CVE-2025-11756

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

2 Posts

Last activity: 18 hours ago

Fediverse

Dark Web Informer :verified_paw: @DarkWebInformer

🚨Google patches high severity vulnerability in Chrome Safe Browsing

https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_14.html?m=1

Bounty: $7,000
CVE: CVE-2025-11756
CVSS: 9.8
Published: 2025-10-13
Reported: 2025-09-25

0
0
0
21h ago

Bluesky

SecQube | Harvey | AI Platform for MS Graph @secqube.com

Chromium: CVE-2025-11756 Use after free in Safe Browsing scq.ms/47bsHl9 #cybersecurity #SecQube

0
0
0
18h ago

CVE-2025-61882

Overview

Oracle Corporation
Oracle Concurrent Processing

05 Oct 2025

Published

16 Oct 2025

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

82.14%

MITRE

KEV

Description

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

2 Posts

Last activity: 7 hours ago

Fediverse

Undercode News @undercodenews

Oracle E-Business Suite Vulnerability Opens the Door to Remote Code Execution

A New Security Alarm Rings Across the Enterprise World A serious vulnerability in Oracle E-Business Suite (EBS) has recently surfaced, raising alarms in enterprise and government cybersecurity circles. Identified as CVE-2025-61882, this flaw exposes one of the world’s most widely used business platforms to remote code execution (RCE) — a type of exploit that allows attackers to take full…

https://undercodenews.com/oracle-e-business-suite-vulnerability-opens-the-door-to-remote-code-execution/

0
0
0
19h ago

Bluesky

UndercodeTesting @undercode.bsky.social

The Oracle E-Business Suite Zero-Day: A Critical Analysis of CVE-2025-61882 Introduction: A newly disclosed zero-day vulnerability, CVE-2025-61882, is threatening Oracle E-Business Suite (EBS) deployments worldwide. With a critical CVSS score of 9.8, this flaw allows remote attackers to compromise…

0
0
0
7h ago

CVE-2025-32463

Overview

Sudo project
Sudo

30 Jun 2025

Published

29 Sep 2025

Updated

CVSS v3.1

CRITICAL (9.3)

EPSS

18.03%

MITRE

KEV

Description

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Statistics

2 Posts

Last activity: 19 hours ago

Bluesky

kripta.biz @kriptabiz.bsky.social

Уязвимость CVE-2025-32463 в sudo: Опасность привилегий и как от нее защититься https://kripta.biz/posts/55DE4A8A-A833-454C-A809-E2D013C7106B

0
0
0
19h ago

qian.cx @qiancx.bsky.social

深入解析CVE-2025-32463：Sudo特权提升漏洞全方位剖析与防护指南 https://qian.cx/posts/8F3E93DD-6054-4EA8-A6B3-4D0CC2DCD082

0
0
0
19h ago

CVE-2024-54085

Overview

AMI
MegaRAC-SPx

11 Mar 2025

Published

30 Jul 2025

Updated

CVSS v4.0

CRITICAL (10.0)

EPSS

10.64%

MITRE

KEV

Description

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

Statistics

2 Posts

Last activity: Last hour

Bluesky

kripta.biz @kriptabiz.bsky.social

Эффективные инструменты с открытым исходным кодом для обнаружения уязвимости CVE-2024-54085 в AMI MegaRAC https://kripta.biz/posts/1AF3B47E-BBDE-4DC6-B011-B439338A768F

0
0
0
Last hour

qian.cx @qiancx.bsky.social

利用开源工具精准检测CVE-2024-54085漏洞，保障企业BMC安全 https://qian.cx/posts/6D3B3A6C-F282-4586-827A-84E6E674DD19

0
0
0
Last hour

CVE-2025-61884

Overview

Oracle Corporation
Oracle Configurator

12 Oct 2025

Published

18 Oct 2025

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.06%

MITRE

KEV

Description

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Statistics

2 Posts

Last activity: 9 hours ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 Oracle corrige discrètement une faille d’E‑Business Suite (CVE‑2025‑61884) activement exploitée, PoC d…📝 … https://cyberveille.ch/posts/2025-10-14-oracle-corrige-discretement-une-faille-de-business-suite-cve-2025-61884-activement-exploitee-poc-divulgue-par-shinyhunters/ #CVE_2025_61884 #Cyberveil…

0
0
0
19h ago

SmarterMSP.com @smartermsp.bsky.social

A critical flaw (CVE-2025-61884) in Oracle Configurator could be exploited remotely with no authentication needed. Learn how to protect your systems in this #CybersecurityThreatAdvisory: https://bit.ly/42KBNUC

0
0
0
9h ago

CVE-2025-20352

Overview

Cisco
IOS

24 Sep 2025

Published

30 Sep 2025

Updated

CVSS v3.1

HIGH (7.7)

EPSS

0.57%

MITRE

KEV

Description

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials. An authenticated, remote attacker with high privileges could execute code as the root user on an affected device that is running Cisco IOS XE Software. To execute code as the root user, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials and administrative or privilege 15 credentials on the affected device. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks. This vulnerability is due to a stack overflow condition in the SNMP subsystem of the affected software. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system. Note: This vulnerability affects all versions of SNMP.

