24h | 7d | 30d

CVE-2025-14847

Overview

  • MongoDB Inc.
  • MongoDB Server
19 Dec 2025
Published
31 Dec 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
68.68%
KEV

Description

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.

Statistics

  • 5 Posts
  • 1 Interaction
Last activity: 4 hours ago

Bluesky

Profile picture
r/blueteamsec bot @r-blueteamsec.bsky.social
MongoBleed: Critical MongoDB Vulnerability CVE-2025-14847 - custom Nuclei template (see below) designed to deterministically and safely detect if a MongoDB server is vulnerable to CVE-2025-14847, without exfiltrating data.
  • 0
  • 1
  • 0
  • 4h ago
Profile picture
Kees - Nijkerk @keesnk.bsky.social
Lessons from Mongobleed Vulnerability (CVE-2025-14847) that Actively Exploited in the Wild: cybersecuritynews.com/mongobleed-v...
  • 0
  • 0
  • 0
  • 17h ago
Profile picture
/r/netsec @r-netsec-bot.bsky.social
Technical Analysis - MongoBleed (CVE-2025-14847): Memory Corruption in MongoDB
  • 0
  • 0
  • 1
  • 16h ago
Profile picture
OpsMatters @opsmatters.com
The latest update for #Foresiet includes "MongoBleed (CVE-2025-14847): How to Fix the Critical #MongoDB Memory Leak" and "Third-Party #RiskManagement: Best Practices and Trends". #cybersecurity #infosec https://opsmtrs.com/3J3CMGz
  • 0
  • 0
  • 0
  • 5h ago

CVE-2020-12812

Overview

  • Fortinet FortiOS
24 Jul 2020
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
51.26%
KEV

Description

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

Statistics

  • 3 Posts
  • 20 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture
knoppix @knoppix95

Over 10K Fortinet firewalls remain exposed to a five-year-old 2FA bypass (CVE-2020-12812), letting attackers skip authentication with simple username changes. 🛡️

Admins are urged to patch or adjust settings as active exploitation continues. ⚠️

🔗 bleepingcomputer.com/news/secu

#TechNews #CyberSecurity #DataBreach #Infosec #Vulnerability #ZeroDay #NetworkSecurity #ThreatIntel #Ransomware #Privacy #Security #Firewall #CISA #Fortinet #ExposedSystems #Network #Infrastructure #CVE #2FA #MFA #Hacking

  • 3
  • 3
  • 0
  • 11h ago

Bluesky

Profile picture
The Shadowserver Foundation @shadowserver.bsky.social
We added Fortinet SSL-VPN CVE-2020-12812 to our daily Vulnerable HTTP Report: www.shadowserver.org/what-we-do/n... After 5 1/2 years since being published still over 10K Fortinet firewalls remain unpatched. Actively exploited as recently highlighted by Fortinet: www.fortinet.com/blog/psirt-b...
  • 4
  • 8
  • 0
  • 22h ago
Profile picture
The Shadowserver Foundation @shadowserver.bsky.social
CVE-2020-12812 is also on CISA KEV. Dashboard World Map view: dashboard.shadowserver.org/statistics/c... Dashboard Tree Map view: dashboard.shadowserver.org/statistics/c... Original Fortinet advisory from July 2020: www.fortiguard.com/psirt/FG-IR-... #CyberCivilDefense
  • 0
  • 2
  • 0
  • 22h ago

CVE-2025-52691

Overview

  • SmarterTools
  • SmarterMail
29 Dec 2025
Published
29 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.18%
KEV

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 21 hours ago

Fediverse

Profile picture
leakix @leakix

🚨 New plugin: SmarterMailPlugin (CVE-2025-52691).

SmarterMail versions prior to Build 9413 affected by critical remote code execution vulnerability via arbitrary file upload.

Results: leakix.net/search?q=%2Bplugin%

  • 0
  • 0
  • 1
  • 21h ago

Bluesky

Profile picture
ONYPHE @onyphe.io
📣 We have added a new #vulnerability detection to our #ASM #AttackSurfaceManagement solution for #SmarterMail product: CVE-2025-52691: remote unauthenticated file upload & overwrite search.onyphe.io/search?q=cat...
  • 0
  • 1
  • 0
  • 23h ago

CVE-2025-68613

Overview

  • n8n-io
  • n8n
19 Dec 2025
Published
22 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
3.55%
KEV

Description

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 1 hour ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

CVE-2025-68613: n8n RCE Vulnerability

Exploit/PoC: github.com/wioui/n8n-CVE-2025-

n8n has a critical security flaw that lets authenticated users execute arbitrary code through its workflow expression system. When users configure workflows, the expressions they provide can sometimes be evaluated without proper isolation from the underlying runtime environment.

