24h | 7d | 30d

Overview

  • Pending

01 Dec 2025
Published
01 Dec 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack and inject fake responses by reviving the birthday attack.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture
  • 0
  • 3
  • 0
  • 1h ago

Overview

  • Mattermost
  • Mattermost

27 Nov 2025
Published
28 Nov 2025
Updated

CVSS v3.1
MEDIUM (4.3)
EPSS
0.03%

KEV

Description

Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture

Also:

Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 2
  • 0
  • 1h ago

Overview

  • Mattermost
  • Mattermost

27 Nov 2025
Published
28 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
0.07%

KEV

Description

Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of authentication data during the OAuth completion flow. This requires email verification to be disabled (default: disabled), OAuth/OpenID Connect to be enabled, and the attacker to control two users in the SSO system with one of them never having logged into Mattermost.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 1 hour ago

Fediverse

Profile picture

And:

Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation or admin privileges to take over any user account via manipulation of authentication data during the OAuth completion flow

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • 1h ago

Overview

  • Avast
  • Antivirus

01 Dec 2025
Published
01 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: Last hour

Fediverse

Profile picture

And another one:

NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • Last hour

Overview

  • CODESYS
  • CODESYS Development System

01 Dec 2025
Published
01 Dec 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 6 hours ago

Fediverse

Profile picture

VDE-2025-101
CODESYS Development System - Deserialization of Untrusted Data

A vulnerability has been discovered in the print engine of the CODESYS development system. If a CODESYS project file or archive file was crafted in a specific way, the CODESYS development system could execute arbitrary code when a user opens these files and configures the print/printer options or prints the project or parts of it. This arbitrary code would be executed in the context of the user who was tricked into opening the project.
CVE-2025-41700

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

  • 0
  • 1
  • 0
  • 6h ago

Overview

  • nutzam
  • NutzBoot

01 Dec 2025
Published
01 Dec 2025
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.04%

KEV

Description

A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Transaction API. The manipulation of the argument from/to/wei leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture

🔔 MEDIUM severity: CVE-2025-13806 impacts nutzam NutzBoot ≤2.6.0-SNAPSHOT. Remote attackers may exploit improper authorization in the Transaction API (EthModule.java). Public exploit disclosed — monitor & mitigate! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Palo Alto Networks
  • PAN-OS

12 Apr 2024
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
94.32%

Description

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture
The PAN-OS Pandemic: How CVE-2024-3400 Turns Your Firewall Into a Cybercriminal’s Playground Introduction: A critical zero-day vulnerability, designated CVE-2024-3400, has been discovered in Palo Alto Networks' PAN-OS, the operating system running its next-generation firewalls. This flaw, a…
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • geoserver
  • geoserver

25 Nov 2025
Published
25 Nov 2025
Updated

CVSS v3.1
HIGH (8.2)
EPSS
10.15%

KEV

Description

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request. This issue has been patched in GeoServer 2.25.6, GeoServer 2.26.3, and GeoServer 2.27.0.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture
High-Severity GeoServer Flaw (CVE-2025-58360) Allows Unauthenticated XXE for File Theft and SSRF
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • CODESYS
  • CODESYS Control RTE (SL)

01 Dec 2025
Published
01 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.08%

KEV

Description

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture

VDE-2025-100
CODESYS Control - Invalid type usage in visualization

A vulnerability in the CODESYS Control runtime system's CmpVisuServer component allows attackers to cause a denial-of-service (DoS) by sending special request to the CODESYS Web- or remote Target Visu. The issue is triggered by an internal read access using a pointer of wrong type.
CVE-2025-41738

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • glib

26 Nov 2025
Published
27 Nov 2025
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture
Security Bulletin: CVE-2025-13601 / glib2 on Fedora 43. The #Fedora project has released glib2 2.86.2 to remediate a critical integer overflow vulnerability (CVE-2025-13601) in the g_escape_uri_string() function. Read more: 👉 tinyurl.com/38fdekuw #Security
  • 0
  • 0
  • 0
  • 3h ago
Showing 11 to 20 of 40 CVEs