 posts
updated 2025-12-18T18:30:37
1 posts
Auth bypass in Open-WebUI.
https://www.cve.org/CVERecord?id=CVE-2025-63391
##An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 in the /api/config endpoint. The endpoint lacks proper authentication and authorization controls, exposing sensitive system configuration data to unauthenticated remote attackers.
updated 2025-12-18T18:27:40.170000
1 posts
CVE-2025-68275 - ChurchCRM vulnerable to Stored XSS - Group name > Person Listing https://cvefeed.io/vuln/detail/CVE-2025-68275
##updated 2025-12-18T16:47:11.970000
1 posts
CVE-2025-68399 - ChurchCRM has Stored Cross-Site Scripting (XSS) In GroupEditor.php https://cvefeed.io/vuln/detail/CVE-2025-68399
##updated 2025-12-18T15:42:03.790000
5 posts
CISA flags ASUS Live Update CVE, but the attack is years old
An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or...
🔗️ [Bleepingcomputer] https://link.is.it/NcIC9d
##Not all CISA-linked alerts are urgent: ASUS Live Update CVE-2025-59374
An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or...
🔗️ [Bleepingcomputer] https://link.is.it/Yiue33
##CISA reports active exploitation of ASUS Live Update supply chain vulnerability
CISA is reporting active exploitation of CVE-2025-59374, a supply chain backdoor embedded in ASUS Live Update utility during the 2018 Operation ShadowHammer attack by Chinese state-sponsored hackers. The backdoor surgically targeted specific devices using hardcoded MAC addresses. Federal agencies must discontinue use of the now-discontinued utility by January 7, 2026. ASUS urges remaining users to update to version 3.6.8 or higher.
**If you have ASUS Live Update utility installed, immediately update to version 3.6.8 or higher, or better yet, uninstall it completely since it's now discontinued. Given the previous supply chain compromise and end-of-support status, remove the utility and download updates directly from ASUS's official website.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-asus-live-update-supply-chain-vulnerability-d-5-n-4-d/gD2P6Ple2L
New.
CISA Releases Nine Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2025/12/18/cisa-releases-nine-industrial-control-systems-advisories
KEV updates, from yesterday:
CVE-2025-20393: Cisco Multiple Products Improper Input Validation Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-20393
CVE-2025-40602: SonicWall SMA1000 Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-40602
CVE-2025-59374: ASUS Live Update Embedded Malicious Code Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-59374 #CISA #infosec #ASUS #Cisco #SonicWall
##🚨 CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-59374: ASUS Live Update Embedded Malicious Code Vulnerability
CVE-2025-40602: SonicWall SMA1000 Missing Authorization Vulnerability
CVE-2025-20393: Cisco Multiple Products Improper Input Validation Vulnerability
##updated 2025-12-18T15:41:16.840000
11 posts
4 repos
https://github.com/KingHacker353/CVE-2025-20393
https://github.com/StasonJatham/cisco-sa-sma-attack-N9bf4
⚪ Cisco warns of an unpatched zero‑day vulnerability in AsyncOS
🗨️ Cisco has warned its customers about an unpatched zero-day vulnerability in Cisco AsyncOS that is already being actively exploited to attack Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) devices.
##🚨 CVE-2025-20393: Script to detect for Cisco Secure Email Gateway And Cisco Secure Email and Web Manager
CVSS: 10
Currently no patch and zero-day
GitHub: https://github.com/StasonJatham/cisco-sa-sma-attack-N9bf4
##🔥 Cisco AsyncOS Zero-Day (CVE-2025-20393)
• BleepingComputer
https://www.bleepingcomputer.com/news/security/cisco-warns-of-unpatched-asyncos-zero-day-exploited-in-attacks/
• The Hacker News
https://thehackernews.com/2025/12/cisco-warns-of-active-attacks.html
• SecurityWeek
https://www.securityweek.com/china-linked-hackers-exploiting-zero-day-in-cisco-security-gear/
• The Register
https://www.theregister.com/2025/12/17/attacks_pummeling_cisco_0day/
• Dark Reading (CISA KEV addition)
https://www.darkreading.com/attacks-breaches/cisa-adds-cisco-asyncos-zero-day-to-kev-catalog
• SOCRadar analysis
https://socradar.io/blog/cve-2025-20393-cisco-asyncos-zero-day-email/
New.
CISA Releases Nine Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2025/12/18/cisa-releases-nine-industrial-control-systems-advisories
KEV updates, from yesterday:
CVE-2025-20393: Cisco Multiple Products Improper Input Validation Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-20393
CVE-2025-40602: SonicWall SMA1000 Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-40602
CVE-2025-59374: ASUS Live Update Embedded Malicious Code Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-59374 #CISA #infosec #ASUS #Cisco #SonicWall
##Security Week: China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear https://www.securityweek.com/china-linked-hackers-exploiting-zero-day-in-cisco-security-gear/ @SecurityWeek
Cisco:
- Critical: CVE-2025-20393: Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4
- Critical: CVE-2025-55182: Remote Code Execution Vulnerability in React and Next.js Frameworks: December 2025 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-react-flight-TYw32Ddb @TalosSecurity #infosec #Cisco #vulnerability #zeroday
##Cisco Email Security appliances actively exploited
Cisco is warning of an active cyberattack campaign exploiting a critical zero-day vulnerability (CVE-2025-20393) in Cisco Secure Email Gateway and Email and Web Manager appliances, allowing attackers to execute arbitrary commands with root privileges. The flaw affects appliances with the Spam Quarantine feature enabled and exposed to the internet. Atacks date back to late November 2025.
