24h | 7d | 30d

CVE-2025-10921

Overview

  • GIMP
  • GIMP
29 Oct 2025
Published
03 Nov 2025
Updated
CVSS v3.0
HIGH (7.8)
EPSS
0.08%
KEV

Description

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27803.

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Security Advisory: CVE-2025-10921 - GEGL Heap-Based Buffer Overflow #SUSE has released critical patches for a memory corruption vulnerability in the GEGL graphics library. Read more: tinyurl.com/5n8yct6c
  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-36747

Overview

  • Growatt
  • ShineLan-X
13 Dec 2025
Published
13 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
0.02%
KEV

Description

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmware signature verification is not enforced.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-36747 (CRITICAL, CVSS 9.4): Hard-coded FTP creds in Growatt ShineLan-X 3.6.0.0 allow file tampering—no signature checks! Patch, restrict FTP, and monitor for abuse. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

CVE-2025-12385

Overview

  • The Qt Company
  • Qt
03 Dec 2025
Published
03 Dec 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.12%
KEV

Description

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2025-12385 Improper validation of tag size in Text component parser scq.ms/49ZY4lR #SecQube #MicrosoftSecurity
  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-66293

Overview

  • pnggroup
  • libpng
03 Dec 2025
Published
04 Dec 2025
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.05%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite scq.ms/48qtwII #SecQube #MicrosoftSecurity
  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-61882

Overview

  • Oracle Corporation
  • Oracle Concurrent Processing
05 Oct 2025
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
74.64%
KEV

Description

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture
AlphaHunt Converge @alphahunt.io
CL0P/FIN11 turned Oracle EBS into an Airbnb—no files, just memory. “TLSv3.1” beacons now, extortion emails later. Patch CVE-2025-61882 and choke egress before finance chokes you. 🔒🕵️ Read the breakdown—then subscribe: blog.alphahunt.io/cl0p-fin11-g... #AlphaHunt #CyberSecurity #Ransomware #Oracle
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-10738

Overview

  • rupok98
  • URL Shortener Plugin For WordPress
13 Dec 2025
Published
13 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.05%
KEV

Description

The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analytic_id’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-10738 (CRITICAL, CVSS 9.8): Unauthenticated SQL Injection in rupok98 URL Shortener Plugin for WordPress (all versions). Exploitation risks full DB compromise. Disable or restrict plugin ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-66478

Overview

  • Pending
Pending
Published
03 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This CVE is a duplicate of CVE-2025-55182.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture
BABA Toshiaki @netmarkjp.bsky.social
#ばばさん通信ダイジェスト 賛否関わらず話題になった/なりそうなものを共有しています。 Security Advisory: CVE-2025-66478 https://nextjs.org/blog/CVE-2025-66478
  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-14440

Overview

  • jayarsiech
  • JAY Login & Register
13 Dec 2025
Published
13 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.14%
KEV

Description

The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in the 'jay_login_register_process_switch_back' function with the 'jay_login_register_process_switch_back' cookie value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2025-14440 in JAY Login & Register plugin (≤2.4.01) enables auth bypass—attackers can hijack any WordPress account, incl. admin. Disable plugin & monitor now. No patch yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-66430

Overview

  • Pending
12 Dec 2025
Published
12 Dec 2025
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Plesk 18.0 has Incorrect Access Control.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🔔 CRITICAL: Plesk 18.0 (CVE-2025-66430) suffers from incorrect access control, risking unauthorized admin actions. No exploit yet, but review roles, restrict access, and monitor logs ASAP. Patch pending. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-11693

Overview

  • recorp
  • Export WP Pages to HTML & PDF – Simply Create a Static Website
13 Dec 2025
Published
13 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.08%
KEV

Description

The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.4 through publicly exposed cookies.txt files containing authentication cookies. This makes it possible for unauthenticated attackers to cookies that may have been injected into the log file if the site administrator triggered a back-up using a specific user role like 'administrator.'

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-11693 (CRITICAL, CVSS 9.8): recorp Export WP Pages to HTML & PDF plugin exposes admin cookies via cookies.txt — risk of WordPress site takeover. Disable plugin & secure backups. No patch yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago
Showing 11 to 20 of 35 CVEs