24h | 7d | 30d

Overview

  • Mozilla
  • Firefox

11 Nov 2025
Published
25 Nov 2025
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.

Statistics

  • 2 Posts
  • 3 Interactions

Last activity: Last hour

Fediverse

Profile picture

A high-severity Firefox WebAssembly bug (CVE-2025-13016) silently exposed over 180M users to potential code execution for 6 months, now patched in Firefox 145/ESR 140.5. 🔐 Users are urged to update ASAP. 🔄✨ Details: cyberinsider.com/dangerous-fir #Firefox #CyberSecurity #InfoSec #Newz

#Tor & #Mullvad are immune to this, given the security slider has been moved to "Safer" 💡. with Librewolf idk 🤷

  • 2
  • 1
  • 0
  • Last hour

Bluesky

Profile picture
📢 CVE-2025-13016 : dépassement de tampon dans le moteur WebAssembly de Firefox corrigé (RCE, CVSS 7.5) 📝 Source: AISLE — AISLE détail… https://cyberveille.ch/posts/2025-11-25-cve-2025-13016-depassement-de-tampon-dans-le-moteur-webassembly-de-firefox-corrige-rce-cvss-7-5/ #CVE_2025_13016 #Cyberveille
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Zenitel
  • TCIV-3+

26 Nov 2025
Published
26 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser.

Statistics

  • 2 Posts

Last activity: 12 hours ago

Fediverse

Profile picture

📰 CISA Warns of Critical Flaws in Industrial Control Systems, Including CVSS 10.0 Bug

🚨 CISA releases 7 ICS advisories for flaws in Rockwell, Zenitel & other OT gear. A critical CVSS 10.0 RCE vulnerability (CVE-2025-64130) affects Zenitel comms equipment. Asset owners urged to patch immediately. #ICS #OTsecurity #Vulnerability #CISA

🔗 cyber.netsecops.io/articles/ci

  • 0
  • 0
  • 0
  • 20h ago
Profile picture

⚠️ CRITICAL: CVE-2025-64130 in Zenitel TCIV-3+ (CVSS 9.8) enables remote reflected XSS — attackers can execute JavaScript in user browsers. No patch yet: segment, restrict, monitor! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • ASUS
  • Router

25 Nov 2025
Published
26 Nov 2025
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.10%

KEV

Description

An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information.

Statistics

  • 3 Posts

Last activity: Last hour

Fediverse

Profile picture

The CVE-2025-59366 vulnerability "can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization." bleepingcomputer.com/news/secu

  • 0
  • 0
  • 1
  • 23h ago
Profile picture

ASUS warns of new critical auth-bypass flaw in AiCloud routers
bleepingcomputer.com/news/secu

ASUS has issued new firmware updates to address nine security vulnerabilities, including a critical authentication bypass flaw affecting routers with the AiCloud feature enabled.

AiCloud is a remote-access service built into many ASUS routers, allowing users to stream media or access files from their personal devices as if they were cloud-hosted.

According to the company, the critical vulnerability CVE-2025-59366 stems from an “unintended side effect” of the router’s Samba functionality. This flaw may allow certain functions to be executed without proper authorization.

In its Monday advisory, ASUS urged all customers to update their router firmware to the latest version immediately to ensure protection.

  • 0
  • 0
  • 0
  • Last hour

Overview

  • Elated Themes
  • FindAll Membership

27 Nov 2025
Published
27 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'findall_membership_check_facebook_user' and the 'findall_membership_check_google_user' functions. This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site which can easily be created by default through the temp user functionality, and access to the administrative user's email.

Statistics

  • 2 Posts

Last activity: 3 hours ago

Fediverse

Profile picture

🔒 CRITICAL: CVE-2025-13539 in Elated Themes FindAll Membership (WP) allows auth bypass via social login checks. All versions up to 1.0.4 impacted. Disable plugin, audit users, secure admin emails. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

Bluesky

Profile picture
🔥 CVE-2025-13539 — FindAll Membership Plugin Critical auth bypass allows admin login without a password via crafted social login data. 🔗 basefortify.eu/cve_reports/... #CVE #WordPress #AuthBypass #Infosec
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Oracle Corporation
  • Identity Manager

21 Oct 2025
Published
22 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
60.96%

Description

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 2 Posts

Last activity: 9 hours ago

Bluesky

Profile picture
📢 CISA ajoute la faille RCE pré-auth d’Oracle Identity Manager (CVE-2025-61757) à la base KEV 📝 Selon The Cyber Express, la CISA a ajouté CVE-2025… https://cyberveille.ch/posts/2025-11-25-cisa-ajoute-la-faille-rce-pre-auth-doracle-identity-manager-cve-2025-61757-a-la-base-kev/ #CISA_KEV #Cyberveille
  • 0
  • 0
  • 0
  • 15h ago
Profile picture
The latest update for #IONIX includes "CVE-2025-61757: Critical Pre-Auth RCE in Oracle Identity Manager" and "CVE-2025-9501: Identifying High-Risk #WordPress Instances Using W3 Total Cache". #cybersecurity #AttackSurfaceManagement https://opsmtrs.com/3TB5mSA
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • glib

26 Nov 2025
Published
26 Nov 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Statistics

  • 1 Post
  • 11 Interactions

Last activity: 22 hours ago

Fediverse

Profile picture

That's an avenue that I admit I hadn't thought to check before. Seems so simple though.

access.redhat.com/security/cve

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

  • 3
  • 8
  • 0
  • 22h ago

Overview

  • Microsoft
  • Azure Bastion Developer

20 Nov 2025
Published
26 Nov 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.09%

KEV

Description

Azure Bastion Elevation of Privilege Vulnerability

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture

Da kann dir schwindelig werden. Microsofts Azure Bastion (ein verkappter Apache Guacamole) hatte eine Schwachstelle mit einem CVE -Score von 10.0.

borncity.com/blog/2025/11/25/a

  • 2
  • 1
  • 0
  • 2h ago

Overview

  • Pending

26 Nov 2025
Published
26 Nov 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 21 hours ago

Fediverse

Profile picture

Hey @Viss :

github.com/rayinaw/my-hub/blob

Tinyproxy up to 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c.

  • 1
  • 2
  • 0
  • 21h ago

Overview

  • Pending

26 Nov 2025
Published
26 Nov 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which allows an attacker to execute arbitrary commands with root privileges.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 16 hours ago

Overview

  • oscaruh
  • Google Drive upload and download link

27 Nov 2025
Published
27 Nov 2025
Updated

CVSS v3.1
MEDIUM (6.4)
EPSS
Pending

KEV

Description

The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter of the 'atachfilegoogle' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 3 hours ago

Bluesky

Profile picture
🚨 CVE-2025-12666 — Google Drive WordPress Plugin Stored XSS lets attackers inject scripts via shortcodes. Every visitor can be affected once saved. 🔗 basefortify.eu/cve_reports/... #CVE #WordPress #XSS #CyberSecurity
  • 0
  • 1
  • 0
  • 3h ago
Showing 1 to 10 of 51 CVEs