24h | 7d | 30d

CVE-2025-14611

Overview

  • Gladinet
  • CentreStack and TrioFox
12 Dec 2025
Published
16 Dec 2025
Updated
CVSS v4.0
HIGH (7.1)
EPSS
17.48%
KEV

Description

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.

Statistics

  • 3 Posts
Last activity: 15 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

CISA KEV Catalog has added 2 more vulnerabilities

CVE-2025-14611: Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability

CVSS: 7.1

CVE-2025-43529: Apple Multiple Products Use-After-Free WebKit Vulnerability

darkwebinformer.com/cisa-kev-c

  • 0
  • 0
  • 0
  • 18h ago

Bluesky

Profile picture
piggo @pigondrugs.bsky.social
~Cisa~ CISA added two actively exploited vulnerabilities, CVE-2025-14611 (Gladinet) and CVE-2025-43529 (Apple), to its KEV catalog. - IOCs: CVE-2025-14611, CVE-2025-43529 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 20h ago
Profile picture
キタきつね @kitafox.bsky.social
CISAが2つの既知の脆弱性をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Dec 15) CVE-2025-14611 Gladinet CentreStack および Triofox のハードコードされた暗号化の脆弱性 CVE-2025-43529 Apple 複数製品における WebKit の解放後使用の脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-55184

Overview

  • Meta
  • react-server-dom-webpack
11 Dec 2025
Published
15 Dec 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
4.54%
KEV

Description

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints, which can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.

Statistics

  • 2 Posts
Last activity: 9 hours ago

Bluesky

Profile picture
UndercodeTesting @undercode.bsky.social
From Zero to CVE-2025-55184: The 100-Day Blueprint That Launched a Bug Hunter’s Career + Video Introduction: The journey from novice to a published security researcher is often shrouded in mystery. When Deepak Saini reported CVE-2025-55184 as part of a public 100-day challenge, it demonstrated a…
  • 0
  • 0
  • 0
  • 9h ago
Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
Reactで新たな脆弱性 (CVE-2025-55184 / CVE-2025-67779/CVE-2025-55183) 「React2Shell(CVE-2025-55182)」とは別個の脆弱性 であり、改めてパッチ適用が必要 です。 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-67735

Overview

  • netty
  • netty
16 Dec 2025
Published
16 Dec 2025
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
0.04%
KEV

Description

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is used without proper sanitization of the URI. Any application / framework using `HttpRequestEncoder` can be subject to be abused to perform request smuggling using CRLF injection. Versions 4.1.129.Final and 4.2.8.Final fix the issue.

Statistics

  • 1 Post
  • 5 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture
Chris Vest @chrisvest

We've released Netty 4.2.9 and 4.1.130.

They fix CVE-2025-67735 (github.com/netty/netty/securit), which is a line break injection vulnerability when encoding HTTP request objects.

The fix introduced a regression we had to fix as well, so versions 4.2.8 and 4.1.129 are skipped.

netty.io/news/2025/12/15/4-2-9
netty.io/news/2025/12/15/4-2-8
netty.io/news/2025/12/15/4-1-1
netty.io/news/2025/12/15/4-1-1

#netty #java

  • 2
  • 3
  • 0
  • 22h ago

CVE-2025-67809

Overview

  • Pending
15 Dec 2025
Published
15 Dec 2025
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and misuse the Flickr integration. An attacker with access to the exposed credentials could impersonate the legitimate application and initiate valid Flickr OAuth flows. If a user is tricked into approving such a request, the attacker could gain access to the user s Flickr data. The hardcoded credentials have since been removed from the Zimlet code, and the associated key has been revoked.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 20 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Oh that could be fun.

cve.org/CVERecord?id=CVE-2025-

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and misuse the Flickr integration. An attacker with access to the exposed credentials could impersonate the legitimate application and initiate valid Flickr OAuth flows. If a user is tricked into approving such a request, the attacker could gain access to the user s Flickr data. The hardcoded credentials have since been removed from the Zimlet code, and the associated key has been revoked.

  • 1
  • 1
  • 0
  • 20h ago

CVE-2025-55895

Overview

  • Pending
15 Dec 2025
Published
16 Dec 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote).

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 19 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

TOTOLINK

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 1
  • 0
  • 19h ago

CVE-2025-14282

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture
Harry Sintonen @harrysintonen

A privilege escalation in Dropbear (CVE-2025-14282) allows any authenticated user to run arbitrary commands as root. The vulnerability affects versions 2024.84 to 2025.88. Dropbear release 2025.89 fixes the vulnerability.

A mitigation is to run dropbear without unix socket forwarding by adding the -j option.

openwall.com/lists/oss-securit

  • 0
  • 1
  • 0
  • Last hour

CVE-2018-4063

Overview

  • Sierra Wireless
06 May 2019
Published
13 Dec 2025
Updated
CVSS
Pending
EPSS
1.71%
KEV

Description

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 21 hours ago

Bluesky

Profile picture
BaseFortify.eu @basefortify.bsky.social
A critical vulnerability with rather interesting attack flow. Read our latest annotated report on CVE-2018-4063 at basefortify.eu/cve_reports/...
  • 0
  • 1
  • 0
  • 21h ago

CVE-2023-40031

Overview

  • notepad-plus-plus
  • notepad-plus-plus
25 Aug 2023
Published
02 Oct 2024
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.36%
KEV

Description

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
Notepad++のアップデータに深刻な脆弱性、更新プロセスを乗っ取られマルウェアが配布される恐れ(CVE-2023-40031) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-66478

Overview

  • Pending
Pending
Published
03 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This CVE is a duplicate of CVE-2025-55182.

Statistics

  • 1 Post
Last activity: 20 hours ago

Bluesky

Profile picture
Microsoft Threat Intelligence @threatintel.microsoft.com
This pre-authentication remote code execution (RCE) vulnerability (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) could allow attackers to execute arbitrary code on vulnerable servers through a single malicious HTTP request.
  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-14252

Overview

  • Advantech
  • SUSI
16 Dec 2025
Published
16 Dec 2025
Updated
CVSS v4.0
HIGH (8.5)
EPSS
0.01%
KEV

Description

An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI: 5.0.24335 and prior.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CVE-2025-14252: Advantech SUSI driver (≤5.0.24335) has HIGH-severity improper access control. Local attackers can escalate privileges & execute arbitrary code—industrial systems are at risk. Restrict access & monitor activity! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago
Showing 11 to 20 of 66 CVEs