##
Updated at UTC 2025-04-02T13:32:37.889777
CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
---|---|---|---|---|---|---|---|
CVE-2023-40714 | 10.0 | 0.00% | 2 | 0 | 2025-04-02T09:30:43 | A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6. | |
CVE-2025-0676 | 0 | 0.00% | 2 | 0 | 2025-04-02T07:15:41.903000 | This vulnerability involves command injection in tcpdump within Moxa products, e | |
CVE-2025-0415 | 0 | 0.00% | 2 | 0 | 2025-04-02T07:15:41.720000 | A remote attacker with web administrator privileges can exploit the device’s web | |
CVE-2024-45699 | 0 | 0.00% | 2 | 0 | 2025-04-02T07:15:41.427000 | The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scrip | |
CVE-2024-36465 | 0 | 0.00% | 2 | 0 | 2025-04-02T06:15:34.130000 | A low privilege (regular) Zabbix user with API access can use SQL injection vuln | |
CVE-2025-24813 | 9.8 | 89.64% | 11 | 20 | template | 2025-04-02T01:00:02.367000 | Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution an |
CVE-2023-46988 | None | 0.00% | 2 | 0 | 2025-04-02T00:31:46 | Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and befo | |
CVE-2025-31137 | 7.5 | 0.00% | 2 | 0 | 2025-04-01T22:23:35 | ### Impact We received a report about a vulnerability in Remix/React Router tha | |
CVE-2025-3029 | 7.3 | 0.00% | 1 | 0 | 2025-04-01T21:32:20 | A crafted URL containing specific Unicode characters could have hidden the true | |
CVE-2025-3031 | 6.5 | 0.00% | 1 | 0 | 2025-04-01T21:32:20 | An attacker could read 32 bits of values spilled onto the stack in a JIT compile | |
CVE-2025-3032 | 7.4 | 0.00% | 1 | 0 | 2025-04-01T21:32:20 | Leaking of file descriptors from the fork server to web content processes could | |
CVE-2025-3033 | 7.7 | 0.00% | 1 | 0 | 2025-04-01T21:32:20 | After selecting a malicious Windows `.url` shortcut from the local filesystem, a | |
CVE-2025-3028 | 6.5 | 0.00% | 1 | 0 | 2025-04-01T21:32:20 | JavaScript code running while transforming a document with the XSLTProcessor cou | |
CVE-2025-2825 | 9.8 | 17.54% | 9 | 1 | template | 2025-04-01T21:31:50 | CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected b |
CVE-2025-31122 | 0 | 0.04% | 1 | 0 | 2025-04-01T20:26:22.890000 | scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and ear | |
CVE-2025-1449 | 0 | 0.04% | 1 | 0 | 2025-04-01T20:26:22.890000 | A vulnerability exists in the Rockwell Automation Verve Asset Manager due to ins | |
CVE-2025-29487 | 7.5 | 0.04% | 1 | 0 | 2025-04-01T18:39:55.893000 | An out-of-memory error in the parseABC_STRING_INFO function of libming v0.4.8 al | |
CVE-2025-22231 | 7.8 | 0.00% | 2 | 0 | 2025-04-01T18:30:49 | VMware Aria Operations contains a local privilege escalation vulnerability. A ma | |
CVE-2025-3030 | 8.1 | 0.00% | 1 | 0 | 2025-04-01T18:30:49 | Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, a | |
CVE-2024-56325 | None | 0.03% | 2 | 0 | 2025-04-01T18:20:49 | Authentication Bypass Issue If the path does not contain / and contain., authen | |
CVE-2025-30065 | None | 0.09% | 2 | 0 | 2025-04-01T18:04:17 | Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous | |
CVE-2024-55963 | 6.5 | 0.02% | 2 | 0 | 2025-04-01T16:34:41.947000 | An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't | |
CVE-2024-55964 | 9.8 | 0.36% | 1 | 0 | 2025-04-01T16:34:34.710000 | An issue was discovered in Appsmith before 1.52. An incorrectly configured Postg | |
CVE-2025-29484 | 7.5 | 0.04% | 1 | 0 | 2025-04-01T16:07:37.140000 | An out-of-memory error in the parseABC_NS_SET_INFO function of libming v0.4.8 al | |
CVE-2025-29485 | 6.5 | 0.03% | 1 | 0 | 2025-04-01T16:07:18.737000 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileR | |
CVE-2025-29492 | 6.5 | 0.03% | 1 | 0 | 2025-04-01T15:46:44.217000 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileS | |
CVE-2025-29494 | 6.5 | 0.03% | 1 | 0 | 2025-04-01T15:46:09.550000 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileG | |
CVE-2025-1660 | 7.8 | 0.00% | 1 | 0 | 2025-04-01T15:31:39 | A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can fo | |
CVE-2025-1659 | 7.8 | 0.00% | 1 | 0 | 2025-04-01T15:31:39 | A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can fo | |
CVE-2025-3035 | None | 0.00% | 1 | 0 | 2025-04-01T15:31:39 | By first using the AI chatbot in one tab and later activating it in another tab, | |
CVE-2025-3034 | None | 0.00% | 1 | 1 | 2025-04-01T15:31:39 | Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bug | |
CVE-2025-1658 | 7.8 | 0.00% | 1 | 0 | 2025-04-01T15:31:36 | A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can fo | |
CVE-2025-24259 | 9.8 | 0.04% | 1 | 0 | 2025-04-01T06:31:46 | This issue was addressed with additional entitlement checks. This issue is fixed | |
CVE-2025-0416 | None | 0.02% | 2 | 0 | 2025-04-01T06:30:51 | Local privilege escalation through insecure DCOM configuration in Valmet DNA ver | |
CVE-2025-0418 | None | 0.01% | 2 | 0 | 2025-04-01T06:30:51 | Valmet DNA user passwords in plain text. This practice poses a security risk as | |
CVE-2025-0417 | None | 0.01% | 2 | 0 | 2025-04-01T06:30:50 | Lack of protection against brute force attacks in Valmet DNA visualization in DN | |
CVE-2025-21384 | 8.3 | 0.08% | 4 | 0 | 2025-04-01T03:31:38 | An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vuln | |
CVE-2025-30456 | None | 0.02% | 2 | 0 | 2025-04-01T00:30:49 | A parsing issue in the handling of directory paths was addressed with improved p | |
CVE-2025-31693 | None | 0.33% | 1 | 0 | 2025-04-01T00:30:42 | Improper Neutralization of Special Elements used in an OS Command ('OS Command I | |
CVE-2025-26683 | 8.1 | 0.08% | 3 | 0 | 2025-04-01T00:30:36 | Improper authorization in Azure Playwright allows an unauthorized attacker to el | |
CVE-2025-3048 | 6.5 | 0.04% | 3 | 0 | 2025-03-31T22:36:53 | ### Summary The [AWS Serverless Application Model Command Line Interface (AWS S | |
CVE-2025-3047 | 6.5 | 0.04% | 3 | 0 | 2025-03-31T22:36:51 | ### Summary The [AWS Serverless Application Model Command Line Interface (AWS S | |
CVE-2023-33302 | 4.7 | 0.06% | 1 | 0 | 2025-03-31T15:30:55 | A buffer copy without checking size of input ('classic buffer overflow') in Fort | |
CVE-2025-29266 | 9.7 | 0.09% | 1 | 0 | 2025-03-31T15:30:54 | Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and we | |
CVE-2025-31160 | 2.9 | 0.02% | 5 | 0 | 2025-03-31T15:30:39 | atop through 2.11.0 allows local users to cause a denial of service (e.g., asser | |
CVE-2025-2071 | None | 0.74% | 1 | 0 | 2025-03-31T09:30:39 | A critical OS Command Injection vulnerability has been identified in the FAST LT | |
CVE-2025-1268 | 9.4 | 0.04% | 1 | 0 | 2025-03-31T03:30:32 | Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printe | |
CVE-2025-2781 | None | 0.01% | 1 | 0 | 2025-03-29T00:31:40 | The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure | |
CVE-2025-29491 | 6.5 | 0.03% | 1 | 0 | 2025-03-28T18:33:11 | An allocation-size-too-big error in the parseSWF_DEFINEBINARYDATA function of li | |
CVE-2025-29493 | 6.5 | 0.03% | 1 | 0 | 2025-03-28T18:33:11 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileG | |
CVE-2025-29496 | 6.5 | 0.03% | 1 | 0 | 2025-03-28T18:33:11 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileD | |
CVE-2025-2857 | 10.0 | 0.05% | 5 | 1 | 2025-03-28T18:33:10 | Following the sandbox escape in CVE-2025-2783, various Firefox developers identi | |
CVE-2025-29497 | 6.5 | 0.03% | 1 | 0 | 2025-03-28T15:33:03 | libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFIL | |
CVE-2025-29927 | 9.1 | 84.70% | 10 | 62 | template | 2025-03-28T15:32:59 | # Impact It is possible to bypass authorization checks within a Next.js applicat |
CVE-2025-29488 | 6.5 | 0.03% | 1 | 0 | 2025-03-28T15:32:59 | libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTI | |
CVE-2025-29489 | 6.5 | 0.03% | 1 | 0 | 2025-03-28T15:32:59 | libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLIN | |
CVE-2025-29490 | 6.5 | 0.03% | 1 | 0 | 2025-03-28T15:31:54 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileC | |
CVE-2025-29486 | 6.5 | 0.03% | 1 | 0 | 2025-03-28T15:31:54 | libming v0.4.8 was discovered to contain a memory leak via the parseSWF_PLACEOBJ | |
CVE-2019-16149 | 5.5 | 0.46% | 1 | 0 | 2025-03-28T12:31:35 | An Improper Neutralization of Input During Web Page Generation in FortiClientEMS | |
CVE-2025-2894 | 6.6 | 0.04% | 1 | 0 | 2025-03-28T03:30:31 | The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Com | |
CVE-2025-24383 | 9.1 | 14.94% | 1 | 0 | 2025-03-28T03:30:30 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of S | |
CVE-2025-1860 | None | 0.02% | 1 | 0 | 2025-03-28T03:30:30 | Data::Entropy for Perl 0.007 and earlier use the rand() function as the default | |
CVE-2025-30232 | 8.2 | 0.02% | 1 | 0 | 2025-03-28T03:30:24 | A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-lin | |
CVE-2024-0149 | 3.3 | 0.02% | 1 | 0 | 2025-03-27T21:32:22 | NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow a | |
CVE-2025-29483 | 6.5 | 0.03% | 1 | 0 | 2025-03-27T21:32:22 | libming v0.4.8 was discovered to contain a memory leak via the parseSWF_ENABLEDE | |
CVE-2025-30067 | None | 0.06% | 1 | 0 | 2025-03-27T18:18:41 | Improper Control of Generation of Code ('Code Injection') vulnerability in Apach | |
CVE-2025-1974 | 9.8 | 81.53% | 14 | 16 | template | 2025-03-27T16:45:46.410000 | A security issue was discovered in Kubernetes where under certain conditions, an |
CVE-2025-24514 | 8.8 | 0.22% | 7 | 3 | 2025-03-27T16:45:46.410000 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ | |
CVE-2025-1097 | 8.8 | 0.16% | 7 | 3 | 2025-03-27T16:45:46.410000 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ | |
CVE-2025-24513 | 4.8 | 0.06% | 5 | 0 | 2025-03-27T16:45:46.410000 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ | |
CVE-2025-1098 | 8.8 | 0.22% | 7 | 3 | 2025-03-27T16:45:46.410000 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ | |
CVE-2024-42533 | 9.8 | 0.33% | 1 | 0 | 2025-03-27T16:45:46.410000 | SQL injection vulnerability in the authentication module in Convivance StandVoic | |
CVE-2024-55965 | 6.5 | 0.03% | 1 | 0 | 2025-03-27T15:32:12 | An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" i | |
CVE-2025-31180 | 6.2 | 0.01% | 1 | 0 | 2025-03-27T15:31:23 | A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentati | |
CVE-2025-31179 | 6.2 | 0.01% | 1 | 0 | 2025-03-27T15:31:23 | A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation | |
CVE-2025-31181 | 6.2 | 0.01% | 1 | 0 | 2025-03-27T15:31:23 | A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentat | |
CVE-2025-31178 | 6.2 | 0.01% | 1 | 0 | 2025-03-27T15:31:22 | A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segm | |
CVE-2025-31176 | 6.2 | 0.01% | 1 | 0 | 2025-03-27T15:31:22 | A flaw was found in gnuplot. The plot3d_points() function may lead to a segmenta | |
CVE-2017-12637 | 7.5 | 92.43% | 1 | 0 | template | 2025-03-27T03:34:37 | Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJava |
CVE-2025-2783 | 8.4 | 13.08% | 17 | 1 | 2025-03-26T18:30:57 | Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome | |
CVE-2025-2820 | 6.5 | 0.04% | 1 | 0 | 2025-03-26T15:32:52 | An authenticated attacker can compromise the availability of the device via the | |
CVE-2025-1542 | None | 0.04% | 1 | 0 | 2025-03-26T12:30:40 | Improper permission control vulnerability in the OXARI ServiceDesk application c | |
CVE-2024-47516 | 9.8 | 0.33% | 1 | 0 | 2025-03-26T00:31:24 | A vulnerability was found in Pagure. An argument injection in Git during retriev | |
CVE-2025-27636 | None | 16.44% | 1 | 1 | 2025-03-25T18:38:11 | Bypass/Injection vulnerability in Apache Camel components under particular condi | |
CVE-2025-22230 | 7.8 | 0.03% | 6 | 0 | 2025-03-25T15:31:35 | VMware Tools for Windows contains an authentication bypass vulnerability due to | |
CVE-2024-12169 | 6.5 | 0.04% | 1 | 0 | 2025-03-25T15:31:35 | A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionalit | |
CVE-2024-11499 | 4.9 | 0.03% | 1 | 0 | 2025-03-25T15:31:35 | A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionalit | |
CVE-2025-1445 | 7.5 | 0.04% | 1 | 0 | 2025-03-25T15:31:35 | A vulnerability exists in RTU IEC 61850 client and server functionality that cou | |
CVE-2024-10037 | 4.4 | 0.06% | 1 | 0 | 2025-03-25T15:31:35 | A vulnerability exists in the RTU500 web server component that can cause a denia | |
CVE-2024-45484 | None | 0.02% | 1 | 0 | 2025-03-25T06:30:32 | An Allocation of Resources Without Limits or Throttling vulnerability in the ope | |
CVE-2024-10207 | None | 0.04% | 1 | 0 | 2025-03-25T06:30:32 | A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R | |
CVE-2024-8314 | None | 0.05% | 1 | 0 | 2025-03-25T06:30:32 | An Incorrect Implementation of Authentication Algorithm and Exposure of Data Ele | |
CVE-2024-45483 | None | 0.03% | 1 | 0 | 2025-03-25T06:30:32 | A Missing Authentication for Critical Function vulnerability in the GRUB configu | |
CVE-2024-8315 | None | 0.01% | 1 | 0 | 2025-03-25T06:30:32 | An Improper Handling of Insufficient Permissions or Privileges vulnerability in | |
CVE-2024-10209 | None | 0.01% | 1 | 0 | 2025-03-25T06:30:31 | An Incorrect Permission Assignment for Critical Resource vulnerability in the fi | |
CVE-2024-45482 | None | 0.01% | 1 | 0 | 2025-03-25T06:30:31 | An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the | |
CVE-2024-8313 | None | 0.02% | 1 | 0 | 2025-03-25T06:30:31 | An Exposure of Sensitive System Information to an Unauthorized Control Sphere an | |
CVE-2024-45481 | None | 0.01% | 1 | 0 | 2025-03-25T06:30:31 | An Incomplete Filtering of Special Elements vulnerability in scripts using the S | |
CVE-2024-10208 | None | 0.06% | 1 | 0 | 2025-03-25T06:30:31 | An Improper Neutralization of Input During Web Page Generation vulnerability in | |
CVE-2024-45480 | None | 0.06% | 1 | 0 | 2025-03-25T06:30:31 | An improper control of generation of code ('Code Injection') vulnerability in th | |
CVE-2024-10206 | None | 0.05% | 1 | 0 | 2025-03-25T06:30:31 | A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R | |
