A high-severity Firefox WebAssembly bug (CVE-2025-13016) silently exposed over 180M users to potential code execution for 6 months, now patched in Firefox 145/ESR 140.5. 🔐 Users are urged to update ASAP. 🔄✨ Details: https://cyberinsider.com/dangerous-firefox-webassembly-bug-went-undetected-for-6-months/ #Firefox #CyberSecurity #InfoSec #Newz

#Tor & #Mullvad are immune to this, given the security slider has been moved to "Safer" 💡. with Librewolf idk 🤷

📰 CISA Warns of Critical Flaws in Industrial Control Systems, Including CVSS 10.0 Bug

🚨 CISA releases 7 ICS advisories for flaws in Rockwell, Zenitel & other OT gear. A critical CVSS 10.0 RCE vulnerability (CVE-2025-64130) affects Zenitel comms equipment. Asset owners urged to patch immediately. #ICS #OTsecurity #Vulnerability #CISA

🔗 https://cyber.netsecops.io/articles/cisa-issues-seven-advisories-for-critical-ics-vulnerabilities/?utm_source=mastodon&utm_medium=soci…

⚠️ CRITICAL: CVE-2025-64130 in Zenitel TCIV-3+ (CVSS 9.8) enables remote reflected XSS — attackers can execute JavaScript in user browsers. No patch yet: segment, restrict, monitor! https://radar.offseq.com/threat/cve-2025-64130-cwe-79-in-zenitel-tciv-3-929b32fb #OffSeq #XSS #InfoSec #Zenitel

The CVE-2025-59366 vulnerability "can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization." https://www.bleepingcomputer.com/news/security/asus-warns-of-new-critical-auth-bypass-flaw-in-aicloud-routers/

ASUS warns of new critical auth-bypass flaw in AiCloud routers
https://www.bleepingcomputer.com/news/security/asus-warns-of-new-critical-auth-bypass-flaw-in-aicloud-routers/

ASUS has issued new firmware updates to address nine security vulnerabilities, including a critical authentication bypass flaw affecting routers with the AiCloud feature enabled.

AiCloud is a remote-access service built into many ASUS routers, allowing users to stream media or access files from their personal devices as if they were cloud-hosted.

According to the company, the critical vulnerability CVE-2025-59366 stems from an “unintended side effect” of the router’s Samba functionality. This flaw may allow certain functions to be executed without proper authorization.

In its Monday advisory, ASUS urged all customers to update their router firmware to the latest version immediately to ensure protection.

🔒 CRITICAL: CVE-2025-13539 in Elated Themes FindAll Membership (WP) allows auth bypass via social login checks. All versions up to 1.0.4 impacted. Disable plugin, audit users, secure admin emails. Details: https://radar.offseq.com/threat/cve-2025-13539-cwe-288-authentication-bypass-using-44fd7030 #OffSeq #WordPress #CVE202513539 #Vuln

That's an avenue that I admit I hadn't thought to check before. Seems so simple though.

https://access.redhat.com/security/cve/CVE-2025-13601

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Da kann dir schwindelig werden. Microsofts Azure Bastion (ein verkappter Apache Guacamole) hatte eine Schwachstelle mit einem CVE -Score von 10.0.

https://www.borncity.com/blog/2025/11/25/azure-bastion-mit-schwerer-schwachstelle-cve-2025-49752/

Hey @Viss :

https://github.com/rayinaw/my-hub/blob/main/CVE-2025-63938/DISCLOSURE.md

Tinyproxy up to 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c.

TRENDnet

https://www.cve.org/CVERecord?id=CVE-2025-65202

cc: @Dio9sys @da_667

#internetOfShit