Overview
- Microsoft
- Windows
26 Aug 2025
Published
05 Dec 2025
Updated
CVSS v3.0
HIGH (7.0)
EPSS
0.23%
KEV
Description
Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373.
Statistics
- 1 Post
Last activity: 22 hours ago
Bluesky
๐ Microsoft Quietly Patches Critical Windows LNK File Vulnerability (CVE-2025-9491) Exploited by Multiple APT Groups https://www.cyberhub.blog/article/16448-microsoft-quietly-patches-critical-windows-lnk-file-vulnerability-cve-2025-9491-exploited-by-multiple-apt-groups
Overview
Description
A weakness has been identified in H3C Magic B1 up to 100R004. The affected element is the function sub_44de0 of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Statistics
- 1 Post
Last activity: Last hour
Fediverse
โ ๏ธ CVE-2025-14196 (HIGH, CVSS 8.7): Remote buffer overflow in H3C Magic B1 (โค100R004). Public exploit available, no patch. Isolate devices, restrict access, monitor for /goform/aspForm attacks. https://radar.offseq.com/threat/cve-2025-14196-buffer-overflow-in-h3c-magic-b1-e84401a0 #OffSeq #H3C #BufferOverflow #Vuln
Overview
Description
A security flaw has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function RE2000v2Repeater_get_wired_clientlist_setClientsName of the file mod_form.so. The manipulation of the argument clientsname_0 results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Statistics
- 1 Post
Last activity: 18 hours ago
Fediverse
๐ CVE-2025-14136: HIGH severity stack-based buffer overflow in Linksys RE6500 & related models (1.0.013.001+). Remote code execution risk with public exploit, no vendor patch. Mitigate โ isolate, monitor, restrict access! https://radar.offseq.com/threat/cve-2025-14136-stack-based-buffer-overflow-in-link-e0ef136b #OffSeq #Vuln #IoTSecurity
Overview
- Python Software Foundation
- CPython
03 Dec 2025
Published
05 Dec 2025
Updated
CVSS v4.0
MEDIUM (6.3)
EPSS
0.04%
KEV
Description
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
Statistics
- 1 Post
Last activity: Last hour
Bluesky
CVE-2025-12084 Quadratic complexity in node ID cache clearing scq.ms/4ox5QqN #MicrosoftSecurity #cybersecurity
Overview
Description
A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. Executing manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Statistics
- 1 Post
Last activity: 17 hours ago
Fediverse
๐จ HIGH severity: CVE-2025-14187 buffer overflow in UGREEN DH2100+ (โค5.3.0.251125). Remote exploit published, no patch from vendor. Restrict access, monitor, and apply virtual patching if possible. More: https://radar.offseq.com/threat/cve-2025-14187-buffer-overflow-in-ugreen-dh2100-bd7ea556 #OffSeq #UGREEN #Vuln #BlueTeam
Overview
- anthropics
- claude-code
21 Nov 2025
Published
24 Nov 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.08%
KEV
Description
Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31.
Statistics
- 2 Posts
Last activity: 1 hour ago
Bluesky
Anthropic slapped 1,000 regexes on a godโthen sed whispered โw ~/.zshenvโ and the angel wrote itself a shell. CVE-2025-64755: the AI that debug-blocked you still let its own code sign the eviction notice.
Overview
Description
FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.
Statistics
- 1 Post
Last activity: 4 hours ago
Bluesky
Just published: A deep-dive analysis of #Debian DSA-6073-1. Going beyond the "update now" warning to explain the exploit mechanism of CVE-2025-25473 in FFmpeg, Read more: ๐ tinyurl.com/y54w6x2a #Security
Overview
Description
A vulnerability was detected in UTT ่ฟๅ 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/websHostFilter. Performing manipulation of the argument addHostFilter results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Statistics
- 1 Post
Last activity: 20 hours ago
Fediverse
๐ฉ CVE-2025-14140: HIGH-severity buffer overflow in UTT ่ฟๅ 520W v1.7.7-180627. Public exploit available, no vendor patch. Restrict access, deploy IDS/IPS, and monitor logs. Act fast! https://radar.offseq.com/threat/cve-2025-14140-buffer-overflow-in-utt-520w-c180e378 #OffSeq #Vulnerability #Infosec #NetworkSecurity
Overview
Description
Maintainer contacted. This is a false-positive. The flaw does not actually exist and was erroneously tested.
Statistics
- 1 Post
Last activity: 5 hours ago
Bluesky
CRITICAL: #Debian LTS security update DLA-4396-1 patches multiple high-severity libpng1.6 vulnerabilities (CVE-2022-3857, CVE-2021-4214). Remote attackers could use crafted PNGs for RCE or DoS. Read more: ๐ tinyurl.com/bde7mffv #Security
Overview
Description
A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.
Statistics
- 1 Post
Last activity: 5 hours ago
Bluesky
CRITICAL: #Debian LTS security update DLA-4396-1 patches multiple high-severity libpng1.6 vulnerabilities (CVE-2022-3857, CVE-2021-4214). Remote attackers could use crafted PNGs for RCE or DoS. Read more: ๐ tinyurl.com/bde7mffv #Security