24h | 7d | 30d

CVE-2025-66431

Overview

  • Plesk
  • Plesk
03 Dec 2025
Published
03 Dec 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Go hack more Plesk shit.

support.plesk.com/hc/en-us/art

  • 1
  • 2
  • 0
  • 2h ago

CVE-2025-57848

Overview

  • Red Hat
  • Red Hat OpenShift Virtualization 4
  • container-native-virtualization/hyperconverged-cluster-operator
23 Oct 2025
Published
06 Nov 2025
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 23 hours ago

Fediverse

Profile picture
nyanbinary :foxDance: @nyanbinary

@cR0w nvd.nist.gov/vuln/detail/CVE-2

  • 1
  • 2
  • 0
  • 23h ago

CVE-2025-50360

Overview

  • Pending
03 Dec 2025
Published
03 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A heap buffer overflow in compiler.c and compiler.h in Pepper language 0.1.1commit 961a5d9988c5986d563310275adad3fd181b2bb7. Malicious execution of a pepper source file(.pr) could lead to arbitrary code execution or Denial of Service.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: Last hour

Fediverse

Profile picture
cR0w h0 h0 @cR0w

github.com/Ch1keen/CVE-2025-50

A heap buffer overflow in compiler.c and compiler.h in Pepper language 0.1.1commit 961a5d9988c5986d563310275adad3fd181b2bb7. Malicious execution of a pepper source file(.pr) could lead to arbitrary code execution or Denial of Service.

  • 0
  • 2
  • 0
  • Last hour

CVE-2025-54057

Overview

  • Apache Software Foundation
  • Apache SkyWalking
27 Nov 2025
Published
28 Nov 2025
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: <= 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Bluesky

Profile picture
OpsMatters @opsmatters.com
The latest update for #Indusface includes "CVE-2025-54057: Stored XSS Vulnerability in Apache SkyWalking Exposes #Monitoring Dashboards to Attackers" and "DPDP Rules 2025: The New #Compliance Era and How AppTrana Helps You Get There". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF
  • 0
  • 1
  • 0
  • 2h ago

CVE-2024-3884

Overview

  • Red Hat
  • OpenShift Serverless
  • undertow
03 Dec 2025
Published
03 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture
cR0w h0 h0 @cR0w

BRB, gonna put on some Tool.

access.redhat.com/security/cve

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.

  • 0
  • 1
  • 0
  • Last hour

CVE-2025-13542

Overview

  • DesignThemes
  • DesignThemes LMS
02 Dec 2025
Published
02 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.07%
KEV

Description

The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2025-13542 in DesignThemes LMS for WordPress allows unauth'd attackers to create admin accounts via front-end registration. Disable reg, audit accounts, & patch ASAP. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-13645

Overview

  • wpchill
  • Image Gallery – Photo Grid & Video Gallery
03 Dec 2025
Published
03 Dec 2025
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.64%
KEV

Description

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🔍 CVE-2025-13645: HIGH severity path traversal in wpchill Image Gallery (v2.13.1) for WordPress. Author+ users can delete any file—potential RCE if wp-config.php is hit. Audit, restrict access, and consider disabling plugin. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-13510

Overview

  • Iskra
  • iHUB and iHUB Lite
02 Dec 2025
Published
02 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.09%
KEV

Description

The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-13510: CRITICAL vuln in Iskra iHUB/iHUB Lite (all versions). No auth on web interface—full admin access over network! Isolate, segment, and restrict access ASAP. Awaiting patch. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-61729

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509
02 Dec 2025
Published
02 Dec 2025
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New UNKNOWN CVE detected in AWS Lambda 🚨 CVE-2025-61729 impacts stdlib in 27 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/356 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-47372

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
今日視界 @g0rosato.bsky.social
啟動過程遭入侵:高通驍龍8 Gen3及5G調制解調器曝出高危漏洞(CVE-2025-47372)
  • 0
  • 0
  • 0
  • 22h ago
Showing 11 to 20 of 25 CVEs