| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-41668 | 8.8 | 0.00% | 1 | 0 | 2025-07-08T07:15:25.987000 | A low privileged remote attacker with file access can replace a critical file or | |
| CVE-2025-41667 | 8.8 | 0.00% | 1 | 0 | 2025-07-08T07:15:25.813000 | A low privileged remote attacker with file access can replace a critical file us | |
| CVE-2025-41666 | 8.8 | 0.00% | 1 | 0 | 2025-07-08T07:15:25.630000 | A low privileged remote attacker with file access can replace a critical file us | |
| CVE-2025-41665 | 6.5 | 0.00% | 1 | 0 | 2025-07-08T07:15:25.457000 | An low privileged remote attacker can enforce the watchdog of the affected devic | |
| CVE-2025-25270 | 9.8 | 0.00% | 2 | 0 | 2025-07-08T07:15:25.080000 | An unauthenticated remote attacker can alter the device configuration in a way t | |
| CVE-2025-25269 | 8.4 | 0.00% | 1 | 0 | 2025-07-08T07:15:24.890000 | An unauthenticated local attacker can inject a command that is subsequently exec | |
| CVE-2025-24002 | 5.3 | 0.00% | 1 | 0 | 2025-07-08T07:15:23.473000 | An unauthenticated remote attacker can use MQTT messages to crash a service on c | |
| CVE-2024-12084 | 9.8 | 2.91% | 1 | 2 | 2025-07-08T06:30:32 | A heap-based buffer overflow flaw was found in the rsync daemon. This issue is d | |
| CVE-2025-20685 | None | 0.00% | 1 | 0 | 2025-07-08T03:31:08 | In wlan AP driver, there is a possible out of bounds write due to an incorrect b | |
| CVE-2025-42980 | 9.1 | 0.00% | 3 | 0 | 2025-07-08T03:31:08 | SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a pr | |
| CVE-2025-42964 | 9.1 | 0.00% | 2 | 0 | 2025-07-08T03:31:08 | SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged u | |
| CVE-2025-42966 | 9.1 | 0.00% | 2 | 0 | 2025-07-08T03:31:08 | SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with a | |
| CVE-2025-42953 | 8.1 | 0.00% | 2 | 0 | 2025-07-08T03:31:02 | SAP Netweaver System Configuration does not perform necessary authorization chec | |
| CVE-2025-42959 | 8.1 | 0.00% | 2 | 0 | 2025-07-08T03:31:02 | An unauthenticated attacker may exploit a scenario where a Hashed Message Authen | |
| CVE-2025-20686 | 0 | 0.00% | 2 | 0 | 2025-07-08T03:15:27.987000 | In wlan AP driver, there is a possible out of bounds write due to an incorrect b | |
| CVE-2025-42967 | 9.1 | 0.00% | 3 | 0 | 2025-07-08T01:15:23.787000 | SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vul | |
| CVE-2025-42963 | 9.1 | 0.00% | 2 | 0 | 2025-07-08T01:15:23.093000 | A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer | |
| CVE-2016-10033 | 9.8 | 94.44% | 6 | 18 | template | 2025-07-08T01:00:02.203000 | The mailSend function in the isMail transport in PHPMailer before 5.2.18 might a |
| CVE-2025-3108 | 5.0 | 0.18% | 2 | 0 | 2025-07-07T23:11:37 | Incomplete Documentation of Program Execution exists in the run-llama/llama_inde | |
| CVE-2025-53540 | 0 | 0.00% | 2 | 0 | 2025-07-07T20:15:28.173000 | arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ES | |
| CVE-2025-47227 | 7.5 | 0.13% | 1 | 1 | 2025-07-07T19:15:22.940000 | In the Production Environment extension in Netmake ScriptCase through 9.12.006 ( | |
| CVE-2025-7259 | 6.5 | 0.00% | 2 | 0 | 2025-07-07T18:32:34 | An authorized user can issue queries with duplicate _id fields, that leads to un | |
| CVE-2025-53169 | 7.6 | 0.01% | 1 | 0 | 2025-07-07T18:32:26 | Vulnerability of bypassing the process to start SA and use related functions on | |
| CVE-2025-7097 | 8.1 | 0.13% | 1 | 0 | 2025-07-07T18:32:25 | A vulnerability, which was classified as critical, has been found in Comodo Inte | |
| CVE-2025-53529 | 9.8 | 0.00% | 1 | 0 | 2025-07-07T17:15:30.030000 | WeGIA is a web manager for charitable institutions. An SQL Injection vulnerabili | |
| CVE-2025-36014 | 8.2 | 0.00% | 2 | 0 | 2025-07-07T17:15:27.890000 | IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code inj | |
| CVE-2025-7102 | 6.3 | 0.03% | 2 | 0 | 2025-07-07T16:15:29.177000 | A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as crit | |
| CVE-2025-7096 | 8.1 | 0.02% | 3 | 0 | 2025-07-07T16:15:28.390000 | A vulnerability classified as critical was found in Comodo Internet Security Pre | |
| CVE-2025-34067 | None | 0.38% | 1 | 0 | 2025-07-07T15:31:42 | An unauthenticated remote command execution vulnerability exists in the applyCT | |
| CVE-2025-5333 | None | 0.29% | 2 | 0 | 2025-07-07T15:30:37 | Remote attackers can execute arbitrary code in the context of the vulnerable ser | |
| CVE-2025-6463 | 8.8 | 0.14% | 3 | 0 | 2025-07-07T14:28:51.123000 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin f | |
| CVE-2025-3466 | 9.8 | 0.11% | 1 | 0 | 2025-07-07T12:30:29 | langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in t | |
| CVE-2025-3705 | 6.8 | 0.10% | 1 | 0 | 2025-07-07T12:30:29 | A physical attacker with no privileges can gain full control of the affected dev | |
| CVE-2025-3626 | 9.1 | 0.25% | 1 | 0 | 2025-07-07T10:15:27.967000 | A remote attacker with administrator account can gain full control of the device | |
| CVE-2025-7118 | 8.8 | 0.04% | 1 | 0 | 2025-07-07T09:30:31 | A vulnerability, which was classified as critical, has been found in UTT HiPER 8 | |
| CVE-2025-41672 | 10.0 | 0.05% | 4 | 0 | 2025-07-07T07:15:23.973000 | A remote unauthenticated attacker may use default certificates to generate JWT T | |
| CVE-2025-53473 | 7.3 | 0.04% | 2 | 0 | 2025-07-07T06:30:30 | Server-side request forgery (SSRF) vulnerability exists n multiple versions of N | |
| CVE-2025-48501 | 9.8 | 0.23% | 3 | 0 | 2025-07-07T05:15:41.913000 | An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4 | |
| CVE-2025-7145 | 7.2 | 0.27% | 3 | 0 | 2025-07-07T03:30:29 | ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vuln | |
| CVE-2025-7100 | 6.3 | 0.03% | 2 | 0 | 2025-07-07T03:30:29 | A vulnerability was found in BoyunCMS up to 1.4.20 and classified as critical. A | |
| CVE-2025-7101 | 6.3 | 0.04% | 2 | 0 | 2025-07-07T03:30:23 | A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as cr | |
| CVE-2025-7099 | 5.6 | 0.04% | 2 | 0 | 2025-07-07T00:30:24 | A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as | |
| CVE-2025-7079 | 3.7 | 0.03% | 4 | 0 | 2025-07-06T15:30:36 | A vulnerability, which was classified as problematic, has been found in mao888 b | |
| CVE-2025-27446 | 0 | 0.01% | 1 | 0 | 2025-07-06T06:15:21.587000 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache AP | |
| CVE-2025-47228 | 6.7 | 0.09% | 1 | 1 | 2025-07-05T03:30:32 | In the Production Environment extension in Netmake ScriptCase through 9.12.006 ( | |
| CVE-2025-49809 | 7.9 | 0.01% | 1 | 0 | 2025-07-04T15:31:08 | mtr through 0.95, in certain privileged contexts, mishandles execution of a prog | |
| CVE-2025-5372 | 5.0 | 0.04% | 1 | 0 | 2025-07-04T06:30:28 | A flaw was found in libssh versions built with OpenSSL versions older than 3.0, | |
| CVE-2025-53367 | 0 | 0.01% | 3 | 0 | 2025-07-03T22:15:21.140000 | DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing | |
| CVE-2025-49826 | 7.5 | 0.01% | 1 | 0 | 2025-07-03T22:15:21.010000 | Next.js is a React framework for building full-stack web applications. From vers | |
| CVE-2025-20309 | 10.0 | 0.13% | 9 | 0 | 2025-07-03T15:23:28.870000 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco U | |
| CVE-2025-53104 | 9.1 | 0.30% | 1 | 0 | 2025-07-03T15:14:12.767000 | gluestack-ui is a library of copy-pasteable components & patterns crafted with T | |
| CVE-2025-34064 | 0 | 0.05% | 1 | 0 | 2025-07-03T15:14:12.767000 | A cloud infrastructure misconfiguration in OneLogin AD Connector results in log | |
| CVE-2025-37097 | 7.5 | 0.05% | 1 | 0 | 2025-07-03T15:14:12.767000 | A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may all | |
| CVE-2025-49483 | 5.4 | 0.04% | 1 | 0 | 2025-07-03T15:14:12.767000 | Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 | |
| CVE-2025-49488 | 5.4 | 0.04% | 1 | 0 | 2025-07-03T15:14:12.767000 | Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in route | |
| CVE-2025-49482 | 5.4 | 0.04% | 1 | 0 | 2025-07-03T15:14:12.767000 | Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 | |
| CVE-2025-43713 | 6.5 | 0.07% | 1 | 0 | 2025-07-03T15:13:53.147000 | ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks a | |
| CVE-2025-49618 | 5.8 | 0.03% | 1 | 0 | 2025-07-03T15:13:53.147000 | In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal | |
| CVE-2025-53110 | 0 | 0.06% | 2 | 0 | 2025-07-03T15:13:53.147000 | Model Context Protocol Servers is a collection of reference implementations for | |
| CVE-2025-20307 | 4.8 | 0.03% | 1 | 0 | 2025-07-03T15:13:53.147000 | A vulnerability in the web-based management interface of Cisco BroadWorks Applic | |
| CVE-2025-52891 | 6.5 | 0.05% | 1 | 0 | 2025-07-03T15:13:53.147000 | ModSecurity is an open source, cross platform web application firewall (WAF) eng | |
| CVE-2025-53106 | 0 | 0.04% | 1 | 0 | 2025-07-03T15:13:53.147000 | Graylog is a free and open log management platform. In versions 6.2.0 to before | |
| CVE-2025-34071 | 0 | 0.28% | 1 | 0 | 2025-07-03T15:13:53.147000 | A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attacker | |
| CVE-2025-27024 | 6.5 | 0.04% | 1 | 0 | 2025-07-03T15:13:53.147000 | Unrestricted access to OS file system in SFTP service in Infinera G42 version R | |
| CVE-2025-24330 | 6.4 | 0.02% | 1 | 0 | 2025-07-03T15:13:53.147000 | Sending a crafted SOAP "provision" operation message PlanId field within the Mob | |
| CVE-2025-27025 | 8.8 | 0.36% | 1 | 0 | 2025-07-03T15:13:53.147000 | The target device exposes a service on a specific TCP port with a configured en | |
| CVE-2025-27021 | 7.0 | 0.01% | 1 | 0 | 2025-07-03T15:13:53.147000 | The misconfiguration in the sudoers configuration of the operating system in In | |
| CVE-2025-1708 | 8.6 | 0.04% | 1 | 0 | 2025-07-03T12:35:09 | The application is vulnerable to SQL injection attacks. An attacker is able to d | |
| CVE-2025-53109 | None | 0.06% | 2 | 0 | 2025-07-02T18:56:41 | Versions of Filesystem prior to 0.6.3 & 2025.7.1 could allow access to unintende | |
| CVE-2025-48928 | 4.0 | 8.89% | 3 | 0 | 2025-07-02T18:31:32 | The TeleMessage service through 2025-05-05 is based on a JSP application in whic | |
| CVE-2025-20308 | 6.0 | 0.02% | 1 | 0 | 2025-07-02T18:30:42 | A vulnerability in Cisco Spaces Connector could allow an authenticated, local at | |
| CVE-2025-20310 | 6.1 | 0.04% | 1 | 0 | 2025-07-02T18:30:37 | A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could all | |
| CVE-2025-24334 | 3.3 | 0.01% | 1 | 0 | 2025-07-02T15:31:43 | The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made t | |
| CVE-2025-24333 | 6.4 | 0.02% | 1 | 0 | 2025-07-02T15:31:43 | Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administ | |
| CVE-2025-24332 | 7.1 | 0.02% | 1 | 0 | 2025-07-02T15:31:43 | Nokia Single RAN AirScale baseband allows an authenticated administrative user a | |
| CVE-2025-24335 | 2.0 | 0.02% | 1 | 0 | 2025-07-02T15:31:43 | Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain | |
| CVE-2025-24331 | 6.4 | 0.01% | 1 | 0 | 2025-07-02T15:31:38 | The Single RAN baseband OAM service is intended to run as an unprivileged servic | |
| CVE-2025-24329 | 6.4 | 0.02% | 1 | 0 | 2025-07-02T15:31:38 | Sending a crafted SOAP "provision" operation message archive field within the Mo | |
| CVE-2025-24328 | 4.2 | 0.01% | 1 | 0 | 2025-07-02T15:31:37 | Sending a crafted SOAP "set" operation message within the Mobile Network Operato | |
| CVE-2025-34072 | None | 0.08% | 1 | 0 | 2025-07-02T15:30:44 | A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model C | |
| CVE-2025-34069 | None | 0.14% | 1 | 0 | 2025-07-02T15:30:44 | An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to | |
| CVE-2025-34070 | None | 0.12% | 1 | 0 | 2025-07-02T15:30:37 | A missing authentication vulnerability in the GFIAgent component of GFI Kerio Co | |
| CVE-2025-48379 | 7.1 | 0.01% | 1 | 0 | 2025-07-02T14:20:25 | There is a heap buffer overflow when writing a sufficiently large (>64k encoded | |
| CVE-2025-27022 | 7.5 | 0.06% | 1 | 0 | 2025-07-02T12:33:13 | Path traversal in WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows re | |
| CVE-2025-27023 | 6.5 | 0.07% | 1 | 0 | 2025-07-02T12:32:17 | Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version | |
| CVE-2024-13786 | 9.8 | 0.11% | 1 | 0 | 2025-07-02T09:30:34 | The education theme for WordPress is vulnerable to PHP Object Injection in all v | |
| CVE-2025-4689 | 9.8 | 0.15% | 1 | 0 | 2025-07-02T06:30:41 | The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for Word | |
| CVE-2025-53107 | 7.5 | 0.15% | 1 | 0 | 2025-07-01T23:52:06 | ### Summary A command injection vulnerability exists in the `git-mcp-server` MC | |
| CVE-2025-32463 | 9.4 | 0.01% | 16 | 27 | 2025-07-01T21:33:31 | Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswi | |
| CVE-2025-37099 | 9.8 | 0.23% | 1 | 0 | 2025-07-01T18:30:47 | A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) | |
| CVE-2025-6543 | 9.8 | 16.12% | 3 | 3 | 2025-07-01T18:30:34 | Memory overflow vulnerability leading to unintended control flow and Denial of S | |
| CVE-2025-6554 | 8.1 | 6.66% | 26 | 4 | 2025-07-01T15:32:11 | Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote at | |
| CVE-2025-37098 | 7.5 | 0.06% | 1 | 0 | 2025-07-01T15:31:16 | A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior | |
| CVE-2025-34060 | None | 0.27% | 1 | 0 | 2025-07-01T15:31:16 | A PHP objection injection vulnerability exists in the Monero Project’s Laravel-b | |
| CVE-2025-34063 | None | 0.11% | 1 | 0 | 2025-07-01T15:31:10 | A cryptographic authentication bypass vulnerability exists in OneLogin AD Connec | |
| CVE-2025-49491 | 5.4 | 0.04% | 1 | 0 | 2025-07-01T12:31:05 | Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、 | |
| CVE-2025-49489 | 5.4 | 0.04% | 1 | 0 | 2025-07-01T12:31:05 | Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、 | |
| CVE-2025-49490 | 5.4 | 0.04% | 1 | 0 | 2025-07-01T12:31:05 | Resource leak vulnerability in ASR180x in router allows Resource Leak Exposure. | |
| CVE-2025-49492 | 7.4 | 0.04% | 1 | 0 | 2025-07-01T12:31:05 | Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun. | |
| CVE-2025-49480 | 7.4 | 0.04% | 1 | 0 | 2025-07-01T12:31:05 | Out-of-bounds access in ASR180x 、ASR190x in lte-telephony, This vulnerability | |
| CVE-2025-49481 | 5.4 | 0.04% | 1 | 0 | 2025-07-01T12:31:05 | Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in route | |
| CVE-2025-5072 | 5.4 | 0.04% | 1 | 0 | 2025-07-01T09:30:40 | Resource leak vulnerability in ASR180x、ASR190x in con_mgr allows Resource Leak E | |
| CVE-2025-41656 | 10.0 | 0.16% | 1 | 0 | 2025-07-01T09:30:40 | An unauthenticated remote attacker can run arbitrary commands on the affected de | |
| CVE-2025-41648 | 9.8 | 0.08% | 1 | 0 | 2025-07-01T09:30:40 | An unauthenticated remote attacker can bypass the login to the web application o | |
| CVE-2025-49521 | 8.8 | 0.09% | 1 | 0 | 2025-07-01T03:31:37 | A flaw was found in the EDA component of the Ansible Automation Platform, where | |
| CVE-2025-49520 | 8.8 | 0.09% | 1 | 0 | 2025-07-01T03:31:36 | A flaw was found in Ansible Automation Platform’s EDA component where user-suppl | |
| CVE-2025-32462 | 2.8 | 0.02% | 10 | 8 | 2025-06-30T21:30:54 | Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that i | |
| CVE-2025-6019 | 7.0 | 0.02% | 1 | 4 | 2025-06-30T03:31:34 | A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Gener | |
| CVE-2024-54085 | 9.8 | 9.47% | 1 | 1 | 2025-06-27T12:32:19 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authe | |
| CVE-2025-49132 | 10.0 | 23.69% | 1 | 6 | template | 2025-06-23T20:16:21.633000 | Pterodactyl is a free, open-source game server management panel. Prior to versio |
| CVE-2024-12086 | 6.1 | 0.16% | 1 | 0 | 2025-06-20T21:32:01 | A flaw was found in rsync. It could allow a server to enumerate the contents of | |
| CVE-2024-12087 | 6.5 | 0.66% | 1 | 0 | 2025-06-20T18:28:57.620000 | A path traversal vulnerability exists in rsync. It stems from behavior enabled b | |
| CVE-2024-12088 | 6.5 | 0.52% | 1 | 0 | 2025-06-18T16:29:29.573000 | A flaw was found in rsync. When using the `--safe-links` option, the rsync clien | |
| CVE-2025-5777 | None | 4.17% | 34 | 6 | template | 2025-06-17T15:31:16 | Insufficient input validation leading to memory overread on the NetScaler Manage |
| CVE-2024-52533 | 9.8 | 0.72% | 1 | 0 | 2025-06-17T01:23:56.150000 | gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resu | |
| CVE-2025-49596 | 0 | 0.52% | 2 | 1 | 2025-06-16T12:32:18.840000 | The MCP inspector is a developer tool for testing and debugging MCP servers. Ver | |
| CVE-2025-22157 | 8.8 | 0.05% | 1 | 0 | 2025-06-12T18:31:14 | This High severity PrivEsc (Privilege Escalation) vulnerability was introduced i | |
| CVE-2025-32711 | 9.3 | 0.10% | 2 | 1 | 2025-06-11T15:30:38 | Ai command injection in M365 Copilot allows an unauthorized attacker to disclose | |
| CVE-2025-47176 | 7.8 | 0.06% | 1 | 0 | 2025-06-10T21:32:26 | '.../...//' in Microsoft Office Outlook allows an authorized attacker to execute | |
| CVE-2025-33073 | 8.8 | 0.39% | 1 | 2 | 2025-06-10T18:32:36 | Improper access control in Windows SMB allows an authorized attacker to elevate | |
| CVE-2024-6119 | 7.5 | 0.67% | 1 | 0 | 2025-06-03T12:31:37 | Issue summary: Applications performing certificate name checks (e.g., TLS client | |
| CVE-2024-12133 | 5.3 | 0.22% | 1 | 0 | 2025-06-02T15:32:27 | A flaw in libtasn1 causes inefficient handling of specific certificate data. Whe | |
| CVE-2024-12747 | 5.6 | 0.01% | 1 | 0 | 2025-06-02T15:31:21 | A flaw was found in rsync. This vulnerability arises from a race condition durin | |
| CVE-2024-8176 | 7.5 | 0.36% | 1 | 1 | 2025-06-02T15:31:21 | A stack overflow vulnerability exists in the libexpat library due to the way it | |
| CVE-2025-48927 | 5.3 | 11.15% | 3 | 0 | 2025-05-28T18:33:28 | The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with | |
| CVE-2025-26466 | 5.9 | 46.59% | 1 | 3 | 2025-05-27T18:30:48 | A flaw was found in the OpenSSH package. For each ping packet the SSH server rec | |
| CVE-2023-27043 | 5.3 | 0.11% | 1 | 0 | 2025-05-19T12:38:20.773000 | The email module of Python through 3.11.3 incorrectly parses e-mail addresses th | |
| CVE-2024-50602 | 5.9 | 0.04% | 1 | 0 | 2025-04-30T20:15:20.730000 | An issue was discovered in libexpat before 2.6.4. There is a crash within the XM | |
| CVE-2024-10918 | 4.8 | 0.10% | 1 | 0 | 2025-04-29T18:31:51 | Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflo | |
| CVE-2024-9287 | 7.8 | 0.04% | 1 | 0 | 2025-04-25T23:15:16.573000 | A vulnerability has been found in the CPython `venv` module and CLI where path n | |
| CVE-2024-38428 | 9.1 | 0.27% | 1 | 0 | 2025-04-21T12:30:24 | url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcompon | |
| CVE-2014-3931 | 9.8 | 1.67% | 7 | 0 | 2025-04-20T03:36:04 | fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote a | |
| CVE-2015-7697 | None | 30.28% | 1 | 0 | 2025-04-12T12:54:49 | Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinit | |
| CVE-2025-24813 | 9.8 | 93.98% | 2 | 38 | template | 2025-04-03T13:23:54 | Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution an |
| CVE-2025-27636 | None | 43.34% | 2 | 2 | 2025-03-25T18:38:11 | Bypass/Injection vulnerability in Apache Camel components under particular condi | |
| CVE-2024-10524 | 6.5 | 0.48% | 1 | 0 | 2025-03-21T18:15:32.323000 | Applications that use Wget to access a remote resource using shorthand URLs and | |
| CVE-2024-12085 | 7.5 | 1.18% | 1 | 0 | 2025-03-20T09:30:27 | A flaw was found in the rsync daemon which could be triggered when rsync compare | |
| CVE-2025-29891 | 4.2 | 0.09% | 2 | 0 | 2025-03-19T15:44:53 | Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel | |
| CVE-2025-0167 | 3.4 | 0.06% | 1 | 0 | 2025-03-07T03:32:33 | When asked to use a `.netrc` file for credentials **and** to follow HTTP redirec | |
| CVE-2025-0665 | 9.8 | 2.35% | 1 | 0 | 2025-03-07T03:32:33 | libcurl would wrongly close the same eventfd file descriptor twice when taking d | |
| CVE-2025-27113 | 2.9 | 0.07% | 1 | 0 | 2025-03-07T03:31:33 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference i | |
| CVE-2025-1094 | 8.1 | 83.63% | 1 | 5 | 2025-02-21T18:31:09 | Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescape | |
| CVE-2025-24965 | 0 | 0.10% | 1 | 0 | 2025-02-19T17:15:15.510000 | crun is an open source OCI Container Runtime fully written in C. In affected ver | |
| CVE-2025-26465 | 6.8 | 56.74% | 1 | 2 | 2025-02-19T15:33:13 | A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled | |
| CVE-2024-12705 | 7.5 | 0.13% | 1 | 0 | 2025-02-07T18:32:19 | Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memor | |
| CVE-2024-6232 | 7.5 | 0.91% | 1 | 0 | 2025-01-31T21:32:45 | There is a MEDIUM severity vulnerability affecting CPython. Regular express | |
| CVE-2024-11053 | 9.1 | 0.17% | 1 | 0 | 2025-01-31T15:31:47 | When asked to both use a `.netrc` file for credentials and to follow HTTP redire | |
| CVE-2024-55591 | 9.8 | 94.25% | 1 | 10 | template | 2025-01-23T02:00:02.310000 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-2 |
| CVE-2019-11932 | 8.8 | 80.16% | 1 | 21 | 2025-01-13T15:21:41 | A double free vulnerability in the DDGifSlurp function in decoding.c in the andr | |
| CVE-2024-5594 | 9.1 | 0.11% | 1 | 0 | 2025-01-06T18:32:07 | OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attack | |
| CVE-2024-50379 | 9.8 | 88.61% | 1 | 16 | 2025-01-03T12:30:31 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compi | |
| CVE-2024-56337 | 9.8 | 9.71% | 2 | 1 | 2025-01-03T12:15:26.787000 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat | |
| CVE-2024-12856 | 7.2 | 77.16% | 1 | 1 | 2024-12-27T18:30:32 | The Four-Faith router models F3x24 and F3x36 are affected by an operating system | |
| CVE-2024-9681 | 5.9 | 0.26% | 1 | 0 | 2024-12-13T15:31:42 | When curl is asked to use HSTS, the expiry time for a subdomain might overwrite | |
| CVE-2024-9341 | 5.4 | 0.26% | 1 | 0 | 2024-12-11T06:30:25 | A flaw was found in Go. When FIPS mode is enabled on a system, container runtime | |
| CVE-2024-6874 | 4.3 | 0.24% | 2 | 0 | 2024-11-21T09:50:26.493000 | libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_g | |
| CVE-2021-4217 | 3.3 | 0.13% | 1 | 1 | 2024-11-21T06:37:10.350000 | A flaw was found in unzip. The vulnerability occurs due to improper handling of | |
| CVE-2019-13638 | 7.8 | 3.45% | 1 | 0 | 2024-11-21T04:25:25.007000 | GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be | |
| CVE-2018-6951 | 7.5 | 23.09% | 1 | 0 | 2024-11-21T04:11:28.273000 | An issue was discovered in GNU patch through 2.7.6. There is a segmentation faul | |
| CVE-2024-5742 | 4.7 | 0.04% | 1 | 3 | 2024-11-12T18:30:50 | A vulnerability was found in GNU Nano that allows a possible privilege escalatio | |
| CVE-2024-9143 | 4.3 | 0.65% | 1 | 0 | 2024-11-08T18:31:50 | Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted e | |
| CVE-2024-28882 | 4.3 | 0.53% | 1 | 0 | 2024-11-02T00:37:22 | OpenVPN 2.6.10 and earlier in a server role accepts multiple exit notifications | |
| CVE-2024-8006 | 4.4 | 0.05% | 1 | 0 | 2024-09-19T17:46:03.447000 | Remote packet capture support is disabled by default in libpcap. When a user bu | |
| CVE-2023-7256 | 4.4 | 0.05% | 1 | 0 | 2024-08-31T00:31:11 | In affected libpcap versions during the setup of a remote packet capture the int | |
| CVE-2024-6345 | 8.8 | 0.23% | 1 | 0 | 2024-08-04T05:03:40 | A vulnerability in the `package_index` module of pypa/setuptools versions up to | |
| CVE-2024-5535 | 9.1 | 5.15% | 1 | 1 | 2024-07-12T15:31:25 | Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an em | |
| CVE-2024-3721 | 6.3 | 57.40% | 1 | 0 | 2024-04-13T12:30:30 | A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classi | |
| CVE-2018-20969 | 7.8 | 0.78% | 1 | 0 | 2024-04-11T21:19:01 | do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginnin | |
| CVE-2023-34362 | 9.8 | 94.48% | 1 | 11 | template | 2024-04-04T04:29:06 | In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0. |
| CVE-2019-13636 | 5.9 | 5.07% | 1 | 0 | 2024-04-04T01:17:53 | In GNU patch through 2.7.6, the following of symlinks is mishandled in certain c | |
| CVE-2019-13232 | 3.3 | 0.08% | 1 | 0 | 2024-04-04T01:11:32 | Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, l | |
