24h | 7d | 30d

CVE-2021-26829

Overview

  • Pending
11 Jun 2021
Published
28 Nov 2025
Updated
CVSS
Pending
EPSS
48.27%
KEV

Description

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture
TechNadu @technadu

CISA has added CVE-2021-26829
(OpenPLC/ScadaBR XSS) to the Known Exploited Vulnerabilities Catalog.

XSS vulnerabilities in ICS/SCADA environments remain a dependable avenue for attackers, and CISA is urging organizations - not just federal - to prioritize remediation.

How does your team track and respond to KEV updates?

Source: cisa.gov/news-events/alerts/20

đź”” Follow TechNadu for balanced, non-sensational cybersecurity coverage.

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture
TechNadu @technadu.com
CISA has added CVE-2021-26829, an OpenPLC/ScadaBR XSS vulnerability, to the Known Exploited Vulnerabilities Catalog. XSS issues in operational technology systems continue to appear in real-world exploitation... #CyberSecurity #Infosec #VulnerabilityManagement #ThreatIntel #PatchManagement
  • 0
  • 1
  • 0
  • 9h ago

CVE-2025-6543

Overview

  • NetScaler
  • ADC
25 Jun 2025
Published
21 Oct 2025
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
2.04%
KEV

Description

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Statistics

  • 1 Post
  • 9 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture
Arie van Deursen @avandeursen

Reading up on the Citrix vulnerabilities that impacted Dutch government, especially the public prosecutor service (“het OM”), this summer.

The only good news for the Dutch from @GossiTheDog’s blog:

> NCSC Netherlands have a rather cool report out about CVE-2025–6543, where they’ve essentially done Citrix’s job for them. I recommend reading their report. It’s really good.

> NCSC Netherlands are gods amongst cyber.

doublepulsar.com/citrix-forgot

#ncsc #citrix #openbaarministerie

  • 5
  • 4
  • 0
  • 10h ago

CVE-2025-53899

Overview

  • kiteworks
  • security-advisories
29 Nov 2025
Published
29 Nov 2025
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.04%
KEV

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 20 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-53899 (HIGH): Kiteworks MFT <9.1.0 lets admins intercept comms & escalate privileges. Patch to 9.1.0 now, enforce MFA, and audit admin activity. No active exploits yet — act fast! radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 20h ago

CVE-2025-29645

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 12 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Alert for the #SUSE community. The SUSE-2025-4300-1 advisory patches a significant vulnerability (CVE-2025-29645) in curl. Read more: 👉 tinyurl.com/4b9zwcrw #Security
  • 0
  • 1
  • 1
  • 12h ago

CVE-2025-64446

Overview

  • Fortinet
  • FortiWeb
14 Nov 2025
Published
20 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.4)
EPSS
66.90%
KEV

Description

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 7 hours ago

Bluesky

Profile picture
OpsMatters @opsmatters.com
The latest update for #Detectify includes "Why traditional black box #testing is failing modern #AppSec teams" and "The researcher's desk: FortiWeb Authentication Bypass (CVE-2025-64446)". #cybersecurity #webvulnerabilities #websecurity https://opsmtrs.com/33CTOVX
  • 0
  • 1
  • 0
  • 7h ago

CVE-2025-66201

Overview

  • danny-avila
  • LibreChat
29 Nov 2025
Published
29 Nov 2025
Updated
CVSS v4.0
HIGH (8.6)
EPSS
0.08%
KEV

Description

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🔎 CVE-2025-66201: HIGH severity SSRF in LibreChat (<0.8.1-rc2)! Authenticated users can exploit OpenAPI specs to access internal endpoints—patch to 0.8.1-rc2 ASAP. Monitor access & restrict 'Actions' feature. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-59287

Overview

  • Microsoft
  • Windows Server 2019
14 Oct 2025
Published
22 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
64.04%
KEV

Description

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
đź“Ś Critical WSUS Vulnerability (CVE-2025-59287) Exploited to Deploy ShadowPad Backdoor https://www.cyberhub.blog/article/16128-critical-wsus-vulnerability-cve-2025-59287-exploited-to-deploy-shadowpad-backdoor
  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-53896

Overview

  • kiteworks
  • security-advisories
29 Nov 2025
Published
29 Nov 2025
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.01%
KEV

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ HIGH severity: Kiteworks MFT <9.1.0 (CVE-2025-53896) has insufficient session expiration (CWE-613), risking persistent unauthorized access. Patch to 9.1.0 ASAP & enforce session controls! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-7039

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • bootc
03 Sep 2025
Published
03 Sep 2025
Updated
CVSS
Pending
EPSS
0.09%
KEV

Description

A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Just published a deep dive on the recent glib2 security patch for #openSUSE (CVE-2025-7039). Read more: 👉 tinyurl.com/3zn7t32n #Security
  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-66217

Overview

  • jvde-github
  • AIS-catcher
29 Nov 2025
Published
29 Nov 2025
Updated
CVSS v4.0
HIGH (8.8)
EPSS
0.31%
KEV

Description

AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Length field. This leads to an immediate Denial of Service (DoS) and, when used as a library, severe Memory Corruption that can be leveraged for Remote Code Execution (RCE). This issue has been patched in version 0.64.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-66217 (HIGH): Heap buffer overflow in AIS-catcher <0.64 via malformed MQTT packets enables DoS or RCE. Maritime & IoT orgs—upgrade to 0.64+ ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago
Showing 1 to 10 of 21 CVEs