24h | 7d | 30d

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 23 hours ago

Fediverse

Profile picture

Sicherheitslücke: OpenAI Codex CLI führt versteckte Befehle aus Repository-Dateien aus

Die unter CVE-2025-61260 geführte Lücke ermöglicht es Angreifern, über manipulierte Repository-Dateien beliebigen Code auf Entwicklersystemen auszuführen – ganz ohne Wissen oder Zustimmung der Nutzer.

all-about-security.de/sicherhe

#checkpoint #OpenAI #entwickler #MCP #Backdoor #security

  • 1
  • 0
  • 0
  • 23h ago

Overview

  • Linux
  • Linux

22 Aug 2025
Published
29 Sep 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: gfs2: No more self recovery When a node withdraws and it turns out that it is the only node that has the filesystem mounted, gfs2 currently tries to replay the local journal to bring the filesystem back into a consistent state. Not only is that a very bad idea, it has also never worked because gfs2_recover_func() will refuse to do anything during a withdraw. However, before even getting to this point, gfs2_recover_func() dereferences sdp->sd_jdesc->jd_inode. This was a use-after-free before commit 04133b607a78 ("gfs2: Prevent double iput for journal on error") and is a NULL pointer dereference since then. Simply get rid of self recovery to fix that.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 5 hours ago

Bluesky

Profile picture
CVE-2025-38659 gfs2: No more self recovery scq.ms/3KbMbil #cybersecurity #SecQube
  • 0
  • 1
  • 0
  • 5h ago

Overview

  • NVIDIA
  • NVIDIA Isaac-GR00T N1.5

18 Nov 2025
Published
18 Nov 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 13 hours ago

Bluesky

Profile picture
ZDI-25-1041|CVE-2025-33183] NVIDIA Isaac-GR00T TorchSerializer Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVSS 9.8; Credit: Peter Girnus of Trend Zero Day Initiative) www.zerodayinitiative.com/advisories/Z...
  • 0
  • 1
  • 0
  • 13h ago

Overview

  • WatchGuard
  • Fireware OS

04 Dec 2025
Published
04 Dec 2025
Updated

CVSS v4.0
HIGH (7.5)
EPSS
Pending

KEV

Description

A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.2.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 13 hours ago

Overview

  • Google
  • Chrome

26 Apr 2021
Published
03 Aug 2024
Updated

CVSS
Pending
EPSS
1.01%

KEV

Description

Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 15 hours ago

Fediverse

Profile picture

Good introduction to a blog post. I came to it by chance after finishing the work today, relaxing a bit after auditing a state machine, but not as complex as Array.prototype.concat implementation, for sure.

A Bug's Life: CVE-2021-21225
tiszka.com/blog/CVE_2021_21225

  • 0
  • 1
  • 0
  • 15h ago

Overview

  • Microsoft
  • Windows 10 Version 1809

14 May 2024
Published
03 May 2025
Updated

CVSS v3.1
MEDIUM (6.8)
EPSS
0.26%

KEV

Description

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture
📌 Microsoft Silently Mitigates Critical Windows LNK Zero-Day Vulnerability (CVE-2024-30001) https://www.cyberhub.blog/article/16348-microsoft-silently-mitigates-critical-windows-lnk-zero-day-vulnerability-cve-2024-30001
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Docker
  • Docker Desktop

20 Aug 2025
Published
25 Sep 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.01%

KEV

Description

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture
Docker修复关键容器逃逸漏洞CVE-2025-9074:全面解读与安全防护指南 https://qian.cx/posts/AD8E8324-D24D-406F-8A2B-1406FC8B7062
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • dripadmin
  • CRM Memberships

05 Dec 2025
Published
05 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.5. This is due to missing authorization and authentication checks on the `ntzcrm_changepassword` AJAX action. This makes it possible for unauthenticated attackers to reset arbitrary user passwords and gain unauthorized access to user accounts via the `ntzcrm_changepassword` endpoint, granted they can obtain or enumerate a target user's email address. The plugin also exposes the `ntzcrm_get_users` endpoint without authentication, allowing attackers to enumerate subscriber email addresses, facilitating the exploitation of the password reset vulnerability.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture

⚠️ CRITICAL: CVE-2025-13313 in dripadmin CRM Memberships (≤2.5) lets unauth attackers reset user passwords & harvest emails via unprotected AJAX endpoints. Restrict access, monitor for abuse, patch ASAP. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • wphocus
  • My auctions allegro

05 Dec 2025
Published
05 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 3.6.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture

🚨 CVE-2025-12850: HIGH severity SQL Injection in My auctions allegro WordPress plugin (all versions ≤3.6.32). Unauthenticated attackers can extract sensitive DB data. Patch when available, use WAF/input validation now. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Monsta Limited of New Zealand
  • Monsta FTP

07 Nov 2025
Published
19 Nov 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
10.77%

KEV

Description

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture

🚨 Alleged Leak of Unauthorized Monsta FTP Access; CVE-2025-34299

darkwebinformer.com/alleged-le

  • 0
  • 0
  • 0
  • 17h ago
Showing 11 to 20 of 62 CVEs