| CVE-2019-9621 | 7.5 | 91.81% | 6 | 1 | 2024-04-04T00:24:27 | Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, an | |
| CVE-2010-2772 | 7.8 | 0.08% | 1 | 0 | 2024-02-22T05:08:16 | Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which a | |
| CVE-2024-25062 | 7.5 | 0.15% | 1 | 0 | 2024-02-22T05:07:56 | An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When | |
| CVE-2024-0684 | 5.5 | 0.07% | 1 | 1 | 2024-02-14T00:35:42 | A flaw was found in the GNU coreutils "split" program. A heap overflow with user | |
| CVE-2022-0529 | 7.8 | 0.20% | 1 | 2 | 2023-10-30T12:30:30 | A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of | |
| CVE-2022-0530 | 7.8 | 0.09% | 1 | 2 | 2023-10-30T12:30:30 | A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of | |
| CVE-2022-38392 | 5.3 | 0.08% | 1 | 0 | 2023-09-18T05:03:19 | A certain 5400 RPM OEM hard drive, as shipped with laptop PCs in approximately 2 | |
| CVE-2019-5418 | 7.5 | 94.23% | 6 | 12 | template | 2023-08-17T05:02:29 | # File Content Disclosure in Action View Impact ------ There is a possible fi |
| CVE-2018-6952 | 7.5 | 16.66% | 1 | 0 | 2023-02-02T05:03:20 | A double free exists in the another_hunk function in pch.c in GNU patch through | |
| CVE-2015-7696 | None | 31.45% | 1 | 0 | 2023-02-01T05:08:13 | Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-ba | |
| CVE-2016-9844 | 4.0 | 10.18% | 1 | 0 | 2023-02-01T05:08:12 | Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allo | |
| CVE-2018-18384 | 5.5 | 2.94% | 1 | 0 | 2023-02-01T05:07:51 | Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a cra | |
| CVE-2020-16120 | None | 0.06% | 1 | 0 | 2023-01-29T05:05:39 | Overlayfs did not properly perform permission checking when copying up files in | |
| CVE-2019-20633 | None | 0.14% | 1 | 0 | 2023-01-29T05:02:02 | GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability | |
| CVE-2025-25271 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-25268 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-24005 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-24006 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-24004 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-24003 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-47812 | 0 | 0.00% | 5 | 5 | template | N/A | |
| CVE-2025-48952 | 0 | 0.06% | 3 | 0 | N/A | ||
| CVE-2025-53536 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-1735 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-0038 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-49588 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2025-48703 | 0 | 0.00% | 1 | 3 | N/A | ||
| CVE-2025-49144 | 0 | 0.01% | 2 | 6 | N/A | ||
| CVE-2025-53100 | 0 | 0.97% | 1 | 0 | N/A |
updated 2025-07-08T07:15:25.987000
1 posts
#OT #Advisory VDE-2025-054
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2025-41666, CVE-2025-41667, CVE-2025-41668, CVE-2025-41665
https://certvde.com/en/advisories/VDE-2025-054
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-054.json
##updated 2025-07-08T07:15:25.813000
1 posts
#OT #Advisory VDE-2025-054
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2025-41666, CVE-2025-41667, CVE-2025-41668, CVE-2025-41665
https://certvde.com/en/advisories/VDE-2025-054
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-054.json
##updated 2025-07-08T07:15:25.630000
1 posts
#OT #Advisory VDE-2025-054
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2025-41666, CVE-2025-41667, CVE-2025-41668, CVE-2025-41665
https://certvde.com/en/advisories/VDE-2025-054
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-054.json
##updated 2025-07-08T07:15:25.457000
1 posts
#OT #Advisory VDE-2025-054
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2025-41666, CVE-2025-41667, CVE-2025-41668, CVE-2025-41665
https://certvde.com/en/advisories/VDE-2025-054
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-054.json
##updated 2025-07-08T07:15:25.080000
2 posts
⚠️ CRITICAL: CVE-2025-25270 affects Phoenix Contact CHARX SEC-3150 (0.0.0). Remote unauthenticated attackers can gain root RCE by altering device config. No patch yet—review your exposure! https://radar.offseq.com/threat/cve-2025-25270-cwe-913-improper-control-of-dynamic-8387fcd3 #OffSeq #ICS #Vuln
###OT #Advisory VDE-2025-019
Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
#CVE CVE-2025-25270, CVE-2025-25268, CVE-2025-25271, CVE-2025-25269
https://certvde.com/en/advisories/VDE-2025-019
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-019.json
##updated 2025-07-08T07:15:24.890000
1 posts
#OT #Advisory VDE-2025-019
Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
#CVE CVE-2025-25270, CVE-2025-25268, CVE-2025-25271, CVE-2025-25269
https://certvde.com/en/advisories/VDE-2025-019
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-019.json
##updated 2025-07-08T07:15:23.473000
1 posts
#OT #Advisory VDE-2025-014
Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
#CVE CVE-2025-24003, CVE-2025-24005, CVE-2025-24006, CVE-2025-24002, CVE-2025-24004
https://certvde.com/en/advisories/VDE-2025-014
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-014.json
##updated 2025-07-08T06:30:32
1 posts
2 repos
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-07-08T03:31:08
1 posts
🔴 CVE-2025-20685: CRITICAL heap overflow in MediaTek WLAN AP driver (MT6890, MT7915/16, MT7981/86). Remote code exec possible from nearby—no user action. Patch ID: WCNCR00416226. Urgent action needed! https://radar.offseq.com/threat/cve-2025-20685-cwe-122-heap-overflow-in-mediatek-i-2da7fbce #OffSeq #CVE202520685 #MediaTek #InfoSec
##updated 2025-07-08T03:31:08
3 posts
🔴 CRITICAL: CVE-2025-42980 in SAP NetWeaver EP-RUNTIME 7.50 exposes deserialization of untrusted data. Privileged users can trigger full system compromise. Apply patches & review privileges. https://radar.offseq.com/threat/cve-2025-42980-cwe-502-deserialization-of-untruste-7b67491f #OffSeq #SAP #CVE202542980 #Deserialization #Vuln
##Here are some interesting CVEs while we wait for the SAP advisory to be published. Fortunately, they're all post-auth.
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42980
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42967
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42966
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42964
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-42963
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
https://nvd.nist.gov/vuln/detail/CVE-2025-42959
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
##SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
Here are some interesting CVEs while we wait for the SAP advisory to be published. Fortunately, they're all post-auth.
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42980
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42967
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42966
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42964
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-42963
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
https://nvd.nist.gov/vuln/detail/CVE-2025-42959
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
##SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
updated 2025-07-08T03:31:08
2 posts
Here are some interesting CVEs while we wait for the SAP advisory to be published. Fortunately, they're all post-auth.
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42980
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42967
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42966
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42964
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-42963
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
https://nvd.nist.gov/vuln/detail/CVE-2025-42959
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
##SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
Here are some interesting CVEs while we wait for the SAP advisory to be published. Fortunately, they're all post-auth.
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42980
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42967
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42966
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42964
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-42963
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
https://nvd.nist.gov/vuln/detail/CVE-2025-42959
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
##SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
updated 2025-07-08T03:31:08
2 posts
Here are some interesting CVEs while we wait for the SAP advisory to be published. Fortunately, they're all post-auth.
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42980
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42967
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42966
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42964
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-42963
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
https://nvd.nist.gov/vuln/detail/CVE-2025-42959
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
##SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
Here are some interesting CVEs while we wait for the SAP advisory to be published. Fortunately, they're all post-auth.
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42980
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42967
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42966
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42964
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-42963
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
https://nvd.nist.gov/vuln/detail/CVE-2025-42959
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
##SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
updated 2025-07-08T03:31:02
2 posts
Here are some interesting CVEs while we wait for the SAP advisory to be published. Fortunately, they're all post-auth.
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42980
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42967
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42966
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42964
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-42963
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
https://nvd.nist.gov/vuln/detail/CVE-2025-42959
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
##SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
Here are some interesting CVEs while we wait for the SAP advisory to be published. Fortunately, they're all post-auth.
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42980
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42967
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42966
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42964
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-42963
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
https://nvd.nist.gov/vuln/detail/CVE-2025-42959
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
##SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
updated 2025-07-08T03:31:02
2 posts
Here are some interesting CVEs while we wait for the SAP advisory to be published. Fortunately, they're all post-auth.
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42980
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42967
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42966
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42964
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-42963
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
https://nvd.nist.gov/vuln/detail/CVE-2025-42959
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
##SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
Here are some interesting CVEs while we wait for the SAP advisory to be published. Fortunately, they're all post-auth.
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42980
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42967
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42966
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42964
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-42963
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
https://nvd.nist.gov/vuln/detail/CVE-2025-42959
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
##SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
updated 2025-07-08T03:15:27.987000
2 posts
⚠️ CRITICAL: CVE-2025-20686 heap overflow in MediaTek MT6890/MT7915/MT7916/MT7981/MT7986. Remote code execution possible via Wi-Fi, no user interaction needed. Patch when available; segment networks & monitor closely. https://radar.offseq.com/threat/cve-2025-20686-cwe-122-heap-overflow-in-mediatek-i-2e97569f #OffSeq #CVE202520686 #MediaTek #Infosec
##⚠️ CRITICAL: CVE-2025-20686 heap overflow in MediaTek MT6890/MT7915/MT7916/MT7981/MT7986. Remote code execution possible via Wi-Fi, no user interaction needed. Patch when available; segment networks & monitor closely. https://radar.offseq.com/threat/cve-2025-20686-cwe-122-heap-overflow-in-mediatek-i-2e97569f #OffSeq #CVE202520686 #MediaTek #Infosec
##updated 2025-07-08T01:15:23.787000
3 posts
🚨 CRITICAL SAP RCE: CVE-2025-42967 impacts S/4HANA & SCM (Characteristic Propagation). High-priv users can remotely execute code—full compromise risk. Audit access, monitor activity, & apply mitigations. https://radar.offseq.com/threat/cve-2025-42967-cwe-94-improper-control-of-generati-b43bcf57 #OffSeq #SAP #Vuln #RCE
##Here are some interesting CVEs while we wait for the SAP advisory to be published. Fortunately, they're all post-auth.
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42980
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42967
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42966
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42964
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-42963
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
https://nvd.nist.gov/vuln/detail/CVE-2025-42959
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
##SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
Here are some interesting CVEs while we wait for the SAP advisory to be published. Fortunately, they're all post-auth.
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42980
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42967
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42966
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42964
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-42963
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
https://nvd.nist.gov/vuln/detail/CVE-2025-42959
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
##SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
updated 2025-07-08T01:15:23.093000
2 posts
Here are some interesting CVEs while we wait for the SAP advisory to be published. Fortunately, they're all post-auth.
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42980
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42967
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42966
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42964
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-42963
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
https://nvd.nist.gov/vuln/detail/CVE-2025-42959
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
##SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
Here are some interesting CVEs while we wait for the SAP advisory to be published. Fortunately, they're all post-auth.
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42980
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42967
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.
https://nvd.nist.gov/vuln/detail/CVE-2025-42966
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
https://nvd.nist.gov/vuln/detail/CVE-2025-42964
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-42963
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
https://nvd.nist.gov/vuln/detail/CVE-2025-42959
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
##SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
updated 2025-07-08T01:00:02.203000
6 posts
18 repos
https://github.com/paralelo14/CVE_2016-10033
https://github.com/chipironcin/CVE-2016-10033
https://github.com/liusec/WP-CVE-2016-10033
https://github.com/ElnurBDa/CVE-2016-10033
https://github.com/j4k0m/CVE-2016-10033
https://github.com/opsxcq/exploit-CVE-2016-10033
https://github.com/Astrowmist/POC-CVE-2016-10033
https://github.com/sealldeveloper/CVE-2016-10033-PoC
https://github.com/Bajunan/CVE-2016-10033
https://github.com/CAOlvchonger/CVE-2016-10033
https://github.com/awidardi/opsxcq-cve-2016-10033
https://github.com/GeneralTesler/CVE-2016-10033
https://github.com/0x00-0x00/CVE-2016-10033
https://github.com/pedro823/cve-2016-10033-45
https://github.com/cved-sources/cve-2016-10033
https://github.com/zeeshanbhattined/exploit-CVE-2016-10033
CISA has updated the KEV catalogue.
- CVE-2014-3931: Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2014-3931
- CVE-2016-10033: PHPMailer Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2016-10033
- CVE-2019-5418: Rails Ruby on Rails Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-5418
- CVE-2019-9621: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9621 #CISA #cybersecurity #infosec
##Four old CVEs added to the CISA KEV Catalog today:
CVE-2014-3931
CVE-2016-10033
CVE-2019-5418
CVE-2019-9621
CVE ID: CVE-2016-10033
Vendor: PHP
Product: PHPMailer
Date Added: 2025-07-07
Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18 ; https://github.com/advisories/GHSA-5f37-gxvh-23v6 ; https://nvd.nist.gov/vuln/detail/CVE-2016-10033
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2016-10033
CISA has updated the KEV catalogue.
- CVE-2014-3931: Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2014-3931
- CVE-2016-10033: PHPMailer Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2016-10033
- CVE-2019-5418: Rails Ruby on Rails Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-5418
- CVE-2019-9621: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9621 #CISA #cybersecurity #infosec
##Four old CVEs added to the CISA KEV Catalog today:
CVE-2014-3931
CVE-2016-10033
CVE-2019-5418
CVE-2019-9621
CVE ID: CVE-2016-10033
Vendor: PHP
Product: PHPMailer
Date Added: 2025-07-07
Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18 ; https://github.com/advisories/GHSA-5f37-gxvh-23v6 ; https://nvd.nist.gov/vuln/detail/CVE-2016-10033
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2016-10033
updated 2025-07-07T23:11:37
2 posts
Go hack more AI shit.
https://huntr.com/bounties/9b55a5e8-74e6-4241-b323-e360dc8b110a
##Go hack more AI shit.
https://huntr.com/bounties/9b55a5e8-74e6-4241-b323-e360dc8b110a
##updated 2025-07-07T20:15:28.173000
2 posts
Ooh, that's a fun one.
https://github.com/espressif/arduino-esp32/security/advisories/GHSA-9vfw-wx65-c872
sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery (CSRF). The update endpoints accept POST requests for firmware uploads without CSRF protection. This allows an attacker to upload and execute arbitrary firmware, resulting in remote code execution (RCE). This vulnerability is fixed in 3.2.1.
Ooh, that's a fun one.
https://github.com/espressif/arduino-esp32/security/advisories/GHSA-9vfw-wx65-c872
sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery (CSRF). The update endpoints accept POST requests for firmware uploads without CSRF protection. This allows an attacker to upload and execute arbitrary firmware, resulting in remote code execution (RCE). This vulnerability is fixed in 3.2.1.
updated 2025-07-07T19:15:22.940000
1 posts
1 repos
ScriptCase Hit by Critical Zero-Day Exploits: Remote Access Without Login
Dangerous Vulnerabilities Expose ScriptCase Servers to Full Takeover Two severe vulnerabilities have been discovered in ScriptCase, a widely used low-code development platform for PHP applications. The flaws, tracked as CVE-2025-47227 and CVE-2025-47228, were revealed by cybersecurity researchers Alexandre Droullé and Alexandre Zanni. These bugs target the "Production Environment" module—known as…
https://undercodenews.com/scriptcase-hit-by-critical-zero-day-exploits-remote-access-without-login/
##updated 2025-07-07T18:32:34
2 posts
Seems to me that this sort of thing should have been sorted at the beginning of creating a database product.
https://jira.mongodb.org/browse/SERVER-102693
##An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.
Seems to me that this sort of thing should have been sorted at the beginning of creating a database product.
https://jira.mongodb.org/browse/SERVER-102693
##An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.
updated 2025-07-07T18:32:26
1 posts
👁️🗨️ CVE-2025-53169: HIGH-severity bug in HarmonyOS 5.0.1/5.1.0 lets peers bypass controls & access distributed cameras w/o consent. No patch yet—segment networks & monitor access. https://radar.offseq.com/threat/cve-2025-53169-others-in-huawei-harmonyos-9bdce566 #OffSeq #HarmonyOS #Vuln #Privacy
##updated 2025-07-07T18:32:25
1 posts
🚨 CRITICAL: CVE-2025-7097 in Comodo Internet Security Premium 12.3.4.8162 allows remote OS command injection via cis_update_x64.xml (Manifest File Handler). No patch available—restrict usage, monitor endpoints, and enhance detection. https://radar.offseq.com/threat/cve-2025-7097-os-command-injection-in-comodo-inter-b946d8d4 #OffSeq #CVE20257097 #Vuln #BlueTeam
##updated 2025-07-07T17:15:30.030000
1 posts
🚨 CRITICAL: CVE-2025-53529 affects WeGIA <3.4.3. Unauthenticated SQL Injection in profile_funcionario.php (id_funcionario param) risks full DB compromise. Patch to 3.4.3+ and deploy WAF rules ASAP! https://radar.offseq.com/threat/cve-2025-53529-cwe-89-improper-neutralization-of-s-36601dab #OffSeq #SQLInjection #Infosec #WeGIA
##updated 2025-07-07T17:15:27.890000
2 posts
Post-auth code injection in IBM Integration Bus for z/OS.
https://www.ibm.com/support/pages/node/7239003
sev:HIGH 8.2 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
##IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.
Post-auth code injection in IBM Integration Bus for z/OS.
https://www.ibm.com/support/pages/node/7239003
sev:HIGH 8.2 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
##IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.
updated 2025-07-07T16:15:29.177000
2 posts
BoyunCMS has a few vulns that some of you may want to exploit. Mostly SQLi. No judgement. Have fun.
https://nvd.nist.gov/vuln/detail/CVE-2025-7099
https://nvd.nist.gov/vuln/detail/CVE-2025-7100
##BoyunCMS has a few vulns that some of you may want to exploit. Mostly SQLi. No judgement. Have fun.
https://nvd.nist.gov/vuln/detail/CVE-2025-7099
https://nvd.nist.gov/vuln/detail/CVE-2025-7100
##updated 2025-07-07T16:15:28.390000
3 posts
⚠️ CVE-2025-7096: CRITICAL in Comodo Internet Security Premium 12.3.4.8162. Remote attackers can bypass integrity checks (cis_update_x64.xml). No patch—switch solutions & monitor for abuse. https://radar.offseq.com/threat/cve-2025-7096-improper-validation-of-integrity-che-876c0d20 #OffSeq #CVE20257096 #Vuln #InfoSec
##https://drive.google.com/file/d/1qnWarYsTSc5_sV6o8ULv0LBvGfKKXPxn/view
sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
##A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162. This vulnerability affects unknown code of the file cis_update_x64.xml of the component Manifest File Handler. The manipulation leads to improper validation of integrity check value. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
https://drive.google.com/file/d/1qnWarYsTSc5_sV6o8ULv0LBvGfKKXPxn/view
sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
##A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162. This vulnerability affects unknown code of the file cis_update_x64.xml of the component Manifest File Handler. The manipulation leads to improper validation of integrity check value. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
updated 2025-07-07T15:31:42
1 posts
Remote code execution flaw reported in HIKVISION Security Management Platforms
HIKVISION reports a maximum-severity vulnerability (CVE-2025-34067) in its applyCT security management platform that allows unauthenticated remote code execution through a vulnerable Fastjson library, enabling attackers arbitrary code execution.