CVE-2024-10210 | None | 0.05% | 1 | 0 | 2025-03-25T06:30:27 | An External Control of File Name or Path vulnerability in the APROL Web Portal u | |
CVE-2025-26512 | 10.0 | 0.04% | 1 | 0 | 2025-03-25T00:30:26 | SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerabili | |
CVE-2025-2748 | 6.5 | 0.03% | 5 | 0 | template | 2025-03-24T21:30:39 | The Kentico Xperience application does not fully validate or filter files upload |
CVE-2025-27407 | 9.1 | 4.32% | 1 | 0 | 2025-03-24T14:49:02 | # Summary Loading a malicious schema definition in `GraphQL::Schema.from_intros | |
CVE-2024-6827 | 7.5 | 0.04% | 1 | 0 | 2025-03-21T23:56:31 | Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-En | |
CVE-2025-24085 | 7.8 | 2.43% | 1 | 1 | 2025-03-21T21:01:31.620000 | A use after free issue was addressed with improved memory management. This issue | |
CVE-2024-9956 | 7.8 | 0.03% | 1 | 0 | 2025-03-21T00:32:31 | Inappropriate implementation in WebAuthentication in Google Chrome on Android pr | |
CVE-2025-23120 | 9.9 | 0.28% | 1 | 0 | 2025-03-20T18:30:30 | A vulnerability allowing remote code execution (RCE) for domain users. | |
CVE-2025-24201 | 8.8 | 0.18% | 1 | 0 | 2025-03-20T15:15:45.627000 | An out-of-bounds write issue was addressed with improved checks to prevent unaut | |
CVE-2025-24200 | 6.1 | 16.16% | 1 | 1 | 2025-03-20T15:15:45.357000 | An authorization issue was addressed with improved state management. This issue | |
CVE-2025-29891 | 4.2 | 0.02% | 1 | 0 | 2025-03-19T15:44:53 | Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel | |
CVE-2025-26633 | 7.0 | 1.29% | 9 | 0 | 2025-03-11T18:32:20 | Improper neutralization in Microsoft Management Console allows an unauthorized a | |
CVE-2024-48248 | 8.6 | 90.80% | 1 | 1 | template | 2025-03-04T18:34:42 | NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal f |
CVE-2025-27218 | 5.3 | 58.46% | 1 | 0 | template | 2025-02-20T21:30:52 | Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002 |
CVE-2025-1302 | 9.8 | 14.28% | 2 | 1 | 2025-02-18T19:25:35 | Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Cod | |
CVE-2025-24791 | 4.4 | 0.01% | 2 | 0 | 2025-01-29T18:42:28 | ### Issue Snowflake discovered and remediated a vulnerability in the Snowflake N | |
CVE-2025-0282 | 9.1 | 90.87% | 1 | 10 | 2025-01-28T18:32:27 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, | |
CVE-2024-57882 | 5.5 | 0.02% | 2 | 0 | 2025-01-23T18:32:22 | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix | |
CVE-2024-40711 | 9.8 | 56.19% | 1 | 3 | template | 2024-12-20T18:31:30 | A deserialization of untrusted data vulnerability with a malicious payload can a |
CVE-2024-3721 | 6.3 | 32.65% | 1 | 0 | 2024-11-21T09:30:14.630000 | A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classi | |
CVE-2023-38408 | 9.8 | 45.31% | 1 | 7 | 2024-11-21T08:13:30.520000 | The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently t | |
CVE-2021-4034 | 7.8 | 87.29% | 1 | 100 | 2024-11-04T18:32:23 | A local privilege escalation vulnerability was found on polkit's pkexec utility. | |
CVE-2024-8690 | 4.4 | 0.03% | 2 | 0 | 2024-10-03T03:31:11 | A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent | |
CVE-2024-20439 | 9.8 | 88.04% | 4 | 0 | template | 2024-09-13T21:31:22 | A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, |
CVE-2019-9874 | 9.8 | 33.80% | 4 | 0 | 2024-04-04T00:50:10 | Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CS | |
CVE-2019-9875 | 8.8 | 22.41% | 3 | 0 | 2024-04-04T00:50:10 | Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9. | |
CVE-2024-0402 | 10.0 | 24.75% | 2 | 1 | 2024-01-26T03:30:25 | An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 pr | |
CVE-2014-0401 | None | 0.41% | 1 | 0 | 2023-02-01T05:07:50 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 a | |
CVE-2021-32471 | None | 5.43% | 1 | 1 | 2023-01-29T05:06:13 | Insufficient input validation in the Marvin Minsky 1967 implementation of the Un | |
CVE-2025-30215 | 0 | 0.00% | 1 | 0 | N/A | ||
CVE-2025-29495 | 0 | 0.00% | 1 | 0 | N/A | ||
CVE-2025-30216 | 0 | 0.14% | 1 | 1 | N/A | ||
CVE-2025-30205 | 0 | 0.03% | 1 | 0 | N/A |
updated 2025-04-02T09:30:43
2 posts
Another new CVE for an old critical ../ by Fortinet.
https://www.fortiguard.com/psirt/FG-IR-23-085
sev:CRIT 9.9 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
##A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements
Another new CVE for an old critical ../ by Fortinet.
https://www.fortiguard.com/psirt/FG-IR-23-085
sev:CRIT 9.9 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
##A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements
updated 2025-04-02T07:15:41.903000
2 posts
Ooh, vulns in Moxa kit released today.
sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H
A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.
https://nvd.nist.gov/vuln/detail/CVE-2025-0415
sev:HIGH 8.6 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.
Ooh, vulns in Moxa kit released today.
sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H
A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.
https://nvd.nist.gov/vuln/detail/CVE-2025-0415
sev:HIGH 8.6 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.
updated 2025-04-02T07:15:41.720000
2 posts
Ooh, vulns in Moxa kit released today.
sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H
A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.
https://nvd.nist.gov/vuln/detail/CVE-2025-0415
sev:HIGH 8.6 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.
Ooh, vulns in Moxa kit released today.
sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H
A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.
https://nvd.nist.gov/vuln/detail/CVE-2025-0415
sev:HIGH 8.6 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.
updated 2025-04-02T07:15:41.427000
2 posts
Zabbix published a few CVEs, including a couple sev:HIGH
vulns.
https://support.zabbix.com/browse/ZBX-26257
sev:HIGH 8.6 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.
https://nvd.nist.gov/vuln/detail/CVE-2024-36465
https://support.zabbix.com/browse/ZBX-26254
sev:HIGH 7.5 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.
Zabbix published a few CVEs, including a couple sev:HIGH
vulns.
https://support.zabbix.com/browse/ZBX-26257
sev:HIGH 8.6 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.
https://nvd.nist.gov/vuln/detail/CVE-2024-36465
https://support.zabbix.com/browse/ZBX-26254
sev:HIGH 7.5 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.
updated 2025-04-02T06:15:34.130000
2 posts
Zabbix published a few CVEs, including a couple sev:HIGH
vulns.
https://support.zabbix.com/browse/ZBX-26257
sev:HIGH 8.6 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.
https://nvd.nist.gov/vuln/detail/CVE-2024-36465
https://support.zabbix.com/browse/ZBX-26254
sev:HIGH 7.5 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.
Zabbix published a few CVEs, including a couple sev:HIGH
vulns.
https://support.zabbix.com/browse/ZBX-26257
sev:HIGH 8.6 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.
https://nvd.nist.gov/vuln/detail/CVE-2024-36465
https://support.zabbix.com/browse/ZBX-26254
sev:HIGH 7.5 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.
updated 2025-04-02T01:00:02.367000
11 posts
20 repos
https://github.com/B1gN0Se/Tomcat-CVE-2025-24813
https://github.com/gregk4sec/CVE-2025-24813
https://github.com/msadeghkarimi/CVE-2025-24813-Exploit
https://github.com/tonyarris/CVE-2025-24813-PoC
https://github.com/charis3306/CVE-2025-24813
https://github.com/beyond-devsecops/CVE-2025-24813
https://github.com/MuhammadWaseem29/CVE-2025-24813
https://github.com/FY036/cve-2025-24813_poc
https://github.com/AlperenY-cs/CVE-2025-24813
https://github.com/absholi7ly/POC-CVE-2025-24813
https://github.com/ps-interactive/lab-cve-2025-24813
https://github.com/issamjr/CVE-2025-24813-Scanner
https://github.com/N0c1or/CVE-2025-24813_POC
https://github.com/iSee857/CVE-2025-24813-PoC
https://github.com/imbas007/CVE-2025-24813-apache-tomcat
https://github.com/michael-david-fry/Apache-Tomcat-Vulnerability-POC-CVE-2025-24813
https://github.com/n0n-zer0/Spring-Boot-Tomcat-CVE-2025-24813
https://github.com/Alaatk/CVE-2025-24813-POC
Aqua published a blog post on the TTPs ( including IOCs and samples ) used by an apparently CN-adjacent TA attacking Tomcat servers. The post doesn't specifically say that the vulnerability exploited is CVE-2025-24813 but in their mitigations section they say:
"Ensure that all vulnerabilities are patched. Particularly internet facing applications such as Tomcat servers. Vulnerabilities such as CVE-2025-24813 that are new, critical and actively exploited should be prioritized."
https://www.aquasec.com/blog/new-campaign-against-apache-tomcat/
##CVE ID: CVE-2025-24813
Vendor: Apache
Product: Tomcat
Date Added: 2025-04-01
Vulnerability: Apache Tomcat Path Equivalence Vulnerability
Notes: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq ; https://nvd.nist.gov/vuln/detail/CVE-2025-24813
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-24813
CISA has updated the KEV catalogue:
CVE-2025-24813: Apache Tomcat Path Equivalence Vulnerability https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=&field_date_added_wrapper=all&sort_by=field_date_added&items_per_page=20 #CISA #cybersecurity #infosec #Apache
Also:
Two Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2025/04/01/cisa-releases-two-industrial-control-systems-advisories
##Looks like CISA is now satisfied and has added CVE-2025-24813 (Apache Tomcat Path Equivalence Vulnerability ) to the KEV Catalog.
##Aqua published a blog post on the TTPs ( including IOCs and samples ) used by an apparently CN-adjacent TA attacking Tomcat servers. The post doesn't specifically say that the vulnerability exploited is CVE-2025-24813 but in their mitigations section they say:
"Ensure that all vulnerabilities are patched. Particularly internet facing applications such as Tomcat servers. Vulnerabilities such as CVE-2025-24813 that are new, critical and actively exploited should be prioritized."
https://www.aquasec.com/blog/new-campaign-against-apache-tomcat/
##CVE ID: CVE-2025-24813
Vendor: Apache
Product: Tomcat
Date Added: 2025-04-01
Vulnerability: Apache Tomcat Path Equivalence Vulnerability
Notes: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq ; https://nvd.nist.gov/vuln/detail/CVE-2025-24813
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-24813
CISA has updated the KEV catalogue:
CVE-2025-24813: Apache Tomcat Path Equivalence Vulnerability https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=&field_date_added_wrapper=all&sort_by=field_date_added&items_per_page=20 #CISA #cybersecurity #infosec #Apache
Also:
Two Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2025/04/01/cisa-releases-two-industrial-control-systems-advisories
##Looks like CISA is now satisfied and has added CVE-2025-24813 (Apache Tomcat Path Equivalence Vulnerability ) to the KEV Catalog.
##Apache Tomcat Vulnerability (CVE-2025-24813) Exploited to Execute Code on Servers https://cybersecuritynews.com/apache-tomcat-vulnerability-exploited/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #CyberSecurity #cybersecurity #vulnerability
##Fortinet added CVE-2025-24813, Apache Tomcat RCE (high) to its outbreak alerts yesterday: https://www.fortinet.com/fortiguard/labs @fortinet #cybersecurity #infosec #Apache
Details: https://fortiguard.fortinet.com/outbreak-alert/apache-tomcat-rce
##(recordedfuture.com) Apache Tomcat: Critical Path Equivalence Vulnerability (CVE-2025-24813) NOT (yet) under active exploitation
https://www.recordedfuture.com/blog/apache-tomcat-cve-2025-24813-vulnerability-analysis
Insikt Group notes specifically that this vulnerability has not yet been observed as being actively exploited in the wild.
Summary:
This article details CVE-2025-24813, a critical path equivalence vulnerability in Apache Tomcat that allows unauthenticated remote code execution under specific conditions. The vulnerability affects multiple Tomcat versions (11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, 9.0.0-M1 to 9.0.98, and most 8.5.x versions). Greynoise has identified six malicious IP addresses attempting to exploit this vulnerability, targeting systems in the US, Japan, Mexico, South Korea, and Australia. Multiple proof-of-concept exploits have been published, increasing the risk of exploitation. Organizations are advised to upgrade to patched versions (11.0.3, 10.1.35, or 9.0.99) or implement network-level controls if immediate patching isn't possible.
#Cybersecurity #ThreatIntel #Tomcat #ActiveExploitation #ITW #Exploitation #Vulnerability #CVE202524813
##updated 2025-04-02T00:31:46
2 posts
Researchers, you don't need to be this patient. Just publish that shit.
https://medium.com/@mihat2/onlyoffice-document-server-path-traversal-fdd573fec291
##Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload.
- October 10, 2023 – The moment I realized the flaw was real, I immediately reached out to ONLYOFFICE’s security team. To my surprise, they responded the same day! To ensure they had all the details, I sent them a thorough PDF report outlining the vulnerability, complete with technical analysis, proof-of-concept, and potential impact. I thought this was going to be a smooth disclosure process — how wrong I was.
- October 11 — November 19, 2023 — I followed up. Again. And again. Silence. Maybe my emails were lost? Maybe they were ignoring me? Either way, weeks passed, and still — no response.
- November 20, 2023 – We submitted the vulnerability to HackerOne, hoping to reach the ONLYOFFICE through another channel.
- December 4, 2023 – With no response from HackerOne, we escalated the report to HackerOne Disclosure Assistance, but STILL received no response.
- February 19, 2024 – ONLYOFFICE finally responded, stating that they were working on a fix.
- February 26, 2024 – ONLYOFFICE released a fix for the vulnerability.
- April 1, 2024 – ONLYOFFICE informed us that while the fix was available, some products would not receive the security patch until Summer 2024. They requested that we delay public disclosure until July 2024.