**If you have Cisco Secure Email Gateway or Cisco Email and Web Manager appliances, this is urgent: Immediately check if the Spam Quarantine feature is enabled and exposed to the public ports - if it is, disable it on all public ports until a patch is available for CVE-2025-20393. If your appliance may have been compromised, contact Cisco support and prepare to rebuild the system from scratch. This is currently the only way to fully remove the threat from a compromised system.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisco-says-chinese-hackers-are-exploiting-its-customers-with-a-new-zero-day-techcrunch-g-m-7-i-x/gD2P6Ple2L
[VULN] ⚠️ Zero‑day sur les appliances e‑mail Cisco : compromission, backdoors et logs effacés
👇
https://cyberveille.ch/posts/2025-12-18-zero-day-sur-les-appliances-e-mail-cisco-compromission-backdoors-et-logs-effaces/
🔗 Source originale : https://www.helpnetsecurity.com/2025/12/17/cisco-secure-email-cve-2025-20393/
Advisory officiel:
Analyse de Cisco Talos:
UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager
Résumé FR ➡️ Campagne UAT-9686: un APT à nexus chinois cible Cisco Secure Email via le backdoor AquaShell
##🚨 CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-59374: ASUS Live Update Embedded Malicious Code Vulnerability
CVE-2025-40602: SonicWall SMA1000 Missing Authorization Vulnerability
CVE-2025-20393: Cisco Multiple Products Improper Input Validation Vulnerability
##A suspected Chinese APT is exploiting a new Cisco zero-day
-impacts Cisco Secure Email Gateway And Cisco Secure Email and Web Manager
-CVE-2025-20393
-CVSS score: 10
-APT is UAT-9686
updated 2025-12-18T15:30:52
1 posts
CVE-2025-64466 - Out-of-Bounds Read in lvre!ExecPostedProcRecPost() in NI LabVIEW https://cvefeed.io/vuln/detail/CVE-2025-64466
##updated 2025-12-18T15:30:51
1 posts
CVE-2025-64468 - Use-after-Free in sentry!sentry_span_set_data() in NI LabVIEW https://cvefeed.io/vuln/detail/CVE-2025-64468
##updated 2025-12-18T15:30:51
1 posts
CVE-2025-13110 - HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr' https://cvefeed.io/vuln/detail/CVE-2025-13110
##updated 2025-12-18T15:30:51
1 posts
CVE-2025-14618 - Sweet Energy Efficiency <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Graph Deletion https://cvefeed.io/vuln/detail/CVE-2025-14618
##updated 2025-12-18T15:30:51
1 posts
Five yet-to-be-published CVEs in WODESYS WD-R608U router.
##updated 2025-12-18T15:30:45
1 posts
CVE-2025-64467 - Out-of-Bounds Read in LVResFile::FindRsrcListEntry() in NI LabVIEW https://cvefeed.io/vuln/detail/CVE-2025-64467
##updated 2025-12-18T15:30:43
1 posts
CVE-2025-14277 - Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery https://cvefeed.io/vuln/detail/CVE-2025-14277
##updated 2025-12-18T15:07:42.550000
2 posts
CVE-2025-68459 - Ruijie Networks Co., Ltd. AP180 Command Injection Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-68459
##CVE-2025-68459 - Ruijie Networks Co., Ltd. AP180 Command Injection Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-68459
##updated 2025-12-18T15:07:42.550000
1 posts
CVE-2025-68462 - Freedombox Unauthenticated Database Backup File Disclosure https://cvefeed.io/vuln/detail/CVE-2025-68462
##updated 2025-12-18T15:07:42.550000
1 posts
CVE-2025-12885 - Embed Any Document <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting https://cvefeed.io/vuln/detail/CVE-2025-12885
##updated 2025-12-18T15:07:42.550000
2 posts
CVE-2025-14202 - Cross-Site Request Forgery (CSRF) Leading to Account Takeover via SVG File Upload https://cvefeed.io/vuln/detail/CVE-2025-14202
##CVE-2025-14202 - Cross-Site Request Forgery (CSRF) Leading to Account Takeover via SVG File Upload https://cvefeed.io/vuln/detail/CVE-2025-14202
##updated 2025-12-18T15:07:42.550000
2 posts
CVE-2025-68435 - Zerobyte has Authentication Bypass by Primary Weakness https://cvefeed.io/vuln/detail/CVE-2025-68435
##CVE-2025-68435 - Zerobyte has Authentication Bypass by Primary Weakness https://cvefeed.io/vuln/detail/CVE-2025-68435
##updated 2025-12-18T15:07:18.427000
1 posts
CVE-2025-14437 - Hummingbird <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File https://cvefeed.io/vuln/detail/CVE-2025-14437
##updated 2025-12-18T12:30:33
3 posts
2 repos
SonicWall patches actively exploited flaw vulnerability chain in SMA 1000 appliances
SonicWall SMA 1000 appliances are being actively exploited through a vulnerability chain combining CVE-2025-40602 (a local privilege escalation flaw) with CVE-2025-23006 (a previously patched deserialization vulnerability), enabling unauthenticated remote code execution with root privileges.
**If you have SonicWall SMA 1000 appliances, make sure their SSH and management access is isolated from the public internet and only accessible from trusted networks. Review latest version, and if not up-to date patched, plan a very quick upgrade to platform-hotfix 12.4.3-03245 or 12.5.0-02283 (or higher). Your devices are being hacked, and you can't really hide them from the internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sonicwall-patches-actively-exploited-flaw-vulnerability-chain-in-sma-1000-appliances-x-l-b-q-7/gD2P6Ple2L
New.
CISA Releases Nine Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2025/12/18/cisa-releases-nine-industrial-control-systems-advisories
KEV updates, from yesterday:
CVE-2025-20393: Cisco Multiple Products Improper Input Validation Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-20393
CVE-2025-40602: SonicWall SMA1000 Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-40602
CVE-2025-59374: ASUS Live Update Embedded Malicious Code Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-59374 #CISA #infosec #ASUS #Cisco #SonicWall
##🚨 CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-59374: ASUS Live Update Embedded Malicious Code Vulnerability
CVE-2025-40602: SonicWall SMA1000 Missing Authorization Vulnerability
CVE-2025-20393: Cisco Multiple Products Improper Input Validation Vulnerability
##updated 2025-12-18T06:30:19
1 posts
CVE-2025-47387 - Untrusted Pointer Dereference in Camera https://cvefeed.io/vuln/detail/CVE-2025-47387
##updated 2025-12-18T06:30:19
1 posts
CVE-2025-47382 - Incorrect Authorization in Boot https://cvefeed.io/vuln/detail/CVE-2025-47382
##updated 2025-12-18T03:30:18
1 posts
CVE-2025-14856 - y_project RuoYi getnames code injection https://cvefeed.io/vuln/detail/CVE-2025-14856
##updated 2025-12-18T03:30:18
1 posts
CVE-2025-14841 - OFFIS DCMTK dcmqrscp dcmqrdbi.cc startMoveRequest null pointer dereference https://cvefeed.io/vuln/detail/CVE-2025-14841
##updated 2025-12-18T00:34:16
1 posts
CVE-2025-14837 - ZZCMS Backend Website Settings siteconfig.php stripfxg code injection https://cvefeed.io/vuln/detail/CVE-2025-14837
##updated 2025-12-17T21:30:56
1 posts
CVE-2025-67073 - Tenda HTTPd Buffer Overflow Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-67073
##updated 2025-12-17T13:54:45.390000
3 posts
2 repos
📰 ** Information Briefing: **
✨ FortiCloud SSO Login Bypass: Exploited in the Wild
- Critical vulnerabilities: CVE-2025-59718 and CVE-2025-59719
- Unauthenticated adversaries bypass FortiCloud SSO login
- Exploitation observed in the wild
- Affected products: FortiOS, FortiProxy, FortiSwitchManager, FortiWeb
🔗 https://www.adalta.info/pdf/index.html?title=prstn_exploit_115742000142229693&lang=en
(Available in 🇩🇪 🇺🇸 🇫🇷)
New. This relates to two vulnerabilities disclosed by Fortinet last week: CVE-2025-59718 and CVE-2025-59719.