**If you have HIKVISION HikCentral security management systems, make sure it's isolated it from the internet and accessible only from trusted networks. Also block outbound LDAP connections, and then plan a quick patch cycle. Because isolation will never be enough with maximum severity flaw.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/remote-code-execution-flaw-reported-in-hikvision-security-management-platforms-6-d-6-l-l/gD2P6Ple2L
updated 2025-07-07T15:30:37
2 posts
Fuck Broadcom. I would love to provide more details but I don't have a login. Go hack some Symantec IT Management Suite shit.
sev:CRIT 9.5 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:I/V:C/RE:L/U:Red
##Remote attackers can execute arbitrary code in the context of the vulnerable service process.
Fuck Broadcom. I would love to provide more details but I don't have a login. Go hack some Symantec IT Management Suite shit.
sev:CRIT 9.5 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:I/V:C/RE:L/U:Red
##Remote attackers can execute arbitrary code in the context of the vulnerable service process.
updated 2025-07-07T14:28:51.123000
3 posts
WordPress – CVE-2025-6463 : cette faille dans le plugin Forminator menace plus de 400 000 sites Web ! https://www.it-connect.fr/wordpress-cve-2025-6463-cette-faille-dans-le-plugin-forminator-menace-plus-de-400-000-sites-web/ #ActuCybersécurité #Cybersécurité #Wordpress #Web
##WordPress Plugin flaw exposes over 600,000 websites to potential remote takeover
A critical vulnerability (CVE-2025-6463) in the Forminator WordPress plugin affecting over 600,000 installations allows unauthenticated attackers to delete arbitrary files, including critical WordPress files like wp-config.php. The flaw enable site takeover by forcing installations into setup mode after deleting wp-config.php and then connecting to a database they control.
**If you're using the Forminator WordPress plugin, immediately update to version 1.44.3 or later. Your WordPress site is exposed to the internet by design, so attackers will find it very quickly. Don't delay, updating a plugin in WordPress is quite easy. Then check your form submission logs for any suspicious entries that might indicate your site was already targeted.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/wordpress-plugin-flaw-exposes-over-600000-websites-to-potential-remote-takeover-l-f-1-0-v/gD2P6Ple2L
updated 2025-07-07T12:30:29
1 posts
CRITICAL vuln: langgenius/dify 1.1.0–1.1.2 (CVE-2025-3466) lets attackers override JS globals & run root code. Upgrade to 1.1.3 ASAP! Risk: data exposure, lateral movement. https://radar.offseq.com/threat/cve-2025-3466-cwe-1100-insufficient-isolation-of-s-222f14a8 #OffSeq #infosec #CVE20253466
##updated 2025-07-07T12:30:29
1 posts
#OT #Advisory VDE-2025-030
Frauscher: FDS101, FDS-SNMP101 and FDS102 for FAdC/FAdCi are Vulnerable to OS Command Injection Vulnerability
#CVE CVE-2025-3626, CVE-2025-3705
https://certvde.com/en/advisories/VDE-2025-030
#CSAF https://frauscher.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-030.json
##updated 2025-07-07T10:15:27.967000
1 posts
#OT #Advisory VDE-2025-030
Frauscher: FDS101, FDS-SNMP101 and FDS102 for FAdC/FAdCi are Vulnerable to OS Command Injection Vulnerability
#CVE CVE-2025-3626, CVE-2025-3705
https://certvde.com/en/advisories/VDE-2025-030
#CSAF https://frauscher.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-030.json
##updated 2025-07-07T09:30:31
1 posts
🛡️ UTT HiPER 840G (<=3.1.1-190328) hit by HIGH severity buffer overflow (CVE-2025-7118). Remote exploit possible via /goform/formPictureUrl; no patch yet. Isolate, restrict, and monitor now! https://radar.offseq.com/threat/cve-2025-7118-buffer-overflow-in-utt-hiper-840g-fcf999ba #OffSeq #Vulnerability #UTTSecurity #BufferOverflow
##updated 2025-07-07T07:15:23.973000
4 posts
Oh, WAGO, at it again. 🥳
https://certvde.com/en/advisories/VDE-2025-057/
sev:CRIT 10.0 - CVSS:3.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H
##During installation, identical certificates are installed across all systems instead of unique ones, which are intended for JWT Token encryption and signing.
The system installs identical JWT signing certificates on all installations instead of generating unique ones. This allows anyone with the shared key to forge valid tokens and impersonate users across all systems, compromising security.
🚨 CVE-2025-41672 (CRITICAL): WAGO Device Sphere 1.0.0 has a default cert flaw—remote attackers can forge JWTs for full system access. Isolate affected systems, monitor for unusual tokens, and consult WAGO for fixes. https://radar.offseq.com/threat/cve-2025-41672-cwe-1188-in-wago-wago-device-sphere-1c0a7fa8 #OffSeq #ICS #OTsecurity #CVE2025
###OT #Advisory VDE-2025-057
WAGO: Vulnerability in WAGO Device Sphere
#CVE CVE-2025-41672
https://certvde.com/en/advisories/VDE-2025-057
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-057.json
##Oh, WAGO, at it again. 🥳
https://certvde.com/en/advisories/VDE-2025-057/
sev:CRIT 10.0 - CVSS:3.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H
##During installation, identical certificates are installed across all systems instead of unique ones, which are intended for JWT Token encryption and signing.
The system installs identical JWT signing certificates on all installations instead of generating unique ones. This allows anyone with the shared key to forge valid tokens and impersonate users across all systems, compromising security.
updated 2025-07-07T06:30:30
2 posts
Command injection and SSRF in Nimesa Backup and Recovery.
https://jvn.jp/en/jp/JVN88251376/
sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running.
https://nvd.nist.gov/vuln/detail/CVE-2025-48501
sev:MED 6.9 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
##Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers.
Command injection and SSRF in Nimesa Backup and Recovery.
https://jvn.jp/en/jp/JVN88251376/
sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running.
https://nvd.nist.gov/vuln/detail/CVE-2025-48501
sev:MED 6.9 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
##Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers.
updated 2025-07-07T05:15:41.913000
3 posts
Command injection and SSRF in Nimesa Backup and Recovery.
https://jvn.jp/en/jp/JVN88251376/
sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running.
https://nvd.nist.gov/vuln/detail/CVE-2025-48501
sev:MED 6.9 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
##Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers.
🚨 CRITICAL: CVE-2025-48501 in Nimesa Backup & Recovery v2.3/2.4 enables remote OS command injection (CVSS 9.8). No auth needed; patch unavailable. Restrict access, monitor logs, and check with vendor. https://radar.offseq.com/threat/cve-2025-48501-improper-neutralization-of-special--a2555ec3 #OffSeq #CVE202548501 #Infosec #Vuln
##Command injection and SSRF in Nimesa Backup and Recovery.
https://jvn.jp/en/jp/JVN88251376/
sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running.
https://nvd.nist.gov/vuln/detail/CVE-2025-48501
sev:MED 6.9 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
##Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers.
updated 2025-07-07T03:30:29
3 posts
Post-auth command injection in ThreatSonar Anti-Ransomware.
https://www.twcert.org.tw/tw/cp-132-10231-a15c8-1.html
##ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vulnerability, allowing remote attackers with product platform intermediate privileges to inject arbitrary OS commands and execute them on the server, thereby gaining administrative access to the remote host.
⚠️ CVE-2025-7145: HIGH severity OS Command Injection in TeamT5 ThreatSonar Anti-Ransomware v3.6.0—attackers w/ intermediate privileges can execute arbitrary OS commands & gain admin access. No patch yet—implement access controls & monitor activity. https://radar.offseq.com/threat/cve-2025-7145-cwe-78-improper-neutralization-of-sp-cdb83c07 #OffSeq #Vuln #BlueTeam #InfoSec
##Post-auth command injection in ThreatSonar Anti-Ransomware.
https://www.twcert.org.tw/tw/cp-132-10231-a15c8-1.html
##ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vulnerability, allowing remote attackers with product platform intermediate privileges to inject arbitrary OS commands and execute them on the server, thereby gaining administrative access to the remote host.
updated 2025-07-07T03:30:29
2 posts
BoyunCMS has a few vulns that some of you may want to exploit. Mostly SQLi. No judgement. Have fun.
https://nvd.nist.gov/vuln/detail/CVE-2025-7099
https://nvd.nist.gov/vuln/detail/CVE-2025-7100
##BoyunCMS has a few vulns that some of you may want to exploit. Mostly SQLi. No judgement. Have fun.
https://nvd.nist.gov/vuln/detail/CVE-2025-7099
https://nvd.nist.gov/vuln/detail/CVE-2025-7100
##updated 2025-07-07T03:30:23
2 posts
BoyunCMS has a few vulns that some of you may want to exploit. Mostly SQLi. No judgement. Have fun.
https://nvd.nist.gov/vuln/detail/CVE-2025-7099
https://nvd.nist.gov/vuln/detail/CVE-2025-7100
##BoyunCMS has a few vulns that some of you may want to exploit. Mostly SQLi. No judgement. Have fun.
https://nvd.nist.gov/vuln/detail/CVE-2025-7099
https://nvd.nist.gov/vuln/detail/CVE-2025-7100
##updated 2025-07-07T00:30:24
2 posts
BoyunCMS has a few vulns that some of you may want to exploit. Mostly SQLi. No judgement. Have fun.
https://nvd.nist.gov/vuln/detail/CVE-2025-7099
https://nvd.nist.gov/vuln/detail/CVE-2025-7100
##BoyunCMS has a few vulns that some of you may want to exploit. Mostly SQLi. No judgement. Have fun.
https://nvd.nist.gov/vuln/detail/CVE-2025-7099
https://nvd.nist.gov/vuln/detail/CVE-2025-7100
##updated 2025-07-06T15:30:36
4 posts
@cR0w is that the correct CVE link? CVE-2025-7079 seems unrelated to Broadcom
##Since the latest release is two years old, I don't expect many people use this. But have another hardcoded JWT secret.
https://github.com/mao888/bluebell-plus/issues/35
##A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plus leads to use of hard-coded password. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
@cR0w is that the correct CVE link? CVE-2025-7079 seems unrelated to Broadcom
##Since the latest release is two years old, I don't expect many people use this. But have another hardcoded JWT secret.
https://github.com/mao888/bluebell-plus/issues/35
##A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plus leads to use of hard-coded password. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
updated 2025-07-06T06:15:21.587000
1 posts
PrivEsc in Apache APISIX.
https://lists.apache.org/thread/qwxnxolt0j5nvjfpr0mlz6h7nrtvyzng
##Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner).
Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges.
This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0.Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.
updated 2025-07-05T03:30:32
1 posts
1 repos
ScriptCase Hit by Critical Zero-Day Exploits: Remote Access Without Login
Dangerous Vulnerabilities Expose ScriptCase Servers to Full Takeover Two severe vulnerabilities have been discovered in ScriptCase, a widely used low-code development platform for PHP applications. The flaws, tracked as CVE-2025-47227 and CVE-2025-47228, were revealed by cybersecurity researchers Alexandre Droullé and Alexandre Zanni. These bugs target the "Production Environment" module—known as…
https://undercodenews.com/scriptcase-hit-by-critical-zero-day-exploits-remote-access-without-login/
##updated 2025-07-04T15:31:08
1 posts
Never had this problem with traceroute. ducks
https://github.com/Homebrew/homebrew-core/issues/35085
sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
##mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.
updated 2025-07-04T06:30:28
1 posts
Okay, this one's kind of funny. 1s and 0s are hard.
https://access.redhat.com/security/cve/CVE-2025-5372
sev:MED 5.0 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
##A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
updated 2025-07-03T22:15:21.140000
3 posts
@pabloyoyoista Does anyone know if https://github.blog/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre/ applies to the #flatpak versions of #Papers or #Evince from #flathub?
##sev:HIGH 8.4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer. This can lead to writes beyond the allocated memory, resulting in a heap corruption condition. An out-of-bounds read with pr is also possible for the same reason. This issue has been patched in version 3.5.29.
updated 2025-07-03T22:15:21.010000
1 posts
sev:HIGH cache poisoning vuln in next dot js.
https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r
A vulnerability affecting Next.js has been addressed. It impacted versions >=15.1.0 <15.1.8 and involved a cache poisoning bug leading to a Denial of Service (DoS) condition.
Edit to add the CVE: https://www.cve.org/CVERecord?id=CVE-2025-49826
##updated 2025-07-03T15:23:28.870000
9 posts
🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟒 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥
𝐍𝐞𝐰𝐬:
1. Ekco Ireland grows headcount to more than 1,000 with Adapt IT acquisition
https://www.siliconrepublic.com/business/ekco-adapt-it-acquisition-growth-expansion-cybersecurity
2. Estonia’s cyber ambassador on digitalization, punching upwards and outing GRU spies
https://therecord.media/estonia-cyber-ambassador-interview
3. Why cybersecurity should be seen as a business enabler, not a blocker
https://www.siliconrepublic.com/enterprise/bitdefender-leadership-cybersecurity-tech-ai
4. South Korea penalises 'negligent' SK Telecom over major data leak
5. Russia jails man for 16 years over pro-Ukraine cyberattacks on critical infrastructure
https://therecord.media/russia-jails-man-over-pro-ukraine-cyberattacks
6. CVE-2025-20309: Cisco Unified Communications Manager Static SSH Credentials Maximum Severity Vulnerability
7. Criminals Sending QR Codes in Phishing, Malware Campaigns
https://www.darkreading.com/endpoint-security/criminals-send-qr-codes-phishing
8. Interpol identifies West Africa as potential new hotspot for cybercrime compounds
https://therecord.media/interpol-west-africa-cybercrime-compounds
---
𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:
1. Allianz Seguros Spain Allegedly Breached – Database of 4.6 Million Offered for Sale
---
𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:
1. Taking SHELLTER: a commercial evasion framework abused in- the- wild
https://www.elastic.co/security-labs/taking-shellter
2. Threat Actors Recompile SonicWall's NetExtender to Include SilentRoute Backdoor
3. RondoDox Unveiled: Breaking Down a New Botnet Threat
https://www.fortinet.com/blog/threat-research/rondobox-unveiled-breaking-down-a-botnet-threat
4. Hpingbot: A New Botnet Family Based on Pastebin Payload Delivery Chain and Hping3 DDoS Module
5. 8 More Malicious Firefox Extensions: Exploiting Popular Game Recognition, Hijacking User Sessions, and Stealing OAuth Credentials
https://socket.dev/blog/8-more-malicious-firefox-extensions
6. Satori Threat Intelligence Alert: IconAds Conceals Source of Ad Fraud from Users
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-iconads/
7. When Installers Turn Evil: The Pascal Script Behind Inno Setup Malware Campaign
https://www.splunk.com/en_us/blog/security/inno-setup-malware-redline-stealer-campaign.html
---
𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐅𝐈𝐑 / 𝐌𝐚𝐥𝐰𝐚𝐫𝐞:
1. The Future of Threat Hunting and Investigation : ELK MCP Server
2. Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
3. Researchers Defeat Content Security Policy Protections via HTML Injection
https://jorianwoltjer.com/blog/p/research/nonce-csp-bypass-using-disk-cache
4. Cl0p Ransomware’s Exfiltration Process Exposes RCE Vulnerability
https://infosec.exchange/@adulau/114777339291449811
5. Identifying and abusing Azure Arc for hybrid escalation and persistence
https://www.ibm.com/think/x-force/identifying-abusing-azure-arc-for-hybrid-escalation-persistence
6. Detecting Attacks in Real-Time with Falco and Grafana: A Beginner’s Guide
7. How I Bypassed a WAF | Why Documentation matters | RGHX
https://rghx.medium.com/how-i-bypassed-a-waf-why-documentation-matters-rghx-62dc301e39f1
8. One attack, one alert: From thousands of signals to one clear story
https://www.group-ib.com/blog/one-attack-one-alert/
9. Azure Honeypot with Live Traffic
https://medium.com/@rajesh.p3807/azure-honeypot-with-live-traffic-6de04990e651
10. dnSpy—Static Analysis of a .NET Malware
https://medium.com/@tarunrd77/dnspy-static-analysis-of-a-net-malware-012806424acf
11. Part 3: In-Memory Execution Methods — How Malware Lives Rent-Free in Your System
12. Using Process Parent and Children Relationships for Detection and Hunting
https://www.knowyouradversary.ru/2025/07/185-using-process-parent-and-children.html
13. Taking over 60k spyware user accounts with SQL injection
https://ericdaigle.ca/posts/taking-over-60k-spyware-user-accounts/
14. Logwatcher’s Zenit #05: Beginner Mistakes in KQL
15. Custom AnyDesk Abuse: A Stealthy Way Adversaries Take Over Your System
---
𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:
1. The Evolving Threat Landscape: A Comprehensive Report on Scattered Spider
https://falconfeeds.io/blogs/scattered-spider-evolving-cyber-threat-report
2. Exclusive disclosure of the attack activities of the APT group NightEagle
3. Iran's Intelligence Group 13
https://dti.domaintools.com/irans-intelligence-group-13/
4. Beneath the Waves and Beyond: How Cybersecurity and Undersea Defense Stocks Are Rising to Meet Russia's Hybrid Threats
5. PLA’s Multi-Domain Reorganization: Cyberspace, Aerospace, and Information Support Forces Reshape the Threat Landscape
6. First Quarter 2025 Ransomware Trends
https://www.optiv.com/insights/discover/blog/first-quarter-2025-ransomware-trends
---
##Another static, unchangable root password in Cisco gear. In 2025.
##Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) https://www.helpnetsecurity.com/2025/07/03/cisco-fixes-maximum-severity-flaw-in-enterprise-unified-comms-platform-cve-2025-20309/ #communication #vulnerability #enterprise #Don'tmiss #Hotstuff #Cisco #News #SMBs
##Cisco patches critical hardcoded credentials vulnerability in Unified Communications Manager
Cisco reports a maximum-severity vulnerability (CVE-2025-20309) in its Unified Communications Manager platforms caused by hardcoded static SSH credentials for the root account. The flaw allows unauthenticated remote attackers to gain complete administrative control over enterprise IP telephony networks.
**Obvious first step - isolate the SSH port of your CUCM and make it accessible from trusted networks only. Then VERY QUICLY update to versions 15.0.1.13010-1 through 15.0.1.13017-1, or apply the patches. Just isolating the CUCM isn't enough - the hardcoded password can be abused by malicious insiders, or other devices with access to trusted networks can be breached and the attackers can then breach CUCM.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisco-patches-critical-hardcoded-credentials-vulnerability-in-unified-communications-manager-i-k-5-m-e/gD2P6Ple2L
Cisco Issues Urgent Patch for Critical Unified CM Vulnerability (CVE-2025-20309) https://thecyberexpress.com/cisco-patches-cve-2025-20309-vulnerability/ #TheCyberExpressNews #Ciscovulnerability #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202520309 #UnifiedCMSME #CyberNews #UnifiedCM
##A note on the security advisory for CVE-2025-20309 in Cisco Unified Communications Manager which covers hard coded credentials - as I understand it this only impacts a special version of the product that users would have to contact TAC to get. If that is a correct understanding then I would expect this to limit the likelihood that organizations are running the impacted versions.
Quoting from the advisory:
##This vulnerability affects Cisco Unified CM and Unified CM SME Engineering Special (ES) releases 15.0.1.13010-1 through 15.0.1.13017-1, regardless of device configuration.
Note: ES releases are limited fix releases that are distributed only by the Cisco Technical Assistance Center (TAC).
@_newick NIST hasn't published it then. It's also available here: https://www.cve.org/CVERecord?id=CVE-2025-20309
##New.
CVE-2025-20309 (critical): Cisco Unified Communications Manager Static SSH Credentials Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7
- Cisco Spaces Connector Privilege Escalation Vulnerability - CVE-2025-20308 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spaces-conn-privesc-kgD2CcDU
- Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability - CVE-2025-20310 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc
- Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability - CVE-2025-20307 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-O696ymRA @TalosSecurity #cybersecurity #infosec #Cisco
##Are you fucking kidding me Cisco? Again?
sev:CRIT 10.0 🥳
##A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.
updated 2025-07-03T15:14:12.767000
1 posts
Command injection in the discussion-to-slack workflow in gluestack-ui.
https://github.com/gluestack/gluestack-ui/security/advisories/GHSA-432r-9455-7f9x
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
##gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS (NativeWind). Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussion fields (title, body, etc.) were directly interpolated into shell commands in a run: block. An attacker could craft a malicious GitHub Discussion title or body (e.g., $(curl ...)) to execute arbitrary shell commands on the Actions runner. This issue has been fixed in commit e6b4271 where the discussion-to-slack.yml workflow was removed. Users should remove the discussion-to-slack.yml workflow if using a fork or derivative of this repository.
updated 2025-07-03T15:14:12.767000
1 posts
I don't understand the issue here. It's literally in the name of the company. 🥳
sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary users within a OneLogin tenant. The tokens allow authentication to the OneLogin SSO portal and all downstream applications federated via SAML or OIDC. This allows full unauthorized access across the victim’s SaaS environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-34063
sev:CRIT 9.0 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N
##A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directory tokens, user metadata, and environment configuration. This enables cross-tenant leakage of secrets, potentially allowing JWT signing key recovery and user impersonation.
updated 2025-07-03T15:14:12.767000
1 posts
Go hack more remote support shit.
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04878en_us&docLocale=en_US
Multiple security vulnerabilities have been identified in HPE Insight Remote Support. These vulnerabilities could remotely allow a directory traversal, disclosure of information, or code execution.
CVE-2025-37097 ( sev:MED 7.5 - :CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H )
CVE-2025-37098 ( sev:MED 6.5 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVE-2025-37099 ( sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H )
updated 2025-07-03T15:14:12.767000
1 posts
Ten CVEs in various ASR gear. They're all rated sev:HIGH by ASR, though the CVSS scores are eight sev:MED and two sev:HIGH.
https://www.asrmicro.com/en/goods/psirt?cid=40
CVE-2025-5072
CVE-2025-49489
CVE-2025-49490
CVE-2025-49491
CVE-2025-49492
CVE-2025-49488
CVE-2025-49480
CVE-2025-49481
CVE-2025-49482
CVE-2025-49483
updated 2025-07-03T15:14:12.767000
1 posts
Ten CVEs in various ASR gear. They're all rated sev:HIGH by ASR, though the CVSS scores are eight sev:MED and two sev:HIGH.
https://www.asrmicro.com/en/goods/psirt?cid=40
CVE-2025-5072
CVE-2025-49489
CVE-2025-49490
CVE-2025-49491
CVE-2025-49492
CVE-2025-49488
CVE-2025-49480
CVE-2025-49481
CVE-2025-49482
CVE-2025-49483
updated 2025-07-03T15:14:12.767000
1 posts
Ten CVEs in various ASR gear. They're all rated sev:HIGH by ASR, though the CVSS scores are eight sev:MED and two sev:HIGH.
https://www.asrmicro.com/en/goods/psirt?cid=40
CVE-2025-5072
CVE-2025-49489
CVE-2025-49490
CVE-2025-49491
CVE-2025-49492
CVE-2025-49488
CVE-2025-49480
CVE-2025-49481
CVE-2025-49482
CVE-2025-49483
updated 2025-07-03T15:13:53.147000
1 posts
https://www.asna.com/en/kb/security-update
##This vulnerability affects only our Windows-based products. DataGate for IBM i is not affected. Our Visual RPG (for .NET and Classic), Wings, Mobile RPG, and DataGate for SQL Server are affected by this vulnerability and need to be updated.
