24h | 7d | 30d

CVE-2025-59287

Overview

  • Microsoft
  • Windows Server 2019
14 Oct 2025
Published
22 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
60.40%
KEV

Description

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Statistics

  • 5 Posts
  • 5 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture
TechNadu @technadu

Threat actors are actively exploiting CVE-2025-59287 in WSUS to deploy ShadowPad.

ASEC notes the attackers used PowerCat for shell access, then fetched and installed ShadowPad with certutil/curl, executing it through DLL side-loading.

How are you securing WSUS or other update infrastructure in your environment?
💬 Share your insights
⭐ Follow TechNadu for timely threat intel

  • 1
  • 2
  • 0
  • 2h ago
Profile picture
tomcat @tomcat

🚨 Hackers are using a fixed Windows bug (CVE-2025-59287) to spread ShadowPad malware through WSUS servers.

They used normal Windows tools like curl and certutil to install it — a method seen before in Chinese hacking groups.

Systems patched too late may have already been compromised.

Full story ↓ thehackernews.com/2025/11/shad

  • 0
  • 1
  • 0
  • 2h ago

Bluesky

Profile picture
Hackmanac @hackmanac.com
🚨🚨Attackers are exploiting the critical WSUS flaw CVE-2025-59287 to gain SYSTEM-level remote code execution and deploy ShadowPad, a modular backdoor linked to Chinese state-sponsored actors. Source: thehackernews.com/2025/11/shad...
  • 1
  • 0
  • 0
  • 2h ago
Profile picture
matricedigitale.bsky.social @matricedigitale.bsky.social
Analisi dell’attacco ShadowPad via CVE-2025-59287 su WSUS, con installazione tramite curl e certutil e gravi rischi per infrastrutture enterprise. #ahnlab #apt #backdoor #cina #ShadowPad #WSUS www.matricedigitale.it/2025/11/24/a...
  • 0
  • 0
  • 0
  • 2h ago
Profile picture
TechNadu @technadu.com
ShadowPad malware is being deployed via active exploitation of CVE-2025-59287 in WSUS. Attackers gain system access, use PowerCat for shells, and install ShadowPad through certutil/curl with DLL side-loading using legitimate binaries. #cybersecurity #malware #infosec #techsecurity #sysadmin
  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-41115

Overview

  • Grafana
  • Grafana Enterprise
21 Nov 2025
Published
22 Nov 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.02%
KEV

Description

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs and lead to impersonation or privilege escalation. This vulnerability applies only if all of the following conditions are met: - `enableSCIM` feature flag set to true - `user_sync_enabled` config option in the `[auth.scim]` block set to true

Statistics

  • 5 Posts
  • 3 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture
benzogaga33 :verified: @benzogaga33

Grafana : une faille dans SCIM permet d’élever ses privilèges et de devenir admin ! it-connect.fr/grafana-scim-cve #ActuCybersécurité #Cybersécurité #Vulnérabilité

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture
SSuite Office Software @ssuitesoftware.bsky.social
Grafana warns of max severity admin spoofing vulnerability 🔥🕵️‍♂️ #Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its #Enterprise product that can be exploited to treat new #users as #administrators or for privilege escalation! www.bleepingcomputer.com/news/securit...
  • 0
  • 2
  • 0
  • 3h ago
Profile picture
matricedigitale.bsky.social @matricedigitale.bsky.social
Grafana corregge CVE-2025-41115 con spoofing admin, mentre CISA segnala exploit Oracle e pubblica advisory ICS per rischio su identity e sistemi industriali. #cisa #grafana #ICS #Oracle www.matricedigitale.it/2025/11/23/g...
  • 0
  • 1
  • 0
  • 18h ago
Profile picture
Eyal Estrin ☁️ @eyalestrin.bsky.social
Grafana warns of max severity admin spoofing vulnerability (CVE-2025-41115) #patchmanagement
  • 0
  • 0
  • 0
  • 20h ago
Profile picture
fetchfeeds.com @fetchfeeds.bsky.social
Graafana Labs uuest eesmeres võti CVE-2025-41115, mis kasutades saab kasutajad loob administraatorina või teha arendusrida. #GrafanaLabs https://fefd.link/IownY
  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-61757

Overview

  • Oracle Corporation
  • Identity Manager
21 Oct 2025
Published
22 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
71.16%
KEV

Description

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 2 Posts
  • 29 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture
Kevin Beaumont @GossiTheDog

On Thursday, this blog was released about CVE-2025-61757 in Oracle Fusion Middleware - Oracle Identity Manager really

slcyber.io/research-center/bre

Within 24 hours, it was added to CISA KEV as actively exploited 🤔

  • 12
  • 17
  • 0
  • 2h ago

Bluesky

Profile picture
Information Security Briefly @infosecbriefly.bsky.social
CVE-2025-61757 in Oracle Identity Manager enables unauthenticated remote code execution and is actively exploited, requiring immediate patching.
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-7402