- February 21, 2025 – HackerOne Disclosure Assistance responded, stating that they were reviewing the backlog and asked for an update on the current situation.
Researchers, you don't need to be this patient. Just publish that shit.
https://medium.com/@mihat2/onlyoffice-document-server-path-traversal-fdd573fec291
##Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload.
- October 10, 2023 – The moment I realized the flaw was real, I immediately reached out to ONLYOFFICE’s security team. To my surprise, they responded the same day! To ensure they had all the details, I sent them a thorough PDF report outlining the vulnerability, complete with technical analysis, proof-of-concept, and potential impact. I thought this was going to be a smooth disclosure process — how wrong I was.
- October 11 — November 19, 2023 — I followed up. Again. And again. Silence. Maybe my emails were lost? Maybe they were ignoring me? Either way, weeks passed, and still — no response.
- November 20, 2023 – We submitted the vulnerability to HackerOne, hoping to reach the ONLYOFFICE through another channel.
- December 4, 2023 – With no response from HackerOne, we escalated the report to HackerOne Disclosure Assistance, but STILL received no response.
- February 19, 2024 – ONLYOFFICE finally responded, stating that they were working on a fix.
- February 26, 2024 – ONLYOFFICE released a fix for the vulnerability.
- April 1, 2024 – ONLYOFFICE informed us that while the fix was available, some products would not receive the security patch until Summer 2024. They requested that we delay public disclosure until July 2024.
- February 21, 2025 – HackerOne Disclosure Assistance responded, stating that they were reviewing the backlog and asked for an update on the current situation.
updated 2025-04-01T22:23:35
2 posts
Simple and practical vulns like this are always nice to read about and learn from and replicate.
https://github.com/remix-run/react-router/security/advisories/GHSA-4q56-crqp-v477
sev:HIGH 7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
##React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1.
Simple and practical vulns like this are always nice to read about and learn from and replicate.
https://github.com/remix-run/react-router/security/advisories/GHSA-4q56-crqp-v477
sev:HIGH 7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
##React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1.
updated 2025-04-01T21:32:20
1 posts
Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH
vulns.
https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/
##CVE-2025-3028: Use-after-free triggered by XSLTProcessor
CVE-2025-3031: JIT optimization bug with different stack slot sizes
CVE-2025-3032: Leaking file descriptors from the fork server
CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
CVE-2025-3033: Opening local .url files could lead to another file being opened
CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137
updated 2025-04-01T21:32:20
1 posts
Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH
vulns.
https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/
##CVE-2025-3028: Use-after-free triggered by XSLTProcessor
CVE-2025-3031: JIT optimization bug with different stack slot sizes
CVE-2025-3032: Leaking file descriptors from the fork server
CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
CVE-2025-3033: Opening local .url files could lead to another file being opened
CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137
updated 2025-04-01T21:32:20
1 posts
Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH
vulns.
https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/
##CVE-2025-3028: Use-after-free triggered by XSLTProcessor
CVE-2025-3031: JIT optimization bug with different stack slot sizes
CVE-2025-3032: Leaking file descriptors from the fork server
CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
CVE-2025-3033: Opening local .url files could lead to another file being opened
CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137
updated 2025-04-01T21:32:20
1 posts
Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH
vulns.
https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/
##CVE-2025-3028: Use-after-free triggered by XSLTProcessor
CVE-2025-3031: JIT optimization bug with different stack slot sizes
CVE-2025-3032: Leaking file descriptors from the fork server
CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
CVE-2025-3033: Opening local .url files could lead to another file being opened
CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137
updated 2025-04-01T21:32:20
1 posts
Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH
vulns.
https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/
##CVE-2025-3028: Use-after-free triggered by XSLTProcessor
CVE-2025-3031: JIT optimization bug with different stack slot sizes
CVE-2025-3032: Leaking file descriptors from the fork server
CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
CVE-2025-3033: Opening local .url files could lead to another file being opened
CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137
updated 2025-04-01T21:31:50
9 posts
1 repos
CrushFTP Authentication Bypass - CVE-2025-2825
#CVE_2025_2825
https://projectdiscovery.io/blog/crushftp-authentication-bypass
CrushFTP CVE-2025-2825 flaw actively exploited in the wild – Source: securityaffairs.com https://ciso2ciso.com/crushftp-cve-2025-2825-flaw-actively-exploited-in-the-wild-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #CrushFTP #Security #hacking
##Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) https://www.helpnetsecurity.com/2025/04/01/crushftp-vulnerability-exploitation-cve-2025-2825/ #Shadowserver #Don'tmiss #VulnCheck #Hotstuff #CrushFTP #Rapid7 #News #CVE #PoC
##CrushFTP Authentication Bypass - CVE-2025-2825 — ProjectDiscovery Blog https://projectdiscovery.io/blog/crushftp-authentication-bypass
##Full technical analysis of CrushFTP CVE-2025-2825 here c/o @fuzz, and props to the Project Discovery folks who look to have come up with the same findings https://attackerkb.com/topics/k0EgiL9Psz/cve-2025-2825/rapid7-analysis
##CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) https://www.helpnetsecurity.com/2025/03/27/crushftp-vulnerability-cve-2025-2825/ #securityupdate #vulnerability #file-sharing #enterprise #Don'tmiss #Hotstuff #CrushFTP #News #SMBs
##🚨CVE-2025-2825: Unauthenticated HTTP(S) port access on CrushFTPv10/v11
CVSS: 9.8
https://darkwebinformer.com/cve-2025-2825-unauthenticated-http-s-port-access-on-crushftpv10-v11/
##The CrushFTP CVE that @catc0n has been talking about is finally published.
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
##CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access.
Our pals over at VulnCheck very kindly assigned a CVE for the CrushFTP issue since CrushFTP appears reluctant to do the needful directly (thx @albinolobster!)
##updated 2025-04-01T20:26:22.890000
1 posts
This looks like a small project and I'm not trying to throw stones here. I am posting this as a legitimate learning opportunity for people.
sev:CRIT 9.0 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
##scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field.
So basically you can use a login link to login to any account you want to hack into without any effort. We need to fix this! There is a username thingy that you can use to hack into any account, but please don’t abuse this feature!
updated 2025-04-01T20:26:22.890000
1 posts
I for one like seeing command exec in Rockwell Automation products.
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1723.html
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
##A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. A portion of the administrative web interface for Verve's Legacy Agentless Device Inventory (ADI) capability (deprecated since the 1.36 release) allows users to change a variable with inadequate sanitizing. If exploited, it could allow a threat actor with administrative access to run arbitrary commands in the context of the container running the service.
updated 2025-04-01T18:39:55.893000
1 posts
There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.
https://github.com/libming/libming/issues/330
https://nvd.nist.gov/vuln/detail/CVE-2025-29483
https://nvd.nist.gov/vuln/detail/CVE-2025-29484
https://nvd.nist.gov/vuln/detail/CVE-2025-29485
https://nvd.nist.gov/vuln/detail/CVE-2025-29486
https://nvd.nist.gov/vuln/detail/CVE-2025-29487
https://nvd.nist.gov/vuln/detail/CVE-2025-29488
https://nvd.nist.gov/vuln/detail/CVE-2025-29489
https://nvd.nist.gov/vuln/detail/CVE-2025-29490
https://nvd.nist.gov/vuln/detail/CVE-2025-29491
https://nvd.nist.gov/vuln/detail/CVE-2025-29492
https://nvd.nist.gov/vuln/detail/CVE-2025-29493
https://nvd.nist.gov/vuln/detail/CVE-2025-29494
##updated 2025-04-01T18:30:49
2 posts
LPE in VMWare Aria Operations.
sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.
##LPE in VMWare Aria Operations.
sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.
##updated 2025-04-01T18:30:49
1 posts
Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH
vulns.
https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/
##CVE-2025-3028: Use-after-free triggered by XSLTProcessor
CVE-2025-3031: JIT optimization bug with different stack slot sizes
CVE-2025-3032: Leaking file descriptors from the fork server
CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
CVE-2025-3033: Opening local .url files could lead to another file being opened
CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137
updated 2025-04-01T18:20:49
2 posts
I don't know Apache Pinot but this seems like a good one to keep in your back pocket.
https://lists.apache.org/thread/ksf8qsndr1h66otkbjz2wrzsbw992r8v
##Authentication Bypass Issue
If the path does not contain / and contain., authentication is not required.
Expected Normal Request and Response Example
curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"} http://{server_ip}:9000/users
Return: {"code":401,"error":"HTTP 401 Unauthorized"}
Malicious Request and Response Example
curl -X POST -H "Content-Type: application/json" -d '{\"username\":\"hack\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"}' http://{serverip}:9000/users; http://{serverip}:9000/users; .
Return: {"users":{}}
I don't know Apache Pinot but this seems like a good one to keep in your back pocket.
https://lists.apache.org/thread/ksf8qsndr1h66otkbjz2wrzsbw992r8v
##Authentication Bypass Issue
If the path does not contain / and contain., authentication is not required.
Expected Normal Request and Response Example
curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"} http://{server_ip}:9000/users
Return: {"code":401,"error":"HTTP 401 Unauthorized"}
Malicious Request and Response Example
curl -X POST -H "Content-Type: application/json" -d '{\"username\":\"hack\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"}' http://{serverip}:9000/users; http://{serverip}:9000/users; .
Return: {"users":{}}
updated 2025-04-01T18:04:17
2 posts
And we have a perfect 10 in Apache Parquet, whatever that is. 🥳
sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
##Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code
Users are recommended to upgrade to version 1.15.1, which fixes the issue.
And we have a perfect 10 in Apache Parquet, whatever that is. 🥳
sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
##Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code
Users are recommended to upgrade to version 1.15.1, which fixes the issue.
updated 2025-04-01T16:34:41.947000
2 posts
CVE-2024-55963: Unauthenticated RCE in Default-Install of Appsmith https://rhinosecuritylabs.com/research/cve-2024-55963-unauthenticated-rce-in-appsmith/
##That RCE in Appsmith from December has a write-up.
https://rhinosecuritylabs.com/research/cve-2024-55963-unauthenticated-rce-in-appsmith/
https://github.com/appsmithorg/appsmith/releases/tag/v1.52
While reviewing the Appsmith Enterprise platform, Rhino Security Labs uncovered a series of critical vulnerabilities affecting default installations of the product. Most severe among them is CVE-2024-55963, which allows unauthenticated remote code execution due to a misconfigured PostgreSQL database included by default. Two additional vulnerabilities (CVE-2024-55964 and CVE-2024-55965) enable unauthorized access to sensitive data and application denial of service.
Unfortunately, the CVE still isn't in NVD.
##updated 2025-04-01T16:34:34.710000
1 posts
That RCE in Appsmith from December has a write-up.
https://rhinosecuritylabs.com/research/cve-2024-55963-unauthenticated-rce-in-appsmith/
https://github.com/appsmithorg/appsmith/releases/tag/v1.52
While reviewing the Appsmith Enterprise platform, Rhino Security Labs uncovered a series of critical vulnerabilities affecting default installations of the product. Most severe among them is CVE-2024-55963, which allows unauthenticated remote code execution due to a misconfigured PostgreSQL database included by default. Two additional vulnerabilities (CVE-2024-55964 and CVE-2024-55965) enable unauthorized access to sensitive data and application denial of service.
Unfortunately, the CVE still isn't in NVD.
##updated 2025-04-01T16:07:37.140000
1 posts
There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.
https://github.com/libming/libming/issues/330
https://nvd.nist.gov/vuln/detail/CVE-2025-29483
https://nvd.nist.gov/vuln/detail/CVE-2025-29484
https://nvd.nist.gov/vuln/detail/CVE-2025-29485
https://nvd.nist.gov/vuln/detail/CVE-2025-29486
https://nvd.nist.gov/vuln/detail/CVE-2025-29487
https://nvd.nist.gov/vuln/detail/CVE-2025-29488
https://nvd.nist.gov/vuln/detail/CVE-2025-29489
https://nvd.nist.gov/vuln/detail/CVE-2025-29490
https://nvd.nist.gov/vuln/detail/CVE-2025-29491
https://nvd.nist.gov/vuln/detail/CVE-2025-29492
https://nvd.nist.gov/vuln/detail/CVE-2025-29493
https://nvd.nist.gov/vuln/detail/CVE-2025-29494
##updated 2025-04-01T16:07:18.737000
1 posts
There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.
https://github.com/libming/libming/issues/330
https://nvd.nist.gov/vuln/detail/CVE-2025-29483
https://nvd.nist.gov/vuln/detail/CVE-2025-29484
https://nvd.nist.gov/vuln/detail/CVE-2025-29485
https://nvd.nist.gov/vuln/detail/CVE-2025-29486
https://nvd.nist.gov/vuln/detail/CVE-2025-29487
https://nvd.nist.gov/vuln/detail/CVE-2025-29488
https://nvd.nist.gov/vuln/detail/CVE-2025-29489
https://nvd.nist.gov/vuln/detail/CVE-2025-29490
https://nvd.nist.gov/vuln/detail/CVE-2025-29491
https://nvd.nist.gov/vuln/detail/CVE-2025-29492
https://nvd.nist.gov/vuln/detail/CVE-2025-29493
https://nvd.nist.gov/vuln/detail/CVE-2025-29494
##updated 2025-04-01T15:46:44.217000
1 posts
There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.
https://github.com/libming/libming/issues/330
https://nvd.nist.gov/vuln/detail/CVE-2025-29483
https://nvd.nist.gov/vuln/detail/CVE-2025-29484
https://nvd.nist.gov/vuln/detail/CVE-2025-29485
https://nvd.nist.gov/vuln/detail/CVE-2025-29486
https://nvd.nist.gov/vuln/detail/CVE-2025-29487
https://nvd.nist.gov/vuln/detail/CVE-2025-29488
https://nvd.nist.gov/vuln/detail/CVE-2025-29489
https://nvd.nist.gov/vuln/detail/CVE-2025-29490
https://nvd.nist.gov/vuln/detail/CVE-2025-29491
https://nvd.nist.gov/vuln/detail/CVE-2025-29492
https://nvd.nist.gov/vuln/detail/CVE-2025-29493
https://nvd.nist.gov/vuln/detail/CVE-2025-29494
##updated 2025-04-01T15:46:09.550000
1 posts
There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.
https://github.com/libming/libming/issues/330
https://nvd.nist.gov/vuln/detail/CVE-2025-29483
https://nvd.nist.gov/vuln/detail/CVE-2025-29484
https://nvd.nist.gov/vuln/detail/CVE-2025-29485
https://nvd.nist.gov/vuln/detail/CVE-2025-29486
https://nvd.nist.gov/vuln/detail/CVE-2025-29487
https://nvd.nist.gov/vuln/detail/CVE-2025-29488
https://nvd.nist.gov/vuln/detail/CVE-2025-29489
https://nvd.nist.gov/vuln/detail/CVE-2025-29490
https://nvd.nist.gov/vuln/detail/CVE-2025-29491
https://nvd.nist.gov/vuln/detail/CVE-2025-29492
https://nvd.nist.gov/vuln/detail/CVE-2025-29493
https://nvd.nist.gov/vuln/detail/CVE-2025-29494
##updated 2025-04-01T15:31:39
1 posts
Three new CVEs in Autodesk Navisworks this morning. All three are sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
.