The vulnerability exists only on the network where Windows machines are running the affected ASNA Assist or ASNA Registrar services. The threat is present only when these vulnerable services are running and an untrusted user has Windows network access (e.g., via a malicious intruder or a disgruntled employee).
ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication. The services are implemented with .NET remoting and can be exploited via well-known deserialization techniques inherent in the technology. Because the services run with SYSTEM-level rights, exploits can be crafted to achieve escalation of privilege and arbitrary code execution. This affects DataGate for SQL Server 17.0.36.0 and 16.0.89.0, DataGate Component Suite 17.0.36.0 and 16.0.89.0, DataGate Monitor 17.0.26.0 and 16.0.65.0, DataGate WebPak 17.0.37.0 and 16.0.90.0, Monarch for .NET 11.4.50.0 and 10.0.62.0, Encore RPG 4.1.36.0, Visual RPG .NET FW 17.0.37.0 and 16.0.90.0, Visual RPG .NET FW Windows Deployment 17.0.36.0 and 16.0.89.0, WingsRPG 11.0.38.0 and 10.0.95.0, Mobile RPG 11.0.35.0 and 10.0.94.0, Monarch Framework for .NET FW 11.0.36.0 and 10.0.89.0, Browser Terminal 17.0.37.0 and 16.0.90.0, Visual RPG Classic 5.2.7.0 and 5.1.17.0, Visual RPG Deployment 5.2.7.0 and 5.1.17.0, and DataGate Studio 17.0.38.0 and 16.0.104.0.
updated 2025-07-03T15:13:53.147000
1 posts
Oh my.
sev:MED 5.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
##In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint.
updated 2025-07-03T15:13:53.147000
2 posts
🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟑 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥
𝐍𝐞𝐰𝐬:
1. Microsoft to Lay Off 9,000 Employees, Affecting 4% of Workforce
2. Hunters International Ransomware Shuts Down, Offers Free Decryptors to Victims
3. UK charity bank branded a 'disaster' after platform migration goes wrong
https://www.theregister.com/2025/07/03/uk_charity_bank_migration_disaster/
4. Police warn of SMS scams following prison sentence for criminal who conducted smishing campaign
5. Large Language Models (LLMs) Are Falling for Phishing Scams: What Happens When AI Gives You the Wrong URL?
https://www.netcraft.com/blog/large-language-models-are-falling-for-phishing-scams
6. Russia’s Cyber Warriors Assail NATO-Linked Private Companies
https://cepa.org/article/russias-cyber-warriors-assail-nato-linked-private-companies/
7. US probes negotiator suspected of taking crypto ransomware money
https://cointelegraph.com/news/digitalmint-employee-under-investigation-by-us-justice-department
8. Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
9. Spain arrests hackers who targeted politicians and journalists
https://policia.es/_es/comunicacion_prensa_detalle.php?ID=16602
10. A third of organisations take more than 90 days to remediate threats
---
𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:
1. Irish Eyecare software firm Ocuco investigating cyber-attack
https://thecurrency.news/articles/194653/eyecare-software-firm-ocuco-investigating-cyber-attack/
---
𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:
1. Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/
2. Snake Keyloggers Exploit Java Tools to Bypass Security – Active IOCs
3. Who are DragonForce Ransomware Group?
https://www.bridewell.com/insights/blogs/detail/who-are-dragonforce-ransomware-group
4. Silent Push Uncovers Chinese Fake Marketplace e-Commerce Phishing Campaign Using Thousands of Websites to Spoof Popular Retail Brands
5. Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open
https://www.wiz.io/blog/exposed-jdwp-exploited-in-the-wild
6. Malvertising Campaign Delivers Oyster/Broomstick Backdoor via SEO Poisoning and Trojanized Tools
7. North Korean APT Kimsuky aka Black Banshee – Active IOCs
https://rewterz.com/threat-advisory/north-korean-apt-kimsuky-aka-black-banshee-active-iocs-52
8. DarkTortilla Malware – Active IOCs
https://rewterz.com/threat-advisory/darktortilla-malware-active-iocs-2
---
𝐀𝐏𝐓 𝐈𝐎𝐂𝐬:
1. Lazarus: Source VT
yourdomainhost[.]store
api[.]yourdomainhost[.]store
2. Kimsuky: Source Validin
Accounts-mysticete[.]servepics[.]com
freedrive[.]servehttp[.]com
login-accounts[.]servehttp[.]com
myaccounts-profile[.]servehttp[.]com
mydocs[.]onthewifi[.]com
securedrive-mofa[.]servehttp[.]com
translate[.]onthewifi[.]com
undocs[.]ddns[.]net
undocs[.]myvnc[.]com
undocs[.]servehttp[.]com
---
𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐅𝐈𝐑 / 𝐌𝐚𝐥𝐰𝐚𝐫𝐞:
1. Automating macOS Incident Response: DFIR-as-Code in Action Against AppleProcessHub
2. Using Staging Folders For Threat Hunting
https://www.knowyouradversary.ru/2025/07/183-using-staging-folders-for-threat.html
3. PDFs: Portable documents, or perfect deliveries for phish?
https://blog.talosintelligence.com/pdfs-portable-documents-or-perfect-deliveries-for-phish/
4. EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)
5. Yet another ZIP trick
https://hackarcana.com/article/yet-another-zip-trick
6. Malware development trick 48: leveraging Office macros for malware. Simple VBA example.
https://cocomelonc.github.io/malware/2025/07/01/malware-tricks-48.html
7. Hijacked by a Text: Understanding and Preventing SIM Swapping Attack
https://www.bitsight.com/blog/what-is-sim-swapping
8. CrowdStrike Services Observes SCATTERED SPIDER Escalate Attacks Across Industries
9. DanaBot Lab Analysis
https://omer-secure.medium.com/danabot-lab-analysis-7dbaa179f3e4
10. ClickFix Campaign: How Clipboard Injection Leads to RAT Infection (Part 1)
11. Release Notes: Detonation Actions, Enhanced QR Extraction, and 1,400+ New Detection Rules
https://any.run/cybersecurity-blog/release-notes-june-2025/
12. Inside Android Malware Development: Building a C2 Exfiltrator from the UI to the Network
---
𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:
1. Pro-Russian hacktivism: Shifting alliances, new groups and risks
https://intel471.com/blog/pro-russian-hacktivism-shifting-alliances-new-groups-and-risks
2. Insider Risk Lessons from the DPRK IT Worker Crackdown
https://www.dtexsystems.com/blog/insider-risk-lessons-from-dprk-crackdown/
3. Calling Out Russia: France’s Shift on Public Attribution
https://warontherocks.com/2025/07/calling-out-russia-frances-shift-on-public-attribution/
4. Outsourced Trust: How Coinbase's $400M Problem Started in an Indian Call Center
https://www.reco.ai/blog/coinbase-breach
---
##EscapeRoute: How we found 2 vulnerabilities in Anthropic’s Filesystem MCP Server (CVE-2025-53109 & CVE-2025-53110) https://cymulate.com/blog/cve-2025-53109-53110-escaperoute-anthropic/?utm_source=linkedin&utm_medium=social&utm_campaign=2025-q3-cve-2025-53109-53110-escaperoute-anthropic-blog&utm_term=blog
##updated 2025-07-03T15:13:53.147000
1 posts
New.
CVE-2025-20309 (critical): Cisco Unified Communications Manager Static SSH Credentials Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7
- Cisco Spaces Connector Privilege Escalation Vulnerability - CVE-2025-20308 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spaces-conn-privesc-kgD2CcDU
- Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability - CVE-2025-20310 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc
- Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability - CVE-2025-20307 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-O696ymRA @TalosSecurity #cybersecurity #infosec #Cisco
##updated 2025-07-03T15:13:53.147000
1 posts
Whoopsie. DoS in ModSecurity.
https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-gw9c-4wfm-vj3x
sev:MED 6.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
##ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least one XML tag is empty (eg ), then a segmentation fault occurs. This issue has been patched in version 2.9.11. A workaround involves setting SecParseXmlIntoArgs to Off.
updated 2025-07-03T15:13:53.147000
1 posts
PrivEsc in Graylog.
https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-3m86-c9x3-vwm9
sev:HIGH 8.8 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
##Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests to the Graylog REST API and exploit a weak permission check for token creation. This issue has been patched in versions 6.2.4 and 6.3.0-rc.2. A workaround involves disabling the respective configuration found in System > Configuration > Users > "Allow users to create personal access tokens".
updated 2025-07-03T15:13:53.147000
1 posts
IDK how old this disclosure is because once again, there's no date on the post. But the CVEs were just published today. Happy hacking.
https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/
An analysis primarily of Kerio Control revealed a design flaw in the implementation of the communication with GFI AppManager, leading to an authentication bypass vulnerability in the product under audit. Once the authentication bypass is achieved, the attacker can cause the execution of arbitrary code and commands.
sev:CRIT 9.5 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H - https://nvd.nist.gov/vuln/detail/CVE-2025-34069
sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H - https://nvd.nist.gov/vuln/detail/CVE-2025-34070
sev:CRIT 9.4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H - https://nvd.nist.gov/vuln/detail/CVE-2025-34071
updated 2025-07-03T15:13:53.147000
1 posts
A bunch of Infinera and Nokia vulns got published today. Could be worth checking out based on where these specific systems tend to sit.
Infinera G42:
https://nvd.nist.gov/vuln/detail/CVE-2025-27021
https://nvd.nist.gov/vuln/detail/CVE-2025-27022
https://nvd.nist.gov/vuln/detail/CVE-2025-27023
https://nvd.nist.gov/vuln/detail/CVE-2025-27024
https://nvd.nist.gov/vuln/detail/CVE-2025-27025
Nokia Single RAN:
https://nvd.nist.gov/vuln/detail/CVE-2025-24328
https://nvd.nist.gov/vuln/detail/CVE-2025-24329
https://nvd.nist.gov/vuln/detail/CVE-2025-24330
https://nvd.nist.gov/vuln/detail/CVE-2025-24331
https://nvd.nist.gov/vuln/detail/CVE-2025-24332
https://nvd.nist.gov/vuln/detail/CVE-2025-24333
##updated 2025-07-03T15:13:53.147000
1 posts
A bunch of Infinera and Nokia vulns got published today. Could be worth checking out based on where these specific systems tend to sit.
Infinera G42:
https://nvd.nist.gov/vuln/detail/CVE-2025-27021
https://nvd.nist.gov/vuln/detail/CVE-2025-27022
https://nvd.nist.gov/vuln/detail/CVE-2025-27023
https://nvd.nist.gov/vuln/detail/CVE-2025-27024
https://nvd.nist.gov/vuln/detail/CVE-2025-27025
Nokia Single RAN:
https://nvd.nist.gov/vuln/detail/CVE-2025-24328
https://nvd.nist.gov/vuln/detail/CVE-2025-24329
https://nvd.nist.gov/vuln/detail/CVE-2025-24330
https://nvd.nist.gov/vuln/detail/CVE-2025-24331
https://nvd.nist.gov/vuln/detail/CVE-2025-24332
https://nvd.nist.gov/vuln/detail/CVE-2025-24333
##updated 2025-07-03T15:13:53.147000
1 posts
A bunch of Infinera and Nokia vulns got published today. Could be worth checking out based on where these specific systems tend to sit.
Infinera G42:
https://nvd.nist.gov/vuln/detail/CVE-2025-27021
https://nvd.nist.gov/vuln/detail/CVE-2025-27022
https://nvd.nist.gov/vuln/detail/CVE-2025-27023
https://nvd.nist.gov/vuln/detail/CVE-2025-27024
https://nvd.nist.gov/vuln/detail/CVE-2025-27025
Nokia Single RAN:
https://nvd.nist.gov/vuln/detail/CVE-2025-24328
https://nvd.nist.gov/vuln/detail/CVE-2025-24329
https://nvd.nist.gov/vuln/detail/CVE-2025-24330
https://nvd.nist.gov/vuln/detail/CVE-2025-24331
https://nvd.nist.gov/vuln/detail/CVE-2025-24332
https://nvd.nist.gov/vuln/detail/CVE-2025-24333
##updated 2025-07-03T15:13:53.147000
1 posts
A bunch of Infinera and Nokia vulns got published today. Could be worth checking out based on where these specific systems tend to sit.
Infinera G42:
https://nvd.nist.gov/vuln/detail/CVE-2025-27021
https://nvd.nist.gov/vuln/detail/CVE-2025-27022
https://nvd.nist.gov/vuln/detail/CVE-2025-27023
https://nvd.nist.gov/vuln/detail/CVE-2025-27024
https://nvd.nist.gov/vuln/detail/CVE-2025-27025
Nokia Single RAN:
https://nvd.nist.gov/vuln/detail/CVE-2025-24328
https://nvd.nist.gov/vuln/detail/CVE-2025-24329
https://nvd.nist.gov/vuln/detail/CVE-2025-24330
https://nvd.nist.gov/vuln/detail/CVE-2025-24331
https://nvd.nist.gov/vuln/detail/CVE-2025-24332
https://nvd.nist.gov/vuln/detail/CVE-2025-24333
##updated 2025-07-03T12:35:09
1 posts
updated 2025-07-02T18:56:41
2 posts
🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟑 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥
𝐍𝐞𝐰𝐬:
1. Microsoft to Lay Off 9,000 Employees, Affecting 4% of Workforce
2. Hunters International Ransomware Shuts Down, Offers Free Decryptors to Victims
3. UK charity bank branded a 'disaster' after platform migration goes wrong
https://www.theregister.com/2025/07/03/uk_charity_bank_migration_disaster/
4. Police warn of SMS scams following prison sentence for criminal who conducted smishing campaign
5. Large Language Models (LLMs) Are Falling for Phishing Scams: What Happens When AI Gives You the Wrong URL?
https://www.netcraft.com/blog/large-language-models-are-falling-for-phishing-scams
6. Russia’s Cyber Warriors Assail NATO-Linked Private Companies
https://cepa.org/article/russias-cyber-warriors-assail-nato-linked-private-companies/
7. US probes negotiator suspected of taking crypto ransomware money
https://cointelegraph.com/news/digitalmint-employee-under-investigation-by-us-justice-department
8. Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
9. Spain arrests hackers who targeted politicians and journalists
https://policia.es/_es/comunicacion_prensa_detalle.php?ID=16602
10. A third of organisations take more than 90 days to remediate threats
---
𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:
1. Irish Eyecare software firm Ocuco investigating cyber-attack
https://thecurrency.news/articles/194653/eyecare-software-firm-ocuco-investigating-cyber-attack/
---
𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:
1. Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/
2. Snake Keyloggers Exploit Java Tools to Bypass Security – Active IOCs
3. Who are DragonForce Ransomware Group?
https://www.bridewell.com/insights/blogs/detail/who-are-dragonforce-ransomware-group
4. Silent Push Uncovers Chinese Fake Marketplace e-Commerce Phishing Campaign Using Thousands of Websites to Spoof Popular Retail Brands
5. Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open
https://www.wiz.io/blog/exposed-jdwp-exploited-in-the-wild
6. Malvertising Campaign Delivers Oyster/Broomstick Backdoor via SEO Poisoning and Trojanized Tools
7. North Korean APT Kimsuky aka Black Banshee – Active IOCs
https://rewterz.com/threat-advisory/north-korean-apt-kimsuky-aka-black-banshee-active-iocs-52
8. DarkTortilla Malware – Active IOCs
https://rewterz.com/threat-advisory/darktortilla-malware-active-iocs-2
---
𝐀𝐏𝐓 𝐈𝐎𝐂𝐬:
1. Lazarus: Source VT
yourdomainhost[.]store
api[.]yourdomainhost[.]store
2. Kimsuky: Source Validin
Accounts-mysticete[.]servepics[.]com
freedrive[.]servehttp[.]com
login-accounts[.]servehttp[.]com
myaccounts-profile[.]servehttp[.]com
mydocs[.]onthewifi[.]com
securedrive-mofa[.]servehttp[.]com
translate[.]onthewifi[.]com
undocs[.]ddns[.]net
undocs[.]myvnc[.]com
undocs[.]servehttp[.]com
---
𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐅𝐈𝐑 / 𝐌𝐚𝐥𝐰𝐚𝐫𝐞:
1. Automating macOS Incident Response: DFIR-as-Code in Action Against AppleProcessHub
2. Using Staging Folders For Threat Hunting
https://www.knowyouradversary.ru/2025/07/183-using-staging-folders-for-threat.html
3. PDFs: Portable documents, or perfect deliveries for phish?
https://blog.talosintelligence.com/pdfs-portable-documents-or-perfect-deliveries-for-phish/
4. EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)
5. Yet another ZIP trick
https://hackarcana.com/article/yet-another-zip-trick
6. Malware development trick 48: leveraging Office macros for malware. Simple VBA example.
https://cocomelonc.github.io/malware/2025/07/01/malware-tricks-48.html
7. Hijacked by a Text: Understanding and Preventing SIM Swapping Attack
https://www.bitsight.com/blog/what-is-sim-swapping
8. CrowdStrike Services Observes SCATTERED SPIDER Escalate Attacks Across Industries
9. DanaBot Lab Analysis
https://omer-secure.medium.com/danabot-lab-analysis-7dbaa179f3e4
10. ClickFix Campaign: How Clipboard Injection Leads to RAT Infection (Part 1)
11. Release Notes: Detonation Actions, Enhanced QR Extraction, and 1,400+ New Detection Rules
https://any.run/cybersecurity-blog/release-notes-june-2025/
12. Inside Android Malware Development: Building a C2 Exfiltrator from the UI to the Network
---
𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:
1. Pro-Russian hacktivism: Shifting alliances, new groups and risks
https://intel471.com/blog/pro-russian-hacktivism-shifting-alliances-new-groups-and-risks
2. Insider Risk Lessons from the DPRK IT Worker Crackdown
https://www.dtexsystems.com/blog/insider-risk-lessons-from-dprk-crackdown/
3. Calling Out Russia: France’s Shift on Public Attribution
https://warontherocks.com/2025/07/calling-out-russia-frances-shift-on-public-attribution/
4. Outsourced Trust: How Coinbase's $400M Problem Started in an Indian Call Center
https://www.reco.ai/blog/coinbase-breach
---
##EscapeRoute: How we found 2 vulnerabilities in Anthropic’s Filesystem MCP Server (CVE-2025-53109 & CVE-2025-53110) https://cymulate.com/blog/cve-2025-53109-53110-escaperoute-anthropic/?utm_source=linkedin&utm_medium=social&utm_campaign=2025-q3-cve-2025-53109-53110-escaperoute-anthropic-blog&utm_term=blog
##updated 2025-07-02T18:31:32
3 posts
CISA warns of active attacks on Signal clone TeleMessage
CISA has issued a warning about two actively exploited vulnerabilities in TeleMessage TM SGNL, a Signal clone used by national security staffers and government officials, including a Spring Boot Actuator misconfiguration (CVE-2025-48927) that exposes memory dumps and a local access vulnerability (CVE-2025-48928) enabling password extraction.
**If you're using TeleMessage TM SGNL, start patching it today, because it's being actively exploited. Alternatively, stop using the software entirely. Switch back to standard Signal or another approved properly encrypted messaging app since TM SGNL has already been breached and continues to be attacked.**
#cybersecurity #infosec #attack #activeattack
https://beyondmachines.net/event_details/cisa-warns-of-active-attacks-on-signal-clone-telemessage-6-j-0-0-k/gD2P6Ple2L
CISA has added to the KEV catalogue:
- CVE-2025-48927: TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-48927
- CVE-2025-48928: TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-48928
From yesterday:
- CVE-2025-6543: Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-6543 #CISA #cybersecurity #infosec
##CVE ID: CVE-2025-48928
Vendor: TeleMessage
Product: TM SGNL
Date Added: 2025-07-01
Notes: It is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue use of the product. ; https://nvd.nist.gov/vuln/detail/CVE-2025-48928
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-48928
updated 2025-07-02T18:30:42
1 posts
New.
CVE-2025-20309 (critical): Cisco Unified Communications Manager Static SSH Credentials Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7
- Cisco Spaces Connector Privilege Escalation Vulnerability - CVE-2025-20308 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spaces-conn-privesc-kgD2CcDU
- Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability - CVE-2025-20310 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc
- Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability - CVE-2025-20307 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-O696ymRA @TalosSecurity #cybersecurity #infosec #Cisco
##updated 2025-07-02T18:30:37
1 posts
New.
CVE-2025-20309 (critical): Cisco Unified Communications Manager Static SSH Credentials Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7
- Cisco Spaces Connector Privilege Escalation Vulnerability - CVE-2025-20308 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spaces-conn-privesc-kgD2CcDU
- Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability - CVE-2025-20310 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc
- Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability - CVE-2025-20307 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-O696ymRA @TalosSecurity #cybersecurity #infosec #Cisco
##updated 2025-07-02T15:31:43
1 posts
A bunch of Infinera and Nokia vulns got published today. Could be worth checking out based on where these specific systems tend to sit.
Infinera G42:
https://nvd.nist.gov/vuln/detail/CVE-2025-27021
https://nvd.nist.gov/vuln/detail/CVE-2025-27022
https://nvd.nist.gov/vuln/detail/CVE-2025-27023
https://nvd.nist.gov/vuln/detail/CVE-2025-27024
https://nvd.nist.gov/vuln/detail/CVE-2025-27025
Nokia Single RAN:
https://nvd.nist.gov/vuln/detail/CVE-2025-24328
https://nvd.nist.gov/vuln/detail/CVE-2025-24329
https://nvd.nist.gov/vuln/detail/CVE-2025-24330
https://nvd.nist.gov/vuln/detail/CVE-2025-24331
https://nvd.nist.gov/vuln/detail/CVE-2025-24332
https://nvd.nist.gov/vuln/detail/CVE-2025-24333
##updated 2025-07-02T15:31:43
1 posts
A bunch of Infinera and Nokia vulns got published today. Could be worth checking out based on where these specific systems tend to sit.
Infinera G42:
https://nvd.nist.gov/vuln/detail/CVE-2025-27021
https://nvd.nist.gov/vuln/detail/CVE-2025-27022
https://nvd.nist.gov/vuln/detail/CVE-2025-27023
https://nvd.nist.gov/vuln/detail/CVE-2025-27024
https://nvd.nist.gov/vuln/detail/CVE-2025-27025
Nokia Single RAN:
https://nvd.nist.gov/vuln/detail/CVE-2025-24328
https://nvd.nist.gov/vuln/detail/CVE-2025-24329
https://nvd.nist.gov/vuln/detail/CVE-2025-24330
https://nvd.nist.gov/vuln/detail/CVE-2025-24331
https://nvd.nist.gov/vuln/detail/CVE-2025-24332
https://nvd.nist.gov/vuln/detail/CVE-2025-24333
##updated 2025-07-02T15:31:43
1 posts
A bunch of Infinera and Nokia vulns got published today. Could be worth checking out based on where these specific systems tend to sit.