VulnCheck: FortiCloud SSO Login Bypass Vulnerabilities Exploited in the Wild https://www.vulncheck.com/blog/forticloud-sso-login-bypass @vulncheck #infosec #Fortinet #threatresearch
##We wrote a little bit on FortiCloud SSO login bypass CVE-2025-59718 (and 59719). Both the known PoCs for the former are fake / invalid. There does appear to be real exploitation evidence, but detections based on fake PoCs ain't it (and it seems like that's where a lot of chatter is coming from)
##updated 2025-12-16T22:37:26
1 posts
Command injection flaw reported in Node.js systeminformation package
A command injection vulnerability (CVE-2025-68154) in the systeminformation Node.js library's fsSize() function allows attackers to execute arbitrary PowerShell commands on Windows systems through unsanitized user input in the drive parameter. The vulnerability has been patched in version 5.27.14.
**If you're using the systeminformation Node.js library on Windows, plan an upgrade to version 5.27.14 or newer to patch this command injection flaw. Review all applications using this library, especially web APIs or tools that accept user input for disk queries, to ensure they're running the patched version.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/command-injection-flaw-reported-in-node-js-systeminformation-package-5-5-0-6-6/gD2P6Ple2L
updated 2025-12-16T15:30:56
3 posts
3. Rust joined the Linux kernel mainline last week and immediately checked off a rite of passage: its first CVE.
https://lore.kernel.org/linux-cve-announce/2025121614-CVE-2025-68260-558d@gregkh/T/#u
Linux Kernel Rust Code Sees Its First CVE Vulnerability
https://lore.kernel.org/linux-cve-announce/2025121614-CVE-2025-68260-558d@gregkh/T/#u
##updated 2025-12-09T18:30:52
2 posts
📰 ** Information Briefing: **
✨ FortiCloud SSO Login Bypass: Exploited in the Wild
- Critical vulnerabilities: CVE-2025-59718 and CVE-2025-59719
- Unauthenticated adversaries bypass FortiCloud SSO login
- Exploitation observed in the wild
- Affected products: FortiOS, FortiProxy, FortiSwitchManager, FortiWeb
🔗 https://www.adalta.info/pdf/index.html?title=prstn_exploit_115742000142229693&lang=en
(Available in 🇩🇪 🇺🇸 🇫🇷)
New. This relates to two vulnerabilities disclosed by Fortinet last week: CVE-2025-59718 and CVE-2025-59719.
VulnCheck: FortiCloud SSO Login Bypass Vulnerabilities Exploited in the Wild https://www.vulncheck.com/blog/forticloud-sso-login-bypass @vulncheck #infosec #Fortinet #threatresearch
##updated 2025-12-09T18:30:45
1 posts
Phoenix Contact
CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, CVE-2025-41745, CVE-2025-41746, CVE-2025-41747, CVE-2025-41748, CVE-2025-41749, CVE-2025-41750, CVE-2025-41751, CVE-2025-41752
##updated 2025-12-09T18:30:44
1 posts
Phoenix Contact
CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, CVE-2025-41745, CVE-2025-41746, CVE-2025-41747, CVE-2025-41748, CVE-2025-41749, CVE-2025-41750, CVE-2025-41751, CVE-2025-41752
##updated 2025-12-09T18:30:44
1 posts
Phoenix Contact
CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, CVE-2025-41745, CVE-2025-41746, CVE-2025-41747, CVE-2025-41748, CVE-2025-41749, CVE-2025-41750, CVE-2025-41751, CVE-2025-41752
##updated 2025-12-09T18:30:44
1 posts
Phoenix Contact
CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, CVE-2025-41745, CVE-2025-41746, CVE-2025-41747, CVE-2025-41748, CVE-2025-41749, CVE-2025-41750, CVE-2025-41751, CVE-2025-41752
##updated 2025-12-09T18:30:44
1 posts
Phoenix Contact
CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, CVE-2025-41745, CVE-2025-41746, CVE-2025-41747, CVE-2025-41748, CVE-2025-41749, CVE-2025-41750, CVE-2025-41751, CVE-2025-41752
##updated 2025-12-09T18:30:44
1 posts
Phoenix Contact
CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, CVE-2025-41745, CVE-2025-41746, CVE-2025-41747, CVE-2025-41748, CVE-2025-41749, CVE-2025-41750, CVE-2025-41751, CVE-2025-41752
##updated 2025-12-09T18:30:44
1 posts
Phoenix Contact
CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, CVE-2025-41745, CVE-2025-41746, CVE-2025-41747, CVE-2025-41748, CVE-2025-41749, CVE-2025-41750, CVE-2025-41751, CVE-2025-41752
##updated 2025-12-09T18:30:43
1 posts
Phoenix Contact
CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, CVE-2025-41745, CVE-2025-41746, CVE-2025-41747, CVE-2025-41748, CVE-2025-41749, CVE-2025-41750, CVE-2025-41751, CVE-2025-41752
##updated 2025-12-09T18:30:43
1 posts
Phoenix Contact
CVE-2025-41692, CVE-2025-41693, CVE-2025-41694, CVE-2025-41695, CVE-2025-41696, CVE-2025-41697, CVE-2025-41745, CVE-2025-41746, CVE-2025-41747, CVE-2025-41748, CVE-2025-41749, CVE-2025-41750, CVE-2025-41751, CVE-2025-41752
##updated 2025-12-09T16:53:25
3 posts
100 repos
https://github.com/fatguru/CVE-2025-55182-scanner
https://github.com/EynaExp/CVE-2025-55182-POC
https://github.com/M4xSec/CVE-2025-55182-React2Shell-RCE-Shell
https://github.com/alfazhossain/CVE-2025-55182-Exploiter
https://github.com/pax-k/react2shell-CVE-2025-55182-full-rce-script
https://github.com/BankkRoll/Quickcheck-CVE-2025-55182-React-and-CVE-2025-66478-Next.js
https://github.com/onlylovetx/CVE-2025-55182-CVE-2025-66478-Exploit-GUI
https://github.com/timsonner/React2Shell-CVE-2025-55182
