24h | 7d | 30d

Overview

  • Oracle Corporation
  • Identity Manager

21 Oct 2025
Published
22 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
60.96%

Description

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 3 Posts

Last activity: 4 hours ago

Bluesky

Profile picture
📢 CISA ajoute la faille RCE pré-auth d’Oracle Identity Manager (CVE-2025-61757) à la base KEV 📝 Selon The Cyber Express, la CISA a ajouté CVE-2025… https://cyberveille.ch/posts/2025-11-25-cisa-ajoute-la-faille-rce-pre-auth-doracle-identity-manager-cve-2025-61757-a-la-base-kev/ #CISA_KEV #Cyberveille
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
#Barracuda recommends the following actions to secure Oracle Identity Manager against CVE-2025-61757. Check out the #CybersecurityThreatAdvisory to keep your clients protected: https://bit.ly/3Kh7mPV
  • 0
  • 0
  • 0
  • 4h ago
Profile picture
The latest update for #IONIX includes "CVE-2025-61757: Critical Pre-Auth RCE in Oracle Identity Manager" and "CVE-2025-9501: Identifying High-Risk #WordPress Instances Using W3 Total Cache". #cybersecurity #AttackSurfaceManagement https://opsmtrs.com/3TB5mSA
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Mozilla
  • Firefox

11 Nov 2025
Published
25 Nov 2025
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.

Statistics

  • 2 Posts
  • 4 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture

A high-severity Firefox WebAssembly bug (CVE-2025-13016) silently exposed over 180M users to potential code execution for 6 months, now patched in Firefox 145/ESR 140.5. 🔐 Users are urged to update ASAP. 🔄✨ Details: cyberinsider.com/dangerous-fir #Firefox #CyberSecurity #InfoSec #Newz

#Tor & #Mullvad are immune to this, given the security slider has been moved to "Safer" 💡. with Librewolf idk 🤷

  • 3
  • 1
  • 0
  • 7h ago

Bluesky

Profile picture
📢 CVE-2025-13016 : dépassement de tampon dans le moteur WebAssembly de Firefox corrigé (RCE, CVSS 7.5) 📝 Source: AISLE — AISLE détail… https://cyberveille.ch/posts/2025-11-25-cve-2025-13016-depassement-de-tampon-dans-le-moteur-webassembly-de-firefox-corrige-rce-cvss-7-5/ #CVE_2025_13016 #Cyberveille
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Elated Themes
  • FindAll Membership

27 Nov 2025
Published
27 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.19%

KEV

Description

The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'findall_membership_check_facebook_user' and the 'findall_membership_check_google_user' functions. This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site which can easily be created by default through the temp user functionality, and access to the administrative user's email.

Statistics

  • 2 Posts

Last activity: 9 hours ago

Fediverse

Profile picture

🔒 CRITICAL: CVE-2025-13539 in Elated Themes FindAll Membership (WP) allows auth bypass via social login checks. All versions up to 1.0.4 impacted. Disable plugin, audit users, secure admin emails. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

Bluesky

Profile picture
🔥 CVE-2025-13539 — FindAll Membership Plugin Critical auth bypass allows admin login without a password via crafted social login data. 🔗 basefortify.eu/cve_reports/... #CVE #WordPress #AuthBypass #Infosec
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Microsoft
  • Azure Bastion Developer

20 Nov 2025
Published
26 Nov 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.09%

KEV

Description

Azure Bastion Elevation of Privilege Vulnerability

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 8 hours ago

Fediverse

Profile picture

Da kann dir schwindelig werden. Microsofts Azure Bastion (ein verkappter Apache Guacamole) hatte eine Schwachstelle mit einem CVE -Score von 10.0.

borncity.com/blog/2025/11/25/a

  • 2
  • 1
  • 0
  • 8h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 5 hours ago

Bluesky

Profile picture
At #Pwn2Own2025, our experts Tek & @anyfun.bsky.social remotely compromised a Synology Beestation Plus via a pre-auth exploit, leading to full system takeover. The vuln is now tracked as CVE-2025-12686 🔍 🔗 Full write-up: www.synacktiv.com/en/publicati...
  • 1
  • 2
  • 0
  • 5h ago

Overview

  • Studio-42
  • elFinder

14 Jun 2021
Published
03 Aug 2024
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
93.47%

KEV

Description

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 3 hours ago

Fediverse

Profile picture

This is, um, *alot* of coordinated, calculated, automation to see where "elFinder" is.

New CVE/0-Day coming?

Starting the 6-week countdown.

viz.greynoise.io/tags/elfinder

  • 1
  • 2
  • 0
  • 3h ago

Overview

  • Pending

26 Nov 2025
Published
26 Nov 2025
Updated

CVSS
Pending
EPSS
0.16%

KEV

Description

TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which allows an attacker to execute arbitrary commands with root privileges.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 23 hours ago

Overview

  • oscaruh
  • Google Drive upload and download link

27 Nov 2025
Published
27 Nov 2025
Updated

CVSS v3.1
MEDIUM (6.4)
EPSS
0.03%

KEV

Description

The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter of the 'atachfilegoogle' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 9 hours ago

Bluesky

Profile picture
🚨 CVE-2025-12666 — Google Drive WordPress Plugin Stored XSS lets attackers inject scripts via shortcodes. Every visitor can be affected once saved. 🔗 basefortify.eu/cve_reports/... #CVE #WordPress #XSS #CyberSecurity
  • 0
  • 1
  • 0
  • 9h ago

Overview

  • Zenitel
  • TCIV-3+

26 Nov 2025
Published
26 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.11%

KEV

Description

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture

⚠️ CRITICAL: CVE-2025-64130 in Zenitel TCIV-3+ (CVSS 9.8) enables remote reflected XSS — attackers can execute JavaScript in user browsers. No patch yet: segment, restrict, monitor! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Qode Interactive
  • Tiare Membership

27 Nov 2025
Published
27 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.07%

KEV

Description

The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. This is due to the 'tiare_membership_init_rest_api_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture

🚨 CVE-2025-13540 (CRITICAL): Qode Tiare Membership plugin lets unauth'd users register as admins via REST API. All versions ≤1.2 affected. No patch—disable or restrict endpoint ASAP! More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago
Showing 1 to 10 of 34 CVEs