Infinera G42:
https://nvd.nist.gov/vuln/detail/CVE-2025-27021
https://nvd.nist.gov/vuln/detail/CVE-2025-27022
https://nvd.nist.gov/vuln/detail/CVE-2025-27023
https://nvd.nist.gov/vuln/detail/CVE-2025-27024
https://nvd.nist.gov/vuln/detail/CVE-2025-27025
Nokia Single RAN:
https://nvd.nist.gov/vuln/detail/CVE-2025-24328
https://nvd.nist.gov/vuln/detail/CVE-2025-24329
https://nvd.nist.gov/vuln/detail/CVE-2025-24330
https://nvd.nist.gov/vuln/detail/CVE-2025-24331
https://nvd.nist.gov/vuln/detail/CVE-2025-24332
https://nvd.nist.gov/vuln/detail/CVE-2025-24333
##updated 2025-07-02T15:31:43
1 posts
A bunch of Infinera and Nokia vulns got published today. Could be worth checking out based on where these specific systems tend to sit.
Infinera G42:
https://nvd.nist.gov/vuln/detail/CVE-2025-27021
https://nvd.nist.gov/vuln/detail/CVE-2025-27022
https://nvd.nist.gov/vuln/detail/CVE-2025-27023
https://nvd.nist.gov/vuln/detail/CVE-2025-27024
https://nvd.nist.gov/vuln/detail/CVE-2025-27025
Nokia Single RAN:
https://nvd.nist.gov/vuln/detail/CVE-2025-24328
https://nvd.nist.gov/vuln/detail/CVE-2025-24329
https://nvd.nist.gov/vuln/detail/CVE-2025-24330
https://nvd.nist.gov/vuln/detail/CVE-2025-24331
https://nvd.nist.gov/vuln/detail/CVE-2025-24332
https://nvd.nist.gov/vuln/detail/CVE-2025-24333
##updated 2025-07-02T15:31:38
1 posts
A bunch of Infinera and Nokia vulns got published today. Could be worth checking out based on where these specific systems tend to sit.
Infinera G42:
https://nvd.nist.gov/vuln/detail/CVE-2025-27021
https://nvd.nist.gov/vuln/detail/CVE-2025-27022
https://nvd.nist.gov/vuln/detail/CVE-2025-27023
https://nvd.nist.gov/vuln/detail/CVE-2025-27024
https://nvd.nist.gov/vuln/detail/CVE-2025-27025
Nokia Single RAN:
https://nvd.nist.gov/vuln/detail/CVE-2025-24328
https://nvd.nist.gov/vuln/detail/CVE-2025-24329
https://nvd.nist.gov/vuln/detail/CVE-2025-24330
https://nvd.nist.gov/vuln/detail/CVE-2025-24331
https://nvd.nist.gov/vuln/detail/CVE-2025-24332
https://nvd.nist.gov/vuln/detail/CVE-2025-24333
##updated 2025-07-02T15:31:38
1 posts
A bunch of Infinera and Nokia vulns got published today. Could be worth checking out based on where these specific systems tend to sit.
Infinera G42:
https://nvd.nist.gov/vuln/detail/CVE-2025-27021
https://nvd.nist.gov/vuln/detail/CVE-2025-27022
https://nvd.nist.gov/vuln/detail/CVE-2025-27023
https://nvd.nist.gov/vuln/detail/CVE-2025-27024
https://nvd.nist.gov/vuln/detail/CVE-2025-27025
Nokia Single RAN:
https://nvd.nist.gov/vuln/detail/CVE-2025-24328
https://nvd.nist.gov/vuln/detail/CVE-2025-24329
https://nvd.nist.gov/vuln/detail/CVE-2025-24330
https://nvd.nist.gov/vuln/detail/CVE-2025-24331
https://nvd.nist.gov/vuln/detail/CVE-2025-24332
https://nvd.nist.gov/vuln/detail/CVE-2025-24333
##updated 2025-07-02T15:31:37
1 posts
A bunch of Infinera and Nokia vulns got published today. Could be worth checking out based on where these specific systems tend to sit.
Infinera G42:
https://nvd.nist.gov/vuln/detail/CVE-2025-27021
https://nvd.nist.gov/vuln/detail/CVE-2025-27022
https://nvd.nist.gov/vuln/detail/CVE-2025-27023
https://nvd.nist.gov/vuln/detail/CVE-2025-27024
https://nvd.nist.gov/vuln/detail/CVE-2025-27025
Nokia Single RAN:
https://nvd.nist.gov/vuln/detail/CVE-2025-24328
https://nvd.nist.gov/vuln/detail/CVE-2025-24329
https://nvd.nist.gov/vuln/detail/CVE-2025-24330
https://nvd.nist.gov/vuln/detail/CVE-2025-24331
https://nvd.nist.gov/vuln/detail/CVE-2025-24332
https://nvd.nist.gov/vuln/detail/CVE-2025-24333
##updated 2025-07-02T15:30:44
1 posts
That one is a sev:CRIT 9.3 in case you're wondering: https://nvd.nist.gov/vuln/detail/CVE-2025-34072
updated 2025-07-02T15:30:44
1 posts
IDK how old this disclosure is because once again, there's no date on the post. But the CVEs were just published today. Happy hacking.
https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/
An analysis primarily of Kerio Control revealed a design flaw in the implementation of the communication with GFI AppManager, leading to an authentication bypass vulnerability in the product under audit. Once the authentication bypass is achieved, the attacker can cause the execution of arbitrary code and commands.
sev:CRIT 9.5 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H - https://nvd.nist.gov/vuln/detail/CVE-2025-34069
sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H - https://nvd.nist.gov/vuln/detail/CVE-2025-34070
sev:CRIT 9.4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H - https://nvd.nist.gov/vuln/detail/CVE-2025-34071
updated 2025-07-02T15:30:37
1 posts
IDK how old this disclosure is because once again, there's no date on the post. But the CVEs were just published today. Happy hacking.
https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/
An analysis primarily of Kerio Control revealed a design flaw in the implementation of the communication with GFI AppManager, leading to an authentication bypass vulnerability in the product under audit. Once the authentication bypass is achieved, the attacker can cause the execution of arbitrary code and commands.
sev:CRIT 9.5 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H - https://nvd.nist.gov/vuln/detail/CVE-2025-34069
sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H - https://nvd.nist.gov/vuln/detail/CVE-2025-34070
sev:CRIT 9.4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H - https://nvd.nist.gov/vuln/detail/CVE-2025-34071
updated 2025-07-02T14:20:25
1 posts
BoF in Python Pillow.
https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952
sev:HIGH 7.1 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
##Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.
updated 2025-07-02T12:33:13
1 posts
A bunch of Infinera and Nokia vulns got published today. Could be worth checking out based on where these specific systems tend to sit.
Infinera G42:
https://nvd.nist.gov/vuln/detail/CVE-2025-27021
https://nvd.nist.gov/vuln/detail/CVE-2025-27022
https://nvd.nist.gov/vuln/detail/CVE-2025-27023
https://nvd.nist.gov/vuln/detail/CVE-2025-27024
https://nvd.nist.gov/vuln/detail/CVE-2025-27025
Nokia Single RAN:
https://nvd.nist.gov/vuln/detail/CVE-2025-24328
https://nvd.nist.gov/vuln/detail/CVE-2025-24329
https://nvd.nist.gov/vuln/detail/CVE-2025-24330
https://nvd.nist.gov/vuln/detail/CVE-2025-24331
https://nvd.nist.gov/vuln/detail/CVE-2025-24332
https://nvd.nist.gov/vuln/detail/CVE-2025-24333
##updated 2025-07-02T12:32:17
1 posts
A bunch of Infinera and Nokia vulns got published today. Could be worth checking out based on where these specific systems tend to sit.
Infinera G42:
https://nvd.nist.gov/vuln/detail/CVE-2025-27021
https://nvd.nist.gov/vuln/detail/CVE-2025-27022
https://nvd.nist.gov/vuln/detail/CVE-2025-27023
https://nvd.nist.gov/vuln/detail/CVE-2025-27024
https://nvd.nist.gov/vuln/detail/CVE-2025-27025
Nokia Single RAN:
https://nvd.nist.gov/vuln/detail/CVE-2025-24328
https://nvd.nist.gov/vuln/detail/CVE-2025-24329
https://nvd.nist.gov/vuln/detail/CVE-2025-24330
https://nvd.nist.gov/vuln/detail/CVE-2025-24331
https://nvd.nist.gov/vuln/detail/CVE-2025-24332
https://nvd.nist.gov/vuln/detail/CVE-2025-24333
##updated 2025-07-02T09:30:34
1 posts
EUVD: Critical CVE-2024-13786: the education theme for WordPress is vulnerable to PHP Object Injection in all versions https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-54721
- CVE-2025-4689: Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to RCE Local File Inclusion https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-19688 @euvdfeed #cybersecurity #infosec #WordPress
##updated 2025-07-02T06:30:41
1 posts
EUVD: Critical CVE-2024-13786: the education theme for WordPress is vulnerable to PHP Object Injection in all versions https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-54721
- CVE-2025-4689: Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to RCE Local File Inclusion https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-19688 @euvdfeed #cybersecurity #infosec #WordPress
##updated 2025-07-01T23:52:06
1 posts
Go hack more MCP shit.
https://github.com/cyanheads/git-mcp-server/security/advisories/GHSA-3q26-f695-pp76
sev:HIGH 7.5 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
##@cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized use of input parameters within a call to child_process.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. The server constructs and executes shell commands using unvalidated user input directly within command-line strings. This introduces the possibility of shell metacharacter injection (|, >, &&, etc.). An MCP Client can be instructed to execute additional actions for example via indirect prompt injection when asked to read git logs. This issue has been patched in version 2.1.5.
updated 2025-07-01T21:33:31
16 posts
27 repos
https://github.com/zinzloun/CVE-2025-32463
https://github.com/Adonijah01/cve-2025-32463-lab
https://github.com/SysMancer/CVE-2025-32463
https://github.com/san8383/CVE-2025-32463
https://github.com/robbert1978/CVE-2025-32463_POC
https://github.com/ill-deed/CVE-2025-32463_illdeed
https://github.com/nflatrea/CVE-2025-32463
https://github.com/4f-kira/CVE-2025-32463
https://github.com/yeremeu/CVE-2025-32463_chwoot
https://github.com/pr0v3rbs/CVE-2025-32463_chwoot
https://github.com/junxian428/CVE-2025-32463
https://github.com/Mikivirus0/sudoinjection
https://github.com/K3ysTr0K3R/CVE-2025-32463-EXPLOIT
https://github.com/MAAYTHM/CVE-2025-32462_32463-Lab
https://github.com/B1ack4sh/Blackash-CVE-2025-32463
https://github.com/kh4sh3i/CVE-2025-32463
https://github.com/mirchr/CVE-2025-32463-sudo-chwoot
https://github.com/pevinkumar10/CVE-2025-32463
https://github.com/neko205-mx/CVE-2025-32463_Exploit
https://github.com/SkylerMC/CVE-2025-32463
https://github.com/0xAkarii/CVE-2025-32463
https://github.com/FreeDurok/CVE-2025-32463-PoC
https://github.com/K1tt3h/CVE-2025-32463-POC
https://github.com/Chocapikk/CVE-2025-32463-lab
https://github.com/zhaduchanhzz/CVE-2025-32463_POC
Alpine is not vulnerable to the latest sudo CVE, CVE-2025-32463. Exploitation requires a system which implements NSS (loadable plugins for username and hostname resolution), which musl does not.
##⚠️ New Critical Linux CVE ⚠️
Unless you’re using Talos Linux.
In which case, you're fully secure. Carry on, and let your minimal, immutable OS keep you safe from CVE-2025-32463 and CVE-2025-32462.
##Alpine is not vulnerable to the latest sudo CVE, CVE-2025-32463. Exploitation requires a system which implements NSS (loadable plugins for username and hostname resolution), which musl does not.
##Linux – Obtenez un accès root avec ces deux failles dans sudo : CVE-2025-32462 et CVE-2025-32463 https://www.it-connect.fr/linux-acces-root-avec-deux-failles-dans-sudo-cve-2025-32462-et-cve-2025-32463/ #ActuCybersécurité #Vulnérabilités #Cybersécurité #Linux
##A critical Linux vulnerability (CVE-2025-32463) in Sudo lets any local unprivileged user gain root via the --chroot (-R) option
🔒 Affects default configs on Ubuntu, Fedora & others — no Sudo rules needed
🛠️ Fix: Update to Sudo 1.9.17p1+ (no workarounds)
👀 CVSS: 9.8 (Critical)
Highlights persistent risks in open-source privilege handling 🧩
https://cybersecuritynews.com/linux-sudo-chroot-vulnerability/
#Linux #Sudo #FOSS #CyberSecurity #InfoSec #OpenSource #Vulnerability #Root #Exploit #SysAdmin #DevSecOps
##It is important you make sure you keep your software up to date on all devices where you can.
In this case, the core tool "sudo" found on most Linux systems had a bug with CVSS severity score 9.3 (where 10 is worst) was found, allowing local users to become "root" (the most, fully privileged user) and has fixed versions being distributed as part of operating system updates.
https://www.sudo.ws/security/advisories/chroot_bug/
https://www.cve.org/CVERecord?id=CVE-2025-32463
https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html
CVE-2025-32463 and CVE-2025-32462: Sudo Local Privilege Escalation Vulnerabilities Threaten Linux Environments – Source: socprime.com https://ciso2ciso.com/cve-2025-32463-and-cve-2025-32462-sudo-local-privilege-escalation-vulnerabilities-threaten-linux-environments-source-socprime-com/ #rssfeedpostgeneratorecho #PrivilageEscalation #CyberSecurityNews #CVE-2025-32462 #CVE-2025-32463 #Latestthreats #Vulnerability #socprimecom #socprime #Blog #CVE
##Local Privilege Escalation to Root via Sudo Chroot in Linux https://github.com/kh4sh3i/CVE-2025-32463
##Vulnerability Advisory: Sudo chroot Elevation of Privilege https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
##Kurzer Check bei mir, welche Distros die kritische #sudo Lücke CVE-2025-32463 bis jetzt behoben haben:
- Alpine 3.22: OK
- Arch Linux: OK
- Debian 12 / Devuan 5: OK
- Fedora 42: FAIL
- Void Linux: OK
I think I boosted information about these sudo EoP vulns yesterday but in case I didn't, here's some basic info on them.
https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host
sev:LOW 2.8 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
https://nvd.nist.gov/vuln/detail/CVE-2025-32462
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
sev:CRIT 9.3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
##Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) https://www.helpnetsecurity.com/2025/07/01/sudo-local-privilege-escalation-vulnerabilities-fixed-cve-2025-32462-cve-2025-32463/ #vulnerability #Stratascale #Don'tmiss #Hotstuff #Debian #Ubuntu #Linux #macOS #News #SUSE
##Critical Sudo vulnerabilities enable local privilege escalation to root
The Stratascale Cyber Research Unit are reporting two vulnerabilities in the Sudo utility, including a critical flaw (CVE-2025-32463) that allows unprivileged users to escalate to root privileges through the chroot option by exploiting NSS library loading mechanisms.
**This is a nasty flaw. If you have multiple user roles on your linux systems or are running services as non-root, make sure to update your Linux systems' Sudo utility to version 1.9.17p1 or later. The exploit vector is possible if someone already has local access to the system, which can either be through direct credentials or through breaching a vulnerable service that's running as non-root.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sudo-vulnerabilities-enable-local-privilege-escalation-to-root-o-x-8-6-q/gD2P6Ple2L
Maybe controversial, but I think it is bad to do this
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
updated 2025-07-01T18:30:47
1 posts
Go hack more remote support shit.
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04878en_us&docLocale=en_US
Multiple security vulnerabilities have been identified in HPE Insight Remote Support. These vulnerabilities could remotely allow a directory traversal, disclosure of information, or code execution.
CVE-2025-37097 ( sev:MED 7.5 - :CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H )
CVE-2025-37098 ( sev:MED 6.5 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVE-2025-37099 ( sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H )
updated 2025-07-01T18:30:34
3 posts
3 repos
https://github.com/grupooruss/Citrix-cve-2025-6543
https://github.com/seabed-atavism/CVE-2025-6543
https://github.com/abrewer251/CVE-2025-6543_CitrixNetScaler_PoC
When the number of vulnerable IPs ticks up by a small number, I'm assuming they're honeypots?
(Graph is vulnerable Citrix NetScaler endpoints in the UK.)
##CISA has added to the KEV catalogue:
- CVE-2025-48927: TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-48927
- CVE-2025-48928: TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-48928
From yesterday:
- CVE-2025-6543: Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-6543 #CISA #cybersecurity #infosec
##Citrix blog on CVE-2025-5777 and some other ones https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/
##updated 2025-07-01T15:32:11
26 posts
4 repos
https://github.com/windz3r0day/CVE-2025-6554
https://github.com/gmh5225/CVE-2025-6554-2
Google Scrambles to Patch Actively Exploited Chrome Zero-Day Vulnerability
A New Threat Surfaces in the Chrome Browser The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a severe vulnerability in Google Chrome—CVE-2025-6554—to its Known Exploited Vulnerabilities (KEV) catalog, marking it as a critical security issue currently being leveraged by malicious actors. This flaw, found in the V8 JavaScript and WebAssembly engine, represents…
##🚨 The Cyber Intel Brief is live! 🚨
This week, suspected nation-state threat actors wasted no time exploiting a Chrome zero-day (CVE-2025-6554). Iranian cyber operations are escalating, AI-enhanced malware evasion techniques emerge and Scattered Spider is hitting aviation.
Check out the full breakdown and analysis 👇
https://bit.ly/3Tnumh3
#zeroday #Iran #cyberthreats #cyberthreatintelligence #cybersecurity
##CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025 – Source: securityaffairs.com https://ciso2ciso.com/cve-2025-6554-is-the-fourth-chrome-zero-day-patched-by-google-in-2025-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hacking #Chrome
##Supposed PoC: https://github.com/DarkNavySecurity/PoC/blob/main/CVE-2025-6554/poc.js
##CVE ID: CVE-2025-6554
Vendor: Google
Product: Chromium V8
Date Added: 2025-07-02
Notes: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html?m=1 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6554
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-6554
CISA has added to the KEV catalogue.
- CVE-2025-6554: Google Chromium V8 Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-6554 #CISA #Google #cybersecurity #infosec
##Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update https://thehackernews.com/2025/07/google-patches-critical-zero-day-flaw.html
##CVE-2025-6554
该漏洞潜藏于Chrome核心引擎中,只需访问恶意网页,攻击者就能远程控制你的电脑。
网络安全研究人员证实,该漏洞正在真实攻击中被利用,企业数据和个人隐私面临裸奔风险。
@board
Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update – Source:thehackernews.com https://ciso2ciso.com/chrome-zero-day-cve-2025-6554-under-active-attack-google-issues-security-update-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Chrome
##@beyondmachines1 I know it's pedantic, but the Chrome advisory does not state that it is in fact EITW. It says that there is an exploit in the wild, but not that it's known to have been used successfully.
##Google is aware that an exploit for CVE-2025-6554 exists in the wild.
Google patches actively exploited flaw in Chrome
Google has patched an actively exploited zero-day vulnerability (CVE-2025-6554) in Chrome's V8 JavaScript engine that allows remote attackers to perform arbitrary read/write operations through malicious HTML pages. The flaw was reported by Google's Threat Analysis Group, which typically investigates government-backed attacks, suggesting potential state-sponsored exploitation.
**One more urgent patch for Chrome - Google is again patching an actively exploited flaw in Chrome, and exploitation is just a visit to a malicious site. DONT WAIT! Patch all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/google-patches-actively-exploited-flaw-in-chrome-1-1-a-i-r/gD2P6Ple2L
Google Chrome 138 – CVE-2025-6554 : patchez pour vous protéger de cette nouvelle faille zero-day https://www.it-connect.fr/google-chrome-138-zero-day-cve-2025-6554/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #googlechrome
##Updated today:
NIST: High severity CVE-2025-6554 https://nvd.nist.gov/vuln/detail/CVE-2025-6554
The Hacker New: Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update https://thehackernews.com/2025/07/google-patches-critical-zero-day-flaw.html @thehackernews #Google #cybersecurity #Infosec #Chrome #zeroday
##"Google is aware that an exploit for CVE-2025-6554 exists in the wild," the browser vendor said in a security advisory issued on Monday. https://www.bleepingcomputer.com/news/security/google-fixes-fourth-actively-exploited-chrome-zero-day-of-2025/
##Google patches actively exploited Chrome (CVE‑2025‑6554) https://www.helpnetsecurity.com/2025/07/01/google-patches-actively-exploited-chrome-cve-2025-6554/ #securityupdate #MicrosoftEdge #Don'tmiss #Hotstuff #Vivaldi #Chrome #0-day #Brave #Opera #News
##Chrome patched a sev:HIGH CVE with an ITW exploit.
Google is aware that an exploit for CVE-2025-6554 exists in the wild.
https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html
##updated 2025-07-01T15:31:16
1 posts
Go hack more remote support shit.
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04878en_us&docLocale=en_US
Multiple security vulnerabilities have been identified in HPE Insight Remote Support. These vulnerabilities could remotely allow a directory traversal, disclosure of information, or code execution.