Statistics

2 Posts

Last activity: 12 hours ago

Fediverse

TechNadu @technadu

Threat brief: Operation ZeroDisco — Cisco SNMP zero-day exploited to deploy rootkits
Summary: CVE-2025-20352 (SNMP stack overflow) is being chained with a modified CVE-2017-3881 Telnet exploit to remotely write memory and deliver a rootkit impacting Cisco 9400/9300/3750G series. Indicators: sudden universal password containing disco, hidden running-config differences, disabled log history, unexpected UDP listeners on closed ports, unexplained VLAN bridging. No reliable automated scanner exists yet - escalate to

Cisco TAC and initiate low-level firmware/ROM inspection if suspected. Prioritize patching, isolate legacy gear, and monitor SNMP/Telnet telemetry and VLAN changes. Share detections back to the community and follow TechNadu for consolidated IOCs.

#CVE2025 #ZeroDisco #Cisco #Rootkit #SNMP #VLAN #IoTSecurity #ThreatIntel #PatchManagement #TechNadu

0
0
0
12h ago

Bluesky

TechNadu @technadu.com

🚨 ZeroDisco: Cisco devices infected via CVE-2025-20352 Threat actors exploit SNMP + old Telnet RCE to plant rootkits on 9400/9300/3750G switches. Universal password includes “disco”; attacks hide config, monitor UDP, and bridge VLANs. Patch & audit immediately. #Cisco #ZeroDisco #CVE2025 #Infosec

0
0
0
12h ago

CVE-2025-49144

Overview

notepad-plus-plus
notepad-plus-plus

23 Jun 2025

Published

01 Jul 2025

Updated

CVSS v3.1

HIGH (7.3)

EPSS

0.01%

MITRE

KEV

Description

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.

Statistics

1 Post
2 Interactions

Last activity: 8 hours ago

Fediverse

Dark Web Informer :verified_paw: @DarkWebInformer

🚨CVE-2025-49144: A high-severity local privilege escalation flaw in the Notepad++ installer affecting version 8.8.1 and earlier.

GitHub: https://github.com/TheTorjanCaptain/CVE-2025-49144_PoC

1
1
0
8h ago

CVE-2025-8414

Overview

silabs.com
Simplicity SDK
SiSDK

17 Oct 2025

Published

17 Oct 2025

Updated

CVSS v4.0

CRITICAL (9.4)

EPSS

0.04%

MITRE

KEV

Description

Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerability.

Statistics

1 Post

Last activity: 21 hours ago

Fediverse

Offensive Sequence @offseq

🚨 CRITICAL: CVE-2025-8414 affects Silabs Simplicity SDK Zigbee EZSP Host Apps. Buffer overflow (CWE-20) enables code execution if attacker has network key. Segment networks, monitor traffic, and protect keys! No patch yet. https://radar.offseq.com/threat/cve-2025-8414-cwe-20-improper-input-validation-in--77d2d526 #OffSeq #IoT #Zigbee #Infosec

0
0
0
21h ago

CVE-2025-56221

Overview

Pending

17 Oct 2025

Published

17 Oct 2025

Updated

CVSS

Pending

EPSS

0.06%

MITRE

KEV

Description

A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack.

Statistics

1 Post

Last activity: 17 hours ago

Fediverse

Offensive Sequence @offseq

🔒 CVE-2025-56221 | CRITICAL: SigningHub v8.6.8 is vulnerable to brute force login attacks due to absent rate limiting. No patch yet—implement MFA, WAF, and strong passwords ASAP! Details: https://radar.offseq.com/threat/cve-2025-56221-na-8241ab30 #OffSeq #Vulnerability #CyberSecurity

0
0
0
17h ago

CVE-2025-62645

Overview

Restaurant Brands International
assistant platform

17 Oct 2025

Published

18 Oct 2025

Updated

CVSS v3.1

CRITICAL (9.9)

EPSS

0.13%

MITRE

KEV

Description

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.

Statistics

1 Post

Last activity: 19 hours ago

Fediverse

Offensive Sequence @offseq

🚨 CRITICAL (CVSS 9.9): CVE-2025-62645 affects RBI assistant platform — Authenticated users can escalate privileges via GraphQL createToken. All versions vulnerable, no patch yet. Restrict access & monitor token activities! https://radar.offseq.com/threat/cve-2025-62645-cwe-266-incorrect-privilege-assignm-f73d8c8a #OffSeq #CVE202562645 #vuln

0
0
0
19h ago