https://github.com/TrixSec/CVE-2025-55182-Scanner
https://github.com/anuththara2007-W/CVE-2025-55182-Exploit-extension
https://github.com/GelukCrab/React-Server-Components-RCE
https://github.com/Syrins/CVE-2025-55182-React2Shell-RCE
https://github.com/ThemeHackers/CVE-2025-55182
https://github.com/XiaomingX/CVE-2025-55182-poc
https://github.com/whiteov3rflow/CVE-2025-55182-poc
https://github.com/7amzahard/React2shell
https://github.com/sumanrox/rschunter
https://github.com/hackersatyamrastogi/react2shell-ultimate
https://github.com/sudo-Yangziran/CVE-2025-55182POC
https://github.com/websecuritylabs/React2Shell-Library
https://github.com/emredavut/CVE-2025-55182
https://github.com/techgaun/cve-2025-55182-scanner
https://github.com/mrknow001/RSC_Detector
https://github.com/RuoJi6/CVE-2025-55182-RCE-shell
https://github.com/tobiasGuta/Next.js-RSC-RCE-Scanner-Burp-Suite-Extension
https://github.com/shyambhanushali/React2Shell
https://github.com/ejpir/CVE-2025-55182-bypass
https://github.com/Pizz33/CVE-2025-55182-burpscanner
https://github.com/songsanggggg/CVE-2025-55182
https://github.com/Saturate/CVE-2025-55182-Scanner
https://github.com/alsaut1/react2shell-lab
https://github.com/AggressiveUser/React2Hell
https://github.com/zack0x01/CVE-2025-55182-advanced-scanner-
https://github.com/m3m0ryc0rrupt/CVE-2025-55182-PoC
https://github.com/kOaDT/poc-cve-2025-55182
https://github.com/fullhunt/react2shell-test-server
https://github.com/subhdotsol/CVE-2025-55182
https://github.com/im-ezboy/CVE-2025-55182-zoomeye
https://github.com/jf0x3a/CVE-2025-55182-exploit
https://github.com/raivenLockdown/RCE_React2Shell_ButCooler-SomeUselessUsefulThingsLMAO-
https://github.com/MrR0b0t19/CVE-2025-55182-shellinteractive
https://github.com/Cr4at0r/Next.js-RCE-Scanner-BurpSuite-Extension-
https://github.com/theori-io/reactguard
https://github.com/AliHzSec/CVE-2025-55182
https://github.com/LemonTeatw1/CVE-2025-55182-exploit
https://github.com/Rsatan/Next.js-Exploit-Tool
https://github.com/MoLeft/React2Shell-Toolbox
https://github.com/pyroxenites/Nextjs_RCE_Exploit_Tool
https://github.com/freeqaz/react2shell
https://github.com/Chocapikk/CVE-2025-55182
https://github.com/Dh4v4l8/CVE-2025-55182-poc-tool
https://github.com/Ashwesker/Blackash-CVE-2025-55182
https://github.com/logesh-GIT001/CVE-2025-55182
https://github.com/xkillbit/cve-2025-55182-scanner
https://github.com/f0xyx/CVE-2025-55182-Scanner
https://github.com/Spritualkb/CVE-2025-55182-exp
https://github.com/xalgord/React2Shell
https://github.com/BeichenDream/CVE-2025-55182-GodzillaMemoryShell
https://github.com/StealthMoud/CVE-2025-55182-Scanner
https://github.com/ynsmroztas/NextRce
https://github.com/zr0n/react2shell
https://github.com/hualy13/CVE-2025-55182
https://github.com/surajhacx/react2shellpoc
https://github.com/nehkark/CVE-2025-55182
https://github.com/assetnote/react2shell-scanner
https://github.com/kavienanj/CVE-2025-55182
https://github.com/yz9yt/React2Shell-CTF
https://github.com/ZihxS/check-react-rce-cve-2025-55182
https://github.com/Call123X/-cve-2025-55182
https://github.com/c0rydoras/CVE-2025-55182
https://github.com/acheong08/CVE-2025-55182-poc
https://github.com/hidden-investigations/react2shell-scanner
https://github.com/l4rm4nd/CVE-2025-55182
https://github.com/SainiONHacks/CVE-2025-55182-Scanner
https://github.com/santihabib/CVE-2025-55182-analysis
https://github.com/C00LN3T/React2Shell
https://github.com/VeilVulp/RscScan-cve-2025-55182
https://github.com/keklick1337/CVE-2025-55182-golang-PoC
https://github.com/xcanwin/CVE-2025-55182-React-RCE
https://github.com/sho-luv/React2Shell
https://github.com/shamo0/react2shell-PoC
https://github.com/msanft/CVE-2025-55182
https://github.com/SoICT-BKSEC/CVE-2025-55182-docker-lab
https://github.com/gensecaihq/react2shell-scanner
https://github.com/yanoshercohen/React2Shell_CVE-2025-55182
https://github.com/ejpir/CVE-2025-55182-research
https://github.com/xiaopeng-ye/react2shell-detector
https://github.com/sickwell/CVE-2025-55182
https://github.com/zzhorc/CVE-2025-55182
https://github.com/CirqueiraDev/MassExploit-CVE-2025-55182
https://github.com/CymulateResearch/React2Shell-Scanner
https://github.com/dwisiswant0/CVE-2025-55182
https://github.com/aliclub0x00/CVE-2025-55182-POC-NEXTJS
https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc
https://github.com/hoosin/CVE-2025-55182
https://github.com/heiheishushu/rsc_detect_CVE-2025-55182
This is legit a Christmas miracle b/c I rly did not want to spend the break tending to #React2Shell
##Security Week: China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear https://www.securityweek.com/china-linked-hackers-exploiting-zero-day-in-cisco-security-gear/ @SecurityWeek
Cisco:
- Critical: CVE-2025-20393: Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4
- Critical: CVE-2025-55182: Remote Code Execution Vulnerability in React and Next.js Frameworks: December 2025 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-react-flight-TYw32Ddb @TalosSecurity #infosec #Cisco #vulnerability #zeroday
##updated 2025-12-07T00:30:55
1 posts
2 repos
Very good question! I hope you’ll forgive me for a long response, it is something I have a lot of thoughts on.