CVE-2025-37097 ( sev:MED 7.5 - :CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H )
CVE-2025-37098 ( sev:MED 6.5 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVE-2025-37099 ( sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H )
updated 2025-07-01T15:31:16
1 posts
Perfect 10 in Monero forums. 🥳
https://swap.gs/posts/monero-forums/
https://github.com/monero-project/monero-forum
sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
##A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to file_get_contents() without validation. MIME type checks using PHP’s finfo can be bypassed via crafted stream filter chains that prepend spoofed headers, allowing access to internal Laravel configuration files. An attacker can extract the APP_KEY from config/app.php, forge encrypted cookies, and trigger unsafe unserialize() calls, leading to reliable remote code execution.
updated 2025-07-01T15:31:10
1 posts
I don't understand the issue here. It's literally in the name of the company. 🥳
sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary users within a OneLogin tenant. The tokens allow authentication to the OneLogin SSO portal and all downstream applications federated via SAML or OIDC. This allows full unauthorized access across the victim’s SaaS environment.
https://nvd.nist.gov/vuln/detail/CVE-2025-34063
sev:CRIT 9.0 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N
##A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directory tokens, user metadata, and environment configuration. This enables cross-tenant leakage of secrets, potentially allowing JWT signing key recovery and user impersonation.
updated 2025-07-01T12:31:05
1 posts
Ten CVEs in various ASR gear. They're all rated sev:HIGH by ASR, though the CVSS scores are eight sev:MED and two sev:HIGH.
https://www.asrmicro.com/en/goods/psirt?cid=40
CVE-2025-5072
CVE-2025-49489
CVE-2025-49490
CVE-2025-49491
CVE-2025-49492
CVE-2025-49488
CVE-2025-49480
CVE-2025-49481
CVE-2025-49482
CVE-2025-49483
updated 2025-07-01T12:31:05
1 posts
Ten CVEs in various ASR gear. They're all rated sev:HIGH by ASR, though the CVSS scores are eight sev:MED and two sev:HIGH.
https://www.asrmicro.com/en/goods/psirt?cid=40
CVE-2025-5072
CVE-2025-49489
CVE-2025-49490
CVE-2025-49491
CVE-2025-49492
CVE-2025-49488
CVE-2025-49480
CVE-2025-49481
CVE-2025-49482
CVE-2025-49483
updated 2025-07-01T12:31:05
1 posts
Ten CVEs in various ASR gear. They're all rated sev:HIGH by ASR, though the CVSS scores are eight sev:MED and two sev:HIGH.
https://www.asrmicro.com/en/goods/psirt?cid=40
CVE-2025-5072
CVE-2025-49489
CVE-2025-49490
CVE-2025-49491
CVE-2025-49492
CVE-2025-49488
CVE-2025-49480
CVE-2025-49481
CVE-2025-49482
CVE-2025-49483
updated 2025-07-01T12:31:05
1 posts
Ten CVEs in various ASR gear. They're all rated sev:HIGH by ASR, though the CVSS scores are eight sev:MED and two sev:HIGH.
https://www.asrmicro.com/en/goods/psirt?cid=40
CVE-2025-5072
CVE-2025-49489
CVE-2025-49490
CVE-2025-49491
CVE-2025-49492
CVE-2025-49488
CVE-2025-49480
CVE-2025-49481
CVE-2025-49482
CVE-2025-49483
updated 2025-07-01T12:31:05
1 posts
Ten CVEs in various ASR gear. They're all rated sev:HIGH by ASR, though the CVSS scores are eight sev:MED and two sev:HIGH.
https://www.asrmicro.com/en/goods/psirt?cid=40
CVE-2025-5072
CVE-2025-49489
CVE-2025-49490
CVE-2025-49491
CVE-2025-49492
CVE-2025-49488
CVE-2025-49480
CVE-2025-49481
CVE-2025-49482
CVE-2025-49483
updated 2025-07-01T12:31:05
1 posts
Ten CVEs in various ASR gear. They're all rated sev:HIGH by ASR, though the CVSS scores are eight sev:MED and two sev:HIGH.
https://www.asrmicro.com/en/goods/psirt?cid=40
CVE-2025-5072
CVE-2025-49489
CVE-2025-49490
CVE-2025-49491
CVE-2025-49492
CVE-2025-49488
CVE-2025-49480
CVE-2025-49481
CVE-2025-49482
CVE-2025-49483
updated 2025-07-01T09:30:40
1 posts
Ten CVEs in various ASR gear. They're all rated sev:HIGH by ASR, though the CVSS scores are eight sev:MED and two sev:HIGH.
https://www.asrmicro.com/en/goods/psirt?cid=40
CVE-2025-5072
CVE-2025-49489
CVE-2025-49490
CVE-2025-49491
CVE-2025-49492
CVE-2025-49488
CVE-2025-49480
CVE-2025-49481
CVE-2025-49482
CVE-2025-49483
updated 2025-07-01T09:30:40
1 posts
July is starting off with a perfect 10 in some OT kit. 🥳
https://certvde.com/en/advisories/VDE-2025-045/
sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.
https://nvd.nist.gov/vuln/detail/CVE-2025-41656
https://certvde.com/en/advisories/VDE-2025-039/
sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
##An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.
updated 2025-07-01T09:30:40
1 posts
July is starting off with a perfect 10 in some OT kit. 🥳
https://certvde.com/en/advisories/VDE-2025-045/
sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.
https://nvd.nist.gov/vuln/detail/CVE-2025-41656
https://certvde.com/en/advisories/VDE-2025-039/
sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
##An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.
updated 2025-07-01T03:31:37
1 posts
Post-auth sev:HIGH code injection and argument injection vulns in Ansible Automation Platform.
A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access.
https://bugzilla.redhat.com/show_bug.cgi?id=2370812
https://nvd.nist.gov/vuln/detail/CVE-2025-49520
##A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft.
updated 2025-07-01T03:31:36
1 posts
Post-auth sev:HIGH code injection and argument injection vulns in Ansible Automation Platform.
A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access.
https://bugzilla.redhat.com/show_bug.cgi?id=2370812
https://nvd.nist.gov/vuln/detail/CVE-2025-49520
##A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft.
updated 2025-06-30T21:30:54
10 posts
8 repos
https://github.com/SpongeBob-369/cve-2025-32462
https://github.com/CryingN/CVE-2025-32462
https://github.com/atomicjjbod/CVE-2025-32462
https://github.com/mylovem313/CVE-2025-32462
https://github.com/cybersentinelx1/CVE-2025-32462-Exploit
https://github.com/cyberpoul/CVE-2025-32462-POC
Yo, CVE-2025-32462 is fucking wild...
##⚠️ New Critical Linux CVE ⚠️
Unless you’re using Talos Linux.
In which case, you're fully secure. Carry on, and let your minimal, immutable OS keep you safe from CVE-2025-32463 and CVE-2025-32462.
##Who is right with this sudo vulnerability? The CVSS reported or the VLAI severity model?
#sudo #vulnerability #vulnerabilitymanagement #threatintel
🔗 https://vulnerability.circl.lu/vuln/CVE-2025-32462#sightings
##Linux – Obtenez un accès root avec ces deux failles dans sudo : CVE-2025-32462 et CVE-2025-32463 https://www.it-connect.fr/linux-acces-root-avec-deux-failles-dans-sudo-cve-2025-32462-et-cve-2025-32463/ #ActuCybersécurité #Vulnérabilités #Cybersécurité #Linux
##CVE-2025-32462: sudo: LPE via host option https://access.redhat.com/security/cve/cve-2025-32462
##CVE-2025-32463 and CVE-2025-32462: Sudo Local Privilege Escalation Vulnerabilities Threaten Linux Environments – Source: socprime.com https://ciso2ciso.com/cve-2025-32463-and-cve-2025-32462-sudo-local-privilege-escalation-vulnerabilities-threaten-linux-environments-source-socprime-com/ #rssfeedpostgeneratorecho #PrivilageEscalation #CyberSecurityNews #CVE-2025-32462 #CVE-2025-32463 #Latestthreats #Vulnerability #socprimecom #socprime #Blog #CVE
##update sudo yall https://nvd.nist.gov/vuln/detail/CVE-2025-32462
##I think I boosted information about these sudo EoP vulns yesterday but in case I didn't, here's some basic info on them.
https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host
sev:LOW 2.8 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
https://nvd.nist.gov/vuln/detail/CVE-2025-32462
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
sev:CRIT 9.3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
##Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) https://www.helpnetsecurity.com/2025/07/01/sudo-local-privilege-escalation-vulnerabilities-fixed-cve-2025-32462-cve-2025-32463/ #vulnerability #Stratascale #Don'tmiss #Hotstuff #Debian #Ubuntu #Linux #macOS #News #SUSE
##updated 2025-06-30T03:31:34
1 posts
4 repos
https://github.com/dreysanox/CVE-2025-6019_Poc
https://github.com/And-oss/CVE-2025-6019-exploit
Critical Linux Vulnerability CVE-2025-6019 Lets Users Gain Root Access via udisksd Flaw
Alarming Privilege Escalation Threat Found in Popular Linux Distros A newly discovered Linux vulnerability, tracked as CVE-2025-6019, has raised major concerns among cybersecurity professionals. Found in June 2025, this flaw exposes a serious local privilege escalation (LPE) risk affecting widely used Linux distributions including Fedora and SUSE. The vulnerability lies within the…
##updated 2025-06-27T12:32:19
1 posts
1 repos
Cette faille critique dans MegaRAC menace des milliers de serveurs, y compris ceux éteints ! https://www.it-connect.fr/faille-ami-megarac-cve-2024-54085/ #ActuCybersécurité #Cybersécurité #Vulnérabilité
##updated 2025-06-23T20:16:21.633000
1 posts
6 repos
https://github.com/nfoltc/CVE-2025-49132
https://github.com/uxieltc/CVE-2025-49132
https://github.com/63square/CVE-2025-49132
https://github.com/Zen-kun04/CVE-2025-49132
FYI: There is a ton of scanning for this one for some reason.
/locales/locale.json?locale=../../../pterodactyl&namespace=config/database
/locales/locale.json?locale=../../config/&namespace=database
updated 2025-06-20T21:32:01
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-06-20T18:28:57.620000
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-06-18T16:29:29.573000
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-06-17T15:31:16
34 posts
6 repos
https://github.com/RickGeex/CVE-2025-5777-CitrixBleed
https://github.com/RaR1991/citrix_bleed_2
https://github.com/idobarel/CVE-2025-5777
https://github.com/nocerainfosec/cve-2025-5777
https://github.com/mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC-
CitrixBleed2: Critical Citrix Vulnerability Raises Red Flags as Exploits Go Public
A Dangerous Déjà Vu for Citrix NetScaler Devices A new vulnerability dubbed CitrixBleed2 (CVE-2025-5777) has surfaced, and The vulnerability allows attackers to extract memory contents and steal session tokens using nothing more than malformed login requests. Researchers warn that while Citrix insists there is "no current evidence" of active exploitation, multiple cybersecurity firms and…
##Public exploits released for CitrixBleed 2 NetScaler flaw, patch now
Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed...
🔗️ [Bleepingcomputer] https://link.is.it/UNCVV1
##Exploitation IOCs for CVE-2025-5777 aka CitrixBleed 2, these are actively stealing sessions to bypass MFA for almost a month. Some are also doing Netscaler fingerprint scanning first.
64.176.50.109
139.162.47.194
38.154.237.100
38.180.148.215
102.129.235.108
121.237.80.241
45.135.232.2
HT @ntkramer and the folks at @greynoise
Look for lots of connections to your Netscaler devices over past 30 days. More IPs coming as also under mass exploitation. More IPs: https://viz.greynoise.io/tags/citrixbleed-2-cve-2025-5777-attempt?days=30
##🥜 & #threatintel - Thanks to Horizon3, we pushed a tag out today for CitrixBleed 2 CVE-2025-5777 and are backfilling. Currently, we see 233 hits starting on July 1 from:
64.176.50[.]109
38.154.237[.]100
102.129.235[.]108
121.237.80[.]241
45.135.232[.]2
Follow along here: https://viz.greynoise.io/tags/citrixbleed-2-cve-2025-5777-attempt?days=10
##Horizon3 have a good write up here, I don't think they were aware this is already being exploited for almost a month: https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/
Worth noting I was only able to find exploitation activity due to the WatchTowr and Horizon3 write ups - Citrix support wouldn't disclose any IOCs and incorrectly claimed (again - happened with CitrixBleed) that no exploitation in the wild. Citrix have gotta get better at this, they're harming customers.
##CVE-2025-5777 (Citrix Netscaler vuln) has been under active exploitation since mid June, with people dumping memory and using this to try to access sessions.
TTPs to hunt for:
- In Netscaler logs, repeated POST requests to *doAuthentication* - each one yields 126 bytes of RAM
- In Netscaler logs, requests to doAuthentication.do with "Content-Length: 5"
- In Netscaler user logs, lines with *LOGOFF* and user = "*#*" (i.e. # symbol in the username). RAM is played into the wrong field.
##Picus: CVE-2025-5777: Citrix Bleed 2 Memory Leak Vulnerability Explained https://www.picussecurity.com/resource/blog/cve-2025-5777-citrix-bleed-2-memory-leak-vulnerability-explained #Citrix #cybersecurity #Infosec
##⚠️ Alerte CERT-FR ⚠️
Mise à jour de l'alerte CERTFR-2025-ALE-009 : La vulnérabilité CVE-2025-5777 permet à un attaquant non authentifié de faire fuiter des crédentiels Citrix NetScaler.
Un PoC est disponible et elle est activement exploitée.
https://www.cert.ssi.gouv.fr/alerte/CERTFR-2025-ALE-009/
CitrixBleed 2: A New Wave of Critical Exploits Hits NetScaler Devices
A Growing Concern for Enterprise Security A newly disclosed vulnerability known as CitrixBleed 2, officially tracked as CVE-2025-5777, is triggering alarm bells across the cybersecurity landscape. Affecting Citrix NetScaler ADC and Gateway appliances, this flaw has a CVSS score of 9.3, underscoring its critical severity. What makes CitrixBleed 2 particularly dangerous is its ability to bypass…
https://undercodenews.com/citrixbleed-2-a-new-wave-of-critical-exploits-hits-netscaler-devices/
##CVE-2025-5777, aka CitrixBleed 2, Deep-Dive and Indicators of Compromise https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/
##When the number of vulnerable IPs ticks up by a small number, I'm assuming they're honeypots?
(Graph is vulnerable Citrix NetScaler endpoints in the UK.)
##CVE-2025-5777 is under active exploitation, since before the WatchTowr blog.
##Public exploits released for CitrixBleed 2 NetScaler flaw, patch now
Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed...
🔗️ [Bleepingcomputer] https://link.is.it/UNCVV1
##Exploitation IOCs for CVE-2025-5777 aka CitrixBleed 2, these are actively stealing sessions to bypass MFA for almost a month. Some are also doing Netscaler fingerprint scanning first.
64.176.50.109
139.162.47.194
38.154.237.100
38.180.148.215
102.129.235.108
121.237.80.241
45.135.232.2
HT @ntkramer and the folks at @greynoise
Look for lots of connections to your Netscaler devices over past 30 days. More IPs coming as also under mass exploitation. More IPs: https://viz.greynoise.io/tags/citrixbleed-2-cve-2025-5777-attempt?days=30
##🥜 & #threatintel - Thanks to Horizon3, we pushed a tag out today for CitrixBleed 2 CVE-2025-5777 and are backfilling. Currently, we see 233 hits starting on July 1 from:
64.176.50[.]109
38.154.237[.]100
102.129.235[.]108
121.237.80[.]241
45.135.232[.]2
Follow along here: https://viz.greynoise.io/tags/citrixbleed-2-cve-2025-5777-attempt?days=10
##Horizon3 have a good write up here, I don't think they were aware this is already being exploited for almost a month: https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/
Worth noting I was only able to find exploitation activity due to the WatchTowr and Horizon3 write ups - Citrix support wouldn't disclose any IOCs and incorrectly claimed (again - happened with CitrixBleed) that no exploitation in the wild. Citrix have gotta get better at this, they're harming customers.
##CVE-2025-5777 (Citrix Netscaler vuln) has been under active exploitation since mid June, with people dumping memory and using this to try to access sessions.
TTPs to hunt for:
- In Netscaler logs, repeated POST requests to *doAuthentication* - each one yields 126 bytes of RAM
- In Netscaler logs, requests to doAuthentication.do with "Content-Length: 5"
- In Netscaler user logs, lines with *LOGOFF* and user = "*#*" (i.e. # symbol in the username). RAM is played into the wrong field.
##Picus: CVE-2025-5777: Citrix Bleed 2 Memory Leak Vulnerability Explained https://www.picussecurity.com/resource/blog/cve-2025-5777-citrix-bleed-2-memory-leak-vulnerability-explained #Citrix #cybersecurity #Infosec
##⚠️ Alerte CERT-FR ⚠️
Mise à jour de l'alerte CERTFR-2025-ALE-009 : La vulnérabilité CVE-2025-5777 permet à un attaquant non authentifié de faire fuiter des crédentiels Citrix NetScaler.
Un PoC est disponible et elle est activement exploitée.
https://www.cert.ssi.gouv.fr/alerte/CERTFR-2025-ALE-009/
CVE-2025-5777, aka CitrixBleed 2, Deep-Dive and Indicators of Compromise https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/
##CVE-2025-5777 is under active exploitation, since before the WatchTowr blog.
##Updated scan results for CVE-2025-5777: https://github.com/GossiTheDog/scanning/blob/main/CVE-2025-5777-CitrixBleed2-ElectricBoogaloo-patching.txt
It's still partial due to bugs, but about 18k servers.
##Posted yesterday.
WatchTower: How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777) https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/ @watchtower #Citrix #cybersecurity #infosec
##CVE-2025-5777 Detection: A New Critical Vulnerability Dubbed “CitrixBleed 2” in NetScaler ADC Faces Exploitation Risk – Source: socprime.com https://ciso2ciso.com/cve-2025-5777-detection-a-new-critical-vulnerability-dubbed-citrixbleed-2-in-netscaler-adc-faces-exploitation-risk-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #CVE-2025-5777 #Latestthreats #Vulnerability #CitrixBleed2 #socprimecom #socprime #Blog #CVE
##First exploitation details for CVE-2025-5777 - the Netscaler vuln - are out. https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/
If you call the login page, it leaks memory in the response 🤣
I don’t want to specify too much extra technical info on this yet - but if you keep leaking the memory via requests, there’s a way to reestablish existing ICA sessions from the leaked memory.
##Have not read this yet, but I'm going to assume it's good... and entertaining.
@GossiTheDog This is what you were talking about right? 🙂
##How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777) - watchTowr Labs https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/
##Heads up—CitrixBleed 2 reopens old wounds! CVE-2025-5777 puts NetScaler ADC at high risk, enabling user session hijacks & auth bypass. Detect potential exploitation attempts with the latest Sigma rule from SOC Prime Platform.
##I've published my scan in progress of CVE-2025-5777 patching status, listing IPs, hostnames, Citrix Netscaler build numbers and if they're vulnerable to CitrixBleed2.
The scan isn't finished yet so these are only about a quarter of the results - unfortunately my coding skills are shite and it's really slow - should be finished over weekend or early next week.
Also, the SSL certificate hostnames are separated by comma which throws out CSV - sorry, I'll fix that later.
##Further suggestions CVE-2025-5777 details will release next week. https://xcancel.com/Horizon3Attack/status/1940879804221522279 via https://horizon3.ai
##I expect technical details of CVE-2025-5777 exploitation to become available next week.
##If you see this GitHub PoC for CVE-2025-5777 doing the rounds:
https://github.com/mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC-
It’s not for CVE-2025-5777. It’s AI generated. The links in the README still have ChatGPT UTM sources.
The PoC itself is for a vuln addressed in 2023 - ChatGPT has hallucinated (made up) the cause of the vuln using an old BishopFox write up of the other vuln.
##Citrix blog on CVE-2025-5777 and some other ones https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/
##updated 2025-06-17T01:23:56.150000
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-06-16T12:32:18.840000
2 posts
1 repos
https://github.com/ashiqrehan-21/MCP-Inspector-CVE-2025-49596
Critical remote code execution flaw reported in Anthropic's MCP Inspector tool
Cybersecurity researchers disclosed a critical vulnerability (CVE-2025-49596, CVSS 9.4) in Anthropic's Model Context Protocol (MCP) Inspector debugging tool that allows remote code execution on developer machines through browser-based attacks exploiting the "0.0.0.0 Day" vulnerability and lack of authentication in default configurations. Attackers can compromise developer systems by tricking them into visiting malicious websites that send unauthorized commands to locally running MCP Inspector instances.
**If you're using Anthropic's MCP Inspector for AI development upgrade to version 0.14.1 or later. There is a fairly trivial exploit of your MCP Inspector tool that only requires you to visit a malicious site for your laptop to be fully compromised. So don't ignore this, update your MCP Inspector.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-reported-in-anthropic-s-mcp-inspector-tool-j-z-u-3-t/gD2P6Ple2L
Critical RCE in Anthropic MCP Inspector (CVE-2025-49596) Enables Browser-Based Exploits | Oligo Security https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596
##updated 2025-06-12T18:31:14
1 posts
🚨CVE-2025-22157: Privilege Escalation Vulnerability in Jira Core Data Center
——————
Follow @zoomeye_team's official Twitter/X account and send the message “Dark Web Informer” via DM to receive an extra 15-day membership.
##updated 2025-06-11T15:30:38
2 posts
1 repos
I do not consent to be used by, used for, or interact in any way with AI.
Reason number 163.327.205:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32711
##I do not consent to be used by, used for, or interact in any way with AI.
Reason number 163.327.205:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32711
##updated 2025-06-10T21:32:26
1 posts
updated 2025-06-10T18:32:36
1 posts
2 repos
Rank 3: CVE-2025-33073
Product: Microsoft Windows
CVSS: High (8.8)
A privilege-escalation vulnerability in Microsoft Windows Kerberos authentication over SMB allows a low-privileged attacker to coerce a Windows host into authenticating to their system and then relay its computer account's Kerberos ticket back to itself, resulting in NT AUTHORITY\SYSTEM access.
Post by @RedTeamPentesting:
https://mastodon.social/@RedTeamPentesting/114663688487284108
updated 2025-06-03T12:31:37
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-06-02T15:32:27
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-06-02T15:31:21
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-06-02T15:31:21
1 posts
1 repos
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-05-28T18:33:28
3 posts
CISA warns of active attacks on Signal clone TeleMessage
CISA has issued a warning about two actively exploited vulnerabilities in TeleMessage TM SGNL, a Signal clone used by national security staffers and government officials, including a Spring Boot Actuator misconfiguration (CVE-2025-48927) that exposes memory dumps and a local access vulnerability (CVE-2025-48928) enabling password extraction.
**If you're using TeleMessage TM SGNL, start patching it today, because it's being actively exploited. Alternatively, stop using the software entirely. Switch back to standard Signal or another approved properly encrypted messaging app since TM SGNL has already been breached and continues to be attacked.**
#cybersecurity #infosec #attack #activeattack
https://beyondmachines.net/event_details/cisa-warns-of-active-attacks-on-signal-clone-telemessage-6-j-0-0-k/gD2P6Ple2L
CISA has added to the KEV catalogue:
- CVE-2025-48927: TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-48927
- CVE-2025-48928: TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-48928
From yesterday:
- CVE-2025-6543: Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-6543 #CISA #cybersecurity #infosec
##CVE ID: CVE-2025-48927
Vendor: TeleMessage
Product: TM SGNL
Date Added: 2025-07-01
Notes: It is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue use of the product. ; https://nvd.nist.gov/vuln/detail/CVE-2025-48927
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-48927
updated 2025-05-27T18:30:48
1 posts
3 repos
https://github.com/mrowkoob/CVE-2025-26466-msf
https://github.com/rxerium/CVE-2025-26466
https://github.com/dolutech/patch-manual-CVE-2025-26465-e-CVE-2025-26466
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-05-19T12:38:20.773000
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-04-30T20:15:20.730000
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-04-29T18:31:51
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-04-25T23:15:16.573000
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-04-21T12:30:24
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-04-20T03:36:04
7 posts
CISA has updated the KEV catalogue.
- CVE-2014-3931: Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2014-3931
- CVE-2016-10033: PHPMailer Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2016-10033
- CVE-2019-5418: Rails Ruby on Rails Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-5418
- CVE-2019-9621: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9621 #CISA #cybersecurity #infosec
##Four old CVEs added to the CISA KEV Catalog today:
CVE-2014-3931
CVE-2016-10033
CVE-2019-5418
CVE-2019-9621
CVE ID: CVE-2014-3931
Vendor: Looking Glass
Product: Multi-Router Looking Glass (MRLG)
Date Added: 2025-07-07
Notes: https://mrlg.op-sec.us/ ; https://nvd.nist.gov/vuln/detail/CVE-2014-3931
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2014-3931
Critical Vulnerability Exposed: Memory Corruption in MRLG Fastpingc (CVE-2014-3931)
🚨 Introduction: Why This CVE Matters In the rapidly evolving world of network security, even small software vulnerabilities can open doors for devastating cyberattacks. One such threat lies within the widely-used Multi-Router Looking Glass (MRLG) tool. This tool enables remote network diagnostics by querying routers via ping and traceroute. However, a flaw discovered in an older version…
##CISA has updated the KEV catalogue.
