24h | 7d | 30d

CVE-2024-56089

Overview

  • Pending
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack and inject fake responses by reviving the birthday attack.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Technitium has a CVE for it:

cve.org/CVERecord?id=CVE-2024-

  • 0
  • 3
  • 0
  • 1h ago

CVE-2025-12559

Overview

  • Mattermost
  • Mattermost
27 Nov 2025
Published
28 Nov 2025
Updated
CVSS v3.1
MEDIUM (4.3)
EPSS
0.03%
KEV

Description

Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Also:

Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 2
  • 0
  • 1h ago

CVE-2025-12419

Overview

  • Mattermost
  • Mattermost
27 Nov 2025
Published
28 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.07%
KEV

Description

Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of authentication data during the OAuth completion flow. This requires email verification to be disabled (default: disabled), OAuth/OpenID Connect to be enabled, and the attacker to control two users in the SSO system with one of them never having logged into Mattermost.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 1 hour ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

And:

Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation or admin privileges to take over any user account via manipulation of authentication data during the OAuth completion flow

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • 1h ago

CVE-2025-7007

Overview

  • Avast
  • Antivirus
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture
cR0w h0 h0 @cR0w

And another one:

NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • Last hour

CVE-2025-41700

Overview

  • CODESYS
  • CODESYS Development System
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 6 hours ago

Fediverse

Profile picture
CERT@VDE @certvde

VDE-2025-101
CODESYS Development System - Deserialization of Untrusted Data

A vulnerability has been discovered in the print engine of the CODESYS development system. If a CODESYS project file or archive file was crafted in a specific way, the CODESYS development system could execute arbitrary code when a user opens these files and configures the print/printer options or prints the project or parts of it. This arbitrary code would be executed in the context of the user who was tricked into opening the project.
CVE-2025-41700

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

  • 0
  • 1
  • 0
  • 6h ago

CVE-2025-13806

Overview

  • nutzam
  • NutzBoot
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.04%
KEV

Description

A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Transaction API. The manipulation of the argument from/to/wei leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🔔 MEDIUM severity: CVE-2025-13806 impacts nutzam NutzBoot ≤2.6.0-SNAPSHOT. Remote attackers may exploit improper authorization in the Transaction API (EthModule.java). Public exploit disclosed — monitor & mitigate! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2024-3400

Overview

  • Palo Alto Networks
  • PAN-OS
12 Apr 2024
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
94.32%
KEV

Description

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture
UndercodeTesting @undercode.bsky.social
The PAN-OS Pandemic: How CVE-2024-3400 Turns Your Firewall Into a Cybercriminal’s Playground Introduction: A critical zero-day vulnerability, designated CVE-2024-3400, has been discovered in Palo Alto Networks' PAN-OS, the operating system running its next-generation firewalls. This flaw, a…
  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-58360

Overview

  • geoserver
  • geoserver
25 Nov 2025
Published
25 Nov 2025
Updated
CVSS v3.1
HIGH (8.2)
EPSS
10.15%
KEV

Description

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request. This issue has been patched in GeoServer 2.25.6, GeoServer 2.26.3, and GeoServer 2.27.0.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture
CrowdCyber @crowdcyber.bsky.social
High-Severity GeoServer Flaw (CVE-2025-58360) Allows Unauthenticated XXE for File Theft and SSRF
  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-41738

Overview

  • CODESYS
  • CODESYS Control RTE (SL)
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.08%
KEV

Description

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture
CERT@VDE @certvde

VDE-2025-100
CODESYS Control - Invalid type usage in visualization

A vulnerability in the CODESYS Control runtime system's CmpVisuServer component allows attackers to cause a denial-of-service (DoS) by sending special request to the CODESYS Web- or remote Target Visu. The issue is triggered by an internal read access using a pointer of wrong type.
CVE-2025-41738

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-13601

Overview

  • glib
26 Nov 2025
Published
27 Nov 2025
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Security Bulletin: CVE-2025-13601 / glib2 on Fedora 43. The #Fedora project has released glib2 2.86.2 to remediate a critical integer overflow vulnerability (CVE-2025-13601) in the g_escape_uri_string() function. Read more: 👉 tinyurl.com/38fdekuw #Security
  • 0
  • 0
  • 0
  • 3h ago
Showing 11 to 20 of 40 CVEs