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002
##CVE-2025-1658: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2025-1659: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2025-1660: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
updated 2025-04-01T15:31:39
1 posts
Three new CVEs in Autodesk Navisworks this morning. All three are sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
.
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002
##CVE-2025-1658: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2025-1659: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2025-1660: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
updated 2025-04-01T15:31:39
1 posts
Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH
vulns.
https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/
##CVE-2025-3028: Use-after-free triggered by XSLTProcessor
CVE-2025-3031: JIT optimization bug with different stack slot sizes
CVE-2025-3032: Leaking file descriptors from the fork server
CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
CVE-2025-3033: Opening local .url files could lead to another file being opened
CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137
updated 2025-04-01T15:31:39
1 posts
1 repos
Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH
vulns.
https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/
##CVE-2025-3028: Use-after-free triggered by XSLTProcessor
CVE-2025-3031: JIT optimization bug with different stack slot sizes
CVE-2025-3032: Leaking file descriptors from the fork server
CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
CVE-2025-3033: Opening local .url files could lead to another file being opened
CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137
updated 2025-04-01T15:31:36
1 posts
Three new CVEs in Autodesk Navisworks this morning. All three are sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
.
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002
##CVE-2025-1658: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2025-1659: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2025-1660: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
updated 2025-04-01T06:31:46
1 posts
CVE-2025-24259: Leaking Bookmarks on macOS
https://wts.dev/posts/bookmarks-leak/
#HackerNews #CVE202524259 #macOS #Bookmarks #Security #Vulnerability #HackerNews #Cybersecurity
##updated 2025-04-01T06:30:51
2 posts
NCSC Finland published some vulns in Valmet DNA, which is a DCS system. Those are always fun to attack and / or defend.
sev:HIGH 8.9 - CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:H/U:Amber
Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
https://nvd.nist.gov/vuln/detail/CVE-2025-0416
sev:HIGH 7.0 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green
Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.
https://nvd.nist.gov/vuln/detail/CVE-2025-0417
sev:MED 5.4 - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green
##Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
NCSC Finland published some vulns in Valmet DNA, which is a DCS system. Those are always fun to attack and / or defend.
sev:HIGH 8.9 - CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:H/U:Amber
Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
https://nvd.nist.gov/vuln/detail/CVE-2025-0416
sev:HIGH 7.0 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green
Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.
https://nvd.nist.gov/vuln/detail/CVE-2025-0417
sev:MED 5.4 - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green
##Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
updated 2025-04-01T06:30:51
2 posts
NCSC Finland published some vulns in Valmet DNA, which is a DCS system. Those are always fun to attack and / or defend.
sev:HIGH 8.9 - CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:H/U:Amber
Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
https://nvd.nist.gov/vuln/detail/CVE-2025-0416
sev:HIGH 7.0 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green
Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.
https://nvd.nist.gov/vuln/detail/CVE-2025-0417
sev:MED 5.4 - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green
##Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
NCSC Finland published some vulns in Valmet DNA, which is a DCS system. Those are always fun to attack and / or defend.
sev:HIGH 8.9 - CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:H/U:Amber
Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
https://nvd.nist.gov/vuln/detail/CVE-2025-0416
sev:HIGH 7.0 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green
Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.
https://nvd.nist.gov/vuln/detail/CVE-2025-0417
sev:MED 5.4 - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green
##Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
updated 2025-04-01T06:30:50
2 posts
NCSC Finland published some vulns in Valmet DNA, which is a DCS system. Those are always fun to attack and / or defend.
sev:HIGH 8.9 - CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:H/U:Amber
Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
https://nvd.nist.gov/vuln/detail/CVE-2025-0416
sev:HIGH 7.0 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green
Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.
https://nvd.nist.gov/vuln/detail/CVE-2025-0417
sev:MED 5.4 - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green
##Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
NCSC Finland published some vulns in Valmet DNA, which is a DCS system. Those are always fun to attack and / or defend.
sev:HIGH 8.9 - CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:H/U:Amber
Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
https://nvd.nist.gov/vuln/detail/CVE-2025-0416
sev:HIGH 7.0 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green
Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.
https://nvd.nist.gov/vuln/detail/CVE-2025-0417
sev:MED 5.4 - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green
##Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
updated 2025-04-01T03:31:38
4 posts
Microsoft:
Critical: Azure Health Bot Elevation of Privilege Vulnerability - CVE-2025-21384 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21384
Critical: Azure Playwright Elevation of Privilege Vulnerability - CVE-2025-26683 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26683 @microsoftsec #cybersecurity #infosec #Azure
##Another Microsoft cloud service vuln got patched. They claim no exploitation and it wasn't publicly known so you should be okay but that trust thing is hard.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21384
sev:HIGH 8.3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
##An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
Microsoft:
Critical: Azure Health Bot Elevation of Privilege Vulnerability - CVE-2025-21384 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21384
Critical: Azure Playwright Elevation of Privilege Vulnerability - CVE-2025-26683 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26683 @microsoftsec #cybersecurity #infosec #Azure
##Another Microsoft cloud service vuln got patched. They claim no exploitation and it wasn't publicly known so you should be okay but that trust thing is hard.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21384
sev:HIGH 8.3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
##An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
updated 2025-04-01T00:30:49
2 posts
The CVE is published for this one. No CVSS yet though: https://nvd.nist.gov/vuln/detail/CVE-2025-30456
##https://support.apple.com/en-us/122371
##DiskArbitration
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to gain root privileges
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2025-30456: Gergely Kalman (@gergely_kalman)
updated 2025-04-01T00:30:42
1 posts
Drupal published a bunch of CVEs for recent vulns of theirs, though they haven't been assessed for CVSS yet. I'm not going to list them all but there is one I want to point out.
https://www.drupal.org/security
##Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.
updated 2025-04-01T00:30:36
3 posts
Microsoft:
Critical: Azure Health Bot Elevation of Privilege Vulnerability - CVE-2025-21384 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21384
Critical: Azure Playwright Elevation of Privilege Vulnerability - CVE-2025-26683 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26683 @microsoftsec #cybersecurity #infosec #Azure
##Microsoft:
Critical: Azure Health Bot Elevation of Privilege Vulnerability - CVE-2025-21384 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21384
Critical: Azure Playwright Elevation of Privilege Vulnerability - CVE-2025-26683 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26683 @microsoftsec #cybersecurity #infosec #Azure
##Microsoft Azure Playwright EoP vuln.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26683
Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.
Microsoft says that it is not publicly disclosed and not EITW so if it's really fixed, you should be good to go. But I would still take a look in your logs to see what you don't see.
##updated 2025-03-31T22:36:53
3 posts
Amazon, posted yesterday: Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048) has been resolved https://aws.amazon.com/security/security-bulletins/AWS-2025-008/ #Amazon #cybersecurity #Inffosec
##Amazon, posted yesterday: Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048) has been resolved https://aws.amazon.com/security/security-bulletins/AWS-2025-008/ #Amazon #cybersecurity #Inffosec
##Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048)
https://aws.amazon.com/security/security-bulletins/AWS-2025-008/
sev:MED 6.9 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
##When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could leverage the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container. Users should upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes.
updated 2025-03-31T22:36:51
3 posts
Amazon, posted yesterday: Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048) has been resolved https://aws.amazon.com/security/security-bulletins/AWS-2025-008/ #Amazon #cybersecurity #Inffosec
##Amazon, posted yesterday: Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048) has been resolved https://aws.amazon.com/security/security-bulletins/AWS-2025-008/ #Amazon #cybersecurity #Inffosec
##Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048)
https://aws.amazon.com/security/security-bulletins/AWS-2025-008/
sev:MED 6.9 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
##When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could leverage the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container. Users should upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes.
updated 2025-03-31T15:30:55
1 posts
Another old Fortinet advisory finally getting a CVE published. The advisory is from 2021, the CVE year is 2023, and here we are in 2025.
https://fortiguard.fortinet.com/psirt/FG-IR-21-023
sev:MED 4.5 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C
##A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.
updated 2025-03-31T15:30:54
1 posts
Unraid with Tailscale is pretty popular so maybe go check your targets and / or assets.
https://docs.unraid.net/unraid-os/release-notes/7.0.1/
https://edac.dev/security/CVE-2025-29266/
sev:CRIT 9.6 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
##Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.
updated 2025-03-31T15:30:39
5 posts
CVE-2025-31160 Atop 2.11 heap problems
Link: https://openwall.com/lists/oss-security/2025/03/29/1
Discussion: https://news.ycombinator.com/item?id=43518560
CVE-2025-31160 Atop 2.11 heap problems
Link: https://openwall.com/lists/oss-security/2025/03/29/1
Comments: https://news.ycombinator.com/item?id=43518560
CVE-2025-31160 Atop 2.11 heap problems
https://openwall.com/lists/oss-security/2025/03/29/1
#ycombinator
CVE-2025-31160 Atop 2.11 heap problems
https://openwall.com/lists/oss-security/2025/03/29/1
#HackerNews #CVE-2025-31160 #heap #vulnerabilities #security #issues #OpenWall #OSS #security
##Details about CVE-2025-31160 (memory corruption in #atop) are now available here: https://github.com/Atoptool/atop/issues/334
In a nutshell: atop at startup connects to local (non-privileged) TCP port 59123 where it expects certain data; if a regular user listens on that port, it can feed data to the next invocation of atop that can corrupt it.
The fix (https://github.com/Atoptool/atop/commit/542b7f7ac52926ca272129dba81d7db80279bb98) is primarily "don't do that" with some attempt at better parsing of the untrusted data (by adding return code checking of `sscanf`).
##updated 2025-03-31T09:30:39
1 posts
🚨CVE-2025-2071: OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI
CVSS: 10
##updated 2025-03-31T03:30:32
1 posts
Canon CVE-2025-1268 Vulnerability: A Buffer Overflow Threatening Printer Security https://thecyberexpress.com/canon-printer-vulnerability-cve-2025-1268/ #outofboundsvulnerability #TheCyberExpressNews #Canonvulnerability #Vulnerabilities #TheCyberExpress #FirewallDaily #Canonprinter #CVE20251268 #GenericPlus #CyberNews
##updated 2025-03-29T00:31:40
1 posts
Here's another easy-mode PrivEsc like @wdormann was talking about the other day with his Nessus Agent CVE.
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00004
sev:MED 6.3 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H
##The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.
updated 2025-03-28T18:33:11
1 posts
There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.
https://github.com/libming/libming/issues/330
https://nvd.nist.gov/vuln/detail/CVE-2025-29483
https://nvd.nist.gov/vuln/detail/CVE-2025-29484
https://nvd.nist.gov/vuln/detail/CVE-2025-29485
https://nvd.nist.gov/vuln/detail/CVE-2025-29486
https://nvd.nist.gov/vuln/detail/CVE-2025-29487
https://nvd.nist.gov/vuln/detail/CVE-2025-29488
https://nvd.nist.gov/vuln/detail/CVE-2025-29489
https://nvd.nist.gov/vuln/detail/CVE-2025-29490
https://nvd.nist.gov/vuln/detail/CVE-2025-29491
https://nvd.nist.gov/vuln/detail/CVE-2025-29492
https://nvd.nist.gov/vuln/detail/CVE-2025-29493
https://nvd.nist.gov/vuln/detail/CVE-2025-29494
##updated 2025-03-28T18:33:11
1 posts
There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.
https://github.com/libming/libming/issues/330
https://nvd.nist.gov/vuln/detail/CVE-2025-29483
https://nvd.nist.gov/vuln/detail/CVE-2025-29484
https://nvd.nist.gov/vuln/detail/CVE-2025-29485
https://nvd.nist.gov/vuln/detail/CVE-2025-29486
https://nvd.nist.gov/vuln/detail/CVE-2025-29487
https://nvd.nist.gov/vuln/detail/CVE-2025-29488
https://nvd.nist.gov/vuln/detail/CVE-2025-29489
https://nvd.nist.gov/vuln/detail/CVE-2025-29490
https://nvd.nist.gov/vuln/detail/CVE-2025-29491
https://nvd.nist.gov/vuln/detail/CVE-2025-29492
https://nvd.nist.gov/vuln/detail/CVE-2025-29493
https://nvd.nist.gov/vuln/detail/CVE-2025-29494
##updated 2025-03-28T18:33:11
1 posts
There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.
https://github.com/libming/libming/issues/330
https://nvd.nist.gov/vuln/detail/CVE-2025-29483
https://nvd.nist.gov/vuln/detail/CVE-2025-29484
https://nvd.nist.gov/vuln/detail/CVE-2025-29485
https://nvd.nist.gov/vuln/detail/CVE-2025-29486
https://nvd.nist.gov/vuln/detail/CVE-2025-29487
https://nvd.nist.gov/vuln/detail/CVE-2025-29488
https://nvd.nist.gov/vuln/detail/CVE-2025-29489
https://nvd.nist.gov/vuln/detail/CVE-2025-29490
https://nvd.nist.gov/vuln/detail/CVE-2025-29491
https://nvd.nist.gov/vuln/detail/CVE-2025-29492
https://nvd.nist.gov/vuln/detail/CVE-2025-29493
https://nvd.nist.gov/vuln/detail/CVE-2025-29494
##updated 2025-03-28T18:33:10
5 posts
1 repos
Firefox developers reported CVE-2025-2857, a sandbox vulnerability similar to a zero-day reported this week in Google Chrome.
https://therecord.media/firefox-sandbox-vulnerability-similar-chrome-zero-day
##Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)
##Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) https://www.helpnetsecurity.com/2025/03/28/critical-firefox-tor-browser-sandbox-escape-flaw-fixed-cve-2025-2857/ #securityupdate #vulnerability #Don'tmiss #Kaspersky #Hotstuff #Firefox #Chrome #Opera #News #Tor
##Whoa, talk about déjà vu! Seems like Firefox is playing catch-up right after Chrome dropped a fix for a sandbox escape. 🤯 Keep an eye out for CVE-2025-2857.
So, what's the deal? In short, this nasty bug could let an attacker break right out of the browser's protective sandbox. And *that* means they could potentially gain full access to your system. Yeah, pretty scary stuff. 😱
If you're running Firefox on Windows, heads up! This affects versions 136.0.4, ESR 115.21.1, and ESR 128.8.1. This whole situation feels familiar because Chrome *just* patched CVE-2025-2783, a similar issue that attackers were already actively exploiting out in the wild!
Make no mistake, sandbox escapes are a huge deal. As a pentester, I can tell you: vulnerabilities like this get weaponized *fast*. Don't wait around.
Seriously, update your Firefox ASAP! Trust me, you don't want to deal with the fallout if someone exploits this. It could get costly, fast.
Ever seen a browser exploit do its thing live? Wild, right? Drop your stories below!