- CVE-2014-3931: Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2014-3931
- CVE-2016-10033: PHPMailer Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2016-10033
- CVE-2019-5418: Rails Ruby on Rails Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-5418
- CVE-2019-9621: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9621 #CISA #cybersecurity #infosec
##Four old CVEs added to the CISA KEV Catalog today:
CVE-2014-3931
CVE-2016-10033
CVE-2019-5418
CVE-2019-9621
CVE ID: CVE-2014-3931
Vendor: Looking Glass
Product: Multi-Router Looking Glass (MRLG)
Date Added: 2025-07-07
Notes: https://mrlg.op-sec.us/ ; https://nvd.nist.gov/vuln/detail/CVE-2014-3931
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2014-3931
updated 2025-04-12T12:54:49
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-04-03T13:23:54
2 posts
38 repos
https://github.com/hakankarabacak/CVE-2025-24813
https://github.com/B1gN0Se/Tomcat-CVE-2025-24813
https://github.com/Erosion2020/CVE-2025-24813-vulhub
https://github.com/beyond-devsecops/CVE-2025-24813
https://github.com/manjula-aw/CVE-2025-24813
https://github.com/La3B0z/CVE-2025-24813-POC
https://github.com/msadeghkarimi/CVE-2025-24813-Exploit
https://github.com/MuhammadWaseem29/CVE-2025-24813
https://github.com/N0c1or/CVE-2025-24813_POC
https://github.com/GadaLuBau1337/CVE-2025-24813
https://github.com/n0n-zer0/Spring-Boot-Tomcat-CVE-2025-24813
https://github.com/Heimd411/CVE-2025-24813-noPoC
https://github.com/FY036/cve-2025-24813_poc
https://github.com/absholi7ly/POC-CVE-2025-24813
https://github.com/iSee857/CVE-2025-24813-PoC
https://github.com/AlperenY-cs/CVE-2025-24813
https://github.com/maliqto/PoC-CVE-2025-24813
https://github.com/Alaatk/CVE-2025-24813-POC
https://github.com/ps-interactive/lab-cve-2025-24813
https://github.com/charis3306/CVE-2025-24813
https://github.com/gregk4sec/CVE-2025-24813
https://github.com/Franconyu/Poc_for_CVE-2025-24813
https://github.com/horsehacks/CVE-2025-24813-checker
https://github.com/u238/Tomcat-CVE_2025_24813
https://github.com/issamjr/CVE-2025-24813-Scanner
https://github.com/Mattb709/CVE-2025-24813-Scanner
https://github.com/f8l124/CVE-2025-24813-POC
https://github.com/fatkz/CVE-2025-24813
https://github.com/GongWook/CVE-2025-24813
https://github.com/michael-david-fry/Apache-Tomcat-Vulnerability-POC-CVE-2025-24813
https://github.com/yaleman/cve-2025-24813-poc
https://github.com/Eduardo-hardvester/CVE-2025-24813
https://github.com/tonyarris/CVE-2025-24813-PoC
https://github.com/Mattb709/CVE-2025-24813-PoC-Apache-Tomcat-RCE
https://github.com/AsaL1n/CVE-2025-24813
Unit42 has a good write-up on some ITW Tomcat and Camel shenanigans exploiting CVE-2025-24813, CVE-2025-27636, and CVE-2025-29891. IOCs in the post.
But does anyone know if this is a typo by the article or if there are actual files with the .sesson extension? Seems like a good indicator to search on if it's not a typo.
As noted in our earlier analysis, exploits for CVE-2025-24813 use a name appended by
.sessonin the initial HTTP request. This.sessionfile contains the code the vulnerable host will run if an exploit is successful.
Edit: Confirmed typo per this response: https://infosec.exchange/@0xThiebaut/114789994690646411
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/
##🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟑 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥
𝐍𝐞𝐰𝐬:
1. Microsoft to Lay Off 9,000 Employees, Affecting 4% of Workforce
2. Hunters International Ransomware Shuts Down, Offers Free Decryptors to Victims
3. UK charity bank branded a 'disaster' after platform migration goes wrong
https://www.theregister.com/2025/07/03/uk_charity_bank_migration_disaster/
4. Police warn of SMS scams following prison sentence for criminal who conducted smishing campaign
5. Large Language Models (LLMs) Are Falling for Phishing Scams: What Happens When AI Gives You the Wrong URL?
https://www.netcraft.com/blog/large-language-models-are-falling-for-phishing-scams
6. Russia’s Cyber Warriors Assail NATO-Linked Private Companies
https://cepa.org/article/russias-cyber-warriors-assail-nato-linked-private-companies/
7. US probes negotiator suspected of taking crypto ransomware money
https://cointelegraph.com/news/digitalmint-employee-under-investigation-by-us-justice-department
8. Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
9. Spain arrests hackers who targeted politicians and journalists
https://policia.es/_es/comunicacion_prensa_detalle.php?ID=16602
10. A third of organisations take more than 90 days to remediate threats
---
𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:
1. Irish Eyecare software firm Ocuco investigating cyber-attack
https://thecurrency.news/articles/194653/eyecare-software-firm-ocuco-investigating-cyber-attack/
---
𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:
1. Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/
2. Snake Keyloggers Exploit Java Tools to Bypass Security – Active IOCs
3. Who are DragonForce Ransomware Group?
https://www.bridewell.com/insights/blogs/detail/who-are-dragonforce-ransomware-group
4. Silent Push Uncovers Chinese Fake Marketplace e-Commerce Phishing Campaign Using Thousands of Websites to Spoof Popular Retail Brands
5. Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open
https://www.wiz.io/blog/exposed-jdwp-exploited-in-the-wild
6. Malvertising Campaign Delivers Oyster/Broomstick Backdoor via SEO Poisoning and Trojanized Tools
7. North Korean APT Kimsuky aka Black Banshee – Active IOCs
https://rewterz.com/threat-advisory/north-korean-apt-kimsuky-aka-black-banshee-active-iocs-52
8. DarkTortilla Malware – Active IOCs
https://rewterz.com/threat-advisory/darktortilla-malware-active-iocs-2
---
𝐀𝐏𝐓 𝐈𝐎𝐂𝐬:
1. Lazarus: Source VT
yourdomainhost[.]store
api[.]yourdomainhost[.]store
2. Kimsuky: Source Validin
Accounts-mysticete[.]servepics[.]com
freedrive[.]servehttp[.]com
login-accounts[.]servehttp[.]com
myaccounts-profile[.]servehttp[.]com
mydocs[.]onthewifi[.]com
securedrive-mofa[.]servehttp[.]com
translate[.]onthewifi[.]com
undocs[.]ddns[.]net
undocs[.]myvnc[.]com
undocs[.]servehttp[.]com
---
𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐅𝐈𝐑 / 𝐌𝐚𝐥𝐰𝐚𝐫𝐞:
1. Automating macOS Incident Response: DFIR-as-Code in Action Against AppleProcessHub
2. Using Staging Folders For Threat Hunting
https://www.knowyouradversary.ru/2025/07/183-using-staging-folders-for-threat.html
3. PDFs: Portable documents, or perfect deliveries for phish?
https://blog.talosintelligence.com/pdfs-portable-documents-or-perfect-deliveries-for-phish/
4. EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)
5. Yet another ZIP trick
https://hackarcana.com/article/yet-another-zip-trick
6. Malware development trick 48: leveraging Office macros for malware. Simple VBA example.
https://cocomelonc.github.io/malware/2025/07/01/malware-tricks-48.html
7. Hijacked by a Text: Understanding and Preventing SIM Swapping Attack
https://www.bitsight.com/blog/what-is-sim-swapping
8. CrowdStrike Services Observes SCATTERED SPIDER Escalate Attacks Across Industries
9. DanaBot Lab Analysis
https://omer-secure.medium.com/danabot-lab-analysis-7dbaa179f3e4
10. ClickFix Campaign: How Clipboard Injection Leads to RAT Infection (Part 1)
11. Release Notes: Detonation Actions, Enhanced QR Extraction, and 1,400+ New Detection Rules
https://any.run/cybersecurity-blog/release-notes-june-2025/
12. Inside Android Malware Development: Building a C2 Exfiltrator from the UI to the Network
---
𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:
1. Pro-Russian hacktivism: Shifting alliances, new groups and risks
https://intel471.com/blog/pro-russian-hacktivism-shifting-alliances-new-groups-and-risks
2. Insider Risk Lessons from the DPRK IT Worker Crackdown
https://www.dtexsystems.com/blog/insider-risk-lessons-from-dprk-crackdown/
3. Calling Out Russia: France’s Shift on Public Attribution
https://warontherocks.com/2025/07/calling-out-russia-frances-shift-on-public-attribution/
4. Outsourced Trust: How Coinbase's $400M Problem Started in an Indian Call Center
https://www.reco.ai/blog/coinbase-breach
---
##updated 2025-03-25T18:38:11
2 posts
2 repos
https://github.com/akamai/CVE-2025-27636-Apache-Camel-PoC
https://github.com/enochgitgamefied/CVE-2025-27636-Practical-Lab
Unit42 has a good write-up on some ITW Tomcat and Camel shenanigans exploiting CVE-2025-24813, CVE-2025-27636, and CVE-2025-29891. IOCs in the post.
But does anyone know if this is a typo by the article or if there are actual files with the .sesson extension? Seems like a good indicator to search on if it's not a typo.
As noted in our earlier analysis, exploits for CVE-2025-24813 use a name appended by
.sessonin the initial HTTP request. This.sessionfile contains the code the vulnerable host will run if an exploit is successful.
Edit: Confirmed typo per this response: https://infosec.exchange/@0xThiebaut/114789994690646411
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/
##🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟑 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥
𝐍𝐞𝐰𝐬:
1. Microsoft to Lay Off 9,000 Employees, Affecting 4% of Workforce
2. Hunters International Ransomware Shuts Down, Offers Free Decryptors to Victims
3. UK charity bank branded a 'disaster' after platform migration goes wrong
https://www.theregister.com/2025/07/03/uk_charity_bank_migration_disaster/
4. Police warn of SMS scams following prison sentence for criminal who conducted smishing campaign
5. Large Language Models (LLMs) Are Falling for Phishing Scams: What Happens When AI Gives You the Wrong URL?
https://www.netcraft.com/blog/large-language-models-are-falling-for-phishing-scams
6. Russia’s Cyber Warriors Assail NATO-Linked Private Companies
https://cepa.org/article/russias-cyber-warriors-assail-nato-linked-private-companies/
7. US probes negotiator suspected of taking crypto ransomware money
https://cointelegraph.com/news/digitalmint-employee-under-investigation-by-us-justice-department
8. Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
9. Spain arrests hackers who targeted politicians and journalists
https://policia.es/_es/comunicacion_prensa_detalle.php?ID=16602
10. A third of organisations take more than 90 days to remediate threats
---
𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:
1. Irish Eyecare software firm Ocuco investigating cyber-attack
https://thecurrency.news/articles/194653/eyecare-software-firm-ocuco-investigating-cyber-attack/
---
𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:
1. Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/
2. Snake Keyloggers Exploit Java Tools to Bypass Security – Active IOCs
3. Who are DragonForce Ransomware Group?
https://www.bridewell.com/insights/blogs/detail/who-are-dragonforce-ransomware-group
4. Silent Push Uncovers Chinese Fake Marketplace e-Commerce Phishing Campaign Using Thousands of Websites to Spoof Popular Retail Brands
5. Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open
https://www.wiz.io/blog/exposed-jdwp-exploited-in-the-wild
6. Malvertising Campaign Delivers Oyster/Broomstick Backdoor via SEO Poisoning and Trojanized Tools
7. North Korean APT Kimsuky aka Black Banshee – Active IOCs
https://rewterz.com/threat-advisory/north-korean-apt-kimsuky-aka-black-banshee-active-iocs-52
8. DarkTortilla Malware – Active IOCs
https://rewterz.com/threat-advisory/darktortilla-malware-active-iocs-2
---
𝐀𝐏𝐓 𝐈𝐎𝐂𝐬:
1. Lazarus: Source VT
yourdomainhost[.]store
api[.]yourdomainhost[.]store
2. Kimsuky: Source Validin
Accounts-mysticete[.]servepics[.]com
freedrive[.]servehttp[.]com
login-accounts[.]servehttp[.]com
myaccounts-profile[.]servehttp[.]com
mydocs[.]onthewifi[.]com
securedrive-mofa[.]servehttp[.]com
translate[.]onthewifi[.]com
undocs[.]ddns[.]net
undocs[.]myvnc[.]com
undocs[.]servehttp[.]com
---
𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐅𝐈𝐑 / 𝐌𝐚𝐥𝐰𝐚𝐫𝐞:
1. Automating macOS Incident Response: DFIR-as-Code in Action Against AppleProcessHub
2. Using Staging Folders For Threat Hunting
https://www.knowyouradversary.ru/2025/07/183-using-staging-folders-for-threat.html
3. PDFs: Portable documents, or perfect deliveries for phish?
https://blog.talosintelligence.com/pdfs-portable-documents-or-perfect-deliveries-for-phish/
4. EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)
5. Yet another ZIP trick
https://hackarcana.com/article/yet-another-zip-trick
6. Malware development trick 48: leveraging Office macros for malware. Simple VBA example.
https://cocomelonc.github.io/malware/2025/07/01/malware-tricks-48.html
7. Hijacked by a Text: Understanding and Preventing SIM Swapping Attack
https://www.bitsight.com/blog/what-is-sim-swapping
8. CrowdStrike Services Observes SCATTERED SPIDER Escalate Attacks Across Industries
9. DanaBot Lab Analysis
https://omer-secure.medium.com/danabot-lab-analysis-7dbaa179f3e4
10. ClickFix Campaign: How Clipboard Injection Leads to RAT Infection (Part 1)
11. Release Notes: Detonation Actions, Enhanced QR Extraction, and 1,400+ New Detection Rules
https://any.run/cybersecurity-blog/release-notes-june-2025/
12. Inside Android Malware Development: Building a C2 Exfiltrator from the UI to the Network
---
𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:
1. Pro-Russian hacktivism: Shifting alliances, new groups and risks
https://intel471.com/blog/pro-russian-hacktivism-shifting-alliances-new-groups-and-risks
2. Insider Risk Lessons from the DPRK IT Worker Crackdown
https://www.dtexsystems.com/blog/insider-risk-lessons-from-dprk-crackdown/
3. Calling Out Russia: France’s Shift on Public Attribution
https://warontherocks.com/2025/07/calling-out-russia-frances-shift-on-public-attribution/
4. Outsourced Trust: How Coinbase's $400M Problem Started in an Indian Call Center
https://www.reco.ai/blog/coinbase-breach
---
##updated 2025-03-21T18:15:32.323000
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-03-20T09:30:27
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-03-19T15:44:53
2 posts
Unit42 has a good write-up on some ITW Tomcat and Camel shenanigans exploiting CVE-2025-24813, CVE-2025-27636, and CVE-2025-29891. IOCs in the post.
But does anyone know if this is a typo by the article or if there are actual files with the .sesson extension? Seems like a good indicator to search on if it's not a typo.
As noted in our earlier analysis, exploits for CVE-2025-24813 use a name appended by
.sessonin the initial HTTP request. This.sessionfile contains the code the vulnerable host will run if an exploit is successful.
Edit: Confirmed typo per this response: https://infosec.exchange/@0xThiebaut/114789994690646411
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/
##🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟑 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥
𝐍𝐞𝐰𝐬:
1. Microsoft to Lay Off 9,000 Employees, Affecting 4% of Workforce
2. Hunters International Ransomware Shuts Down, Offers Free Decryptors to Victims
3. UK charity bank branded a 'disaster' after platform migration goes wrong
https://www.theregister.com/2025/07/03/uk_charity_bank_migration_disaster/
4. Police warn of SMS scams following prison sentence for criminal who conducted smishing campaign
5. Large Language Models (LLMs) Are Falling for Phishing Scams: What Happens When AI Gives You the Wrong URL?
https://www.netcraft.com/blog/large-language-models-are-falling-for-phishing-scams
6. Russia’s Cyber Warriors Assail NATO-Linked Private Companies
https://cepa.org/article/russias-cyber-warriors-assail-nato-linked-private-companies/
7. US probes negotiator suspected of taking crypto ransomware money
https://cointelegraph.com/news/digitalmint-employee-under-investigation-by-us-justice-department
8. Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
9. Spain arrests hackers who targeted politicians and journalists
https://policia.es/_es/comunicacion_prensa_detalle.php?ID=16602
10. A third of organisations take more than 90 days to remediate threats
---
𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:
1. Irish Eyecare software firm Ocuco investigating cyber-attack
https://thecurrency.news/articles/194653/eyecare-software-firm-ocuco-investigating-cyber-attack/
---
𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:
1. Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/
2. Snake Keyloggers Exploit Java Tools to Bypass Security – Active IOCs
3. Who are DragonForce Ransomware Group?
https://www.bridewell.com/insights/blogs/detail/who-are-dragonforce-ransomware-group
4. Silent Push Uncovers Chinese Fake Marketplace e-Commerce Phishing Campaign Using Thousands of Websites to Spoof Popular Retail Brands
5. Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open
https://www.wiz.io/blog/exposed-jdwp-exploited-in-the-wild
6. Malvertising Campaign Delivers Oyster/Broomstick Backdoor via SEO Poisoning and Trojanized Tools
7. North Korean APT Kimsuky aka Black Banshee – Active IOCs
https://rewterz.com/threat-advisory/north-korean-apt-kimsuky-aka-black-banshee-active-iocs-52
8. DarkTortilla Malware – Active IOCs
https://rewterz.com/threat-advisory/darktortilla-malware-active-iocs-2
---
𝐀𝐏𝐓 𝐈𝐎𝐂𝐬:
1. Lazarus: Source VT
yourdomainhost[.]store
api[.]yourdomainhost[.]store
2. Kimsuky: Source Validin
Accounts-mysticete[.]servepics[.]com
freedrive[.]servehttp[.]com
login-accounts[.]servehttp[.]com
myaccounts-profile[.]servehttp[.]com
mydocs[.]onthewifi[.]com
securedrive-mofa[.]servehttp[.]com
translate[.]onthewifi[.]com
undocs[.]ddns[.]net
undocs[.]myvnc[.]com
undocs[.]servehttp[.]com
---
𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐅𝐈𝐑 / 𝐌𝐚𝐥𝐰𝐚𝐫𝐞:
1. Automating macOS Incident Response: DFIR-as-Code in Action Against AppleProcessHub
2. Using Staging Folders For Threat Hunting
https://www.knowyouradversary.ru/2025/07/183-using-staging-folders-for-threat.html
3. PDFs: Portable documents, or perfect deliveries for phish?
https://blog.talosintelligence.com/pdfs-portable-documents-or-perfect-deliveries-for-phish/
4. EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)
5. Yet another ZIP trick
https://hackarcana.com/article/yet-another-zip-trick
6. Malware development trick 48: leveraging Office macros for malware. Simple VBA example.
https://cocomelonc.github.io/malware/2025/07/01/malware-tricks-48.html
7. Hijacked by a Text: Understanding and Preventing SIM Swapping Attack
https://www.bitsight.com/blog/what-is-sim-swapping
8. CrowdStrike Services Observes SCATTERED SPIDER Escalate Attacks Across Industries
9. DanaBot Lab Analysis
https://omer-secure.medium.com/danabot-lab-analysis-7dbaa179f3e4
10. ClickFix Campaign: How Clipboard Injection Leads to RAT Infection (Part 1)
11. Release Notes: Detonation Actions, Enhanced QR Extraction, and 1,400+ New Detection Rules
https://any.run/cybersecurity-blog/release-notes-june-2025/
12. Inside Android Malware Development: Building a C2 Exfiltrator from the UI to the Network
---
𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:
1. Pro-Russian hacktivism: Shifting alliances, new groups and risks
https://intel471.com/blog/pro-russian-hacktivism-shifting-alliances-new-groups-and-risks
2. Insider Risk Lessons from the DPRK IT Worker Crackdown
https://www.dtexsystems.com/blog/insider-risk-lessons-from-dprk-crackdown/
3. Calling Out Russia: France’s Shift on Public Attribution
https://warontherocks.com/2025/07/calling-out-russia-frances-shift-on-public-attribution/
4. Outsourced Trust: How Coinbase's $400M Problem Started in an Indian Call Center
https://www.reco.ai/blog/coinbase-breach
---
##updated 2025-03-07T03:32:33
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-03-07T03:32:33
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-03-07T03:31:33
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-02-21T18:31:09
1 posts
5 repos
https://github.com/ishwardeepp/CVE-2025-1094-PoC-Postgre-SQLi
https://github.com/B1ack4sh/Blackash-CVE-2025-1094
https://github.com/shacojx/CVE-2025-1094-Exploit
Rank 1: CVE-2025-1094 "CitrixBleed 2"
Product: NetScaler ADC
CVSS: Critical (9.3)
A vulnerability in the input validation of NetScaler Application Delivery Controller (ADC) allows an unauthenticated remote attacker to read memory when configured as a Gateway or AAA virtual server. The memory may include sensitive information like session tokens.
Post by @GossiTheDog:
https://cyberplace.social/@GossiTheDog/114738804627230757
updated 2025-02-19T17:15:15.510000
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-02-19T15:33:13
1 posts
2 repos
https://github.com/rxerium/CVE-2025-26465
https://github.com/dolutech/patch-manual-CVE-2025-26465-e-CVE-2025-26466
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-02-07T18:32:19
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-01-31T21:32:45
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-01-31T15:31:47
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-01-23T02:00:02.310000
1 posts
10 repos
https://github.com/sysirq/fortios-auth-bypass-poc-CVE-2024-55591
https://github.com/binarywarm/exp-cmd-add-admin-vpn-CVE-2024-55591
https://github.com/watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591
https://github.com/rawtips/CVE-2024-55591
https://github.com/virus-or-not/CVE-2024-55591
https://github.com/watchtowrlabs/fortios-auth-bypass-check-CVE-2024-55591
https://github.com/exfil0/CVE-2024-55591-POC
https://github.com/UMChacker/CVE-2024-55591-POC
https://github.com/0x7556/CVE-2024-55591
https://github.com/sysirq/fortios-auth-bypass-exploit-CVE-2024-55591
🚨Alleged Sale of Mass Exploit for FortiGate targeting CVE-2024-55591
##updated 2025-01-13T15:21:41
1 posts
21 repos
https://github.com/kal1gh0st/WhatsAppHACK-RCE
https://github.com/infiniteLoopers/CVE-2019-11932
https://github.com/dorkerdevil/CVE-2019-11932
https://github.com/tucommenceapousser/CVE-2019-11932deta
https://github.com/Tabni/https-github.com-awakened1712-CVE-2019-11932
https://github.com/TulungagungCyberLink/CVE-2019-11932
https://github.com/zxn1/CVE-2019-11932
https://github.com/0759104103/cd-CVE-2019-11932
https://github.com/JasonJerry/WhatsRCE
https://github.com/primebeast/CVE-2019-11932
https://github.com/mRanonyMousTZ/CVE-2019-11932-whatsApp-exploit
https://github.com/fastmo/CVE-2019-11932
https://github.com/valbrux/CVE-2019-11932-SupportApp
https://github.com/BadAssAiras/hello
https://github.com/starling021/CVE-2019-11932-SupportApp
https://github.com/awakened1712/CVE-2019-11932
https://github.com/SmoZy92/CVE-2019-11932
https://github.com/tucommenceapousser/CVE-2019-11932
https://github.com/Err0r-ICA/WhatsPayloadRCE
https://github.com/dashtic172/https-github.com-awakened171
https://github.com/k3vinlusec/WhatsApp-Double-Free-Vulnerability_CVE-2019-11932
Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida
##updated 2025-01-06T18:32:07
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2025-01-03T12:30:31
1 posts
16 repos
https://github.com/ph0ebus/Tomcat-CVE-2024-50379-Poc
https://github.com/SleepingBag945/CVE-2024-50379
https://github.com/yiliufeng168/CVE-2024-50379-POC
https://github.com/dear-cell/CVE-2024-50379
https://github.com/gomtaengi/CVE-2024-50379-exp
https://github.com/dkstar11q/CVE-2024-50379-nuclei
https://github.com/Alchemist3dot14/CVE-2024-50379
https://github.com/pwnosec/CVE-2024-50379
https://github.com/iSee857/CVE-2024-50379-PoC
https://github.com/Yuri08loveElaina/CVE-2024-50379
https://github.com/YuoLuo/tomcat_cve_2024_50379_exploit
https://github.com/v3153/CVE-2024-50379-POC
https://github.com/JFOZ1010/Nuclei-Template-CVE-2024-50379
https://github.com/dragonked2/CVE-2024-50379-POC
@Sempf Are you specifically asking about EITW when the mitigation for CVE-2024-50379 was applied or regardless of the CVE-2024-50379 mitigation since CVE-2024-56337 was basically a bypass for the incomplete CVE-2024-50379 fix, right?
