24h | 7d | 30d

CVE-2025-48633

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 8 Posts
Last activity: Last hour

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

CISA has added two vulnerabilities to the KEV Catalog:

CVE-2025-48633: Android Framework Information Disclosure Vulnerability

CVE-2025-48572: Android Framework Privilege Escalation Vulnerability

darkwebinformer.com/cisa-kev-c

  • 0
  • 0
  • 0
  • 16h ago
Profile picture
TechNadu @technadu

CISA has added two Android Framework 0-days (CVE-2025-48572 & CVE-2025-48633) to the KEV list, confirming active exploitation.

Together, they enable privilege escalation and information disclosure, forming a potentially complete compromise path for targeted devices.

Federal agencies have a December 23 patch deadline, and wider organizations are encouraged to roll out updates and monitor for related indicators.

💬 Mobile ecosystems remain a critical attack surface - what best practices have worked for your teams?

Source: cybersecuritynews.com/android-

Follow us for ongoing vulnerability and threat intelligence updates.

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture
piggo @pigondrugs.bsky.social
~Cisa~ CISA added two actively exploited Android Framework vulnerabilities (a privilege escalation and info disclosure) to its KEV catalog. - IOCs: CVE-2025-48572, CVE-2025-48633 - #Android #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 19h ago
Profile picture
キタきつね @kitafox.bsky.social
CISAが2つの既知の脆弱性をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Dec 2) CVE-2025-48572 Android フレームワークの権限昇格の脆弱性 CVE-2025-48633 Android フレームワークの情報漏洩脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 15h ago
Profile picture
キタきつね @kitafox.bsky.social
Googleは「標的型攻撃」の対象となるAndroidの脆弱性を修正(CVE-2025-48633、CVE-2025-48572) Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572) #HelpNetSecurity (Dec 2) www.helpnetsecurity.com/2025/12/02/a...
  • 0
  • 0
  • 0
  • 15h ago
Profile picture
ohhara @shiojiri.com
CVE-2025-48572 Android Framework Privilege Escalation Vulnerability CVE-2025-48633 Android Framework Information Disclosure Vulnerability
  • 0
  • 0
  • 0
  • 10h ago
Profile picture
ohhara @shiojiri.com
CISA、Androidフレームワークの脆弱性(CVE-2025-48572、CVE-2025-48633)をKEVカタログに追加 | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/42863/
  • 0
  • 0
  • 0
  • 9h ago
Profile picture
TechNadu @technadu.com
CISA has added two Android 0-day vulnerabilities to its Known Exploited list, confirming active attacks. CVE-2025-48572 (priv-esc) and CVE-2025-48633 impact the Android Framework and can be chained for broader compromise. #Cybersecurity #ZeroDay #ThreatIntel #KEV #Infosec #SecurityPatching
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-48572

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 8 Posts
Last activity: Last hour

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

CISA has added two vulnerabilities to the KEV Catalog:

CVE-2025-48633: Android Framework Information Disclosure Vulnerability

CVE-2025-48572: Android Framework Privilege Escalation Vulnerability

darkwebinformer.com/cisa-kev-c

  • 0
  • 0
  • 0
  • 16h ago
Profile picture
TechNadu @technadu

CISA has added two Android Framework 0-days (CVE-2025-48572 & CVE-2025-48633) to the KEV list, confirming active exploitation.

Together, they enable privilege escalation and information disclosure, forming a potentially complete compromise path for targeted devices.

Federal agencies have a December 23 patch deadline, and wider organizations are encouraged to roll out updates and monitor for related indicators.

💬 Mobile ecosystems remain a critical attack surface - what best practices have worked for your teams?

Source: cybersecuritynews.com/android-

Follow us for ongoing vulnerability and threat intelligence updates.

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture
piggo @pigondrugs.bsky.social
~Cisa~ CISA added two actively exploited Android Framework vulnerabilities (a privilege escalation and info disclosure) to its KEV catalog. - IOCs: CVE-2025-48572, CVE-2025-48633 - #Android #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 19h ago
Profile picture
キタきつね @kitafox.bsky.social
CISAが2つの既知の脆弱性をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Dec 2) CVE-2025-48572 Android フレームワークの権限昇格の脆弱性 CVE-2025-48633 Android フレームワークの情報漏洩脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 15h ago
Profile picture
キタきつね @kitafox.bsky.social
Googleは「標的型攻撃」の対象となるAndroidの脆弱性を修正(CVE-2025-48633、CVE-2025-48572) Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572) #HelpNetSecurity (Dec 2) www.helpnetsecurity.com/2025/12/02/a...
  • 0
  • 0
  • 0
  • 15h ago
Profile picture
ohhara @shiojiri.com
CVE-2025-48572 Android Framework Privilege Escalation Vulnerability CVE-2025-48633 Android Framework Information Disclosure Vulnerability
  • 0
  • 0
  • 0
  • 10h ago
Profile picture
ohhara @shiojiri.com
CISA、Androidフレームワークの脆弱性(CVE-2025-48572、CVE-2025-48633)をKEVカタログに追加 | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/42863/
  • 0
  • 0
  • 0
  • 9h ago
Profile picture
TechNadu @technadu.com
CISA has added two Android 0-day vulnerabilities to its Known Exploited list, confirming active attacks. CVE-2025-48572 (priv-esc) and CVE-2025-48633 impact the Android Framework and can be chained for broader compromise. #Cybersecurity #ZeroDay #ThreatIntel #KEV #Infosec #SecurityPatching
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-13658

Overview

  • Industrial Video & Control
  • Longwatch
02 Dec 2025
Published
02 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%
KEV

Description

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.

