24h | 7d | 30d

CVE-2025-14765

Overview

  • Google
  • Chrome
16 Dec 2025
Published
18 Dec 2025
Updated
CVSS
Pending
EPSS
0.06%
KEV

Description

Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 3 Posts
Last activity: 19 hours ago

Fediverse

Profile picture
Japan Pop News @news

wacoca.com/news/2722415/ Google、デスクトップ版 Chromeを緊急更新 WebGPUとV8の高危険度脆弱性を修正(CVE-2025-14765,CVE-2025-14766)|セキュリティニュースのセキュリティ対策Lab #Science&Technology #ScienceNews #TechnologyNews #テクノロジー #科学 #科学&テクノロジー

  • 0
  • 0
  • 0
  • 20h ago

Bluesky

Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
Google、デスクトップ版 Chromeを緊急更新 WebGPUとV8の高危険度脆弱性を修正(CVE-2025-14765,CVE-2025-14766) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
  • 0
  • 0
  • 0
  • 19h ago
Profile picture
Coca News @cocanews.bsky.social
Google、デスクトップ版 Chromeを緊急更新 WebGPUとV8の高危険度脆弱性を修正(CVE-2025-14765,CVE-2025-14766)|セキュリティニュースのセキュリティ対策Lab https://www.wacoca.com/news/2722415/ Googleは現地時間2025年12月16日、デスクトップ版Chromeの安定版チャネルを143.0.7499.146/.147(Windows/Mac)、および 143.0.7499.146(Linux) に更新したと [...]
  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-14766

Overview

  • Google
  • Chrome
16 Dec 2025
Published
18 Dec 2025
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 3 Posts
Last activity: 19 hours ago

Fediverse

Profile picture
Japan Pop News @news

wacoca.com/news/2722415/ Google、デスクトップ版 Chromeを緊急更新 WebGPUとV8の高危険度脆弱性を修正(CVE-2025-14765,CVE-2025-14766)|セキュリティニュースのセキュリティ対策Lab #Science&Technology #ScienceNews #TechnologyNews #テクノロジー #科学 #科学&テクノロジー

  • 0
  • 0
  • 0
  • 20h ago

Bluesky

Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
Google、デスクトップ版 Chromeを緊急更新 WebGPUとV8の高危険度脆弱性を修正(CVE-2025-14765,CVE-2025-14766) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
  • 0
  • 0
  • 0
  • 19h ago
Profile picture
Coca News @cocanews.bsky.social
Google、デスクトップ版 Chromeを緊急更新 WebGPUとV8の高危険度脆弱性を修正(CVE-2025-14765,CVE-2025-14766)|セキュリティニュースのセキュリティ対策Lab https://www.wacoca.com/news/2722415/ Googleは現地時間2025年12月16日、デスクトップ版Chromeの安定版チャネルを143.0.7499.146/.147(Windows/Mac)、および 143.0.7499.146(Linux) に更新したと [...]
  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-66471

Overview

  • urllib3
  • urllib3
05 Dec 2025
Published
05 Dec 2025
Updated
CVSS v4.0
HIGH (8.9)
EPSS
0.02%
KEV

Description

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.

Statistics

  • 2 Posts
Last activity: 6 hours ago

Fediverse

Profile picture
Seth Grover @mmguero

Malcolm v25.12.1 contains a few critical bug fixes and component version updates.

github.com/idaholab/Malcolm/co

  • ✨ Features and enhancements
    • Installer splash screen shows "HEDGEHOG" when using Hedgehog run profile
  • ✅ Component version updates
  • 🐛 Bug fixes
    • Changed field used in Threat Intelligence dashboard's file type table from zeek.intel.file_mime_type to file.mime_type so filters created from it can work on other dashboards
    • link for threat intelligence URL doesn't work correctly from dashboards (behind reverse proxy) (#832)
    • self-signed certificates not accepted by Chrome (#833)
    • Malcolm ISO installer's automatic partitioning may create too-small /var partition (#835)
  • 🧹 Code and project maintenance

Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

  • 0
  • 0
  • 0
  • 6h ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT: #Fedora 42 Brotli update (v1.2.0) patches critical DoS vulnerabilities CVE-2025-66471 & CVE-2025-6176. Read more: 👉 tinyurl.com/yxxt3p9m #Security
  • 0
  • 0
  • 0
  • 10h ago

CVE-2025-63390

Overview

  • Pending
18 Dec 2025
Published
18 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed data includes: workspace identifiers (id, name, slug), AI model configurations (chatProvider, chatModel, agentProvider), system prompts (openAiPrompt), operational parameters (temperature, history length, similarity thresholds), vector search settings, chat modes, and timestamps.

Statistics

  • 1 Post
  • 6 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Go hack more LLM shit.

cve.org/CVERecord?id=CVE-2025-

  • 2
  • 4
  • 0
  • 5h ago

CVE-2025-63391

Overview

  • Pending
18 Dec 2025
Published
18 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 in the /api/config endpoint. The endpoint lacks proper authentication and authorization controls, exposing sensitive system configuration data to unauthenticated remote attackers.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Auth bypass in Open-WebUI.

cve.org/CVERecord?id=CVE-2025-

An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 in the /api/config endpoint. The endpoint lacks proper authentication and authorization controls, exposing sensitive system configuration data to unauthenticated remote attackers.

  • 2
  • 2
  • 0
  • 5h ago

CVE-2025-14269

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 3 Posts
  • 4 Interactions
Last activity: 22 hours ago

Bluesky

Profile picture
K8sContributors @kubernetes.dev
CVE-2025-14269: Credential caching in Headlamp with Helm enabled -
  • 2
  • 2
  • 2
  • 22h ago

CVE-2025-14739

Overview

  • TP-Link Systems Inc.
  • WR940N and WR941ND
18 Dec 2025
Published
18 Dec 2025
Updated
CVSS v4.0
MEDIUM (6.8)
EPSS
Pending
KEV

Description

Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack and potentially arbitrary code execution under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤ WR940N v5 3.20.1 Build 200316, ≤ WR941ND v6 3.16.9 Build 151203.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture
Santa Caws @cR0w

TP-Link

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 1
  • 2
  • 0
  • 2h ago

CVE-2025-63389

Overview

  • Pending
18 Dec 2025
Published
18 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Go hack more AI shit.

cve.org/CVERecord?id=CVE-2025-

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.

  • 1
  • 2
  • 0
  • 5h ago

CVE-2025-66029

Overview

  • OSC
  • ondemand
17 Dec 2025
Published
18 Dec 2025
Updated
CVSS v3.1
HIGH (7.6)
EPSS
0.03%
KEV

Description

Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to it. Maintainers anticipate a patch in a 4.1 release. Workarounds exist for 4.0.x versions. Using `custom_location_directives` in `ood_portal.yml` in version 4.0.x (not available for versions below 4.0) centers can unset and or edit these headers. Note that `OIDCPassClaimsAs both` is the default and centers can set `OIDCPassClaimsAs ` to `none` or `environment` to stop passing these headers to the client. Centers that have an OIDC provider with the `OIDCPassClaimsAs` with `none` or `environment` settings can adjust the settings using guidance provided in GHSA-2cwp-8g29-9q32 to unset the mod_auth_openidc_session cookies.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 16 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-66029 (HIGH): OSC ondemand ≤4.0.8 exposes sensitive creds via Apache proxy headers—attackers can harvest tokens if users hit malicious servers. Patch in v4.1; config workarounds available now. Details: radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 16h ago

CVE-2025-65007

Overview

  • WODESYS
  • WD-R608U
18 Dec 2025
Published
18 Dec 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Five yet-to-be-published CVEs in WODESYS WD-R608U router.

cert.pl/en/posts/2025/12/CVE-2

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 6h ago
Showing 11 to 20 of 59 CVEs