I used to think newer is better, but after plenty of distro-hopping (I had a real good time on Arch), I realized that Debian’s version of "stability" is actually its greatest feature. Here is how I’ve come to see it, using your Fedora experience as a comparison:
Fist, with Debian, stable means unchanging. Fedora is a fast-moving target. It was an early adopter for Wayland and Pipewire. That is exciting, but it can feel like a version of whiplash. Debian is the opposite. Once a version is released, the APIs, file locations, and package behaviors are locked in. Its predictability means my system feels the same on Day 1 as it does on Day 300.
Debian prioritizes reliability over cutting-edge performance. While Fedora pushes the new thing, Debian’s conservative defaults ensure maximum compatibility. It is the "just works" philosophy. It is not just that it doesn't crash, it is that it doesn't surprise you.
I also find APT to be incredibly satisfying compared to DNF. The sheer size of the repositories is massive, but APT Pinning is THE feature for me. Being able to set numeric priorities in /etc/apt/preferences allows me to do things like pull a specific package from Backports while keeping the rest of the system on the Stable branch. It gives you control over dependency resolution that is hard to match.
Regarding your question on security, Debian is unique because it is a 100% community-led project. Unlike Fedora (Red Hat) or Ubuntu (Canonical), there is no corporate entity at the top. This is one of the most important traits to me. If Red Hat wanted to, Fedora could start showing ads in the application menu with the next update. I don’t think that will happen with Fedora, but who knows, Canonical is now showing ads in the cli. Enough is enough.
I also appreciate Debian’s focus on inclusion. It is one of the most inclusive projects in tech. As a member of the queer community, it is important to me to use tools that are created and supported by those who do not hate me for being different. To quote their Diversity Statement: “No matter how you identify yourself or how others perceive you: we welcome you. We welcome contributions from everyone as long as they interact constructively with our community.” They forbid discrimination against any person or group. Because it is a global meritocracy, you have contributors from every corner of the world. This diversity is actually a security feature because with so many different eyes on the code, it is much harder for a backdoor or a bias to slip through unnoticed.
For your "backdoor-proof" concern, Debian’s Social Contract and strict adherence to free software guidelines mean every line of code is scrutinized by volunteers around the world. It is transparent by design. While no distro/OS is unhackable, Debian’s slow and steady release cycle means security patches are thoroughly vetted before they hit your machine, reducing the risk of zero day regressions. Fedora has been vulnerable to zero day attacks in the past and will probably continue to be in the future. For instance, because Fedora is always on the latest versions, Fedora Users are often vulnerable to new attack. Earlier in 2025, the latest kernel which Fedora had pushed to users had a zero day vulnerability. Debian stable users did not have that vulnerability because they would not see that update for quite some time.
Sources:
Ubuntu Showing Ads in Terminal - https://linuxiac.com/ubuntu-once-again-angered-users-by-placing-ads/
Debian Social Contract - https://www.debian.org/social_contract
Debian Diversity Statement - https://www.debian.org/intro/diversity
Zero day vulnerability mentioned -https://www.cve.org/CVERecord?id=CVE-2025-37899
##updated 2025-12-05T18:33:09
1 posts
Malcolm v25.12.1 contains a few critical bug fixes and component version updates.
https://github.com/idaholab/Malcolm/compare/v25.12.0...v25.12.1
zeek.intel.file_mime_type to file.mime_type so filters created from it can work on other dashboards/var partition (#835)Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.
As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.
#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL
##updated 2025-12-04T22:50:04
1 posts
1 repos
#PoC for CVE-2025-65945 (Improper Verification of Cryptographic Signature in node-jws)
##updated 2025-12-02T21:31:37
1 posts
Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent https://xmcyber.com/blog/jumpshot-xm-cyber-uncovers-critical-local-privilege-escalation-cve-2025-34352-in-jumpcloud-agent/
##updated 2025-11-17T18:30:25
1 posts
updated 2025-11-13T18:36:55.173000
1 posts
This critical advisory was posted yesterday. It relates to CVE-2025-7962, CVE-2025-49146, and CVE-2025-5516.
HPESBNW04986 rev.1 - HPE Telco Service Activator, Multiple Vulnerabilities https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04986en_us&docLocale=en_US
More:
The Hacker News: HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution https://thehackernews.com/2025/12/hpe-oneview-flaw-rated-cvss-100-allows.html @thehackernews #infosec #HPE #vulnerability
##updated 2025-11-13T18:31:03
1 posts
1 repos
IDK if I shared this dumb Tenda one already or not:
https://github.com/Remenis/CVE-2025-63666
I know this sort of thing used to be fairly common but it's weird seeing it in a 2025 CVE.
##updated 2025-11-13T16:25:27
1 posts
3 repos
https://github.com/Ashwesker/Blackash-CVE-2025-11953
https://github.com/SaidBenaissa/cve-2025-11953-vulnerability-demo
🚨 Active exploitation confirmed: CVE-2025-11953
VulnCheck is reporting active exploitation attempts in the wild against the React Native Metro server.
The issue? It binds to 0.0.0.0 by default, exposing a "local" dev tool to the internet.
⚠️ Crucial Detail: While the exposure is general, the current RCE exploit specifically targets Windows environments.
We’ve updated Pentest-Tools.com to help you validate this:
Network Scanner: Detects exposed Metro servers.
Sniper Auto-Exploiter: Safely executes a PoC (on Windows) to confirm RCE.
Fix: Update @react-native-community/cli-server-api to v20.0.0+ or bind to 127.0.0.1.
Validate your risk.
#InfoSec #AppSec #RedTeam #VulnerabilityManagement #ReactNative #CVE202511953
##updated 2025-11-13T15:31:32
1 posts
2 repos
https://github.com/watchtowrlabs/watchTowr-vs-WatchGuard-CVE-2025-9242
Urgent: A critical WatchGuard Firebox RCE flaw (CVE-2025-9242) is being actively exploited. CISA has mandated patching. Over 54k devices are still vulnerable. Patch immediately and rotate all credentials. https://redteamnews.com/red-team/cve/critical-watchguard-firebox-rce-flaw-exploited-cisa-issues-directive/
##updated 2025-11-12T15:32:32
1 posts
Yooo @yeslikethefood wrote a neat bunch of words about developing an exploit for Gladinet Triofox CVE-2025-12480 that closely followed the real-world attack pattern Mandiant wrote about last month and attributed to UNC6485.
