Description
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.
Statistics
- 2 Posts
Last activity: 15 hours ago
Fediverse
🚨CVE-2021-26829: OpenPLC ScadaBR Cross-site Scripting Vulnerability
Vendor: OpenPLC
Product: ScadaBR
CWE: CWE-79
CVSS: 5.4
This vulnerability has been added to the CISA KEV Catalog.
Bluesky
~Cisa~
CISA has added an actively exploited OpenPLC ScadaBR XSS vulnerability (CVE-2021-26829) to its KEV catalog.
-
IOCs: CVE-2021-26829
-
#CVE202126829 #SCADA #ThreatIntel
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 4 Posts
Last activity: 12 hours ago
Bluesky
kdePackages.kdeconnect-kde: fix CVE-2025-66270
https://github.com/NixOS/nixpkgs/pull/465986
#security
[Backport release-25.05] kdePackages.kdeconnect-kde: fix CVE-2025-66270
https://github.com/NixOS/nixpkgs/pull/466000
#security
#466041 terraform-providers.hashicorp_awscc: 1.64.0 -> 1.65.0
#466034 mark: 15.0.0 -> 15.1.0
#466028 python3Packages.accelerate: 1.11.0 -> 1.12.0
#466026 rasm: 3.0 -> 3.0.1
#466012 kanidm_1_8: 1.8.1 -> 1.8.3
#466011 pinact: 3.4.4 -> 3.4.5
#465986 kdePackages.kdeconnect-kde: fix CVE-2025-66270
Overview
- jvde-github
- AIS-catcher
29 Nov 2025
Published
29 Nov 2025
Updated
CVSS v4.0
HIGH (8.8)
EPSS
Pending
KEV
Description
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Length field. This leads to an immediate Denial of Service (DoS) and, when used as a library, severe Memory Corruption that can be leveraged for Remote Code Execution (RCE). This issue has been patched in version 0.64.
Statistics
- 2 Posts
Last activity: 4 hours ago
Fediverse
🤖 Here is a summary for you! @offseq
#CVE202566217 #HeapBufferOverflow #AIScatcher #MaritimeSecurity #IoT
🚨 CVE-2025-66217 (HIGH): Heap buffer overflow in AIS-catcher <0.64 via malformed MQTT packets enables DoS or RCE. Maritime & IoT orgs—upgrade to 0.64+ ASAP! https://radar.offseq.com/threat/cve-2025-66217-cwe-122-heap-based-buffer-overflow--af131106 #OffSeq #AIScatcher #CVE202566217 #Infosec
Overview
- kiteworks
- security-advisories
29 Nov 2025
Published
29 Nov 2025
Updated
CVSS v3.1
HIGH (7.2)
EPSS
Pending
KEV
Description
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0.
Statistics
- 1 Post
- 1 Interaction
Last activity: 7 hours ago
Fediverse
🚨 CVE-2025-53899 (HIGH): Kiteworks MFT <9.1.0 lets admins intercept comms & escalate privileges. Patch to 9.1.0 now, enforce MFA, and audit admin activity. No active exploits yet — act fast! https://radar.offseq.com/threat/cve-2025-53899-cwe-941-incorrectly-specified-desti-f31f732d #OffSeq #CyberSecurity #Vuln #Kiteworks
Overview
- factionsecurity
- faction
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.7)
EPSS
0.18%
KEV
Description
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote code execution (RCE) on the host running Faction. Due to a missing authentication check on the /portal/AppStoreDashboard endpoint, an attacker can access the extension management UI and upload a malicious extension without any authentication, making this vulnerability exploitable by unauthenticated users. This issue has been patched in version 1.7.1.
Statistics
- 1 Post
Last activity: 20 hours ago
Bluesky
🔎 VulnWatch Friday: CVE-2025-66022 🔓
A critical vulnerability was discovered in Faction, a pentesting report generation framework developed by Faction Security.
🔧 This issue has been patched in version 1.7.1.
🔎 nvd.nist.gov/vuln/detail/...
Overview
- danny-avila
- LibreChat
29 Nov 2025
Published
29 Nov 2025
Updated
CVSS v4.0
HIGH (8.6)
EPSS
Pending
KEV
Description
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.
Statistics
- 1 Post
Last activity: 3 hours ago
Fediverse
🔎 CVE-2025-66201: HIGH severity SSRF in LibreChat (<0.8.1-rc2)! Authenticated users can exploit OpenAPI specs to access internal endpoints—patch to 0.8.1-rc2 ASAP. Monitor access & restrict 'Actions' feature. Details: https://radar.offseq.com/threat/cve-2025-66201-cwe-20-improper-input-validation-in-a3d24953 #OffSeq #LibreChat #Vuln
Overview
Description
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Statistics
- 1 Post
Last activity: 1 hour ago
Bluesky
📌 Critical WSUS Vulnerability (CVE-2025-59287) Exploited to Deploy ShadowPad Backdoor https://www.cyberhub.blog/article/16128-critical-wsus-vulnerability-cve-2025-59287-exploited-to-deploy-shadowpad-backdoor
Overview
- kiteworks
- security-advisories
29 Nov 2025
Published
29 Nov 2025
Updated
CVSS v3.1
HIGH (7.1)
EPSS
Pending
KEV
Description
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0.
Statistics
- 1 Post
Last activity: 6 hours ago
Fediverse
⚠️ HIGH severity: Kiteworks MFT <9.1.0 (CVE-2025-53896) has insufficient session expiration (CWE-613), risking persistent unauthorized access. Patch to 9.1.0 ASAP & enforce session controls! https://radar.offseq.com/threat/cve-2025-53896-cwe-613-insufficient-session-expira-eda8e740 #OffSeq #Infosec #Vulnerability #Kiteworks
Overview
- Red Hat
- Red Hat Enterprise Linux 10
- bootc
03 Sep 2025
Published
03 Sep 2025
Updated
CVSS
Pending
EPSS
0.09%
KEV
Description
A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.
Statistics
- 1 Post
Last activity: 1 hour ago
Bluesky
Just published a deep dive on the recent glib2 security patch for #openSUSE (CVE-2025-7039). Read more: 👉 tinyurl.com/3zn7t32n #Security
Overview
- geoserver
- geoserver
25 Nov 2025
Published
25 Nov 2025
Updated
CVSS v3.1
HIGH (8.2)
EPSS
7.96%
KEV
Description
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request. This issue has been patched in GeoServer 2.25.6, GeoServer 2.26.3, and GeoServer 2.27.0.
Statistics
- 2 Posts
Last activity: 21 hours ago
Bluesky
CVE-2025-58360: GeoServer XXE Vulnerability Analysis