24h | 7d | 30d

CVE-2025-61809

Overview

  • Adobe
  • ColdFusion
09 Dec 2025
Published
10 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.24%
KEV

Description

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction and scope is unchanged.

Statistics

  • 2 Posts
Last activity: 12 hours ago

Bluesky

Profile picture
Spiegel's crawler @osanpo.bsky.social
> Adobe ColdFusionの脆弱性対策について(CVE-2025-61809) https://www.ipa.go.jp/security/security-alert/2025/alert20251211.html
  • 0
  • 0
  • 0
  • 13h ago
Profile picture
ohhara @shiojiri.com
Adobe ColdFusionの脆弱性対策について(CVE-2025-61809) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構 https://www.ipa.go.jp/security/security-alert/2025/alert20251211.html
  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-14512

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • glib2
11 Dec 2025
Published
11 Dec 2025
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

Statistics

  • 1 Post
  • 5 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

BoF in glib.

access.redhat.com/security/cve

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

  • 3
  • 2
  • 0
  • 5h ago

CVE-2025-14526

Overview

  • Tenda
  • CH22
11 Dec 2025
Published
11 Dec 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

Statistics

  • 1 Post
  • 9 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Tenda

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 2
  • 7
  • 0
  • 5h ago

CVE-2024-2104

Overview

  • JBL
  • LIVE PRO 2 TWS
10 Dec 2025
Published
10 Dec 2025
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.02%
KEV

Description

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture
CERT@VDE @certvde

VDE-2024-076
BLE GATT Service Vulnerability in JBL Headphones

Due to improper BLE security configurations and lack of authentication on the GATT server of JBL LIVE PRO 2 TWS and JBL TUNE FLEX Headphones, unauthenticated users can read and write device control commands through the mobile app service.
CVE-2024-2104

certvde.com/en/advisories/vde-

harman.csaf-tp.certvde.com/.we

  • 1
  • 1
  • 0
  • 14h ago

CVE-2024-2105

Overview

  • JBL
  • Flip 5
10 Dec 2025
Published
10 Dec 2025
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
0.02%
KEV

Description

An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture
CERT@VDE @certvde

VDE-2025-089
BLE ICM Vulnerability in JBL Headphones

The BLE controller in certain consumer products fails to properly validate the channel map field in connection requests, enabling attackers within radio range to cause a denial of service through a specially crafted packet.
CVE-2024-2105

certvde.com/en/advisories/vde-

harman.csaf-tp.certvde.com/.we

  • 1
  • 1
  • 0
  • 14h ago

CVE-2025-66429

Overview

  • Pending
11 Dec 2025
Published
11 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Post-auth ../ in cPanel.

cve.org/CVERecord?id=CVE-2025-

  • 1
  • 1
  • 0
  • 2h ago

CVE-2024-9042

Overview

  • Kubernetes
  • Kubelet
13 Mar 2025
Published
13 Mar 2025
Updated
CVSS v3.1
MEDIUM (5.9)
EPSS
0.06%
KEV

Description

This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 18 hours ago

Bluesky

Profile picture
SANS.edu Internet Storm Center @sansisc.bsky.social
SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation https://isc.sans.edu/podcastdetail/9734
  • 1
  • 1
  • 0
  • 18h ago

CVE-2025-67510

Overview

  • neuron-core
  • neuron-ai
10 Dec 2025
Published
11 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.4)
EPSS
0.06%
KEV

Description

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 23 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

CRITICAL: CVE-2025-67510 impacts neuron-core neuron-ai (<2.8.12). MySQLWriteTool allows arbitrary SQL via prompt injection—risk of data loss or escalation if DB privileges are broad. Upgrade ASAP! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 23h ago

CVE-2025-14534

Overview

  • UTT
  • 进取 512W
11 Dec 2025
Published
11 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

A vulnerability was determined in UTT 进取 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argument NatBind can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

UTT

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 3h ago

CVE-2025-14528

Overview

  • D-Link
  • DIR-803
11 Dec 2025
Published
11 Dec 2025
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
Pending
KEV

Description

A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 5 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

D-Link

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 1
  • 0
  • 5h ago
Showing 11 to 20 of 80 CVEs