Overview
- Avast
- Antivirus
Description
Statistics
- 1 Post
- 47 Interactions
Fediverse
Security product vulns are maddening but will also never not be funny to me.
Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection.\nThis issue affects Antivirus: from 15.7 before 3.9.2025.
Overview
Description
Statistics
- 3 Posts
- 3 Interactions
Fediverse
"A security advisory being sent out due to a woops. Noted as CVE-2025-66270, that woops could allow an attacker to entirely skip proper authentication": KDE Connect security advisory released due to possible authentication bypass https://www.gamingonlinux.com/2025/12/kde-connect-security-advisory-released-due-to-possible-authentication-bypass/
KDE Project Security Advisory
=============================
Title: KDE Connect: Impersonation of paired devices, bypassing authentication
Risk rating: Critical
CVE: CVE-2025-66270
[…]
Workaround
==========
Until you can upgrade to a non-vulnerable version, we advise you to stop KDE Connect when on
untrusted networks like those on airports or conferences and/or unpair all devices from KDE Connect.Weiterlesen: #^https://kde.org/info/security/advisory-20251128-1.txt
Description
Statistics
- 2 Posts
Bluesky
Overview
- Avast
- Antivirus
Description
Statistics
- 1 Post
- 7 Interactions
Overview
- Mattermost
- Mattermost
Description
Statistics
- 1 Post
- 4 Interactions
Fediverse
sev:CRIT account takeover in Mattermost.
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Overview
- dnnsoftware
- Dnn.Platform
Description
Statistics
- 2 Posts
- 2 Interactions
Fediverse
🚨 In this week’s Threat Alert article, CrowdSec highlights active exploitation of CVE-2025-64095, a critical DNN file upload flaw. Attackers are probing sites for defacement and XSS attacks.
Read the full analysis and protect your systems 👉 https://www.crowdsec.net/vulntracking-report/cve-2025-64095
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
⚠️ CVE-2025-13803: Medium severity flaw in MediaCrush 1.0.0/1.0.1. Improper Host header neutralization enables HTTP header injection & possible XSS. No auth/user action needed. Mitigate with header validation & WAF rules. https://radar.offseq.com/threat/cve-2025-13803-improper-neutralization-of-http-hea-0a82351b #OffSeq #infosec #vuln
Overview
- Ruijie Networks Co., Ltd.
- RG-UAC
Description
Statistics
- 1 Post
- 1 Interaction
Overview
Description
Statistics
- 1 Post
- 5 Interactions
Fediverse
Buffer overread in OpenVPN. See what happens when you enable IPv6?
https://community.openvpn.net/Security%20Announcements/CVE-2025-12106
Overview
- Avast
- Antivirus
Description
Statistics
- 1 Post
- 5 Interactions