Statistics

  • 2 Posts
  • 14 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture
Alexandre Dulaunoy @adulau

Always look at the credits in CVE records, they’re full of insightful details.

I particularly enjoyed this one. By the way, in Vulnerability Lookup we also have a nice display of the actual credits: finder, coordinator, and so on.

🔗 vulnerability.circl.lu/vuln/cv

"A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.
"

  • 7
  • 7
  • 0
  • 9h ago
Profile picture
Offensive Sequence @offseq

⚠️ CRITICAL: CVE-2025-13658 hits Industrial Video & Control Longwatch v6.309 — remote unauthenticated code execution via HTTP GET grants SYSTEM privileges. No patch yet. Segment, restrict access, monitor traffic. Full advisory: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-61729

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509
02 Dec 2025
Published
02 Dec 2025
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Statistics

  • 2 Posts
  • 42 Interactions
Last activity: 3 hours ago

Bluesky

Profile picture
Go @golang.org
🥳 Go 1.25.5 and 1.24.11 are released! 🔐 Security: Includes security fixes for crypto/x509 (CVE-2025-61729, CVE-2025-61727). 🗣 Announcement: https://groups.google.com/g/golang-announce/c/8FJoBkPddm4/m/kYpVlPw1CQAJ 📦 Download: https://go.dev/dl/#go1.25.5 #golang
  • 12
  • 30
  • 0
  • 22h ago
Profile picture
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New UNKNOWN CVE detected in AWS Lambda 🚨 CVE-2025-61729 impacts stdlib in 27 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/356 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-57850

Overview

  • Red Hat
  • Red Hat OpenShift Dev Spaces
  • devspaces/code-rhel9
02 Dec 2025
Published
02 Dec 2025
Updated
CVSS
Pending
EPSS
0.00%
KEV

Description

A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Statistics

  • 1 Post
  • 28 Interactions
Last activity: 19 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

lolwut

access.redhat.com/security/cve

This issue stems from the /etc/passwd file being created with group-writable permissions during build time.

  • 10
  • 18
  • 0
  • 19h ago

CVE-2025-13486

Overview

  • hwk-fr
  • Advanced Custom Fields: Extended
03 Dec 2025
Published
03 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.25%
KEV

Description

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the function accepting user input and then passing that through call_user_func_array(). This makes it possible for unauthenticated attackers to execute arbitrary code on the server, which can be leveraged to inject backdoors or create new administrative user accounts.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 7 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-13486: CRITICAL RCE in Advanced Custom Fields: Extended for WordPress (v0.9.0.5–0.9.1.1). Unauthenticated attackers can inject code via prepare_form(). Remove or restrict plugin ASAP—no patch yet! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 7h ago

Bluesky

Profile picture
CrowdCyber @crowdcyber.bsky.social
Critical ACF Extended Flaw (CVE-2025-13486, CVSS 9.8) Allows Unauthenticated RCE on 100K WordPress Sites
  • 0
  • 0
  • 0
  • 8h ago

CVE-2021-26829

Overview

  • Pending
11 Jun 2021
Published
02 Dec 2025
Updated
CVSS
Pending
EPSS
33.30%
KEV

Description

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.

Statistics

  • 3 Posts
Last activity: 21 hours ago

Bluesky

Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 CISA ajoute la faille XSS ScadaBR (CVE-2021-26829) au catalogue KEV, exploitation active 📝 Source: cybersecuritynews.com — CISA a mis à jour son catalo… https://cyberveille.ch/posts/2025-12-02-cisa-ajoute-la-faille-xss-scadabr-cve-2021-26829-au-catalogue-kev-exploitation-active/ #CISA #Cyberveille
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
The IT Nerd @theitnerd.ca
CISA Warns of OpenPLC ScadaBR Vulnerability After ICS Attack The CISA has warned of an flaw called the 'OpenPLC ScadaBR' flaw, tracked as CVE-2021-26829, that was recently leveraged by hackers to deface an industrial control system (ICS). Meaning that it is related to critical infrastructure. More…
  • 0
  • 0
  • 1
  • 21h ago

CVE-2025-61260

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
Last activity: 9 hours ago

Bluesky

Profile picture
AI & ML News @ai-news.at.thenote.app
Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers The Codex CLI vulnerability tracked as CVE-2025-61260 can be exploited for command execution. Telegram AI Digest #ai #news #openai
  • 0
  • 0
  • 0
  • 9h ago
Profile picture
AI и ML Новости @ai-ru.at.thenote.app
Уязвимость в кодирующем агенте OpenAI может способствовать атакам на разработчиков Уязвимость Codex CLI, отслеживаемая как CVE-2025-61260, может быть использована для выполнения команд. Telegram ИИ Дайджест #ai #news #openai
  • 0
  • 0
  • 0
  • 9h ago

CVE-2025-61727

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 42 Interactions
Last activity: 22 hours ago

Bluesky

Profile picture
Go @golang.org
🥳 Go 1.25.5 and 1.24.11 are released! 🔐 Security: Includes security fixes for crypto/x509 (CVE-2025-61729, CVE-2025-61727). 🗣 Announcement: https://groups.google.com/g/golang-announce/c/8FJoBkPddm4/m/kYpVlPw1CQAJ 📦 Download: https://go.dev/dl/#go1.25.5 #golang
  • 12
  • 30
  • 0
  • 22h ago

CVE-2025-60854

Overview

  • Pending
02 Dec 2025
Published
03 Dec 2025
Updated
CVSS
Pending
EPSS
0.18%
KEV

Description

A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 21 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

D-Link

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 1
  • 3
  • 0
  • 21h ago
Showing 1 to 10 of 21 CVEs