24h | 7d | 30d

Overview

  • Pending

11 Jun 2021
Published
28 Nov 2025
Updated

CVSS
Pending
EPSS
48.27%

Description

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 9 hours ago

Fediverse

Profile picture

CISA has added CVE-2021-26829
(OpenPLC/ScadaBR XSS) to the Known Exploited Vulnerabilities Catalog.

XSS vulnerabilities in ICS/SCADA environments remain a dependable avenue for attackers, and CISA is urging organizations - not just federal - to prioritize remediation.

How does your team track and respond to KEV updates?

Source: cisa.gov/news-events/alerts/20

đź”” Follow TechNadu for balanced, non-sensational cybersecurity coverage.

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture
CISA has added CVE-2021-26829, an OpenPLC/ScadaBR XSS vulnerability, to the Known Exploited Vulnerabilities Catalog. XSS issues in operational technology systems continue to appear in real-world exploitation... #CyberSecurity #Infosec #VulnerabilityManagement #ThreatIntel #PatchManagement
  • 0
  • 1
  • 0
  • 9h ago

Overview

  • NetScaler
  • ADC

25 Jun 2025
Published
21 Oct 2025
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
2.04%

Description

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Statistics

  • 1 Post
  • 9 Interactions

Last activity: 10 hours ago

Fediverse

Profile picture

Reading up on the Citrix vulnerabilities that impacted Dutch government, especially the public prosecutor service (“het OM”), this summer.

The only good news for the Dutch from @GossiTheDog’s blog:

> NCSC Netherlands have a rather cool report out about CVE-2025–6543, where they’ve essentially done Citrix’s job for them. I recommend reading their report. It’s really good.

> NCSC Netherlands are gods amongst cyber.

doublepulsar.com/citrix-forgot

#ncsc #citrix #openbaarministerie

  • 5
  • 4
  • 0
  • 10h ago

Overview

  • kiteworks
  • security-advisories

29 Nov 2025
Published
29 Nov 2025
Updated

CVSS v3.1
HIGH (7.2)
EPSS
0.04%

KEV

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 20 hours ago

Fediverse

Profile picture

🚨 CVE-2025-53899 (HIGH): Kiteworks MFT <9.1.0 lets admins intercept comms & escalate privileges. Patch to 9.1.0 now, enforce MFA, and audit admin activity. No active exploits yet — act fast! radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 20h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 12 hours ago

Bluesky

Profile picture
Alert for the #SUSE community. The SUSE-2025-4300-1 advisory patches a significant vulnerability (CVE-2025-29645) in curl. Read more: 👉 tinyurl.com/4b9zwcrw #Security
  • 0
  • 1
  • 1
  • 12h ago

Overview

  • Fortinet
  • FortiWeb

14 Nov 2025
Published
20 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.4)
EPSS
66.90%

Description

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 7 hours ago

Bluesky

Profile picture
The latest update for #Detectify includes "Why traditional black box #testing is failing modern #AppSec teams" and "The researcher's desk: FortiWeb Authentication Bypass (CVE-2025-64446)". #cybersecurity #webvulnerabilities #websecurity https://opsmtrs.com/33CTOVX
  • 0
  • 1
  • 0
  • 7h ago

Overview

  • danny-avila
  • LibreChat

29 Nov 2025
Published
29 Nov 2025
Updated

CVSS v4.0
HIGH (8.6)
EPSS
0.08%

KEV

Description

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.

Statistics

  • 1 Post

Last activity: 16 hours ago

Fediverse

Profile picture

🔎 CVE-2025-66201: HIGH severity SSRF in LibreChat (<0.8.1-rc2)! Authenticated users can exploit OpenAPI specs to access internal endpoints—patch to 0.8.1-rc2 ASAP. Monitor access & restrict 'Actions' feature. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Microsoft
  • Windows Server 2019

14 Oct 2025
Published
22 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
64.04%

Description

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture
📌 Critical WSUS Vulnerability (CVE-2025-59287) Exploited to Deploy ShadowPad Backdoor https://www.cyberhub.blog/article/16128-critical-wsus-vulnerability-cve-2025-59287-exploited-to-deploy-shadowpad-backdoor
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • kiteworks
  • security-advisories

29 Nov 2025
Published
29 Nov 2025
Updated

CVSS v3.1
HIGH (7.1)
EPSS
0.01%

KEV

Description

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture

⚠️ HIGH severity: Kiteworks MFT <9.1.0 (CVE-2025-53896) has insufficient session expiration (CWE-613), risking persistent unauthorized access. Patch to 9.1.0 ASAP & enforce session controls! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • bootc

03 Sep 2025
Published
03 Sep 2025
Updated

CVSS
Pending
EPSS
0.09%

KEV

Description

A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture
Just published a deep dive on the recent glib2 security patch for #openSUSE (CVE-2025-7039). Read more: 👉 tinyurl.com/3zn7t32n #Security
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • jvde-github
  • AIS-catcher

29 Nov 2025
Published
29 Nov 2025
Updated

CVSS v4.0
HIGH (8.8)
EPSS
0.31%

KEV

Description

AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Length field. This leads to an immediate Denial of Service (DoS) and, when used as a library, severe Memory Corruption that can be leveraged for Remote Code Execution (RCE). This issue has been patched in version 0.64.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture

🚨 CVE-2025-66217 (HIGH): Heap buffer overflow in AIS-catcher <0.64 via malformed MQTT packets enables DoS or RCE. Maritime & IoT orgs—upgrade to 0.64+ ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago
Showing 1 to 10 of 21 CVEs