20+ requests, an AV config trigger, and an embedded PostgreSQL server later:
https://www.vulncheck.com/blog/triofox-exploit-cve-2025-12480
##updated 2025-11-12T14:33:19.727000
1 posts
21 repos
https://github.com/jiansiting/CVE-2025-59287
https://github.com/AdityaBhatt3010/CVE-2025-59287-When-your-patch-server-becomes-the-attack-vector
https://github.com/garvitv14/CVE-2025-59287
https://github.com/fsanzmoya/wsus_CVE-2025-59287
https://github.com/Twodimensionalitylevelcrossing817/CVE-2025-59287
https://github.com/N3k0t-dev/PoC-CVE-collection
https://github.com/esteban11121/WSUS-RCE-Mitigation-59287
https://github.com/Lupovis/Honeypot-for-CVE-2025-59287-WSUS
https://github.com/mrk336/Breaking-the-Update-Chain-Inside-CVE-2025-59287-and-the-WSUS-RCE-Threat
https://github.com/Adel-kaka-dz/cve-2025-59287
https://github.com/tecxx/CVE-2025-59287-WSUS
https://github.com/FurkanKAYAPINAR/CVE-2025-59287
https://github.com/QurtiDev/WSUS-CVE-2025-59287-RCE
https://github.com/mubix/Find-WSUS
https://github.com/M507/CVE-2025-59287-PoC
https://github.com/0xBruno/WSUSploit.NET
https://github.com/0x7556/CVE-2025-59287
https://github.com/RadzaRr/WSUSResponder
Critical WSUS flaw reported in Schneider Electric Foxboro DCS systems
Schneider Electric issued a critical security advisory for a vulnerability (CVE-2025-59287) in its EcoStruxure Foxboro DCS Advisor services caused by a flaw in Microsoft WSUS that allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges via ports 8530/8531. Active exploitation is observed in the wild.
**This one is important and kind of urgent, there is active exploitation. If you have Schneider Electric EcoStruxure Foxboro DCS Advisor systems, make sure to block WSUS ports 8530/8531 from the internet, or even better, make sure they are isolated from the internet and only accessible from trusted networks. Then apply Microsoft patches KB5070882 and KB5070884 and verify patch with Schneider Electric Global Customer Support.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-wsus-flaw-reported-in-schneider-electric-foxboro-dcs-systems-8-0-8-z-c/gD2P6Ple2L
updated 2025-11-03T18:32:51
1 posts
New. This addresses high-risk CVE-2025-53057 and CVE-2025-53066.
Security Update for Dell APEX Cloud Platform for Microsoft Azure and Dell APEX Cloud Platform Foundation Software Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000405196/dsa-2025-449-security-update-for-dell-apex-cloud-platform-for-microsoft-azure-and-dell-apex-cloud-platform-foundation-software-multiple-third-party-component-vulnerabilities #Dell #Microsoft #infosec #Azure #vulnerability
##updated 2025-11-03T18:16:57.227000
1 posts
New. This addresses high-risk CVE-2025-53057 and CVE-2025-53066.
Security Update for Dell APEX Cloud Platform for Microsoft Azure and Dell APEX Cloud Platform Foundation Software Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000405196/dsa-2025-449-security-update-for-dell-apex-cloud-platform-for-microsoft-azure-and-dell-apex-cloud-platform-foundation-software-multiple-third-party-component-vulnerabilities #Dell #Microsoft #infosec #Azure #vulnerability
##updated 2025-10-27T17:12:23.890000
1 posts
3 repos
https://github.com/ossf-cve-benchmark/CVE-2019-10758
RE: https://infosec.exchange/@BleepingComputer/115774980868695049
So slopmachines are writing articles BleepingComputer now?
1) CVE-2025-14847 is not an RCE, it’s memory disclosure at best
2) CVE-2019-10758 is not mongodb vuln, it’s fucking 3rd party “MongoDB Admin GUI” application
Like everything in this article is a lie and no amount of substances would explain this. Only plausible explanation is llm?
Fuck, what sources you can somewhat trust now, without non-stop fact checking?
##updated 2025-10-22T00:34:21
1 posts
19 repos
https://github.com/harshitvarma05/CVE-2025-31324-Exploits
https://github.com/moften/CVE-2025-31324
https://github.com/nairuzabulhul/nuclei-template-cve-2025-31324-check
https://github.com/NULLTRACE0X/CVE-2025-31324
https://github.com/Onapsis/Onapsis-Mandiant-CVE-2025-31324-Vuln-Compromise-Assessment
https://github.com/respondiq/jsp-webshell-scanner
https://github.com/sug4r-wr41th/CVE-2025-31324
https://github.com/ODST-Forge/CVE-2025-31324_PoC
https://github.com/Onapsis/Onapsis_CVE-2025-31324_Scanner_Tools
https://github.com/antichainalysis/sap-netweaver-0day-CVE-2025-31324
https://github.com/BlueOWL-overlord/Burp_CVE-2025-31324
https://github.com/rxerium/CVE-2025-31324
https://github.com/JonathanStross/CVE-2025-31324
https://github.com/nullcult/CVE-2025-31324-File-Upload
https://github.com/redrays-io/CVE-2025-31324
https://github.com/rf-peixoto/sap_netweaver_cve-2025-31324-
https://github.com/moften/CVE-2025-31324-NUCLEI
⚪ Vulnerability in SAP NetWeaver Exploited to Deploy Auto-Color Linux Malware
🗨️ Experts at Darktrace warned that hackers exploited a critical vulnerability in SAP NetWeaver (CVE-2025-31324) to deploy Linux malware Auto-Color into the network of an unnamed American chemical company.
##updated 2025-10-22T00:34:17
1 posts
SonicWall patches actively exploited flaw vulnerability chain in SMA 1000 appliances
SonicWall SMA 1000 appliances are being actively exploited through a vulnerability chain combining CVE-2025-40602 (a local privilege escalation flaw) with CVE-2025-23006 (a previously patched deserialization vulnerability), enabling unauthenticated remote code execution with root privileges.
**If you have SonicWall SMA 1000 appliances, make sure their SSH and management access is isolated from the public internet and only accessible from trusted networks. Review latest version, and if not up-to date patched, plan a very quick upgrade to platform-hotfix 12.4.3-03245 or 12.5.0-02283 (or higher). Your devices are being hacked, and you can't really hide them from the internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sonicwall-patches-actively-exploited-flaw-vulnerability-chain-in-sma-1000-appliances-x-l-b-q-7/gD2P6Ple2L
updated 2025-10-22T00:34:16
1 posts
1 repos
CVE-2024-53704 in SonicWall SSLVPN has been added to the KEV Catalog.