##Firefox 0-day security vulnerability (CVE-2025-2857) patched
Mozilla patches a sandbox escape vulnerability that is already being exploited (in Chrome)
:firefox:https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/
Announced: 2025-03-27
Impact: ⚠️ critical
Products: Firefox, Firefox ESR (Firefox on Windows only)
Fixed in:
• Firefox 136.0.4 :windows:
• Firefox ESR 115.21.1 :windows:
• Firefox ESR 128.8.1 :windows:
updated 2025-03-28T15:33:03
1 posts
There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.
https://github.com/libming/libming/issues/330
https://nvd.nist.gov/vuln/detail/CVE-2025-29483
https://nvd.nist.gov/vuln/detail/CVE-2025-29484
https://nvd.nist.gov/vuln/detail/CVE-2025-29485
https://nvd.nist.gov/vuln/detail/CVE-2025-29486
https://nvd.nist.gov/vuln/detail/CVE-2025-29487
https://nvd.nist.gov/vuln/detail/CVE-2025-29488
https://nvd.nist.gov/vuln/detail/CVE-2025-29489
https://nvd.nist.gov/vuln/detail/CVE-2025-29490
https://nvd.nist.gov/vuln/detail/CVE-2025-29491
https://nvd.nist.gov/vuln/detail/CVE-2025-29492
https://nvd.nist.gov/vuln/detail/CVE-2025-29493
https://nvd.nist.gov/vuln/detail/CVE-2025-29494
##updated 2025-03-28T15:32:59
10 posts
62 repos
https://github.com/0xPThree/next.js_cve-2025-29927
https://github.com/m2hcz/m2hcz-Next.js-security-flaw-CVE-2025-29927---PoC-exploit
https://github.com/maronnjapan/claude-create-CVE-2025-29927
https://github.com/Ademking/CVE-2025-29927
https://github.com/ticofookfook/poc-nextjs-CVE-2025-29927
https://github.com/Kamal-418/Vulnerable-Lab-NextJS-CVE-2025-29927
https://github.com/ricsirigu/CVE-2025-29927
https://github.com/AnonKryptiQuz/NextSploit
https://github.com/c0dejump/CVE-2025-29927-check
https://github.com/serhalp/test-cve-2025-29927
https://github.com/Neoxs/nextjs-middleware-vuln-poc
https://github.com/MuhammadWaseem29/CVE-2025-29927-POC
https://github.com/narasimhauppala/nextjs-middleware-bypass
https://github.com/lediusa/CVE-2025-29927
https://github.com/kuzushiki/CVE-2025-29927-test
https://github.com/lirantal/vulnerable-nextjs-14-CVE-2025-29927
https://github.com/Heimd411/CVE-2025-29927-PoC
https://github.com/Jull3Hax0r/next.js-exploit
https://github.com/elshaheedy/CVE-2025-29927-Sigma-Rule
https://github.com/ayato-shitomi/WebLab_CVE-2025-29927
https://github.com/BilalGns/CVE-2025-29927
https://github.com/yuzu-juice/CVE-2025-29927_demo
https://github.com/t3tra-dev/cve-2025-29927-demo
https://github.com/nicknisi/next-attack
https://github.com/nyctophile0969/CVE-2025-29927
https://github.com/0xWhoknows/CVE-2025-29927
https://github.com/6mile/nextjs-CVE-2025-29927
https://github.com/furmak331/CVE-2025-29927
https://github.com/Nekicj/CVE-2025-29927-exploit
https://github.com/KaztoRay/CVE-2025-29927-Research
https://github.com/jmbowes/NextSecureScan
https://github.com/fourcube/nextjs-middleware-bypass-demo
https://github.com/ferpalma21/Automated-Next.js-Security-Scanner-for-CVE-2025-29927
https://github.com/takumade/ghost-route
https://github.com/dante01yoon/CVE-2025-29927
https://github.com/0x0Luk/0xMiddleware
https://github.com/azu/nextjs-cve-2025-29927-poc
https://github.com/Eve-SatOrU/POC-CVE-2025-29927
https://github.com/arvion-agent/next-CVE-2025-29927
https://github.com/0xcucumbersalad/cve-2025-29927
https://github.com/strobes-security/nextjs-vulnerable-app
https://github.com/websecnl/CVE-2025-29927-PoC-Exploit
https://github.com/alastair66/CVE-2025-29927
https://github.com/jeymo092/cve-2025-29927
https://github.com/lem0n817/CVE-2025-29927
https://github.com/Slvignesh05/CVE-2025-29927
https://github.com/aleongx/CVE-2025-29927
https://github.com/tobiasGuta/CVE-2025-29927-POC
https://github.com/0xPb1/Next.js-CVE-2025-29927
https://github.com/nocomp/CVE-2025-29927-scanner
https://github.com/Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-29927
https://github.com/kOaDT/poc-cve-2025-29927
https://github.com/iSee857/CVE-2025-29927
https://github.com/w2hcorp/CVE-2025-29927-PoC
https://github.com/TheresAFewConors/CVE-2025-29927-Testing
https://github.com/ThemeHackers/CVE-2025-29972
https://github.com/alihussainzada/CVE-2025-29927-PoC
https://github.com/Oyst3r1ng/CVE-2025-29927
https://github.com/aydinnyunus/CVE-2025-29927
https://github.com/aleongx/CVE-2025-29927_Scanner
Way to go with CVE-2025-29927 Vercel...
##Detect NetxJS CVE-2025-29927 efficiently and at scale https://www.patrowl.io/en/actualites/cve-2025-29927-next-js
##Zscaler: CVE-2025-29927: Next.js Middleware Authorization Bypass Flaw https://www.zscaler.com/blogs/security-research/cve-2025-29927-next-js-middleware-authorization-bypass-flaw @threatlabz #cybersecurity #infosec
##[Reproduce Steps]
Add Header
x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware
to the request
⬇️
"Next.js POC for CVE-2025-29927"
👇
https://github.com/azu/nextjs-cve-2025-29927-poc
@da_667 Yes please. Rapid7 did publish this though: https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/
It's not much, but it's better than the vendor.
##I don't normally post JS stuff, but CVE-2025-29927 is a whole lot of fun!
"it was possible to skip running Middleware, which could allow requests to skip critical checks—such as authorization cookie validation—before reaching routes." 😱
https://nextjs.org/blog/cve-2025-29927
Get your Next.js updated!
##I probably sound like a broken record at this point, but we're not sold yet on the world-ending nature of Next.js CVE-2025-29927.
The fact that the bug isn't known to have been successfully exploited in the wild despite the huge amount of media and industry attention it’s received sure feels like a reasonable early indicator that it's unlikely to be broadly exploitable (classic framework vuln), and may not have any easily identifiable remote attack vectors at all.
https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/
##Everyone’s talking about the Next.js vulnerability alert - and rightfully so. 👉 Here's why you need to detect and fix CVE-2025-29927 - now!
CVE-2025-29927 allows attackers to bypass crucial authorization checks via a simple header manipulation. This flaw affects a wide range of Next.js versions, potentially exposing sensitive data and critical admin functionalities.
Here's what you need to know:
👉 Impact: Attackers can gain unauthorized access to protected routes, leading to data breaches and privilege escalation.
👉 Vulnerable versions: Next.js 11.1.4 through 15.2.2.
👉 Detection: our Network Vulnerability Scanner now detects CVE-2025-29927, so a CVE-focused scan lets you identify vulnerable instances in your infrastructure - fast.
🔥 Don't wait for the exploit: act now
✅ Run a network scan
✅ Read the detailed write-up that explains how this vulnerability works, its impact, and detailed remediation steps ➡️ https://pentest-tools.com/blog/CVE-2025-29927-next-js-bypass
##Next.js CVE-2025-29927 https://lobste.rs/s/l5c7gj #javascript #security #web
https://nextjs.org/blog/cve-2025-29927
CVE-2025-29927 Next.js Middleware Authorization Bypass Vulnerability – Source: socprime.com https://ciso2ciso.com/cve-2025-29927-next-js-middleware-authorization-bypass-vulnerability-source-socprime-com/ #socprime.com #0CISO2CISO
##updated 2025-03-28T15:32:59
1 posts
There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.
https://github.com/libming/libming/issues/330
https://nvd.nist.gov/vuln/detail/CVE-2025-29483
https://nvd.nist.gov/vuln/detail/CVE-2025-29484
https://nvd.nist.gov/vuln/detail/CVE-2025-29485
https://nvd.nist.gov/vuln/detail/CVE-2025-29486
https://nvd.nist.gov/vuln/detail/CVE-2025-29487
https://nvd.nist.gov/vuln/detail/CVE-2025-29488
https://nvd.nist.gov/vuln/detail/CVE-2025-29489
https://nvd.nist.gov/vuln/detail/CVE-2025-29490
https://nvd.nist.gov/vuln/detail/CVE-2025-29491
https://nvd.nist.gov/vuln/detail/CVE-2025-29492
https://nvd.nist.gov/vuln/detail/CVE-2025-29493
https://nvd.nist.gov/vuln/detail/CVE-2025-29494
##updated 2025-03-28T15:32:59
1 posts
There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.
https://github.com/libming/libming/issues/330
https://nvd.nist.gov/vuln/detail/CVE-2025-29483
https://nvd.nist.gov/vuln/detail/CVE-2025-29484
https://nvd.nist.gov/vuln/detail/CVE-2025-29485
https://nvd.nist.gov/vuln/detail/CVE-2025-29486
https://nvd.nist.gov/vuln/detail/CVE-2025-29487
https://nvd.nist.gov/vuln/detail/CVE-2025-29488
https://nvd.nist.gov/vuln/detail/CVE-2025-29489
https://nvd.nist.gov/vuln/detail/CVE-2025-29490
https://nvd.nist.gov/vuln/detail/CVE-2025-29491
https://nvd.nist.gov/vuln/detail/CVE-2025-29492
https://nvd.nist.gov/vuln/detail/CVE-2025-29493
https://nvd.nist.gov/vuln/detail/CVE-2025-29494
##updated 2025-03-28T15:31:54
1 posts
There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.
https://github.com/libming/libming/issues/330
https://nvd.nist.gov/vuln/detail/CVE-2025-29483
https://nvd.nist.gov/vuln/detail/CVE-2025-29484
https://nvd.nist.gov/vuln/detail/CVE-2025-29485
https://nvd.nist.gov/vuln/detail/CVE-2025-29486
https://nvd.nist.gov/vuln/detail/CVE-2025-29487
https://nvd.nist.gov/vuln/detail/CVE-2025-29488
https://nvd.nist.gov/vuln/detail/CVE-2025-29489
https://nvd.nist.gov/vuln/detail/CVE-2025-29490
https://nvd.nist.gov/vuln/detail/CVE-2025-29491
https://nvd.nist.gov/vuln/detail/CVE-2025-29492
https://nvd.nist.gov/vuln/detail/CVE-2025-29493
https://nvd.nist.gov/vuln/detail/CVE-2025-29494
##updated 2025-03-28T15:31:54
1 posts
There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.
https://github.com/libming/libming/issues/330
https://nvd.nist.gov/vuln/detail/CVE-2025-29483
https://nvd.nist.gov/vuln/detail/CVE-2025-29484
https://nvd.nist.gov/vuln/detail/CVE-2025-29485
https://nvd.nist.gov/vuln/detail/CVE-2025-29486
https://nvd.nist.gov/vuln/detail/CVE-2025-29487
https://nvd.nist.gov/vuln/detail/CVE-2025-29488
https://nvd.nist.gov/vuln/detail/CVE-2025-29489
https://nvd.nist.gov/vuln/detail/CVE-2025-29490
https://nvd.nist.gov/vuln/detail/CVE-2025-29491
https://nvd.nist.gov/vuln/detail/CVE-2025-29492
https://nvd.nist.gov/vuln/detail/CVE-2025-29493
https://nvd.nist.gov/vuln/detail/CVE-2025-29494
##updated 2025-03-28T12:31:35
1 posts
Fortinet published another CVE for a vuln from 2019. Just something to keep in mind when people blame Fortinet shops when they get popped by unpatched vulns.
##updated 2025-03-28T03:30:31
1 posts
Backdoor in a robot dog thing? Yes please.
https://takeonme.org/cves/cve-2025-2894/
sev:MED 6.6 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
##The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.
updated 2025-03-28T03:30:30
1 posts
🚨CVE-2025-24383: Dell Unity, Dell UnityVSA and Dell Unity XT remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system
CVSS: 9.1
##updated 2025-03-28T03:30:30
1 posts
Crypto vuln? In perl? That seems like something fedi is built to argue about.
https://metacpan.org/release/ZEFRAM/Data-Entropy-0.007/source/lib/Data/Entropy.pm#L80
##Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
updated 2025-03-28T03:30:24
1 posts
UAF PrivEsc in Exim. I think it was @buherator who shared the Openwall link for this earlier today or yesterday. It now has a CVE published.
https://www.exim.org/static/doc/security/CVE-2025-30232.txt
https://www.openwall.com/lists/oss-security/2025/03/26/1
sev:HIGH 8.1 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
##A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.
updated 2025-03-27T21:32:22
1 posts
wait3() system call as a side-channel in setuid programs (nvidia-modprobe CVE-2024-0149)
##updated 2025-03-27T21:32:22
1 posts
There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.
https://github.com/libming/libming/issues/330
https://nvd.nist.gov/vuln/detail/CVE-2025-29483
https://nvd.nist.gov/vuln/detail/CVE-2025-29484
https://nvd.nist.gov/vuln/detail/CVE-2025-29485
https://nvd.nist.gov/vuln/detail/CVE-2025-29486
https://nvd.nist.gov/vuln/detail/CVE-2025-29487
https://nvd.nist.gov/vuln/detail/CVE-2025-29488
https://nvd.nist.gov/vuln/detail/CVE-2025-29489
https://nvd.nist.gov/vuln/detail/CVE-2025-29490
https://nvd.nist.gov/vuln/detail/CVE-2025-29491
https://nvd.nist.gov/vuln/detail/CVE-2025-29492
https://nvd.nist.gov/vuln/detail/CVE-2025-29493
https://nvd.nist.gov/vuln/detail/CVE-2025-29494
##updated 2025-03-27T18:18:41
1 posts
Code injection in Apache Kylin.
https://lists.apache.org/thread/6j19pt8yoqfphf1lprtrzoqkvz1gwbnc
##Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin.
If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system and project admin access is well protected.This issue affects Apache Kylin: from 4.0.0 through 5.0.1.
