24h | 7d | 30d

CVE-2024-54085

Overview

  • AMI
  • MegaRAC-SPx
11 Mar 2025
Published
30 Jul 2025
Updated
CVSS v4.0
CRITICAL (10.0)
EPSS
21.09%
KEV

Description

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

Statistics

  • 2 Posts
Last activity: 7 hours ago

Bluesky

Profile picture
kripta.biz @kriptabiz.bsky.social
Эффективные инструменты с открытым исходным кодом для обнаружения уязвимости CVE-2024-54085 в AMI MegaRAC https://kripta.biz/posts/1AF3B47E-BBDE-4DC6-B011-B439338A768F
  • 0
  • 0
  • 0
  • 7h ago
Profile picture
qian.cx @qiancx.bsky.social
利用开源工具精准检测CVE-2024-54085漏洞,保障企业BMC安全 https://qian.cx/posts/6D3B3A6C-F282-4586-827A-84E6E674DD19
  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-59230

Overview

  • Microsoft
  • Windows 10 Version 1809
14 Oct 2025
Published
17 Oct 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
7.68%
KEV

Description

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
  • 7 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

Hackers are exploiting a 0-day vulnerability in Windows Remote Access Connection Manager in ongoing attacks.

CVE: CVE-2025-59230

gbhackers.com/hackers-exploit-

  • 6
  • 1
  • 0
  • 5h ago

CVE-2025-20352

Overview

  • Cisco
  • IOS
24 Sep 2025
Published
30 Sep 2025
Updated
CVSS v3.1
HIGH (7.7)
EPSS
0.57%
KEV

Description

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials. An authenticated, remote attacker with high privileges could execute code as the root user on an affected device that is running Cisco IOS XE Software. To execute code as the root user, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials and administrative or privilege 15 credentials on the affected device. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks. This vulnerability is due to a stack overflow condition in the SNMP subsystem of the affected software. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system. Note: This vulnerability affects all versions of SNMP.

Statistics

  • 2 Posts
Last activity: 19 hours ago

Fediverse

Profile picture
TechNadu @technadu

Threat brief: Operation ZeroDisco — Cisco SNMP zero-day exploited to deploy rootkits
Summary: CVE-2025-20352 (SNMP stack overflow) is being chained with a modified CVE-2017-3881 Telnet exploit to remotely write memory and deliver a rootkit impacting Cisco 9400/9300/3750G series. Indicators: sudden universal password containing disco, hidden running-config differences, disabled log history, unexpected UDP listeners on closed ports, unexplained VLAN bridging. No reliable automated scanner exists yet - escalate to

Cisco TAC and initiate low-level firmware/ROM inspection if suspected. Prioritize patching, isolate legacy gear, and monitor SNMP/Telnet telemetry and VLAN changes. Share detections back to the community and follow TechNadu for consolidated IOCs.

  • 0
  • 0
  • 0
  • 19h ago

Bluesky

Profile picture
TechNadu @technadu.com
🚨 ZeroDisco: Cisco devices infected via CVE-2025-20352 Threat actors exploit SNMP + old Telnet RCE to plant rootkits on 9400/9300/3750G switches. Universal password includes “disco”; attacks hide config, monitor UDP, and bridge VLANs. Patch & audit immediately. #Cisco #ZeroDisco #CVE2025 #Infosec
  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-49144

Overview

  • notepad-plus-plus
  • notepad-plus-plus
23 Jun 2025
Published
01 Jul 2025
Updated
CVSS v3.1
HIGH (7.3)
EPSS
0.01%
KEV

Description

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 15 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

🚨CVE-2025-49144: A high-severity local privilege escalation flaw in the Notepad++ installer affecting version 8.8.1 and earlier.

GitHub: github.com/TheTorjanCaptain/CV

  • 1
  • 1
  • 0
  • 15h ago

CVE-2025-62672

Overview

  • boyns
  • rplay
19 Oct 2025
Published
19 Oct 2025
Updated
CVSS v3.1
MEDIUM (5.3)
EPSS
Pending
KEV

Description

rplay through 3.3.2 allows attackers to cause a denial of service (SIGSEGV and daemon crash) or possibly have unspecified other impact. This occurs in memcpy in the RPLAY_DATA case in rplay_unpack in librplay/rplay.c, potentially reachable via packet data with no authentication.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CVE-2025-62672: HIGH severity DoS in rplay 3.3.2. Remote attackers can crash the daemon via unauthenticated, malformed RPLAY_DATA packets. Restrict access, monitor for crashes, and validate input until patch is released. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-21420

Overview

  • Microsoft
  • Windows Server 2022
11 Feb 2025
Published
12 Mar 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
28.85%
KEV

Description

Windows Disk Cleanup Tool Elevation of Privilege Vulnerability

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

🚨CVE-2025-21420: Proof of Concept for Windows Disk Cleanup Tool EoP

GitHub: github.com/moiz-2x/CVE-2025-21

  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-9890

Overview

  • mndpsingh287
  • Theme Editor
18 Oct 2025
Published
18 Oct 2025
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.06%
KEV

Description

The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on the 'theme_editor_theme' page. This makes it possible for unauthenticated attackers to achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🛡️ HIGH severity alert: CVE-2025-9890 in mndpsingh287 Theme Editor (WordPress, all versions ≤3.0) allows RCE via CSRF if admins click malicious links. Restrict admin access, use WAFs, and monitor for patches. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-3600

Overview

  • Progress Software
  • Telerik UI for ASP.NET AJAX
14 May 2025
Published
27 Aug 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.11%
KEV

Description

In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture
CrowdCyber @crowdcyber.bsky.social
More Than DoS (Progress Telerik UI for ASP.NET AJAX Unsafe Reflection CVE-2025-3600) - watchTowr Labs
  • 0
  • 0
  • 0
  • 9h ago

CVE-2024-38080

Overview

  • Microsoft
  • Windows Server 2022
09 Jul 2024
Published
14 Oct 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
18.93%
KEV

Description

Windows Hyper-V Elevation of Privilege Vulnerability

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture
UndercodeTesting @undercode.bsky.social
The Day ASPNET Core Broke: Inside Microsoft’s Highest-Severity Flaw and What It Means for Your Security Introduction: Microsoft's recent patching of a critical, maximum-severity flaw in ASP.NET Core sent shockwaves through the cybersecurity community. Designated CVE-2024-38080, this vulnerability…
  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-9242

Overview

  • WatchGuard
  • Fireware OS
17 Sep 2025
Published
17 Oct 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.38%
KEV

Description

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CRITICAL: CVE-2025-9242 in WatchGuard Fireware OS VPN lets unauthenticated attackers gain full device control via IKEv2 stack buffer overflow. Patch ASAP! Applies to versions up to 2025.1. radar.offseq.com/threat/resear

  • 0
  • 0
  • 0
  • 5h ago
Showing 1 to 10 of 19 CVEs