24h | 7d | 30d

CVE-2025-61757

Overview

  • Oracle Corporation
  • Identity Manager
21 Oct 2025
Published
22 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
60.96%
KEV

Description

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 3 Posts
Last activity: 4 hours ago

Bluesky

Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 CISA ajoute la faille RCE pré-auth d’Oracle Identity Manager (CVE-2025-61757) à la base KEV 📝 Selon The Cyber Express, la CISA a ajouté CVE-2025… https://cyberveille.ch/posts/2025-11-25-cisa-ajoute-la-faille-rce-pre-auth-doracle-identity-manager-cve-2025-61757-a-la-base-kev/ #CISA_KEV #Cyberveille
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
SmarterMSP.com @smartermsp.bsky.social
#Barracuda recommends the following actions to secure Oracle Identity Manager against CVE-2025-61757. Check out the #CybersecurityThreatAdvisory to keep your clients protected: https://bit.ly/3Kh7mPV
  • 0
  • 0
  • 0
  • 4h ago
Profile picture
OpsMatters @opsmatters.com
The latest update for #IONIX includes "CVE-2025-61757: Critical Pre-Auth RCE in Oracle Identity Manager" and "CVE-2025-9501: Identifying High-Risk #WordPress Instances Using W3 Total Cache". #cybersecurity #AttackSurfaceManagement https://opsmtrs.com/3TB5mSA
  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-13016

Overview

  • Mozilla
  • Firefox
11 Nov 2025
Published
25 Nov 2025
Updated
CVSS
Pending
EPSS
0.05%
KEV

Description

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.

Statistics

  • 2 Posts
  • 4 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture
:awesome:🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉 @nemo

A high-severity Firefox WebAssembly bug (CVE-2025-13016) silently exposed over 180M users to potential code execution for 6 months, now patched in Firefox 145/ESR 140.5. 🔐 Users are urged to update ASAP. 🔄✨ Details: cyberinsider.com/dangerous-fir #Firefox #CyberSecurity #InfoSec #Newz

#Tor & #Mullvad are immune to this, given the security slider has been moved to "Safer" 💡. with Librewolf idk 🤷

  • 3
  • 1
  • 0
  • 7h ago

Bluesky

Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 CVE-2025-13016 : dépassement de tampon dans le moteur WebAssembly de Firefox corrigé (RCE, CVSS 7.5) 📝 Source: AISLE — AISLE détail… https://cyberveille.ch/posts/2025-11-25-cve-2025-13016-depassement-de-tampon-dans-le-moteur-webassembly-de-firefox-corrige-rce-cvss-7-5/ #CVE_2025_13016 #Cyberveille
  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-13539

Overview

  • Elated Themes
  • FindAll Membership
27 Nov 2025
Published
27 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.19%
KEV

Description

The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'findall_membership_check_facebook_user' and the 'findall_membership_check_google_user' functions. This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site which can easily be created by default through the temp user functionality, and access to the administrative user's email.

Statistics

  • 2 Posts
Last activity: 9 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🔒 CRITICAL: CVE-2025-13539 in Elated Themes FindAll Membership (WP) allows auth bypass via social login checks. All versions up to 1.0.4 impacted. Disable plugin, audit users, secure admin emails. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

Bluesky

Profile picture
BaseFortify.eu @basefortify.bsky.social
🔥 CVE-2025-13539 — FindAll Membership Plugin Critical auth bypass allows admin login without a password via crafted social login data. 🔗 basefortify.eu/cve_reports/... #CVE #WordPress #AuthBypass #Infosec
  • 0
  • 0
  • 0
  • 9h ago

CVE-2025-49752

Overview

  • Microsoft
  • Azure Bastion Developer
20 Nov 2025
Published
26 Nov 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.09%
KEV

Description

Azure Bastion Elevation of Privilege Vulnerability

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture
Günter Born @gborn

Da kann dir schwindelig werden. Microsofts Azure Bastion (ein verkappter Apache Guacamole) hatte eine Schwachstelle mit einem CVE -Score von 10.0.

borncity.com/blog/2025/11/25/a

  • 2
  • 1
  • 0
  • 8h ago

CVE-2025-12686

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 5 hours ago

Bluesky

Profile picture
Synacktiv @synacktiv.com
At #Pwn2Own2025, our experts Tek & @anyfun.bsky.social remotely compromised a Synology Beestation Plus via a pre-auth exploit, leading to full system takeover. The vuln is now tracked as CVE-2025-12686 🔍 🔗 Full write-up: www.synacktiv.com/en/publicati...
  • 1
  • 2
  • 0
  • 5h ago

CVE-2021-32682

Overview

  • Studio-42
  • elFinder
14 Jun 2021
Published
03 Aug 2024
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
93.47%
KEV

Description

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture
hrbrmstr 🇺🇦 🇬🇱 🇨🇦 @hrbrmstr

This is, um, *alot* of coordinated, calculated, automation to see where "elFinder" is.

New CVE/0-Day coming?

Starting the 6-week countdown.

viz.greynoise.io/tags/elfinder

  • 1
  • 2
  • 0
  • 3h ago

CVE-2025-65202

Overview

  • Pending
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS
Pending
EPSS
0.16%
KEV

Description

TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which allows an attacker to execute arbitrary commands with root privileges.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 23 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

TRENDnet

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 23h ago

CVE-2025-12666

Overview

  • oscaruh
  • Google Drive upload and download link
27 Nov 2025
Published
27 Nov 2025
Updated
CVSS v3.1
MEDIUM (6.4)
EPSS
0.03%
KEV

Description

The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter of the 'atachfilegoogle' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Bluesky

Profile picture
BaseFortify.eu @basefortify.bsky.social
🚨 CVE-2025-12666 — Google Drive WordPress Plugin Stored XSS lets attackers inject scripts via shortcodes. Every visitor can be affected once saved. 🔗 basefortify.eu/cve_reports/... #CVE #WordPress #XSS #CyberSecurity
  • 0
  • 1
  • 0
  • 9h ago

CVE-2025-64130

Overview

  • Zenitel
  • TCIV-3+
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.11%
KEV

Description

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CRITICAL: CVE-2025-64130 in Zenitel TCIV-3+ (CVSS 9.8) enables remote reflected XSS — attackers can execute JavaScript in user browsers. No patch yet: segment, restrict, monitor! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-13540

Overview

  • Qode Interactive
  • Tiare Membership
27 Nov 2025
Published
27 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.07%
KEV

Description

The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. This is due to the 'tiare_membership_init_rest_api_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-13540 (CRITICAL): Qode Tiare Membership plugin lets unauth'd users register as admins via REST API. All versions ≤1.2 affected. No patch—disable or restrict endpoint ASAP! More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago
Showing 1 to 10 of 34 CVEs