CVE-2021-26829

Overview

Pending

11 Jun 2021

Published

28 Nov 2025

Updated

CVSS

Pending

EPSS

48.27%

MITRE

KEV

Description

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.

Statistics

2 Posts
1 Interaction

Last activity: 16 hours ago

Fediverse

TechNadu @technadu

CISA has added CVE-2021-26829
(OpenPLC/ScadaBR XSS) to the Known Exploited Vulnerabilities Catalog.

XSS vulnerabilities in ICS/SCADA environments remain a dependable avenue for attackers, and CISA is urging organizations - not just federal - to prioritize remediation.

How does your team track and respond to KEV updates?

Source: https://www.cisa.gov/news-events/alerts/2025/11/28/cisa-adds-one-known-exploited-vulnerability-catalog

🔔 Follow TechNadu for balanced, non-sensational cybersecurity coverage.

#infosec #CISA #KEV #ICS #SCADA #OpenPLC #OTSecurity #XSS #vulnerabilitymanagement #riskmanagement #cybersecuritynews #threatintel

0
0
0
17h ago

Bluesky

TechNadu @technadu.com

CISA has added CVE-2021-26829, an OpenPLC/ScadaBR XSS vulnerability, to the Known Exploited Vulnerabilities Catalog. XSS issues in operational technology systems continue to appear in real-world exploitation... #CyberSecurity #Infosec #VulnerabilityManagement #ThreatIntel #PatchManagement

0
1
0
16h ago

CVE-2025-6543

Overview

NetScaler
ADC

25 Jun 2025

Published

21 Oct 2025

Updated

CVSS v4.0

CRITICAL (9.2)

EPSS

2.04%

MITRE

KEV

Description

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Statistics

1 Post
9 Interactions

Last activity: 17 hours ago

Fediverse

Arie van Deursen @avandeursen

Reading up on the Citrix vulnerabilities that impacted Dutch government, especially the public prosecutor service (“het OM”), this summer.

The only good news for the Dutch from @GossiTheDog’s blog:

> NCSC Netherlands have a rather cool report out about CVE-2025–6543, where they’ve essentially done Citrix’s job for them. I recommend reading their report. It’s really good.

> NCSC Netherlands are gods amongst cyber.

https://doublepulsar.com/citrix-forgot-to-tell-you-cve-2025-6543-has-been-used-as-a-zero-day-since-may-2025-d76574e2dd2c

#ncsc #citrix #openbaarministerie

5
4
0
17h ago

CVE-2025-64446

Overview

Fortinet
FortiWeb

14 Nov 2025

Published

20 Nov 2025

Updated

CVSS v3.1

CRITICAL (9.4)

EPSS

66.90%

MITRE

KEV

Description

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

Statistics

1 Post
1 Interaction

Last activity: 14 hours ago

Bluesky

OpsMatters @opsmatters.com

The latest update for #Detectify includes "Why traditional black box #testing is failing modern #AppSec teams" and "The researcher's desk: FortiWeb Authentication Bypass (CVE-2025-64446)". #cybersecurity #webvulnerabilities #websecurity https://opsmtrs.com/33CTOVX

0
1
0
14h ago

CVE-2025-29645

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

2 Posts
1 Interaction

Last activity: 20 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

Alert for the #SUSE community. The SUSE-2025-4300-1 advisory patches a significant vulnerability (CVE-2025-29645) in curl. Read more: 👉 tinyurl.com/4b9zwcrw #Security

0
1
1
20h ago

CVE-2025-12816

Overview

Digital Bazaar
node-forge

25 Nov 2025

Published

25 Nov 2025

Updated

CVSS

Pending

EPSS

0.06%

MITRE

KEV

Description

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.

