24h | 7d | 30d

Overview

  • Ivanti
  • Connect Secure

03 Apr 2025
Published
03 Apr 2025
Updated

CVSS v3.1
CRITICAL (9.0)
EPSS
Pending

KEV

Description

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

Statistics

  • 4 Posts
  • 17 Interactions

Fediverse

Profile picture

Go hack some more Ivanti shit. Someone else already has been.

forums.ivanti.com/s/article/Ap

sev:CRIT 9.0 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

nvd.nist.gov/vuln/detail/CVE-2

Edit to add:

We are aware of a limited number of customers whose Ivanti Connect Secure (22.7R2.5 or earlier) and End-of-Support Pulse Connect Secure 9.1x appliances have been exploited at the time of disclosure. Pulse Connect Secure 9.1x reached End-of-Support on December 31, 2024, and no longer receive code support or changes.

  • 7
  • 9
  • 11 hours ago
Profile picture

🚹CVE-2025-22457: April Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457)

CVSS: 9.0

darkwebinformer.com/cve-2025-2

  • 0
  • 1
  • 8 hours ago
Profile picture

ah tiens, ce serait donc celle-lĂ  la mystĂ©rieuse vulnĂ©rabilitĂ© en exploitation observĂ©e par les honeypots ? 👀

⚠ VulnĂ©rabilitĂ© critique chez Ivanti Connect Secure (CVE-2025-22457)

Mandiant signale qu’une faille critique affectant certaines versions des VPN Ivanti est activement exploitĂ©e depuis mars 2025. Des acteurs liĂ©s Ă  la Chine (UNC5221) ont dĂ©ployĂ© plusieurs malwares furtifs, comme TRAILBLAZE (dropper en mĂ©moire) et BRUSHFIRE (porte dĂ©robĂ©e passive), via cette faille.

âžĄïž Un patch est dispo depuis fĂ©vrier, mais la menace a Ă©tĂ© sous-estimĂ©e au dĂ©part.
âžĄïž Si vous utilisez Ivanti ICS, mettez Ă  jour rapidement vers la version 22.7R2.6 ou ultĂ©rieure.

(Utilisez les outils d'intégrité d'Ivanti pour détecter toute activité anormale.)

"Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)"👇
cloud.google.com/blog/topics/t


  • 0
  • 0
  • 12 hours ago
Profile picture

@christopherkunz is CVE-2025-22457 from Ivanty securityonline.info/cve-2025-2 already on your list (not that they hadn't been on it already)?

  • 0
  • 0
  • 11 hours ago

Overview

  • kubernetes
  • ingress-nginx

24 Mar 2025
Published
27 Mar 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
83.74%

KEV

Description

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Statistics

  • 2 Posts
  • 3 Interactions

Fediverse

Profile picture

Discover how Kubewarden can protect you from the critical #IngressNightmare vulnerability (CVE-2025-1974): kubewarden.io/blog/2025/04/ing

  • 2
  • 1
  • 16 hours ago
Profile picture

Ingress-nginx CVE-2025-1974 - how Kubewarden can help you

kubewarden.io/blog/2025/04/ing

  • 0
  • 0
  • 13 hours ago

Overview

  • CrushFTP
  • CrushFTP

26 Mar 2025
Published
03 Apr 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
5.28%

KEV

Description

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct actions on their behalf, including administrative actions and data retrieval.

Statistics

  • 2 Posts

Fediverse

Profile picture

Enables unauthenticated access to unpatched devices!

CrushFTP CVE-2025-2825 flaw actively exploited in the wild securityaffairs.com/176097/hac

  • 0
  • 0
  • 8 hours ago
Profile picture

⚠ CrushFTP Vulnerability Highlights Why Disclosure Discipline Matters

CVE-2025-2825, a critical auth bypass (CVSS 9.8) in CrushFTP, is now being actively exploited—with over 1,500 vulnerable servers online. But worse than the bug is the chaotic public drama around disclosure:
・Initial private alerts went out March 21 with minimal detail
・VulnCheck published a PoC, assigned its own CVE
・CrushFTP’s CEO accused vendors of harming customers
・Disputes led to confusion, CVE duplication, and rapid exploit weaponization

This is a case study in how poor coordination and ego can turn a patchable flaw into a public incident.

