24h | 7d | 30d

CVE-2025-10101

Overview

  • Avast
  • Antivirus
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v3.1
HIGH (8.1)
EPSS
Pending
KEV

Description

Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection. This issue affects Antivirus: from 15.7 before 3.9.2025.

Statistics

  • 1 Post
  • 47 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Security product vulns are maddening but will also never not be funny to me.

Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection.\nThis issue affects Antivirus: from 15.7 before 3.9.2025.

cve.org/CVERecord?id=CVE-2025-

  • 14
  • 33
  • 0
  • 9h ago

CVE-2025-66270

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 3 Posts
  • 3 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture
Christine Hall @BrideOfLinux

"A security advisory being sent out due to a woops. Noted as CVE-2025-66270, that woops could allow an attacker to entirely skip proper authentication": KDE Connect security advisory released due to possible authentication bypass gamingonlinux.com/2025/12/kde-

  • 1
  • 2
  • 1
  • 8h ago
Profile picture
Tim Schlotfeldt ⚓🏳️‍🌈 @ts-new 
KDE Project Security Advisory
=============================

Title:           KDE Connect: Impersonation of paired devices, bypassing authentication
Risk rating:     Critical
CVE:             CVE-2025-66270

[…]

Workaround
==========

Until you can upgrade to a non-vulnerable version, we advise you to stop KDE Connect when on
untrusted networks like those on airports or conferences and/or unpair all devices from KDE Connect.

Weiterlesen: #^https://kde.org/info/security/advisory-20251128-1.txt
  • 0
  • 0
  • 0
  • 9h ago

CVE-2021-26829

Overview

  • Pending
11 Jun 2021
Published
28 Nov 2025
Updated
CVSS
Pending
EPSS
52.13%
KEV

Description

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.

Statistics

  • 2 Posts
Last activity: 7 hours ago

Bluesky

Profile picture
にゅーす! @news0.bsky.social
🌟 最新のニュースまとめ 🌟 🎉 2025年12月1日の最新ニュースをまとめてみました! 🤩 まず、経済関連のニュースから。 🚀 Staywayが興能信用金庫と業務提携し、生成AIを活用した補助金支援を強化する取り組みを開始しました。 💰 これは、企業が補助金を活用して事業を拡大するのを支援するものです。 セキュリティ関連のニュースでは、米CISAがOpenPLC ScadaBRのXSS脆弱性CVE-2021-26829をKEVカタログに追加しました。 🚨 これは、システムのセキュリティを強化するための重要な取り組みです。 その他、流行語大賞やアイドルのニュース、スポーツの結果など、さまざまな
  • 0
  • 0
  • 0
  • 19h ago
Profile picture
Calimeg @calimegai.bsky.social
La #CISA ajoute la faille XSS CVE-2021-26829 dans OpenPLC ScadaBR à son catalogue KEV, face à des preuves d’exploitation active. Cette vulnérabilité touche Windows et Linux. 🔒 #CyberSecurity #IA2025 #InnovationIA https://kntn.ly/65de0e4d
  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-8351

Overview

  • Avast
  • Antivirus
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.0)
EPSS
Pending
KEV

Description

Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98.

Statistics

  • 1 Post
  • 7 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

And another one:

Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98.

cve.org/CVERecord?id=CVE-2025-

  • 1
  • 6
  • 0
  • 9h ago

CVE-2025-12421

Overview

  • Mattermost
  • Mattermost
27 Nov 2025
Published
28 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.07%
KEV

Description

Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

sev:CRIT account takeover in Mattermost.

Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).

cve.org/CVERecord?id=CVE-2025-

  • 1
  • 3
  • 0
  • 9h ago

CVE-2025-64095

Overview

  • dnnsoftware
  • Dnn.Platform
28 Oct 2025
Published
29 Oct 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
23.40%
KEV

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture
CrowdSec @CrowdSec

🚨 In this week’s Threat Alert article, CrowdSec highlights active exploitation of CVE-2025-64095, a critical DNN file upload flaw. Attackers are probing sites for defacement and XSS attacks.

Read the full analysis and protect your systems 👉 crowdsec.net/vulntracking-repo

  • 1
  • 1
  • 1
  • 13h ago

CVE-2025-13803

Overview

  • MediaCrush
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.04%
KEV

Description

A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be launched remotely.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 21 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CVE-2025-13803: Medium severity flaw in MediaCrush 1.0.0/1.0.1. Improper Host header neutralization enables HTTP header injection & possible XSS. No auth/user action needed. Mitigate with header validation & WAF rules. radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 21h ago

CVE-2023-7304

Overview

  • Ruijie Networks Co., Ltd.
  • RG-UAC
15 Oct 2025
Published
21 Nov 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
3.26%
KEV

Description

Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmc_sync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the host. Successful exploitation can yield full control of the application process and may lead to system-level access depending on the service privileges. VulnCheck has observed this vulnerability being targeted by the RondoDox botnet campaign.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture
Niels Heinen @heinen

Since a week my honeypots are seeing an increase in attacks targeting CVE-2023-7304 (Ruijie RG-UAC nmc_sync.php Command Injection)

  • 1
  • 0
  • 0
  • 9h ago

CVE-2025-12106

Overview

  • OpenVPN
  • OpenVPN
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

Statistics

  • 1 Post
  • 5 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Buffer overread in OpenVPN. See what happens when you enable IPv6?

community.openvpn.net/Security

  • 0
  • 5
  • 0
  • 9h ago

CVE-2025-3500

Overview

  • Avast
  • Antivirus
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.0)
EPSS
Pending
KEV

Description

Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.

Statistics

  • 1 Post
  • 5 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

And another one:

Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 5
  • 0
  • 8h ago
Showing 1 to 10 of 47 CVEs