##updated 2025-08-12T18:31:39
1 posts
1 repos
New.
ESET: Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component https://www.welivesecurity.com/en/eset-research/revisiting-cve-2025-50165-critical-flaw-windows-imaging-component/ @ESETresearch #threatresearch #infosec #Windows #Microsoft
##updated 2025-08-11T21:31:39
1 posts
1 repos
New.
Picus: Omnissa Workspace One CVE-2025-25231 Path Traversal Exploit https://www.picussecurity.com/resource/blog/omnissa-workspace-one-cve-2025-25231-path-traversal-exploit #infosec #threatresearch
##updated 2025-07-16T14:15:23.037000
1 posts
updated 2025-07-11T06:30:36
1 posts
Critical vulnerabilities reported in Axis Communications Camera management systems
Axis Communications patched four security vulnerabilities (CVE-2025-30023 through CVE-2025-30026) in its camera management software, including a critical remote code execution flaw and authentication bypass issues affecting surveillance systems in government facilities and critical infrastructure.
**If you have Axis Communications camera management systems (AXIS Camera Station Pro, AXIS Camera Station, or AXIS Device Manager), make sure they are isolated from the internet and only accessible from trusted internal networks. Then plan an update to the latest patched versions (Camera Station Pro 6.9+, Camera Station 5.58+, Device Manager 5.32+).**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-reported-in-axis-communications-camera-management-systems-a-w-f-7-b/gD2P6Ple2L
updated 2025-07-11T06:30:36
1 posts
Critical vulnerabilities reported in Axis Communications Camera management systems
Axis Communications patched four security vulnerabilities (CVE-2025-30023 through CVE-2025-30026) in its camera management software, including a critical remote code execution flaw and authentication bypass issues affecting surveillance systems in government facilities and critical infrastructure.
**If you have Axis Communications camera management systems (AXIS Camera Station Pro, AXIS Camera Station, or AXIS Device Manager), make sure they are isolated from the internet and only accessible from trusted internal networks. Then plan an update to the latest patched versions (Camera Station Pro 6.9+, Camera Station 5.58+, Device Manager 5.32+).**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-reported-in-axis-communications-camera-management-systems-a-w-f-7-b/gD2P6Ple2L
updated 2025-07-09T18:08:46
1 posts
2 repos
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514 https://amlalabs.com/blog/oauth-cve-2025-6514/
##updated 2025-06-11T16:17:03
1 posts
This critical advisory was posted yesterday. It relates to CVE-2025-7962, CVE-2025-49146, and CVE-2025-5516.
HPESBNW04986 rev.1 - HPE Telco Service Activator, Multiple Vulnerabilities https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04986en_us&docLocale=en_US
More:
The Hacker News: HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution https://thehackernews.com/2025/12/hpe-oneview-flaw-rated-cvss-100-allows.html @thehackernews #infosec #HPE #vulnerability
##updated 2025-06-03T18:30:53
1 posts
This critical advisory was posted yesterday. It relates to CVE-2025-7962, CVE-2025-49146, and CVE-2025-5516.
HPESBNW04986 rev.1 - HPE Telco Service Activator, Multiple Vulnerabilities https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04986en_us&docLocale=en_US
More:
The Hacker News: HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution https://thehackernews.com/2025/12/hpe-oneview-flaw-rated-cvss-100-allows.html @thehackernews #infosec #HPE #vulnerability
##updated 2025-06-03T15:31:27
1 posts
updated 2025-05-19T14:20:49.300000
1 posts
Microsoft Brokering File System Elevation of Privilege Vulnerability (CVE--2025-29970) https://www.pixiepointsecurity.com/blog/nday-cve-2025-29970/
##updated 2025-05-13T20:57:18.117000
2 posts
3 repos
https://github.com/KingHacker353/CVE-2025-20393
⚪ Cisco warns of an unpatched zero‑day vulnerability in AsyncOS
🗨️ Cisco has warned its customers about an unpatched zero-day vulnerability in Cisco AsyncOS that is already being actively exploited to attack Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) devices.
##🔥 Cisco AsyncOS Zero-Day (CVE-2025-20393)
• BleepingComputer
https://www.bleepingcomputer.com/news/security/cisco-warns-of-unpatched-asyncos-zero-day-exploited-in-attacks/
• The Hacker News
https://thehackernews.com/2025/12/cisco-warns-of-active-attacks.html
• SecurityWeek
https://www.securityweek.com/china-linked-hackers-exploiting-zero-day-in-cisco-security-gear/
• The Register
https://www.theregister.com/2025/12/17/attacks_pummeling_cisco_0day/
• Dark Reading (CISA KEV addition)
https://www.darkreading.com/attacks-breaches/cisa-adds-cisco-asyncos-zero-day-to-kev-catalog
• SOCRadar analysis
https://socradar.io/blog/cve-2025-20393-cisco-asyncos-zero-day-email/
updated 2025-04-10T09:30:32
1 posts
Flaw in NVIDIA Isaac Lab enables remote code execution
NVIDIA patched a critical deserialization vulnerability (CVE-2025-32210) in Isaac Lab that allows authenticated low-privilege users to execute arbitrary code, affecting all versions prior to v2.3.0.