Security leaders: keep disclosure timelines tight, consistent, and put protection ahead of pride.

👉 darkreading.com/vulnerabilitie

  • 0
  • 0
  • 2 hours ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 6
  • libsoup

03 Apr 2025
Published
03 Apr 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.

Statistics

  • 1 Post
  • 15 Interactions

Fediverse

Profile picture

There are more CVEs for libsoup but because I'm 12, here's one specifically because I like the function name.

access.redhat.com/security/cve

A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.

  • 3
  • 12
  • 12 hours ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 6
  • libsoup

03 Apr 2025
Published
03 Apr 2025
Updated

CVSS
Pending
EPSS
0.17%

KEV

Description

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

Statistics

  • 1 Post
  • 5 Interactions

Fediverse

Profile picture

No soup for you? More like too much soup for you. HAHA. Get it? Because it's... Never mind. I'll get more coffee.

gitlab.gnome.org/GNOME/libsoup

sev:HIGH 7.0 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

nvd.nist.gov/vuln/detail/CVE-2

  • 1
  • 4
  • 13 hours ago

Overview

  • Tenda
  • AC10

03 Apr 2025
Published
03 Apr 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post
  • 3 Interactions

Fediverse

Profile picture

. @Dio9sys I suppose there may be others who care about Tenda vulns so here you go.

sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

nvd.nist.gov/vuln/detail/CVE-2

  • 1
  • 2
  • 11 hours ago

Overview

  • OpenVPN
  • OpenVPN

03 Apr 2025
Published
03 Apr 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges

Statistics

  • 1 Post
  • 2 Interactions

Fediverse

Profile picture

LPE in OpenVPN-GUI on Windows.

community.openvpn.net/openvpn/

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges

nvd.nist.gov/vuln/detail/CVE-2

  • 1
  • 1
  • 11 hours ago

Overview

  • jupyterlab
  • jupyterlab-git

03 Apr 2025
Published
03 Apr 2025
Updated

CVSS v3.1
HIGH (7.4)
EPSS
Pending

KEV

Description

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(<command>). These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks "Git > Open Git Repository in Terminal" from the menu bar, then the injected command <command> is run in the user's shell without the user's permission. This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd <git-repo-path> through the shell to set the current directory. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix. This vulnerability is fixed in 0.51.1.

Statistics

  • 1 Post
  • 2 Interactions

Fediverse

Profile picture

This is kind of a fun command injection vuln in jupyterlab-git.

github.com/jupyterlab/jupyterl

sev:HIGH 7.4 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(). These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks "Git > Open Git Repository in Terminal" from the menu bar, then the injected command is run in the user's shell without the user's permission. This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd through the shell to set the current directory. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix. This vulnerability is fixed in 0.51.1.

nvd.nist.gov/vuln/detail/CVE-2

  • 1
  • 1
  • 4 hours ago

Overview

  • Apache Software Foundation
  • Apache Tomcat

10 Mar 2025
Published
02 Apr 2025
Updated

CVSS
Pending
EPSS
93.40%

Description

Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.

Statistics

  • 1 Post
  • 1 Interaction

Fediverse

Profile picture

Tracked as CVE-2025-24813.

U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog securityaffairs.com/176129/sec

  • 1
  • 0
  • 8 hours ago

Overview

  • tukaani-project
  • xz

03 Apr 2025
Published
03 Apr 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.

Statistics

  • 1 Post
  • 1 Interaction

Fediverse

Profile picture
XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115)

https://www.openwall.com/lists/oss-security/2025/04/03/1

"Our belief is that it's highly impractical to exploit on 64-bit systems
where xz was built with PIE (=> ASLR), but that on 32-bit systems,
especially without PIE, it may be doable."
  • 1
  • 0
  • 9 hours ago
Showing 1 to 10 of 32 CVEs