Users are recommended to upgrade to version 5.0.2 or above, which fixes the issue.
updated 2025-03-27T16:45:46.410000
14 posts
16 repos
https://github.com/tuladhar/ingress-nightmare
https://github.com/dttuss/IngressNightmare-RCE-POC
https://github.com/yanmarques/CVE-2025-1974
https://github.com/hi-unc1e/CVE-2025-1974-poc
https://github.com/0xBingo/CVE-2025-1974
https://github.com/gian2dchris/ingress-nightmare-poc
https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps
https://github.com/sandumjacob/IngressNightmare-POCs
https://github.com/yoshino-s/CVE-2025-1974
https://github.com/Ar05un05kau05ndal/2025-1
https://github.com/lufeirider/IngressNightmare-PoC
https://github.com/hakaioffsec/IngressNightmare-PoC
https://github.com/rjhaikal/POC-IngressNightmare-CVE-2025-1974
https://github.com/m-q-t/ingressnightmare-detection-poc
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare #SuggestedRead #devopsish https://www.tenable.com/blog/cve-2025-1974-frequently-asked-questions-about-ingressnightmare-kubernetes
##Critical Kubernetes controller flaws: 4,000 IPs exposed, with patch urgency increasing due to code to exploit CVE-2025-1974 vulnerability being published https://www.databreachtoday.com/critical-kubernetes-controller-flaws-4000-ips-exposed-a-27868
##Ingress-nginx CVE-2025-1974: What You Need to Know #SuggestedRead #devopsish https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/
##🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974)
##CVE-2025-1974: Critical Set of Vulnerabilities in Ingress NGINX Controller for Kubernetes Leading to Unauthenticated RCE – Source: socprime.com https://ciso2ciso.com/cve-2025-1974-critical-set-of-vulnerabilities-in-ingress-nginx-controller-for-kubernetes-leading-to-unauthenticated-rce-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #IngressNightmare #CVE-2025-1974 #Latestthreats #Vulnerability #socprimecom #socprime #Blog #CVE
##Ingress-nginx CVE-2025-1974: What You Need to Know | Kubernetes https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/
##CVE-2025-1974 #SuggestedRead #devopsish https://github.com/kubernetes/kubernetes/issues/131009
##Jacob Sandum posted a detailed and well-written PoC for the IngressNightmare (CVE-2025-1974 ) vulnerability found in the Kubernetes ingress-nginx Admission Controller by Wiz (Woogle!). If you are looking for a quick way to reproduce the issue or validate detection and mitigation, take a look:
https://github.com/sandumjacob/IngressNightmare-POCs/blob/main/CVE-2025-1974/README.md
We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio
##Kubernetesでingress-nginx使ってる各位は確認しておいた方が良いかもです
Ingress-nginx CVE-2025-1974: What You Need to Know | Kubernetes : 👀
---
https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/
⚠️ Alerte sécurité sur Kubernetes : #IngressNightmare
Le 24 mars 2025, l’équipe de recherche de Wiz et les mainteneurs de Kubernetes ont dévoilé 5 vulnérabilités majeures affectant le très populaire Ingress-NGINX Controller (présent sur +40% des clusters).
Ces failles, dont la plus grave est CVE-2025-1974 (CVSS 9.8), permettent à un attaquant sans identifiants d’exécuter du code à distance (Remote Code Execution) et de prendre le contrôle complet du cluster Kubernetes, en accédant à tous les secrets (mots de passe, clés d’API, etc.).
Ce qui est en cause :
Le composant vulnérable est le Validating Admission Controller d’Ingress-NGINX. Il valide les objets "Ingress" mais est, par défaut, accessible sans authentification depuis le réseau interne du cluster – parfois même exposé publiquement.
Les chercheurs ont réussi à injecter des configurations NGINX malveillantes, puis à exécuter du code en important des bibliothèques à partir de fichiers temporaires via NGINX. Une véritable porte d’entrée invisible.
✅ Ce que vous devez faire rapidement:
Vérifiez si vous utilisez ingress-nginx :
kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginx
Mettez à jour vers une version corrigée :
v1.12.1 ou v1.11.5
Si vous ne pouvez pas mettre à jour tout de suite :
Désactivez temporairement le webhook d’admission (voir instructions officielles).
[Sources officielles]
⬇️
Blog de recherche Wiz :
"IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX"
👇
https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
📢 Annonce de Kubernetes (Security Response Committee) :
"Ingress-nginx CVE-2025-1974: What You Need to Know"
👇
https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/
If you're running ingress-nginx in your Kubernetes cluster please take a look at this latest CVE details, it's a big one! Patches are out so please get updating as soon as you can!
https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/
##CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare – Source: securityboulevard.com https://ciso2ciso.com/cve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard
##Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!
Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.
It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅
Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!
So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔
##updated 2025-03-27T16:45:46.410000
7 posts
3 repos
https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare #SuggestedRead #devopsish https://www.tenable.com/blog/cve-2025-1974-frequently-asked-questions-about-ingressnightmare-kubernetes
##CVE-2025-24514 #SuggestedRead #devopsish https://github.com/kubernetes/kubernetes/issues/131006
##🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974)
##oh, this ingress/nginx proxy vuln family: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514
maybe we need to rewrite that component in rust? oh, wait.
##We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio
##CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare – Source: securityboulevard.com https://ciso2ciso.com/cve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard
##Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!
Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.
It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅
Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!
So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔
##updated 2025-03-27T16:45:46.410000
7 posts
3 repos
https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare #SuggestedRead #devopsish https://www.tenable.com/blog/cve-2025-1974-frequently-asked-questions-about-ingressnightmare-kubernetes
##🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974)
##CVE-2025-1097 #SuggestedRead #devopsish https://github.com/kubernetes/kubernetes/issues/131007
##oh, this ingress/nginx proxy vuln family: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514
maybe we need to rewrite that component in rust? oh, wait.
##We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio
##CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare – Source: securityboulevard.com https://ciso2ciso.com/cve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard
##Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!
Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.
It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅
Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!
So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔
##updated 2025-03-27T16:45:46.410000
5 posts
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare #SuggestedRead #devopsish https://www.tenable.com/blog/cve-2025-1974-frequently-asked-questions-about-ingressnightmare-kubernetes
##CVE-2025-24513 #SuggestedRead #devopsish https://github.com/kubernetes/kubernetes/issues/131005
##We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio
##CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare – Source: securityboulevard.com https://ciso2ciso.com/cve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard
##Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!
Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.
It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅
Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!
So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔
##updated 2025-03-27T16:45:46.410000
7 posts
3 repos
https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare #SuggestedRead #devopsish https://www.tenable.com/blog/cve-2025-1974-frequently-asked-questions-about-ingressnightmare-kubernetes
##CVE-2025-1098 #SuggestedRead #devopsish https://github.com/kubernetes/kubernetes/issues/131008
##🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974)
##oh, this ingress/nginx proxy vuln family: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514
maybe we need to rewrite that component in rust? oh, wait.
##We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio
##CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare – Source: securityboulevard.com https://ciso2ciso.com/cve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard
##Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!
Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.
It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅
Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!
So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔
##updated 2025-03-27T16:45:46.410000
1 posts
🚨CVE-2024-42533: SQL Injection in StandVoice by Convivance
https://darkwebinformer.com/cve-2024-42533-sql-injection-in-standvoice-by-convivance/
##updated 2025-03-27T15:32:12
1 posts
That RCE in Appsmith from December has a write-up.
https://rhinosecuritylabs.com/research/cve-2024-55963-unauthenticated-rce-in-appsmith/
https://github.com/appsmithorg/appsmith/releases/tag/v1.52
While reviewing the Appsmith Enterprise platform, Rhino Security Labs uncovered a series of critical vulnerabilities affecting default installations of the product. Most severe among them is CVE-2024-55963, which allows unauthenticated remote code execution due to a misconfigured PostgreSQL database included by default. Two additional vulnerabilities (CVE-2024-55964 and CVE-2024-55965) enable unauthorized access to sensitive data and application denial of service.
Unfortunately, the CVE still isn't in NVD.
##updated 2025-03-27T15:31:23
1 posts
Multiple CVEs in gnuplot. They are all sev:MED 6.2
.
https://access.redhat.com/security/cve/CVE-2025-31176
https://access.redhat.com/security/cve/CVE-2025-31178
https://access.redhat.com/security/cve/CVE-2025-31179
##updated 2025-03-27T15:31:23
1 posts
Multiple CVEs in gnuplot. They are all sev:MED 6.2
.
https://access.redhat.com/security/cve/CVE-2025-31176
https://access.redhat.com/security/cve/CVE-2025-31178
https://access.redhat.com/security/cve/CVE-2025-31179
##updated 2025-03-27T15:31:23
1 posts
Multiple CVEs in gnuplot. They are all sev:MED 6.2
.
https://access.redhat.com/security/cve/CVE-2025-31176
https://access.redhat.com/security/cve/CVE-2025-31178
https://access.redhat.com/security/cve/CVE-2025-31179
##updated 2025-03-27T15:31:22
1 posts
Multiple CVEs in gnuplot. They are all sev:MED 6.2
.
https://access.redhat.com/security/cve/CVE-2025-31176
https://access.redhat.com/security/cve/CVE-2025-31178
https://access.redhat.com/security/cve/CVE-2025-31179
##updated 2025-03-27T15:31:22
1 posts
Multiple CVEs in gnuplot. They are all sev:MED 6.2
.
https://access.redhat.com/security/cve/CVE-2025-31176
https://access.redhat.com/security/cve/CVE-2025-31178
https://access.redhat.com/security/cve/CVE-2025-31179
##updated 2025-03-27T03:34:37
1 posts
Active exploitation of critical SAP flaw CVE-2017-12637 reported by Onapsis
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/active-exploitation-of-critical-sap-flaw-cve-2017-12637-reported-by-onapsis-3-q-e-2-a/gD2P6Ple2L
updated 2025-03-26T18:30:57
17 posts
1 repos
Patchez Google Chrome : cette faille zero-day est exploitée par une campagne d’espionnage https://www.it-connect.fr/google-chrome-faille-zero-day-est-exploitee-campagne-espionnage-cve-2025-2783/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Google
##Whoa, talk about déjà vu! Seems like Firefox is playing catch-up right after Chrome dropped a fix for a sandbox escape. 🤯 Keep an eye out for CVE-2025-2857.
So, what's the deal? In short, this nasty bug could let an attacker break right out of the browser's protective sandbox. And *that* means they could potentially gain full access to your system. Yeah, pretty scary stuff. 😱
If you're running Firefox on Windows, heads up! This affects versions 136.0.4, ESR 115.21.1, and ESR 128.8.1. This whole situation feels familiar because Chrome *just* patched CVE-2025-2783, a similar issue that attackers were already actively exploiting out in the wild!
Make no mistake, sandbox escapes are a huge deal. As a pentester, I can tell you: vulnerabilities like this get weaponized *fast*. Don't wait around.
Seriously, update your Firefox ASAP! Trust me, you don't want to deal with the fallout if someone exploits this. It could get costly, fast.
Ever seen a browser exploit do its thing live? Wild, right? Drop your stories below!
##CVE ID: CVE-2025-2783
Vendor: Google
Product: Chromium Mojo
Date Added: 2025-03-27
Vulnerability: Google Chromium Mojo Sandbox Escape Vulnerability
Notes: https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-2783
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-2783
New: CISA has updated the KEV catalogue.
- CVE-2025-2783: Google Chromium Mojo Sandbox Escape Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-2783
- Added yesterday:
- CVE-2019-9874: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9874
- CVE-2019-9875: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9875 #CISA #cybersecurity #infosec #Google
##Microsoft's notes for Edge Security Updates, posted yesterday: https://msrc.microsoft.com/update-guide
Chromium: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo on Windows https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-2783 @microsoftsec #Microsoft #cybersecurity #Infosec #Windows
##This update included the fix for CVE-2025-2783.
##Just to be 100% clear this update included the fix for CVE-2025-2783. We actually had that out in the previous build 7.2.3621.71 from yesterday.
##Just to be 100% clear this update included the fix for CVE-2025-2783. We actually had that out in the previous build 7.2.3621.71 from yesterday.
##Just to be 100% clear this update included the fix for CVE-2025-2783. Indeed we were the first non-Chrome browser to get that out.
##The CVE for this is published but no CVSS assessment yet: https://nvd.nist.gov/vuln/detail/CVE-2025-2783
##If you missed this.
Security Week: Google Has Patched CVE-2025-2783, the Chrome Sandbox Escape Zero-Day Vulnerability Caught by Kaspersky https://www.securityweek.com/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky/ @SecurityWeek #cybersecurity #Infosec #Google #Chrome
##Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) – Help Net Security https://www.macken.xyz/2025/03/google-fixes-exploited-chrome-sandbox-bypass-zero-day-cve-2025-2783-help-net-security/?utm_source=dlvr.it&utm_medium=mastodon
##The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks targeting organizations in Russia. https://www.securityweek.com/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky/
##Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) https://www.helpnetsecurity.com/2025/03/26/google-fixes-exploited-chrome-sandbox-bypass-zero-day-cve-2025-2783/ #Don'tmiss #Kaspersky #Hotstuff #exploit #Windows #Chrome #0-day #News #APT
##Chrome Releases Critical Update to Address CVE-2025-2783 Vulnerability https://thecyberexpress.com/chrome-stable-channel-update/ #StableChannelUpdate #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE20252783 #CyberNews #Windows
##Chrome *again*? 🙄 Looks like Google's patching *another* critical flaw (CVE-2025-2783), and yep, attackers are already exploiting it in the wild.
Heads up, Windows users – you're the main target, with Russian orgs specifically in the crosshairs. 🇷🇺 The vulnerability's lurking in Mojo (Chrome's Inter-Process Communication system). And get this: all it takes is a convincing phishing email. 🎣 Someone clicks the link, and bam – their system's compromised.
What's really nasty? It cleverly gets around the Chrome sandbox. 🤯 Kaspersky's already tracking this, calling it 'Operation ForumTroll' and linking it to an APT group. Speaking as a pentester, trust me, finding vulnerabilities this deep isn't easy. Your run-of-the-mill scans just won't cut it here.
So, what's the game plan?
1. Update Chrome NOW! Like, right now. 🚨
2. Seriously, double down on training your staff about phishing threats.
3. Keep a close eye on your systems – think SIEM/EDR monitoring.
Curious to know, what are your go-to tools for hunting down threats like this? And how are you folks bracing yourselves against these advanced attacks? 🤔
Stay safe out there! ✌️
##EITW in Chrome if that's the kind of thing you care about: https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html
##Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild.
updated 2025-03-26T15:32:52
1 posts
Bizerba doing that thing like in school where you take up as much of the page as possible. Instead of DoS
they say:
An authenticated attacker can compromise the availability of the device via the network
https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0002.pdf
Through the public FTP access the mass storage can be completely filled by mass uploading of data because no quota is in place.
sev:MED 6.5 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
updated 2025-03-26T12:30:40
1 posts
Service desk application vulns are always fun. I don't know how popular OXARI is, but if you know it, you might want to look into this one.
https://cert.pl/en/posts/2025/03/CVE-2025-1542/
sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
##Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI ServiceDesk in versions before 2.0.324.0.
updated 2025-03-26T00:31:24
1 posts
I don't know how popular Pagure is but this RCE via git seems like it's worth patching. Or attacking. No judgement.
https://access.redhat.com/security/cve/CVE-2024-47516
sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
##A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance.
updated 2025-03-25T18:38:11
1 posts
1 repos
Apache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891) https://isc.sans.edu/diary/31814
##updated 2025-03-25T15:31:35
6 posts
Authentication bypass CVE-2025-22230 impacts VMware Windows Tools – Source: securityaffairs.com https://ciso2ciso.com/authentication-bypass-cve-2025-22230-impacts-vmware-windows-tools-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #vmwaretools #Security #hacking
##VMware corrige une faille importante dans les VMware Tools pour Windows : CVE-2025-22230 https://www.it-connect.fr/vmware-corrige-une-faille-vmware-tools-pour-windows-cve-2025-22230/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Windows #VMware
##VMware corrige une faille importante dans les VMware Tools pour Windows : CVE-2025-22230 https://www.it-connect.fr/vmware-corrige-une-faille-vmware-tools-pour-windows-cve-2025-22230/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Windows #VMware
##Seriously, Broadcom... what's the deal lately? 🤯
First up, we've got CVE-2025-22230 hitting VMware Tools for Windows. This nasty bug basically lets standard users inside a VM escalate their privileges to admin level. Yikes! 😬 With a CVSS score of 7.8, you'll want to jump on this fix ASAP. It impacts versions 11.x.x and 12.x.x, so upgrading to 12.5.1 needs to be right at the top of your list!