**Make sure all devices running NVIDIA Isaac Lab are isolated from the internet and accessible from trusted networks only. Then plan a quick upgrade to Isaac Lab v2.3.0.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/flaw-in-nvidia-isaac-lab-enables-remote-code-execution-u-o-u-f-q/gD2P6Ple2L
updated 2024-08-20T21:31:36
1 posts
somehow nfs feels faster too. Kinda sad about CVE-2024-44067 on this board but i don't really care because i just want more architectures
##⚪ Critical RCE Bug Patched in HPE OneView
🗨️ Hewlett Packard Enterprise (HPE) developers have released patches for a critical remote code execution vulnerability discovered in the OneView IT infrastructure management software. The issue is tracked as CVE-2025-37164 (a maximum score of 10.0 on the CVSS scale) and can be exploited without authen…
##⚪ Critical RCE Bug Patched in HPE OneView
🗨️ Hewlett Packard Enterprise (HPE) developers have released patches for a critical remote code execution vulnerability discovered in the OneView IT infrastructure management software. The issue is tracked as CVE-2025-37164 (a maximum score of 10.0 on the CVSS scale) and can be exploited without authen…
##@gayint cve-2026-00001 - you use windows
##Hey @pft here's another one for your rule:
https://github.com/0xrakan/coolify-cve-2025-66209-66213
Per the write-up, it's five perfect 10s in Coolify. 🥳
##[Security Advisory] CVE-2025-14269: Credential caching in Headlamp with Helm enabled #devopsish https://groups.google.com/a/kubernetes.io/g/dev/c/5XH9BGiefH0/m/bGd9hkofCgAJ?utm_medium=email&utm_source=footer
##1 posts
100 repos
https://github.com/vercel-labs/fix-react2shell-next
https://github.com/aseemyash/krle
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-yarn-berry
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm
https://github.com/Jibaru/CVE-2025-66478-github-patcher
https://github.com/alessiodos/react2shell-scanner
https://github.com/gagaltotal/tot-react-rce-CVE-2025-55182
https://github.com/pax-k/react2shell-CVE-2025-55182-full-rce-script
https://github.com/changgun-lee/Next.js-RSC-RCE-Scanner-CVE-2025-66478
https://github.com/BankkRoll/Quickcheck-CVE-2025-55182-React-and-CVE-2025-66478-Next.js
https://github.com/onlylovetx/CVE-2025-55182-CVE-2025-66478-Exploit-GUI
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-optional-deps
https://github.com/mattcbarrett/check-cve-2025-66478
https://github.com/anuththara2007-W/CVE-2025-55182-Exploit-extension
https://github.com/chrahman/react2shell-CVE-2025-55182-full-rce-script
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-monorepo-nextjs-npm-nested-versions
https://github.com/dr4xp/react2shell
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-yarn-pnp
https://github.com/zhixiangyao/CVE-2025-66478-Exploit-PoC
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-range
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-v-prefix
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-overrides
https://github.com/strainxx/react2shell-honeypot
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-monorepo-nextjs-pnpm
https://github.com/sumanrox/rschunter
https://github.com/hackersatyamrastogi/react2shell-ultimate
https://github.com/abtonc/next-cve-2025-66478
https://github.com/Rhyru9/CVE-2025-66478
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-monorepo-nextjs-turborepo
https://github.com/cypholab/evilact
https://github.com/DavionGowie/-vercel-application-is-vulnerable-to-CVE-2025-66478.
https://github.com/emredavut/CVE-2025-55182
https://github.com/tobiasGuta/Next.js-RSC-RCE-Scanner-Burp-Suite-Extension
https://github.com/shyambhanushali/React2Shell
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-packagemanager-field
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-peer-conflict
https://github.com/songsanggggg/CVE-2025-55182
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-canary-14x
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-pnpm-catalog
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-bun
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-git-dep
https://github.com/ExpTechTW/CVE-2025-66478
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-yarn-zero-installs
https://github.com/wangxso/CVE-2025-66478-POC
https://github.com/aiexz/CVE-2025-66478-kinda-waf
https://github.com/namest504/CVE-2025-66478-Exploit-Poc
https://github.com/pyroxenites/Nextjs_RCE_Exploit_Tool
https://github.com/freeqaz/react2shell
https://github.com/abhirajranjan/cve-2025-66478
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-canary-15x
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-pnpm-overrides
https://github.com/lincemorado97/CVE-2025-55182_CVE-2025-66478
https://github.com/mounta11n/CHECK-CVE-2025-55182-AND-CVE-2025-66478
https://github.com/abdozkaya/rsc-security-auditor
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-build-metadata
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-patch-package
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-tilde
https://github.com/nehkark/CVE-2025-55182
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-lockfile-mismatch
https://github.com/assetnote/react2shell-scanner
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-devdeps
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-rsc-webpack
https://github.com/Letalandroid/cve-2025-66478_rce_vulnerable
https://github.com/ZihxS/check-react-rce-cve-2025-55182
https://github.com/enesbuyuk/react2shell-security-tool
https://github.com/hidden-investigations/react2shell-scanner
https://github.com/Geekujin/React2-PowerShell-CVE-Checker
https://github.com/ancs21/react2shell-scanner-rust
https://github.com/l4rm4nd/CVE-2025-55182
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-no-lockfile
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-monorepo-nextjs-npm-hoisting
https://github.com/C00LN3T/React2Shell
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-canary-16x
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-monorepo-nextjs-pnpm-symlinks
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-realworld-supabase-pnpm-monorepo
https://github.com/FurkanKAYAPINAR/ReactNext2Shell
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-alias
https://github.com/Code42Cate/nexts-cve-2025-66478-exploit
https://github.com/shamo0/react2shell-PoC
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-yarn
https://github.com/Mustafa1p/Next.js-RCE-Scanner---CVE-2025-55182-CVE-2025-66478
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-monorepo-nextjs-yarn-workspaces
https://github.com/xiaopeng-ye/react2shell-detector
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-yarn-resolutions
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-realworld-dub-pnpm-monorepo
https://github.com/jctommasi/react2shellVulnApp
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-monorepo-nextjs-npm-workspaces
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-realworld-calcom-yarn-monorepo
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-shrinkwrap
https://github.com/CymulateResearch/React2Shell-Scanner
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-transitive
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-tag-latest
https://github.com/react2shell-repo-menagerie/CVE-2025-66478-single-nextjs-npm-caret
https://github.com/Saad-Ayady/react2shellNSE
https://github.com/grp-ops/react2shell
https://github.com/Malayke/Next.js-RSC-RCE-Scanner-CVE-2025-66478
https://github.com/arashiyans/CVE-2025-55182-CVE-2025-66478
🚨 CVE-2025-66029 (HIGH): OSC ondemand ≤4.0.8 exposes sensitive creds via Apache proxy headers—attackers can harvest tokens if users hit malicious servers. Patch in v4.1; config workarounds available now. Details: https://radar.offseq.com/threat/cve-2025-66029-cwe-522-insufficiently-protected-cr-b9fc3983 #OffSeq #HPC #Vuln #Security
##CVE-2025-68434 - opensourcepos has Cross-Site Request Forgery vulnerability that leads to Unauthorized Administrator Creation https://cvefeed.io/vuln/detail/CVE-2025-68434
##CVE-2025-68147 - opensourcepos has a Cross-site Scripting vulnerability https://cvefeed.io/vuln/detail/CVE-2025-68147
##CVE-2025-68401 - ChurchCRM has Stored Cross-Site Scripting (XSS) vulnerability that leads to session theft and account takeover https://cvefeed.io/vuln/detail/CVE-2025-68401
##CVE-2025-68400 - ChurchCRM vulnerable to time-based blind SQL Injection in ConfirmReportEmail.php https://cvefeed.io/vuln/detail/CVE-2025-68400
##