Statistics

1 Post

Last activity: 6 hours ago

Fediverse

RF Wave @rfwaveio

Security researchers warn of vulnerability in the node-forge JavaScript library

Vulnerability:
CVE-2025-12816 - Improper validation

Impact: Allows unauthenticated attackers to bypass cryptographic verifications and security decisions

Recommendation: Update to version 1.3.2 ASAP

#cybersecurity #vulnerabilitymanagement #NodeForge

https://www.bleepingcomputer.com/news/security/popular-forge-library-gets-fix-for-signature-verification-bypass-flaw/

0
0
0
6h ago

CVE-2025-66027

Overview

lukevella
rallly

29 Nov 2025

Published

29 Nov 2025

Updated

CVSS v4.0

HIGH (7.1)

EPSS

0.04%

MITRE

KEV

Description

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.6, an information disclosure vulnerability exposes participant details, including names and email addresses through the /api/trpc/polls.get,polls.participants.list endpoint, even when Pro privacy features are enabled. This bypasses intended privacy controls that should prevent participants from viewing other users’ personal information. This issue has been patched in version 4.5.6.

Statistics

1 Post

Last activity: 21 hours ago

Fediverse

Offensive Sequence @offseq

CVE-2025-66027: HIGH severity info disclosure in lukevella Rallly <4.5.6. Participant names & emails exposed via API despite Pro privacy. Patch to 4.5.6 now! 🔒 https://radar.offseq.com/threat/cve-2025-66027-cwe-200-exposure-of-sensitive-infor-1a05c92c #OffSeq #Vuln #DataPrivacy #InfoSec

0
0
0
21h ago

CVE-2025-66201

Overview

danny-avila
LibreChat

29 Nov 2025

Published

29 Nov 2025

Updated

CVSS v4.0

HIGH (8.6)

EPSS

0.08%

MITRE

KEV

Description

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.

Statistics

1 Post

Last activity: 23 hours ago

Fediverse

Offensive Sequence @offseq

🔎 CVE-2025-66201: HIGH severity SSRF in LibreChat (<0.8.1-rc2)! Authenticated users can exploit OpenAPI specs to access internal endpoints—patch to 0.8.1-rc2 ASAP. Monitor access & restrict 'Actions' feature. Details: https://radar.offseq.com/threat/cve-2025-66201-cwe-20-improper-input-validation-in-a3d24953 #OffSeq #LibreChat #Vuln

0
0
0
23h ago

CVE-2025-59366

Overview

ASUS
Router

25 Nov 2025

Published

26 Nov 2025

Updated

CVSS v4.0

CRITICAL (9.2)

EPSS

0.10%

MITRE

KEV

Description

An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information.

Statistics

1 Post

Last activity: 17 hours ago

Fediverse

RF Wave @rfwaveio

Asus has released software updates to address a critical vulnerability in its AiCloud routers

Vulnerability:
CVE-2025-59366 - path traversal and OS command injection

Impact:
- Can allow a attacker to remotely execute OS commands

Recommendation: Apply patches ASAP

#cybersecurity #vulnerabilitymanagement #Asus

https://www.bleepingcomputer.com/news/security/asus-warns-of-new-critical-auth-bypass-flaw-in-aicloud-routers/

0
0
0
17h ago

CVE-2025-59287

Overview

Microsoft
Windows Server 2019

14 Oct 2025

Published

22 Nov 2025

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

64.04%

MITRE

KEV

Description

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Statistics

1 Post

Last activity: 21 hours ago

Bluesky

CyberHub @cyberhub.blog

📌 Critical WSUS Vulnerability (CVE-2025-59287) Exploited to Deploy ShadowPad Backdoor https://www.cyberhub.blog/article/16128-critical-wsus-vulnerability-cve-2025-59287-exploited-to-deploy-shadowpad-backdoor

0
0
0
21h ago

CVE-2025-66423

Overview

Tryton
trytond

30 Nov 2025

Published

30 Nov 2025

Updated

CVSS v3.1

HIGH (7.1)

EPSS

Pending

MITRE

KEV

Description

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

Statistics

1 Post

Last activity: 3 hours ago

Fediverse

Offensive Sequence @offseq

🔔 HIGH severity: CVE-2025-66423 hits Tryton trytond (6.0.0–7.5.0). Incorrect authorization on HTML editor route risks sensitive ERP data. Upgrade ASAP to 7.6.11, 7.4.21, 7.0.40, or 6.0.70. https://radar.offseq.com/threat/cve-2025-66423-cwe-863-incorrect-authorization-in--5b710efe #OffSeq #Tryton #CVE202566423 #ERP

0
0
0
3h ago