##updated 2025-01-03T12:15:26.787000
2 posts
1 repos
@Sempf Are you specifically asking about EITW when the mitigation for CVE-2024-50379 was applied or regardless of the CVE-2024-50379 mitigation since CVE-2024-56337 was basically a bypass for the incomplete CVE-2024-50379 fix, right?
##Hey vulnerability people: Any scuttlebutt on active exploitation of CVE-2024-56337? It isn't in the KEV but ... well ....
##updated 2024-12-27T18:30:32
1 posts
1 repos
Oh, goodie. Another botnet. This one is exploiting CVE-2024-3721 and CVE-2024-12856 in DVRs and routers to launch DDoS attacks.
https://www.fortinet.com/blog/threat-research/rondobox-unveiled-breaking-down-a-botnet-threat
IOCs
Hosts
45[.]135[.]194[.]34
83[.]150[.]218[.]93
14[.]103[.]145[.]202
14[.]103[.]145[.]211
154[.]91[.]254[.]95
78[.]153[.]149[.]90Files
Downloader
c88f60dbae08519f2f81bb8efa7e6016c6770e66e58d77ab6384069a515e451c
eb3e2a6a50f029fc646e2c3483157ab112f4f017406c3aabedaae0c94e0969f6
f4cd7ab04b1744babef19d147124bfc0e9e90d557408cc2d652d7192df61bda9RondoDox
e3c080e322862d065649c468d20f620c3670d841c30c3fe5385e37f4f10172e7
e62df17150fcb7fea32ff459ef47cdd452a21269efe9252bde70377fd2717c10
53e2c2d83813d1284ddb8c68b1572b17cca95cfc36a55a7517bf45ff40828be5
43d4847bf237c445ed2e846a106e1f55abefef5c3a8545bd5e4cad20f5deb9a4
4c2429fc8b8ec61da41cbba1b8184ec45fa93a9841b4ca48094bba7741b826b8
694d729d67f1b0c06702490bfab1df3a96fe040fe5d07efa5c92356c329757be
edae3b75deb8013bd48ac4534cca345b90938a2abb91672467c2bf9ae81ff683
0814a0781ab30fca069a085dba201d6fd0f414498fafa4bb42859786d91d4781
59b4deee977e9e27b60e7e179d54a1ce8e56624e73b799523416eee828bfaf76
9f916a552efc6775367a31357a633dc0be01879830d3fddccdf3c40b26e50afd
0a9ebbecc8ec58c253039520304ca373cfb8d1674d67993e6485e244a77d6ec9
6c81fd73b4bef6fef379cbefdcce7f374ea7e6bf1bf0917cf4ca7b72d4cee788
a55a3859a203ca2bae7399295f92aeae61d845ffa173c1938f938f5c148eef99
57573779f9a62eecb80737d41d42165af8bb9884579c50736766abb63d2835ba
3daa53204978b7797bd53f5c964eed7a73d971517a764785ce3ab65a9423c2e7
8bf8928bc255e73e0b5b0ce13747c64d82d5f2647da129f189138773733ac21f
20a24b179bdbbdcc0053838c0484ea25eff6976f2b8cb5630ab4efb28b0f06b5
42aa715573c7d2fca01914504cb7336db715d73d1e20d23e4bd37f2e4f4fe389
c9278ce988343606350a94156ca28ee28bd605d1d95c810a16866eee1f997598
a197f60d5f5641f2c56576b4c867d141612c6e00db29c512f266835510b8a62d
8250d289c5ec87752cec1af31eed0347cf2dd54dc0fbeea645319c4dae238ee2
d02414a54e97ad26748812002610f1491a2a746e9ba0f9d05de3d47d7bab4f5e
c123a91fdacd9a4c0bcf800d6b7db5162cfd11cb71e260647ef0f2c60978ebfc
ef708fec1afbea4fb32b586e0dacf0d228c375a532008d81453c367256afea5a
305507f34c14c72cab35715b7f7b25b32352a8e19b8a283003aaf539d12ca517
937e6ab0dfcedfa23eced7b52d3899b0847df3fcb7a9c326b71027a7ab5f5b93
cc: @Dio9sys @da_667 since this seems like the kind of thing you might want to sig / tag.
##updated 2024-12-13T15:31:42
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-12-11T06:30:25
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-11-21T09:50:26.493000
2 posts
@uecker I'm thinking cases like https://curl.se/docs/CVE-2024-6874.html etc
##@uecker I'm thinking cases like https://curl.se/docs/CVE-2024-6874.html etc
##updated 2024-11-21T06:37:10.350000
1 posts
1 repos
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-11-21T04:25:25.007000
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-11-21T04:11:28.273000
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-11-12T18:30:50
1 posts
3 repos
https://github.com/ahrixia/CVE-2024-57427
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-11-08T18:31:50
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-11-02T00:37:22
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-09-19T17:46:03.447000
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-08-31T00:31:11
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-08-04T05:03:40
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-07-12T15:31:25
1 posts
1 repos
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-04-13T12:30:30
1 posts
Oh, goodie. Another botnet. This one is exploiting CVE-2024-3721 and CVE-2024-12856 in DVRs and routers to launch DDoS attacks.
https://www.fortinet.com/blog/threat-research/rondobox-unveiled-breaking-down-a-botnet-threat
IOCs
Hosts
45[.]135[.]194[.]34
83[.]150[.]218[.]93
14[.]103[.]145[.]202
14[.]103[.]145[.]211
154[.]91[.]254[.]95
78[.]153[.]149[.]90Files
Downloader
c88f60dbae08519f2f81bb8efa7e6016c6770e66e58d77ab6384069a515e451c
eb3e2a6a50f029fc646e2c3483157ab112f4f017406c3aabedaae0c94e0969f6
f4cd7ab04b1744babef19d147124bfc0e9e90d557408cc2d652d7192df61bda9RondoDox
e3c080e322862d065649c468d20f620c3670d841c30c3fe5385e37f4f10172e7
e62df17150fcb7fea32ff459ef47cdd452a21269efe9252bde70377fd2717c10
53e2c2d83813d1284ddb8c68b1572b17cca95cfc36a55a7517bf45ff40828be5
43d4847bf237c445ed2e846a106e1f55abefef5c3a8545bd5e4cad20f5deb9a4
4c2429fc8b8ec61da41cbba1b8184ec45fa93a9841b4ca48094bba7741b826b8
694d729d67f1b0c06702490bfab1df3a96fe040fe5d07efa5c92356c329757be
edae3b75deb8013bd48ac4534cca345b90938a2abb91672467c2bf9ae81ff683
0814a0781ab30fca069a085dba201d6fd0f414498fafa4bb42859786d91d4781
59b4deee977e9e27b60e7e179d54a1ce8e56624e73b799523416eee828bfaf76
9f916a552efc6775367a31357a633dc0be01879830d3fddccdf3c40b26e50afd
0a9ebbecc8ec58c253039520304ca373cfb8d1674d67993e6485e244a77d6ec9
6c81fd73b4bef6fef379cbefdcce7f374ea7e6bf1bf0917cf4ca7b72d4cee788
a55a3859a203ca2bae7399295f92aeae61d845ffa173c1938f938f5c148eef99
57573779f9a62eecb80737d41d42165af8bb9884579c50736766abb63d2835ba
3daa53204978b7797bd53f5c964eed7a73d971517a764785ce3ab65a9423c2e7
8bf8928bc255e73e0b5b0ce13747c64d82d5f2647da129f189138773733ac21f
20a24b179bdbbdcc0053838c0484ea25eff6976f2b8cb5630ab4efb28b0f06b5
42aa715573c7d2fca01914504cb7336db715d73d1e20d23e4bd37f2e4f4fe389
c9278ce988343606350a94156ca28ee28bd605d1d95c810a16866eee1f997598
a197f60d5f5641f2c56576b4c867d141612c6e00db29c512f266835510b8a62d
8250d289c5ec87752cec1af31eed0347cf2dd54dc0fbeea645319c4dae238ee2
d02414a54e97ad26748812002610f1491a2a746e9ba0f9d05de3d47d7bab4f5e
c123a91fdacd9a4c0bcf800d6b7db5162cfd11cb71e260647ef0f2c60978ebfc
ef708fec1afbea4fb32b586e0dacf0d228c375a532008d81453c367256afea5a
305507f34c14c72cab35715b7f7b25b32352a8e19b8a283003aaf539d12ca517
937e6ab0dfcedfa23eced7b52d3899b0847df3fcb7a9c326b71027a7ab5f5b93
cc: @Dio9sys @da_667 since this seems like the kind of thing you might want to sig / tag.
##updated 2024-04-11T21:19:01
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-04-04T04:29:06
1 posts
11 repos
https://github.com/errorfiathck/MOVEit-Exploit
https://github.com/aditibv/MOVEit-CVE-2023-34362
https://github.com/Chinyemba-ck/MOVEit-CVE-2023-34362
https://github.com/sfewer-r7/CVE-2023-34362
https://github.com/kenbuckler/MOVEit-CVE-2023-34362
https://github.com/toorandom/moveit-payload-decrypt-CVE-2023-34362
https://github.com/glen-pearson/MoveIT-CVE-2023-34362-RCE
https://github.com/horizon3ai/CVE-2023-34362
https://github.com/lithuanian-g/cve-2023-34362-iocs
Okay, I spent some time going through some of my MOVEit logs and I think I see at least part of what's going on with the increase in MOVEit scans noted by @greynoise.
One thing I have noticed is a group of GCP hosts performing high volume scans against the MOVEit servers every seven days, but not against adjacent servers or other servers for the same orgs. This kind of makes it look targeted but the scans are generic kitchen sink vuln scans.
I did notice that some of these and other scanners I've seen over the past few months now have a couple requests that appear to be testing for CVE-2023-34362 mixed in to their other requests. It's like they loaded their automated scanners with updated payload lists.
There are a lot of Cloudflare and AWS IPs in the logs, as indicated by GreyNoise in their blog post. There are not a lot of unique Google IPs but I'm seeing a ton of noise from the ones I do see. But only every seven days. The servers I have logs for all block Tencent so I can't confirm the activity from their infrastructure.
I have also put my juicy eyes on every single GET and POST sent to these MOVEit Transfer servers for the past 60 days and I do not see any payloads that appear to be new or novel. That's not to say there isn't anything new going on, but I'm now comfortable with treating MOVEit servers with the same concern as before the GreyNoise blog post as I don't see any indication of impending action. There may be some WAF or rate limit or geolocation filter testing going on that's disguised as generic scans, but I have no evidence to suggest that's the case.
Caveat: I have relatively low visibility into what's going on at scale like GreyNoise does so take this with a grain of salt and if it's of interest, go confirm it yourself. This is intended to be informational, not actionable.
##updated 2024-04-04T01:17:53
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-04-04T01:11:32
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-04-04T00:24:27
6 posts
1 repos
CISA has updated the KEV catalogue.
- CVE-2014-3931: Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2014-3931
- CVE-2016-10033: PHPMailer Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2016-10033
- CVE-2019-5418: Rails Ruby on Rails Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-5418
- CVE-2019-9621: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9621 #CISA #cybersecurity #infosec
##Four old CVEs added to the CISA KEV Catalog today:
CVE-2014-3931
CVE-2016-10033
CVE-2019-5418
CVE-2019-9621
CVE ID: CVE-2019-9621
Vendor: Synacor
Product: Zimbra Collaboration Suite (ZCS)
Date Added: 2025-07-07
Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://wiki.zimbra.com/wiki/Security_Center ; https://nvd.nist.gov/vuln/detail/CVE-2019-9621
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-9621
CISA has updated the KEV catalogue.
- CVE-2014-3931: Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2014-3931
- CVE-2016-10033: PHPMailer Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2016-10033
- CVE-2019-5418: Rails Ruby on Rails Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-5418
- CVE-2019-9621: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9621 #CISA #cybersecurity #infosec
##Four old CVEs added to the CISA KEV Catalog today:
CVE-2014-3931
CVE-2016-10033
CVE-2019-5418
CVE-2019-9621
CVE ID: CVE-2019-9621
Vendor: Synacor
Product: Zimbra Collaboration Suite (ZCS)
Date Added: 2025-07-07
Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://wiki.zimbra.com/wiki/Security_Center ; https://nvd.nist.gov/vuln/detail/CVE-2019-9621
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-9621
updated 2024-02-22T05:08:16
1 posts
Other options:
Exfiltrator
Malicious Payload
CVE-2010-2772
updated 2024-02-22T05:07:56
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2024-02-14T00:35:42
1 posts
1 repos
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2023-10-30T12:30:30
1 posts
2 repos
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2023-10-30T12:30:30
1 posts
2 repos
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2023-09-18T05:03:19
1 posts
Somehow I missed this CVE when it came out in 2022.
I think it's called a Jackson-in-the-Middle attack.
Certain 5400 RPM hard drives, ... allow physically proximate attackers to cause a ... device malfunction ... via a resonant-frequency attack with the audio signal from the Rhythm Nation music video.
I like that CVE links to a YouTube video where someone tried to reproduce it.
##updated 2023-08-17T05:02:29
6 posts
12 repos
https://github.com/omarkurt/CVE-2019-5418
https://github.com/brompwnie/CVE-2019-5418-Scanner
https://github.com/W01fh4cker/Serein
https://github.com/ztgrace/CVE-2019-5418-Rails3
https://github.com/mpgn/CVE-2019-5418
https://github.com/daehyeok0618/CVE-2019-5418
https://github.com/takeokunn/CVE-2019-5418
https://github.com/Bad3r/RailroadBandit
https://github.com/NotoriousRebel/RailRoadBandit
https://github.com/mpgn/Rails-doubletap-RCE
CISA has updated the KEV catalogue.
- CVE-2014-3931: Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2014-3931
- CVE-2016-10033: PHPMailer Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2016-10033
- CVE-2019-5418: Rails Ruby on Rails Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-5418
- CVE-2019-9621: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9621 #CISA #cybersecurity #infosec
##Four old CVEs added to the CISA KEV Catalog today:
CVE-2014-3931
CVE-2016-10033
CVE-2019-5418
CVE-2019-9621
CVE ID: CVE-2019-5418
Vendor: Rails
Product: Ruby on Rails
Date Added: 2025-07-07
Notes: https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2019-5418
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-5418
CISA has updated the KEV catalogue.
- CVE-2014-3931: Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2014-3931
- CVE-2016-10033: PHPMailer Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2016-10033
- CVE-2019-5418: Rails Ruby on Rails Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-5418
- CVE-2019-9621: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9621 #CISA #cybersecurity #infosec
##Four old CVEs added to the CISA KEV Catalog today:
CVE-2014-3931
CVE-2016-10033
CVE-2019-5418
CVE-2019-9621
CVE ID: CVE-2019-5418
Vendor: Rails
Product: Ruby on Rails
Date Added: 2025-07-07
Notes: https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2019-5418
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-5418
updated 2023-02-02T05:03:20
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2023-02-01T05:08:13
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2023-02-01T05:08:12
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2023-02-01T05:07:51
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2023-01-29T05:05:39
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
##updated 2023-01-29T05:02:02
1 posts
#OT #Advisory VDE-2025-053
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
#CVE CVE-2024-12084, CVE-2024-52533, CVE-2025-0665, CVE-2024-5535, CVE-2024-38428, CVE-2024-5594, CVE-2024-6345, CVE-2025-24965, CVE-2019-13638, CVE-2018-20969, CVE-2018-6952, CVE-2024-6232, CVE-2024-25062, CVE-2024-6119, CVE-2024-12705, CVE-2024-12085, CVE-2024-8176, CVE-2018-6951, CVE-2015-7696, CVE-2025-26465, CVE-2024-5742, CVE-2024-12087, CVE-2024-10524, CVE-2024-12088, CVE-2024-12086, CVE-2019-13636, CVE-2024-50602, CVE-2024-9681, CVE-2025-26466, CVE-2024-9287, CVE-2024-12747, CVE-2022-0529, CVE-2019-20633, CVE-2024-0684, CVE-2022-0530, CVE-2018-18384, CVE-2024-9341, CVE-2023-27043, CVE-2024-12133, CVE-2020-16120, CVE-2024-10918, CVE-2023-7256, CVE-2024-8006, CVE-2024-28882, CVE-2024-9143, CVE-2015-7697, CVE-2016-9844, CVE-2024-11053, CVE-2025-0167, CVE-2019-13232, CVE-2021-4217, CVE-2025-27113
https://certvde.com/en/advisories/VDE-2025-053
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-053.json
###OT #Advisory VDE-2025-019
Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
#CVE CVE-2025-25270, CVE-2025-25268, CVE-2025-25271, CVE-2025-25269
https://certvde.com/en/advisories/VDE-2025-019
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-019.json
###OT #Advisory VDE-2025-019
Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
#CVE CVE-2025-25270, CVE-2025-25268, CVE-2025-25271, CVE-2025-25269
https://certvde.com/en/advisories/VDE-2025-019
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-019.json
###OT #Advisory VDE-2025-014
Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
#CVE CVE-2025-24003, CVE-2025-24005, CVE-2025-24006, CVE-2025-24002, CVE-2025-24004
https://certvde.com/en/advisories/VDE-2025-014
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-014.json
###OT #Advisory VDE-2025-014
Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
#CVE CVE-2025-24003, CVE-2025-24005, CVE-2025-24006, CVE-2025-24002, CVE-2025-24004
https://certvde.com/en/advisories/VDE-2025-014
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-014.json
###OT #Advisory VDE-2025-014
Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
#CVE CVE-2025-24003, CVE-2025-24005, CVE-2025-24006, CVE-2025-24002, CVE-2025-24004
https://certvde.com/en/advisories/VDE-2025-014
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-014.json
###OT #Advisory VDE-2025-014
Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
#CVE CVE-2025-24003, CVE-2025-24005, CVE-2025-24006, CVE-2025-24002, CVE-2025-24004
https://certvde.com/en/advisories/VDE-2025-014
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-014.json
##5 posts
5 repos
https://github.com/0xcan1337/CVE-2025-47812-poC
https://github.com/4m3rr0r/CVE-2025-47812-poc
https://github.com/pevinkumar10/CVE-2025-47812
What the NULL?! Wing FTP Server RCE (CVE-2025-47812) https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/
##What the NULL?! Wing FTP Server RCE (CVE-2025-47812) https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/
##Critical vulnerability in Wing FTP Server enables remote code execution, server takeover
A maximum-severity vulnerability (CVE-2025-47812) in Wing FTP Server allows unauthenticated attackers to achieve complete system compromise through NULL byte injection in the username parameter at the /loginok.html endpoint, enabling arbitrary Lua code execution with root or SYSTEM privileges.
**If you're running Wing FTP Server (any version up to 7.4.3), time to make an URGENT patch, because hackers can easily hijack the entire server. Immediately update to version 7.4.4 or isolate the server from the internet, then plan a quick patch. Patching for this issue is not optional!**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerability-in-wing-ftp-server-enables-remote-code-execution-server-takeover-l-7-n-o-7/gD2P6Ple2L
🚨CVE-2025-47812: Wing FTP Server Remote Code Execution (RCE) Exploit
Link: https://github.com/4m3rr0r/CVE-2025-47812-poc
Writeup: https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/
##RCE Security has found major vulnerabilities in the Wind FTP server.
Attackers can bypass authentication on the server's web interface just by appending a NULL byte to the username followed by any random string.
https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/
##🚨CVE-2025-48952: NetAlertX Password Bypass Vulnerability due to Loose Comparison in PHP
PoC and Advisory: https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-4p4p-vq2v-9489
Details: https://www.cvedetails.com/cve/CVE-2025-48952/
CVSS: 9.4
##🚨CVE-2025-48952: NetAlertX Password Bypass Vulnerability due to Loose Comparison in PHP
PoC and Advisory: https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-4p4p-vq2v-9489
Details: https://www.cvedetails.com/cve/CVE-2025-48952/
CVSS: 9.4
##LOL. Whoopsie.
https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-4p4p-vq2v-9489
sev:CRIT 9.4 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
##NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password comparison is performed using the
==operator at line 40 in front/index.php. This introduces a security issue where specially crafted "magic hash" values that evaluate to true in a loose comparison can bypass authentication. Because of the use of==instead of the strict===, different strings that begin with 0e and are followed by only digits can be interpreted as scientific notation (i.e., zero) and treated as equal. This issue falls under the Login Bypass vulnerability class. Users with certain "weird" passwords that produce magic hashes are particularly affected. Services relying on this logic are at risk of unauthorized access. Version 25.6.7 fixes the vulnerability.
https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-3765-5vjr-qjgm
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
##If the victim had "Write" auto-approved an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with the
php.validate.executablePathsetting which lets you set the path for the php executable for syntax validation. The attacker could have written the path to an arbitrary command there and then created a php file to trigger it.Roo Code allows Potential Remote Code Execution via .vscode/settings.json
https://github.com/RooCodeInc/Roo-Code/security/advisories/GHSA-3765-5vjr-qjgm
sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
##If the victim had "Write" auto-approved an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with the
php.validate.executablePathsetting which lets you set the path for the php executable for syntax validation. The attacker could have written the path to an arbitrary command there and then created a php file to trigger it.Roo Code allows Potential Remote Code Execution via .vscode/settings.json
AMD advisory, from yesterday. Medium severity:
CVE-2025-0038: Zynq™ UltraScale+™ SoC Overwriting Protected Memory Regions Through PMU Firmware https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8008.html #AMD #cybersecurity #infosec
##Hilarious LFI in Linkwarden.
https://github.com/linkwarden/linkwarden/security/advisories/GHSA-rfc2-x8hr-536q
sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
##Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In version 2.10.2, the server accepts links of format file:///etc/passwd and doesn't do any validation before sending them to parsers and playwright, this can result in leak of other user's links (and in some cases it might be possible to leak environment secrets). This issue has been patched in version 2.10.3 which has not been made public at time of publication.
1 posts
3 repos
https://github.com/Sq-CC/CVE-2025-48703
Remote code execution in CentOS Web Panel - CVE-2025-48703 https://fenrisk.com/rce-centos-webpanel
##2 posts
6 repos
https://github.com/assad12341/notepad-v8.8.1-LPE-CVE-
https://github.com/timsonner/CVE-2025-49144-Research
https://github.com/Vr00mm/CVE-2025-49144
https://github.com/b0ySie7e/Notepad-8.8.1_CVE-2025-49144
CVE Record: CVE-2025-49144 - Notepad++ Privilege Escalation In Installer Via Uncontrolled Executable Search Path #SuggestedRead #devopsish https://www.cve.org/CVERecord?id=CVE-2025-49144
##Go hack more MCP shit.
https://github.com/RestDB/codehooks-mcp-server/security/advisories/GHSA-fhq6-jf5q-qxvq
sev:HIGH 8.6 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io platform. Prior to version 0.2.2, the MCP server is written in a way that is vulnerable to command injection attacks as part of some of its MCP Server tools definition and implementation. This could result in a user initiated remote command injection attack on a running MCP Server. This issue has been patched in version 0.2.2.