Credit: NexxelSecurity

YouTube: youtube.com/@NexxelSecurity

  • 0
  • 0
  • 0
  • 13h ago

Bluesky

Profile picture
BABA Toshiaki @netmarkjp.bsky.social
#ばばさん通信ダイジェスト 賛否関わらず話題になった/なりそうなものを共有しています。 NVD - CVE-2025-68613 https://nvd.nist.gov/vuln/detail/CVE-2025-68613
  • 0
  • 1
  • 0
  • 1h ago

CVE-2025-13915

Overview

  • IBM
  • API Connect
26 Dec 2025
Published
26 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.37%
KEV

Description

IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 13 hours ago

Bluesky

Profile picture
guardian360.bsky.social @guardian360.bsky.social
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system.
  • 0
  • 1
  • 0
  • 23h ago
Profile picture
CyberHub @cyberhub.blog
📌 Critical Authentication Bypass Vulnerability in IBM API Connect (CVE-2025-13915) https://www.cyberhub.blog/article/17532-critical-authentication-bypass-vulnerability-in-ibm-api-connect-cve-2025-13915
  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-68645

Overview

  • Pending
22 Dec 2025
Published
22 Dec 2025
Updated
CVSS
Pending
EPSS
8.84%
KEV

Description

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 12 hours ago

Fediverse

Profile picture
leakix @leakix

🚨 Plugin update: ZimbraPlugin (CVE-2025-68645).

Zimbra Collaboration Suite 10.0 and 10.1 affected by unauthenticated LFI vulnerability.

Results: leakix.net/search?q=%2Btags%3A

  • 0
  • 1
  • 1
  • 21h ago

Bluesky

Profile picture
今日視界 @g0rosato.bsky.social
【成功復現】Zimbra本地文件包含漏洞(CVE-2025-68645)
  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-55182

Overview

  • Meta
  • react-server-dom-webpack
03 Dec 2025
Published
11 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
47.37%
KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 2 Posts
Last activity: 17 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

RondoDox botnet exploits React2Shell flaw to breach Next.js servers
bleepingcomputer.com/news/secu

The RondoDox botnet has been observed exploiting the critical React2Shell flaw
(CVE-2025-55182) to infect vulnerable Next.js servers with malware and
cryptominers.

First documented by Fortinet in July 2025, RondoDox is a large-scale botnet
that targets multiple n-day flaws in global attacks. In November, VulnCheck
spotted new RondoDox variants that featured exploits for CVE-2025-24893, a
critical remote code execution (RCE) vulnerability in the XWiki Platform.

A new report from cybersecurity company CloudSEK notes that RondoDox started
scanning for vulnerable Next.js servers on December 8 and began deploying
botnet clients three days later.

  • 0
  • 0
  • 0
  • 20h ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
📌 RondoDox Botnet Exploits Critical React2Shell Vulnerability (CVE-2025-55182) to Spread Malware and Cryptominers https://www.cyberhub.blog/article/17526-rondodox-botnet-exploits-critical-react2shell-vulnerability-cve-2025-55182-to-spread-malware-and-cryptominers
  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-59374

Overview

  • ASUS
  • live update
17 Dec 2025
Published
18 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
35.96%
KEV

Description

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 17 hours ago

Bluesky

Profile picture
BolhaSec @bolhasec.com
Notícia da BleepingComputer "Not all CISA-linked alerts are urgent: ASUS Live Update CVE-2025-59374" #bolhasec
  • 1
  • 0
  • 0
  • 17h ago

CVE-2025-26529

Overview

  • Moodle Project
  • moodle
24 Feb 2025
Published
24 Feb 2025
Updated
CVSS v3.1
HIGH (8.3)
EPSS
0.12%
KEV

Description

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

🚨CVE-2025-26529: Moodle XSS to RCE Exploit

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

Credit: QXN0cm8
YouTube: youtube.com/@A5troRo0t

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-69414

Overview

  • Plex
  • Media Server
02 Jan 2026
Published
02 Jan 2026
Updated
CVSS v3.1
HIGH (8.5)
EPSS
Pending
KEV

Description

Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-69414 - High (8.5)

Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 16h ago
Showing 1 to 10 of 21 CVEs