But wait, there's more. CrushFTP is also sounding the alarm about unauthenticated access vulnerabilities lurking on HTTP(S) ports in versions 10 and 11. It's definitely time to double-check those DMZ configurations. Rapid7 has confirmed that exploits are out there, allowing unauthorized access. Pretty intense, right?
Stuff like this is a stark reminder: while automated scans have their place, they just don't cut it alone. Real-deal penetration testing is absolutely essential. Those manual checks are what uncover the sneaky issues that automated tools often breeze right past.
What's your take on this recent wave? How are you keeping your own environments locked down tight? Let's talk 👇
#ITSecurity #Pentesting #VMware #Cybersecurity #InfoSec #VulnerabilityManagement
##A new twist on #ESXicape - you need local admin rights to escape the VM to the hypervisor, right?
Slight issue - VMware Tools, installed inside VMs, allows local user to local admin privilege escalation on every VM due to vuln CVE-2025-22230
“A malicious actor with non-administrative privileges on a Windows guest VM may gain ability to perform certain high-privilege operations within that VM.”
Discovered by Positive Technologies, who US claim hack for Moscow.
##Auth bypass vuln in VMWare Tools for Windows. Nice.
sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
##VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.
updated 2025-03-25T15:31:35
1 posts
Multiple Denial-of-Service vulnerabilities in Hitachi Energy’s RTU500 series Product
This includes a couple sev:HIGH
CVEs. Normally DoS vulns bore me, but when they're in RTUs used in energy, they get more interesting.
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true
##CVE-2024-10037
CVE-2024-11499
CVE-2024-12169
CVE-2025-1445
updated 2025-03-25T15:31:35
1 posts
Multiple Denial-of-Service vulnerabilities in Hitachi Energy’s RTU500 series Product
This includes a couple sev:HIGH
CVEs. Normally DoS vulns bore me, but when they're in RTUs used in energy, they get more interesting.
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true
##CVE-2024-10037
CVE-2024-11499
CVE-2024-12169
CVE-2025-1445
updated 2025-03-25T15:31:35
1 posts
Multiple Denial-of-Service vulnerabilities in Hitachi Energy’s RTU500 series Product
This includes a couple sev:HIGH
CVEs. Normally DoS vulns bore me, but when they're in RTUs used in energy, they get more interesting.
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true
##CVE-2024-10037
CVE-2024-11499
CVE-2024-12169
CVE-2025-1445
updated 2025-03-25T15:31:35
1 posts
Multiple Denial-of-Service vulnerabilities in Hitachi Energy’s RTU500 series Product
This includes a couple sev:HIGH
CVEs. Normally DoS vulns bore me, but when they're in RTUs used in energy, they get more interesting.
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true
##CVE-2024-10037
CVE-2024-11499
CVE-2024-12169
CVE-2025-1445
updated 2025-03-25T06:30:32
1 posts
Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT
code injection vuln.
https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf
CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209
##updated 2025-03-25T06:30:32
1 posts
Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT
code injection vuln.
https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf
CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209
##updated 2025-03-25T06:30:32
1 posts
Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT
code injection vuln.
https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf
CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209
##updated 2025-03-25T06:30:32
1 posts
Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT
code injection vuln.
https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf
CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209
##updated 2025-03-25T06:30:32
1 posts
Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT
code injection vuln.
https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf
CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209
##updated 2025-03-25T06:30:31
1 posts
Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT
code injection vuln.
https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf
CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209
##updated 2025-03-25T06:30:31
1 posts
Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT
code injection vuln.
https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf
CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209
##updated 2025-03-25T06:30:31
1 posts
Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT
code injection vuln.
https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf
CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209
##updated 2025-03-25T06:30:31
1 posts
Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT
code injection vuln.
https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf
CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209
##updated 2025-03-25T06:30:31
1 posts
Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT
code injection vuln.
https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf
CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209
##updated 2025-03-25T06:30:31
1 posts
Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT
code injection vuln.
https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf
CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209
##updated 2025-03-25T06:30:31
1 posts
Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT
code injection vuln.
https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf
CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209
##updated 2025-03-25T06:30:27
1 posts
Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT
code injection vuln.
https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf
CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209
##updated 2025-03-25T00:30:26
1 posts
SnapCenter Security Flaw Rated Critical—NetApp Urges Immediate Patch https://thecyberexpress.com/netapp-snapcenter-vulnerability-cve-2025-26512/ #NetAppVulnerability #TheCyberExpressNews #SnapCenterServer #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202526512 #SnapCenter #CyberNews
##updated 2025-03-24T21:30:39
5 posts
WatchTower: XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/ #cybersecurity #infosec
##I know that many of us tend to scoff at XSS vulns, but it's good to be reminded how they can be successfully used in a chain for something more interesting.
##WatchTower: XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/ #cybersecurity #infosec
##I know that many of us tend to scoff at XSS vulns, but it's good to be reminded how they can be successfully used in a chain for something more interesting.
##XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) - watchTowr Labs https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/
##updated 2025-03-24T14:49:02
1 posts
CVE-2025-27407: Inside the Critical GraphQL-Ruby RCE Vulnerability https://cenobe.com/blog/cve-2025-27407/
##updated 2025-03-21T23:56:31
1 posts
This has been a busy month for Malcolm! I pushed hard to get v25.03.0 out earlier this month, as it contained pretty much just the Keycloak integration one of our partners (and major funding sources) was waiting for. Rather than wait until April for the other stuff that would have gone into the regular end-of-the-month release, I decided to pull those items into this smaller release just a week and a half after the last one.
Malcolm v25.03.1 contains a few enhancements, bug fixes, and several component version updates, including one that addresses a CVE that may affect Hedgehog Linux Kiosk mode and Malcolm's API container.
NOTE: If you have not already upgraded to v25.03.0, read the notes for v25.02.0 and v25.03.0 and follow the Read Before Upgrading instructions on those releases.
s7comm_known_devices.log
(#622)install.py
to allow the user to accept changes to sysctl.conf
, grub kernel parameters, etc., without having to answer "yes" to each one../config/
) for Malcolm and in control_vars.conf
for Hedgehog LinuxNGINX_REQUIRE_GROUP
and NGINX_REQUIRE_ROLE
to auth-common.env
to support Requiring user groups and realm roles for Keycloak authenticationdocker-compose.yml
at runtime.Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh
) and PowerShell 🪟 (release_cleaver.ps1
). See Downloading Malcolm - Installer ISOs for instructions.
As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.
#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #SSO #OIDC #Keycloak #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov
##updated 2025-03-21T21:01:31.620000
1 posts
1 repos
📣 EMERGENCY UPDATES 📣
Apple pushed additional updates for 3 zero-days that may have been actively exploited.
🐛 CVE-2025-24200 (Accessibility) additional patches,
🐛 CVE-2025-24201 (WebKit) additional patches:
- iOS and iPadOS 15.8.4
- iOS and iPadOS 16.7.11
🐛 CVE-2025-24085 (CoreMedia) additional patches:
- iPadOS 17.7.6
- macOS Sonoma 14.7.5
- macOS Ventura 13.7.5
updated 2025-03-21T00:32:31
1 posts
CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers: https://mastersplinter.work/research/passkey/
##updated 2025-03-20T18:30:30
1 posts
Our crew members @mwulftange & @frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following @SinSinology & @chudypb 's blog. Don’t blacklist - replace BinaryFormatter.
##updated 2025-03-20T15:15:45.627000
1 posts
📣 EMERGENCY UPDATES 📣
Apple pushed additional updates for 3 zero-days that may have been actively exploited.
🐛 CVE-2025-24200 (Accessibility) additional patches,
🐛 CVE-2025-24201 (WebKit) additional patches:
- iOS and iPadOS 15.8.4
- iOS and iPadOS 16.7.11
🐛 CVE-2025-24085 (CoreMedia) additional patches:
- iPadOS 17.7.6
- macOS Sonoma 14.7.5
- macOS Ventura 13.7.5
updated 2025-03-20T15:15:45.357000
1 posts
1 repos
📣 EMERGENCY UPDATES 📣
Apple pushed additional updates for 3 zero-days that may have been actively exploited.
🐛 CVE-2025-24200 (Accessibility) additional patches,
🐛 CVE-2025-24201 (WebKit) additional patches:
- iOS and iPadOS 15.8.4
- iOS and iPadOS 16.7.11
🐛 CVE-2025-24085 (CoreMedia) additional patches:
- iPadOS 17.7.6
- macOS Sonoma 14.7.5
- macOS Ventura 13.7.5
updated 2025-03-19T15:44:53
1 posts
Apache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891) https://isc.sans.edu/diary/31814
##updated 2025-03-11T18:32:20
9 posts
Seriously? Looks like Water Gamayun (aka EncryptHub) is back in action. They're dropping new Windows backdoors, SilentPrism and DarkWisp, using dodgy MSI installers and MSC files.
And get this: they're even exploiting a zero-day (CVE-2025-26633). Their aim? Snatching your data and crypto wallet seeds. 🤦♂️
So, you know the drill: double-check those MSIs, steer clear of MSCs from sketchy sources, keep your endpoint security patched, and lock down PowerShell. Yeah, standard procedure, right?
But honestly, how many times do we need to hammer this home? And seriously, where's the 'Security by Design' we keep hearing about? 🙄
As pentesters, we see clients are grateful for the help, but man, it's disheartening seeing the same fundamental gaps over and over.
What's your take? Is the real issue a lack of funds or a lack of know-how? Let me know below. 🤔
##Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp – Source:thehackernews.com https://ciso2ciso.com/russian-hackers-exploit-cve-2025-26633-via-msc-eviltwin-to-deploy-silentprism-and-darkwisp-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Russian
##Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp https://thehackernews.com/2025/03/russian-hackers-exploit-cve-2025-26633.html
##Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp https://thehackernews.com/2025/03/russian-hackers-exploit-cve-2025-26633.html
##Hacker News: Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp https://thehackernews.com/2025/03/russian-hackers-exploit-cve-2025-26633.html #news #IT
##(trendmicro.com) A Deep Dive into Water Gamayun's Arsenal and Infrastructure https://www.trendmicro.com/en_us/research/25/c/deep-dive-into-water-gamayun.html
Executive Summary:
This research provides a comprehensive analysis of Water Gamayun (also known as EncryptHub and Larva-208), a suspected Russian threat actor exploiting the MSC EvilTwin zero-day vulnerability (CVE-2025-26633) in Microsoft Management Console. The threat actor employs sophisticated delivery methods including malicious provisioning packages, signed MSI files, and Windows MSC files to deploy multiple custom payloads. Their arsenal includes custom backdoors (SilentPrism and DarkWisp), multiple variants of the EncryptHub Stealer, and known malware like Stealc and Rhadamanthys. The research details the C&C infrastructure, data exfiltration techniques, and persistence mechanisms used by the group. Trend Micro researchers gained access to the C&C server components, enabling them to analyze the architecture, functionality, and evasion techniques employed by the threat actor.
#Cybersecurity #ThreatIntel #PowerShell #DarkWisp #SilentPrism #APT #WaterGamayun #EncryptHub #Russia #Rhadamanthys
##Seriously, EncryptHub isn't messing around! 🤯 They've jumped *right* on that Windows bug (CVE-2025-26633) that literally *just* got fixed. Talk about moving fast...
So, the exploit? It involves the Microsoft Management Console (MMC), those MSC files, and something called MUIPath. Sounds pretty techy, right? But basically, it's a clever workaround. EncryptHub crafts two MSC files – same name, one legit, one malicious. Windows doesn't double-check properly and ends up loading the nasty one. Boom! 💥
You see, as a pentester, I constantly witness attackers twisting legitimate system functions just like this. Your automated scanners? Yeah, they'll likely miss it completely. This kind of thing really needs hands-on analysis to catch. And yeah, updates are crucial, folks! Make sure you get CVE-2025-26633 patched ASAP. Oh, and those random MSI installers from sources you don't know? Big nope. Steer clear! ☝️
Have you run into attacks like this before? Or maybe you've got some other sneaky Windows tricks up your sleeve? Drop 'em in the comments!
##Trend Micro researchers identified a campaign by the Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data. https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html
##Trend Micro, from yesterday: CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html @TrendMicro
More:
The Hacker News: EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware https://thehackernews.com/2025/03/encrypthub-exploits-windows-zero-day-to.html @thehackernews #cybersecurity #infosec #malware #Windows
##updated 2025-03-04T18:34:42
1 posts
1 repos
https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248
April 1 Advisory: Arbitrary File Read Vulnerability in NAKIVO Backup & Replication Added to CISA KEV [CVE-2024-48248]
#CVE_2024_48248
https://censys.com/cve-2024-48248/
updated 2025-02-20T21:30:52
1 posts
Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 https://isc.sans.edu/diary/31806
##updated 2025-02-18T19:25:35
2 posts
1 repos
IBM has published several sev:CRIT
advisories the past couple days. I'll link to those but hopefully if you are protecting or targeting IBM you are already following their advisories for relevant products since there are plenty of them of varying severity ratings.
https://www.ibm.com/support/pages/bulletin/
Security Bulletin: IBM Automation Decision Services for Jan 2025 - Multiple CVEs addressed
: https://www.ibm.com/support/pages/node/7229441
Security Bulletin: BAMOE 9 vulnerability in tomcat-embed-core library, version 10.1.34, transitively linked from Spring Boot
: https://www.ibm.com/support/pages/node/7229575
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.
: https://www.ibm.com/support/pages/node/7229574
Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791)
: https://www.ibm.com/support/pages/node/7229584
Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791)
: https://www.ibm.com/support/pages/node/7229584
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.
: https://www.ibm.com/support/pages/node/7229574
IBM has published several sev:CRIT
advisories the past couple days. I'll link to those but hopefully if you are protecting or targeting IBM you are already following their advisories for relevant products since there are plenty of them of varying severity ratings.
https://www.ibm.com/support/pages/bulletin/
Security Bulletin: IBM Automation Decision Services for Jan 2025 - Multiple CVEs addressed
: https://www.ibm.com/support/pages/node/7229441
Security Bulletin: BAMOE 9 vulnerability in tomcat-embed-core library, version 10.1.34, transitively linked from Spring Boot
: https://www.ibm.com/support/pages/node/7229575
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.
: https://www.ibm.com/support/pages/node/7229574
Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791)
: https://www.ibm.com/support/pages/node/7229584
Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791)
: https://www.ibm.com/support/pages/node/7229584
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.
: https://www.ibm.com/support/pages/node/7229574
updated 2025-01-29T18:42:28
2 posts
IBM has published several sev:CRIT
advisories the past couple days. I'll link to those but hopefully if you are protecting or targeting IBM you are already following their advisories for relevant products since there are plenty of them of varying severity ratings.
https://www.ibm.com/support/pages/bulletin/
Security Bulletin: IBM Automation Decision Services for Jan 2025 - Multiple CVEs addressed
: https://www.ibm.com/support/pages/node/7229441
Security Bulletin: BAMOE 9 vulnerability in tomcat-embed-core library, version 10.1.34, transitively linked from Spring Boot
: https://www.ibm.com/support/pages/node/7229575
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.
: https://www.ibm.com/support/pages/node/7229574
Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791)
: https://www.ibm.com/support/pages/node/7229584
Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791)
: https://www.ibm.com/support/pages/node/7229584
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.