Overview

  • scripteo
  • Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager
24 Nov 2025
Published
24 Nov 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘site_id’ parameter in all versions up to, and including, 4.95 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 3 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CVE-2025-7402: HIGH severity SQL Injection in Ads Pro Plugin (≤4.95) for WordPress. Unauthenticated attackers can leak DB data via 'site_id'—patch unavailable. Deploy WAF & monitor activity! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

Bluesky

Profile picture
BaseFortify.eu @basefortify.bsky.social
🚨 CVE-2025-7402 — Ads Pro Plugin (WordPress) Time-based SQL injection via ‘site_id’ lets attackers extract sensitive DB data remotely. Patch ASAP to stay safe! 🔐 basefortify.eu/cve_reports/... #CVE #WordPress #SQLi #CyberSecurity #PatchNow
  • 0
  • 1
  • 0
  • 3h ago

CVE-2025-48507

Overview

  • AMD
  • Kria™ SOM
23 Nov 2025
Published
23 Nov 2025
Updated
CVSS v4.0
HIGH (8.6)
EPSS
Pending
KEV

Description

The security state of the calling processor into Arm® Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC.

Statistics

  • 2 Posts
Last activity: 3 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-48507 (HIGH): AMD Kria™ SOM flaw lets non-secure processors access secure memory & crypto ops via improper validation in TF-A. Patch ASAP, restrict access, and monitor for exploitation. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

Bluesky

Profile picture
BaseFortify.eu @basefortify.bsky.social
⚡ CVE-2025-48507 — AMD Trusted Firmware A flaw in TF-A security state handling can expose secure memory and crypto functions to non-secure processors. High-risk for SoCs. Update firmware now! 🔒🔥 basefortify.eu/cve_reports/... #CVE #AMD #Firmware #CyberSecurity
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-11001

Overview

  • 7-Zip
  • 7-Zip
19 Nov 2025
Published
21 Nov 2025
Updated
CVSS v3.0
HIGH (7.0)
EPSS
0.31%
KEV

Description

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.

Statistics

  • 1 Post
  • 6 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture
Patrick C Miller :donor: @patrickcmiller

7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild securityaffairs.com/184850/sec

  • 3
  • 3
  • 0
  • 7h ago

CVE-2025-2945

Overview

  • pgadmin.org
  • pgAdmin 4
03 Apr 2025
Published
04 Apr 2025
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
63.78%
KEV

Description

Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. This issue affects pgAdmin 4: before 9.2.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 1 hour ago

Fediverse

Profile picture
1337 Sheets @1337sheets

Pwning Fries on HTB 🍟💥
🔍 Gitea cred leaks
🚪 pgAdmin RCE (CVE-2025-2945)
🕸️ Ligolo-ng pivots
🛠️ NFS SUID abuse
From docker escapes to domain dominance. Check out the full Hard Weekly writeup! 👇
kzs.me/m9n5cr
#HackTheBox #Infosec #CTF #CyberSecurity #htb #1337sheets

  • 0
  • 1
  • 0
  • 1h ago

CVE-2025-9820

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 23 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
For the #Fedora and #Linux community: A critical patch for GnuTLS (CVE-2025-9820) is now available on Fedora 43. Read more: 👉 tinyurl.com/3wdmzexx #Security
  • 0
  • 1
  • 0
  • 23h ago

CVE-2025-49752

Overview

  • Microsoft
  • Azure Bastion Developer
20 Nov 2025
Published
22 Nov 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.10%
KEV

Description

Azure Bastion Elevation of Privilege Vulnerability

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 Azure Bastion : vulnérabilité critique CVE-2025-49752 (CVSS 10.0) d’élévation de privilèges par bypass d’authe…📝 … https://cyberveille.ch/posts/2025-11-23-azure-bastion-vulnerabilite-critique-cve-2025-49752-cvss-10-0-delevation-de-privileges-par-bypass-dauthentification/ #Azure_Bastion #Cyberveil…
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-62164

Overview

  • vllm-project
  • vllm
21 Nov 2025
Published
21 Nov 2025
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.20%
KEV

Description

vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash (denial-of-service) and potentially remote code execution (RCE), exists in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using torch.load() without sufficient validation. Due to a change introduced in PyTorch 2.8.0, sparse tensor integrity checks are disabled by default. As a result, maliciously crafted tensors can bypass internal bounds checks and trigger an out-of-bounds memory write during the call to to_dense(). This memory corruption can crash vLLM and potentially lead to code execution on the server hosting vLLM. This issue has been patched in version 0.11.1.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
📌 Critical RCE Vulnerability in vLLM (CVE-2025-62164) Exposes AI Services to Prompt Injection Attacks https://www.cyberhub.blog/article/15940-critical-rce-vulnerability-in-vllm-cve-2025-62164-exposes-ai-services-to-prompt-injection-attacks
  • 0
  • 0
  • 0
  • 2h ago
Showing 1 to 10 of 27 CVEs