24h | 7d | 30d

CVE-2025-14993

Overview

  • Tenda
  • AC18
21 Dec 2025
Published
21 Dec 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.09%
KEV

Description

A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-14993 (HIGH): Stack-based buffer overflow in Tenda AC18 (v15.03.05.05) via /goform/SetDlnaCfg. Public exploit out—disable DLNA, segment networks, monitor for attacks. Patch ASAP when available! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-23001

Overview

  • Pending
31 Jan 2025
Published
21 Feb 2025
Updated
CVSS
Pending
EPSS
0.11%
KEV

Description

A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, or cache poisoning. NOTE: the Supplier's position is that the end user is supposed to edit the NGINX configuration template to set server_name (with this setting, Host header injection cannot occur).

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
Alireza Gharib @gh4rib

🚨 SOC Note: The AI Supply Chain is officially on fire. 🚨
Forget Log4j. In Dec 2025, we’re hunting CVE-2025-23001—a.k.a. "PickleScan."
Attackers are now embedding RCE payloads inside pre-trained AI models (.pkl/.h5). If your devs download a "helper" model from a public repo, you're compromised. 🧵👇

  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-14992

Overview

  • Tenda
  • AC18
21 Dec 2025
Published
21 Dec 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.09%
KEV

Description

A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CVE-2025-14992 (HIGH): Tenda AC18 (15.03.05.05) has a stack-based buffer overflow in /goform/GetParentControlInfo. Remote code execution possible; exploit code is public. Inventory & mitigate now. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-14995

Overview

  • Tenda
  • FH1201
21 Dec 2025
Published
21 Dec 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.09%
KEV

Description

A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 HIGH severity: CVE-2025-14995 affects Tenda FH1201 v1.2.0.14(408) — stack buffer overflow via /goform/SetIpBind enables remote code execution. No patch yet. Restrict access & monitor traffic. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-12980

Overview

  • wpxpo
  • Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX
21 Dec 2025
Published
21 Dec 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.08%
KEV

Description

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/get_dynamic_content/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible for unauthenticated attackers to retrieve sensitive user metadata, including password hashes.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🔎 CVE-2025-12980 (HIGH): All PostX WordPress plugin versions up to 5.0.3 allow unauthenticated access to user metadata & password hashes via the '/ultp/v2/get_dynamic_content/' REST API endpoint. Patch or restrict ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-14177

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 10 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT: #Mageia 9 security advisory MGASA-2025-0330 patches high-severity PHP flaws (CVE-2025-14177/78/80). Read more: 👉 tinyurl.com/yukwzjf8 #Security
  • 0
  • 0
  • 0
  • 10h ago

CVE-2025-14558

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 20 hours ago

Bluesky

Profile picture
CrowdCyber @crowdcyber.bsky.social
FreeBSD Network Alert: Malicious IPv6 Packets Can Trigger Remote Code Execution via resolvconf (CVE-2025-14558)
  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-9343

Overview

  • elextensions
  • ELEX WordPress HelpDesk & Customer Ticketing System
21 Dec 2025
Published
21 Dec 2025
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.07%
KEV

Description

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🔒 HIGH severity XSS (CVE-2025-9343) in ELEX WordPress HelpDesk plugin—ALL versions affected. Unauthenticated attackers can inject scripts in ticket subjects, risking session hijack & data theft. Patch or mitigate now! Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-66512

Overview

  • nextcloud
  • security-advisories
05 Dec 2025
Published
05 Dec 2025
Updated
CVSS v3.1
MEDIUM (5.4)
EPSS
0.02%
KEV

Description

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page.

Statistics

  • 1 Post
Last activity: 10 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
CRITICAL: #Fedora 43 Nextcloud update 32.0.3 patches XSS flaw (CVE-2025-66512) in SVG images. Read more: 👉 tinyurl.com/4afdvzvt #Security
  • 0
  • 0
  • 0
  • 10h ago

CVE-2025-14282

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture
r/blueteamsec bot @r-blueteamsec.bsky.social
oss-sec: [CVE-2025-14282] dropbear: privilege escalation via unix domain socket forwardings
  • 0
  • 0
  • 0
  • 12h ago
Showing 11 to 20 of 21 CVEs