24h | 7d | 30d

Overview

  • Microsoft
  • Windows

26 Aug 2025
Published
05 Dec 2025
Updated

CVSS v3.0
HIGH (7.0)
EPSS
0.23%

KEV

Description

Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture
๐Ÿ“Œ Microsoft Quietly Patches Critical Windows LNK File Vulnerability (CVE-2025-9491) Exploited by Multiple APT Groups https://www.cyberhub.blog/article/16448-microsoft-quietly-patches-critical-windows-lnk-file-vulnerability-cve-2025-9491-exploited-by-multiple-apt-groups
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • H3C
  • Magic B1

07 Dec 2025
Published
07 Dec 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

A weakness has been identified in H3C Magic B1 up to 100R004. The affected element is the function sub_44de0 of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture

โš ๏ธ CVE-2025-14196 (HIGH, CVSS 8.7): Remote buffer overflow in H3C Magic B1 (โ‰ค100R004). Public exploit available, no patch. Isolate devices, restrict access, monitor for /goform/aspForm attacks. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour

Overview

  • Linksys
  • RE6500

06 Dec 2025
Published
06 Dec 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.08%

KEV

Description

A security flaw has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function RE2000v2Repeater_get_wired_clientlist_setClientsName of the file mod_form.so. The manipulation of the argument clientsname_0 results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture

๐Ÿ”’ CVE-2025-14136: HIGH severity stack-based buffer overflow in Linksys RE6500 & related models (1.0.013.001+). Remote code execution risk with public exploit, no vendor patch. Mitigate โ€” isolate, monitor, restrict access! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Python Software Foundation
  • CPython

03 Dec 2025
Published
05 Dec 2025
Updated

CVSS v4.0
MEDIUM (6.3)
EPSS
0.04%

KEV

Description

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture
CVE-2025-12084 Quadratic complexity in node ID cache clearing scq.ms/4ox5QqN #MicrosoftSecurity #cybersecurity
  • 0
  • 0
  • 0
  • Last hour

Overview

  • UGREEN
  • DH2100+

07 Dec 2025
Published
07 Dec 2025
Updated

CVSS v4.0
HIGH (8.6)
EPSS
0.04%

KEV

Description

A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. Executing manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture

๐Ÿšจ HIGH severity: CVE-2025-14187 buffer overflow in UGREEN DH2100+ (โ‰ค5.3.0.251125). Remote exploit published, no patch from vendor. Restrict access, monitor, and apply virtual patching if possible. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago

Overview

  • anthropics
  • claude-code

21 Nov 2025
Published
24 Nov 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.08%

KEV

Description

Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31.

Statistics

  • 2 Posts

Last activity: 1 hour ago

Bluesky

Profile picture
Anthropic slapped 1,000 regexes on a godโ€”then sed whispered โ€œw ~/.zshenvโ€ and the angel wrote itself a shell. CVE-2025-64755: the AI that debug-blocked you still let its own code sign the eviction notice.
  • 0
  • 0
  • 1
  • 1h ago

Overview

  • Pending

18 Feb 2025
Published
20 Feb 2025
Updated

CVSS
Pending
EPSS
0.14%

KEV

Description

FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture
Just published: A deep-dive analysis of #Debian DSA-6073-1. Going beyond the "update now" warning to explain the exploit mechanism of CVE-2025-25473 in FFmpeg, Read more: ๐Ÿ‘‰ tinyurl.com/y54w6x2a #Security
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • UTT
  • ่ฟ›ๅ– 520W

06 Dec 2025
Published
06 Dec 2025
Updated

CVSS v4.0
HIGH (7.1)
EPSS
0.05%

KEV

Description

A vulnerability was detected in UTT ่ฟ›ๅ– 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/websHostFilter. Performing manipulation of the argument addHostFilter results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture

๐Ÿšฉ CVE-2025-14140: HIGH-severity buffer overflow in UTT ่ฟ›ๅ– 520W v1.7.7-180627. Public exploit available, no vendor patch. Restrict access, deploy IDS/IPS, and monitor logs. Act fast! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 20h ago

Overview

  • libpng

06 Mar 2023
Published
29 Oct 2024
Updated

CVSS
Pending
EPSS
0.00%

KEV

Description

Maintainer contacted. This is a false-positive. The flaw does not actually exist and was erroneously tested.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture
CRITICAL: #Debian LTS security update DLA-4396-1 patches multiple high-severity libpng1.6 vulnerabilities (CVE-2022-3857, CVE-2021-4214). Remote attackers could use crafted PNGs for RCE or DoS. Read more: ๐Ÿ‘‰ tinyurl.com/bde7mffv #Security
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • libpng

24 Aug 2022
Published
03 Aug 2024
Updated

CVSS
Pending
EPSS
0.23%

KEV

Description

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture
CRITICAL: #Debian LTS security update DLA-4396-1 patches multiple high-severity libpng1.6 vulnerabilities (CVE-2022-3857, CVE-2021-4214). Remote attackers could use crafted PNGs for RCE or DoS. Read more: ๐Ÿ‘‰ tinyurl.com/bde7mffv #Security
  • 0
  • 0
  • 0
  • 5h ago
Showing 11 to 20 of 22 CVEs