: https://www.ibm.com/support/pages/node/7229574
IBM has published several sev:CRIT
advisories the past couple days. I'll link to those but hopefully if you are protecting or targeting IBM you are already following their advisories for relevant products since there are plenty of them of varying severity ratings.
https://www.ibm.com/support/pages/bulletin/
Security Bulletin: IBM Automation Decision Services for Jan 2025 - Multiple CVEs addressed
: https://www.ibm.com/support/pages/node/7229441
Security Bulletin: BAMOE 9 vulnerability in tomcat-embed-core library, version 10.1.34, transitively linked from Spring Boot
: https://www.ibm.com/support/pages/node/7229575
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.
: https://www.ibm.com/support/pages/node/7229574
Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791)
: https://www.ibm.com/support/pages/node/7229584
Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791)
: https://www.ibm.com/support/pages/node/7229584
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.
: https://www.ibm.com/support/pages/node/7229574
updated 2025-01-28T18:32:27
1 posts
10 repos
https://github.com/rxwx/pulse-meter
https://github.com/punitdarji/Ivanti-CVE-2025-0282
https://github.com/watchtowrlabs/CVE-2025-0282
https://github.com/sfewer-r7/CVE-2025-0282
https://github.com/44xo/CVE-2025-0282
https://github.com/Hexastrike/Ivanti-Connect-Secure-Logs-Parser
https://github.com/absholi7ly/CVE-2025-0282-Ivanti-exploit
https://github.com/AnonStorks/CVE-2025-0282-Full-version
Just had a client tell me, "Oh, we've patched everything!" Famous last words, eh? 😔
Turns out, CISA's put out a warning about RESURGE malware that's hitting Ivanti systems. And get this – it even includes SPAWNCHIMERA functions. What does that mean? Essentially, attackers are already deep inside. We're talking the whole nasty package: rootkit, dropper, backdoor... you name it!
This specifically impacts Ivanti Connect Secure, Policy Secure, and ZTA Gateways.
So, what's the urgent takeaway for *you*? Get patching immediately (that's CVE-2025-0282)! You'll also want to reset passwords and seriously review your access controls. Better safe than sorry, right?
How are you folks keeping your systems safe from this kind of stuff? Let's talk tactics.
##updated 2025-01-23T18:32:22
2 posts
Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol
##Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol
##updated 2024-12-20T18:31:30
1 posts
3 repos
https://github.com/watchtowrlabs/CVE-2024-40711
Our crew members @mwulftange & @frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following @SinSinology & @chudypb 's blog. Don’t blacklist - replace BinaryFormatter.
##updated 2024-11-21T09:30:14.630000
1 posts
X-Wiki Search Vulnerability exploit attempts (CVE-2024-3721) https://isc.sans.edu/diary/31800
##updated 2024-11-21T08:13:30.520000
1 posts
7 repos
https://github.com/Nick-Morbid/cve-2023-38408
https://github.com/LucasPDiniz/CVE-2023-38408
https://github.com/classic130/CVE-2023-38408
https://github.com/kali-mx/CVE-2023-38408
https://github.com/wxrdnx/CVE-2023-38408
Uh, is it normal for an automated #security scanner to be unaware of #debian patched packages?
Like how OpenSSH 9.2p1 is vulnerable to CVE-2023-38408 but the Debian version 1:9.2p1-2+deb12u5 is patched. But the security scanner sees the "9.2p1" string and sounds the alarm.
https://security-tracker.debian.org/tracker/CVE-2023-38408
Is this a common problem for people running Debian servers?
##updated 2024-11-04T18:32:23
1 posts
100 repos
https://github.com/thatstraw/CVE-2021-4034
https://github.com/Almorabea/pkexec-exploit
https://github.com/sofire/polkit-0.96-CVE-2021-4034
https://github.com/Jesrat/make_me_root
https://github.com/toecesws/CVE-2021-4034
https://github.com/nikip72/CVE-2021-4034
https://github.com/Ayrx/CVE-2021-4034
https://github.com/ck00004/CVE-2021-4034
https://github.com/PwnFunction/CVE-2021-4034
https://github.com/cspshivam/cve-2021-4034
https://github.com/navisec/CVE-2021-4034-PwnKit
https://github.com/clubby789/CVE-2021-4034
https://github.com/LJP-TW/CVE-2021-4034
https://github.com/EstamelGG/CVE-2021-4034-NoGCC
https://github.com/battleoverflow/CVE-2021-4034
https://github.com/Plethore/CVE-2021-4034
https://github.com/nikaiw/CVE-2021-4034
https://github.com/pyhrr0/pwnkit
https://github.com/0x01-sec/CVE-2021-4034-
https://github.com/whokilleddb/CVE-2021-4034
https://github.com/x04000/AutoPwnkit
https://github.com/nel0x/pwnkit-vulnerability
https://github.com/c3l3si4n/pwnkit
https://github.com/Audiobahn/CVE-2021-4034
https://github.com/codiobert/pwnkit-scanner
https://github.com/PeterGottesman/pwnkit-exploit
https://github.com/mebeim/CVE-2021-4034
https://github.com/zhzyker/CVE-2021-4034
https://github.com/Rvn0xsy/CVE-2021-4034
https://github.com/moldabekov/CVE-2021-4034
https://github.com/wechicken456/CVE-2021-4034-CTF-writeup
https://github.com/Silencecyber/cve-2021-4034
https://github.com/Al1ex/CVE-2021-4034
https://github.com/Pol-Ruiz/CVE-2021-4034
https://github.com/lsclsclsc/CVE-2021-4034
https://github.com/alikarimi999/CVE-2021-40346
https://github.com/evdenis/lsm_bpf_check_argc0
https://github.com/NiS3x/CVE-2021-4034
https://github.com/TheJoyOfHacking/berdav-CVE-2021-4034
https://github.com/x04000/CVE-2021-4034
https://github.com/Anonymous-Family/CVE-2021-4034
https://github.com/Pixailz/CVE-2021-4034
https://github.com/0x4ndy/CVE-2021-4034-PoC
https://github.com/An00bRektn/CVE-2021-4034
https://github.com/TanmoyG1800/CVE-2021-4034
https://github.com/callrbx/pkexec-lpe-poc
https://github.com/jpmcb/pwnkit-go
https://github.com/c3c/CVE-2021-4034
https://github.com/joeammond/CVE-2021-4034
https://github.com/hohn/codeql-sample-polkit
https://github.com/gbrsh/CVE-2021-4034
https://github.com/tahaafarooq/poppy
https://github.com/locksec/CVE-2021-4034
https://github.com/NeonWhiteRabbit/CVE-2021-4034-BASH-One-File-Exploit
https://github.com/artemis-mike/cve-2021-4034
https://github.com/deoxykev/CVE-2021-4034-Rust
https://github.com/ly4k/PwnKit
https://github.com/scent2d/PoC-CVE-2021-4034
https://github.com/wudicainiao/cve-2021-4034
https://github.com/ayypril/CVE-2021-4034
https://github.com/knqyf263/CVE-2021-40346
https://github.com/chenaotian/CVE-2021-4034
https://github.com/drapl0n/pwnKit
https://github.com/JohnHammond/CVE-2021-4034
https://github.com/OXDBXKXO/ez-pwnkit
https://github.com/dadvlingd/CVE-2021-4034
https://github.com/Kirill89/CVE-2021-4034
https://github.com/NeonWhiteRabbit/CVE-2021-4034
https://github.com/Yakumwamba/POC-CVE-2021-4034
https://github.com/Ankit-Ojha16/CVE-2021-4034
https://github.com/G01d3nW01f/CVE-2021-4034
https://github.com/Al1ex/LinuxEelvation
https://github.com/pengalaman-1t/CVE-2021-4034
https://github.com/jm33-m0/emp3r0r
https://github.com/arthepsy/CVE-2021-4034
https://github.com/jm33-m0/go-lpe
https://github.com/DanaEpp/pwncat_pwnkit
https://github.com/ryaagard/CVE-2021-4034
https://github.com/0xalwayslucky/log4j-polkit-poc
https://github.com/Vulnmachines/HAProxy_CVE-2021-40346
https://github.com/Nero22k/CVE-2021-4034
https://github.com/Y3A/CVE-2021-4034
https://github.com/Fato07/Pwnkit-exploit
https://github.com/kimusan/pkwner
https://github.com/HellGateCorp/pwnkit
https://github.com/teelrabbit/Polkit-pkexec-exploit-for-Linux
https://github.com/fei9747/CVE-2021-4034
https://github.com/dzonerzy/poc-cve-2021-4034
https://github.com/luijait/PwnKit-Exploit
https://github.com/oreosec/pwnkit
https://github.com/asepsaepdin/CVE-2021-4034
https://github.com/rvizx/CVE-2021-4034
https://github.com/nobelh/CVE-2021-4034
https://github.com/donky16/CVE-2021-40346-POC
https://github.com/JoyGhoshs/CVE-2021-4034
https://github.com/Immersive-Labs-Sec/CVE-2021-4034
https://github.com/v-rzh/CVE-2021-4034
https://github.com/FDlucifer/Pwnkit-go
An attacker gained remote code execution on an outdated, internet-facing web application. The .bash_history of the compromised user (tomcat) revealed that the attacker had downloaded "PwnKit" from GitHub - an exploit targeting CVE-2021-4034, a well-known privilege escalation vulnerability.
Out of curiosity, I read about the vulnerability, its mechanics, and, most importantly, the forensic traces it might leave behind. I found this well-written article that provides an excellent breakdown:
The Tale of CVE-2021-4034 (PwnKit) – The 13-Year-Old Bug [1]
It even includes a "Detecting Compromise" section—thank you! ❤️
I always emphasize to our analysts the importance of studying attack techniques and reviewing exploit source code. Even if everything isn’t immediately clear, you might identify hardcoded values within the code that serve as valuable IOCs for targeted threat-hunting.
[1] https://www.hackthebox.com/blog/The-tale-of-CVE-2021-4034-AKA-PwnKit-The-13-Year-Old-Bug
##updated 2024-10-03T03:31:11
2 posts
Palo Alto Cortex XDR bypass (CVE-2024-8690) https://cybercx.com.au/blog/palo-alto-cortex-xdr-bypass/
##Palo Alto Cortex XDR bypass (CVE-2024-8690) https://cybercx.com.au/blog/palo-alto-cortex-xdr-bypass/
##updated 2024-09-13T21:31:22
4 posts
CISA: April is Emergency Communications Month! https://www.cisa.gov/news-events/news/april-emergency-communications-month-0
From yesterday: CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability added to the KEV catalogue https://www.cve.org/CVERecord?id=CVE-2024-20439 #Cisco #cybersecurity #Infosec
##CISA: April is Emergency Communications Month! https://www.cisa.gov/news-events/news/april-emergency-communications-month-0
From yesterday: CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability added to the KEV catalogue https://www.cve.org/CVERecord?id=CVE-2024-20439 #Cisco #cybersecurity #Infosec
##Cisco has a hard-coded credential. As bad as this sounds, this happens because we do not teach our programmers that it is very bad to do. It's happening in 100 other new software programs being coded today for the same reason.
##CVE ID: CVE-2024-20439
Vendor: Cisco
Product: Smart Licensing Utility
Date Added: 2025-03-31
Vulnerability: Cisco Smart Licensing Utility Static Credential Vulnerability
Notes: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw ; https://nvd.nist.gov/vuln/detail/CVE-2024-20439
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-20439
updated 2024-04-04T00:50:10
4 posts
Whoa, CISA adding *old* Sitecore vulns (CVE-2019-9874/9875) to the KEV list now? It's kinda wild how long these things can lurk undetected, right? 🙈 That deserialization stuff is just nasty business – perfect recipe for some serious RCE.
Actually, this reminds me of a recent gig. The client was totally convinced everything was running smoothly... right up until the pentest report landed. 💥 Yeah, that "smooth sailing" vibe vanished *real* quick.
It really hammers home that you just can't let your guard down. Patch management isn't some simple click-and-forget deal, folks! You've gotta be proactive: checking those logs, hardening systems properly. And here's the kicker: *regular penetration testing is absolutely essential*. Seriously, automated scans alone just don't cut it – not even close.
So, who else has stumbled across these kinds of "old but gold" vulnerabilities lurking in the shadows? Drop your war stories below! 👇
#CyberSecurity #Pentesting #Sitecore #CISA #SecurityFail #RCE #InfoSec
##New: CISA has updated the KEV catalogue.
- CVE-2025-2783: Google Chromium Mojo Sandbox Escape Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-2783
- Added yesterday:
- CVE-2019-9874: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9874
- CVE-2019-9875: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9875 #CISA #cybersecurity #infosec #Google
##CVE ID: CVE-2019-9874
Vendor: Sitecore
Product: CMS and Experience Platform (XP)
Date Added: 2025-03-26
Vulnerability: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
Notes: https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB0334035 ; https://nvd.nist.gov/vuln/detail/CVE-2019-9874
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-9874
CISA has updated the KEV catalogue:
- CVE-2019-9874: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9874
- CVE-2019-9875: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9875 #CISA #cybersecurity #Infosec
##updated 2024-04-04T00:50:10
3 posts
New: CISA has updated the KEV catalogue.
- CVE-2025-2783: Google Chromium Mojo Sandbox Escape Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-2783
- Added yesterday:
- CVE-2019-9874: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9874
- CVE-2019-9875: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9875 #CISA #cybersecurity #infosec #Google
##CVE ID: CVE-2019-9875
Vendor: Sitecore
Product: CMS and Experience Platform (XP)
Date Added: 2025-03-26
Vulnerability: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
Notes: https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB0038556 ; https://nvd.nist.gov/vuln/detail/CVE-2019-9875
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-9875
CISA has updated the KEV catalogue:
- CVE-2019-9874: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9874
- CVE-2019-9875: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9875 #CISA #cybersecurity #Infosec
##updated 2024-01-26T03:30:25
2 posts
1 repos
Arbitrary File Write CVE-2024-0402 in GitLab (Exploit) https://blog.doyensec.com/2025/03/18/exploitable-gitlab.html
##Arbitrary File Write CVE-2024-0402 in GitLab (Exploit) https://blog.doyensec.com/2025/03/18/exploitable-gitlab.html
##updated 2023-02-01T05:07:50
1 posts
this 11yo CVE aged well
##updated 2023-01-29T05:06:13
1 posts
1 repos
#natsio attention CVE-2025-30215 marked as CRITICAL according to https://github.com/nats-io/nats-server/releases/tag/v2.11.1-binary and https://github.com/nats-io/nats-server/releases/tag/v2.10.27-binary „This is a binary-only release containing fixes for CVE-2025-30215, a CRITICAL severity vulnerability affecting all NATS Server versions from v2.2.0, prior to v2.11.1 or v2.10.27. Public disclosure of the details, including the source code, will be made available no sooner than a week from the release date. All environments should update as soon as possible. …“
##@cR0w
Wonder what happened with cve-2025-29495...
Moar hacking in space!
https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv
sec:CRIT 9.4 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
##CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the
Crypto_TM_ProcessSecurity
function (crypto_tm.c:1735:8
). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated bufferp_new_dec_frame
. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f.
Security Advisory: Kanidm Provisioned Admin Credentials Leaked into System Log (CVE-2025-30205)
##