24h | 7d | 30d

Overview

  • Pending

12 Sep 2025
Published
15 Sep 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

A stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 13 hours ago

Fediverse

Profile picture

En las últimas 24 horas, la red Starlink en Ucrania sufrió una caída significativa, mientras el Ministerio de Economía de Panamá reportó una filtración de datos. El FBI alertó sobre hackers que comprometen Salesforce, y se arrestó a 12 individuos por hackear cuentas de WhatsApp. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 15/09/25 📆 |====

🔒 CAÍDA DE STARLINK EN UCRANIA
La red de satélites Starlink, operada por Elon Musk, ha dejado de funcionar a lo largo del frente en Ucrania, coincidiendo con un apagón global del servicio. Esta interrupción podría afectar significativamente las comunicaciones en una zona crítica. ¡Infórmate más sobre este incidente aquí! 👉 djar.co/gXjmYI

💼 FILTRACIÓN EN EL MINISTERIO DE ECONOMÍA DE PANAMÁ
El Ministerio de Economía y Finanzas de Panamá ha revelado una brecha de seguridad que afecta a uno de sus sistemas informáticos. Esto añade presión sobre las instituciones gubernamentales para mejorar sus protocolos de ciberseguridad. Descubre todos los detalles de esta filtración aquí 👉 djar.co/Yj5Iu

🚨 ALERTA DEL FBI SOBRE HACKERS QUE ROBAN DATOS DE SALESFORCE
El FBI ha emitido una alerta urgente sobre dos grupos de hackers, UNC6040 y UNC6395, que están comprometiendo entornos de Salesforce para robar datos y extorsionar a las organizaciones. Este aviso destaca la creciente amenaza en el sector empresarial por parte de atacantes cibernéticos. Entérate de cómo protegerte aquí 👉 djar.co/iiJTUf

🛡️ VULNERABILIDAD EN LA DASHCAM AUDI UTR 2.0
Se ha detectado una vulnerabilidad crítica en el servicio FTP de la dashcam Audi UTR 2.0 que permite un ataque de denegación de servicio (DoS) sin necesidad de autenticación previa. Catalogada como CVE-2025-45587, este fallo requiere atención inmediata por parte de los usuarios. Aprende más sobre cómo prevenir este riesgo aquí 👉 djar.co/pQJb

📱 HACKERES EN WHATSAPP: 12 SOSPECHOSOS DETENIDOS
Un grupo de 12 individuos fue arrestado por hackear cuentas de WhatsApp mediante enlaces de sitios falsos en Facebook Marketplace. Los atacantes lograron acceder a información sensible, lo que subraya la importancia de la seguridad en plataformas de mensajería. Lee más sobre esta operación y cómo evitar ser víctima aquí 👉 djar.co/R8TRd

🌐 FILTRACIÓN MASIVA DEL GRAN FIREWALL DE CHINA
Servidores en China han sido comprometidos, resultando en la filtración de documentos y código fuente del Gran Firewall. Este incidente pone de manifiesto las vulnerabilidades en los sistemas de censura y control de información. Descubre más sobre las implicaciones de esta brecha aquí 👉 djar.co/UJRZs

🖥️ CORRIENDO MODELOS DE IA EN UN MAC ORIGINAL
Experimentadores han encontrado formas innovadoras de ejecutar modelos de inteligencia artificial en hardware antiguo, como el Mac original. Esto demuestra el potencial de nuevas aplicaciones incluso en tecnología considerada obsoleta. Conoce más sobre estas técnicas retrofuturistas aquí 👉 djar.co/H6qukx

  • 0
  • 1
  • 0
  • 13h ago

Overview

  • colorjs
  • color-name

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v4.0
HIGH (8.8)
EPSS
Pending

KEV

Description

color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct <script> inclusion, or via a bundling tool such as Babel, Rollup, Vite, Next.js, etc.) there is a chance the malware still exists and such bundles will need to be rebuilt. The malware seemingly only targets cryptocurrency transactions and wallets such as MetaMask. See references below for more information on the payload. npm removed the offending package from the registry over the course of the day on 8 September, preventing further downloads from npm proper. On 13 September, the package owner published new patch versions to help cache-bust those using private registries who might still have the compromised version cached. Users should update to the latest patch version, completely remove their node_modules directory, clean their package manager's global cache, and rebuild any browser bundles from scratch. Those operating private registries or registry mirrors should purge the offending versions from any caches. This issue is resolved in 2.0.2.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 3 hours ago

Fediverse

Overview

  • SourceCodester
  • Pet Grooming Management Software

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.03%

KEV

Description

A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/ajax_represent.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post

Last activity: 16 hours ago

Fediverse

Profile picture

🐶 CVE-2025-10431: MEDIUM severity SQL Injection in SourceCodester Pet Grooming Management Software 1.0 (/admin/ajax_represent.php, ID param). Remote exploit possible. Restrict admin access & use WAFs until patched. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

Overview

  • huggingface
  • huggingface/transformers

14 Sep 2025
Published
15 Sep 2025
Updated

CVSS v3.0
MEDIUM (5.3)
EPSS
0.04%

KEV

Description

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer` class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises from the method's handling of numeric strings, which can be exploited using crafted input strings containing long sequences of digits, leading to excessive CPU consumption. This vulnerability impacts text-to-speech and number normalization tasks, potentially causing service disruption, resource exhaustion, and API vulnerabilities.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture
⚠️ Hugging Face Transformers: CVE-2025-6051 ReDoS via EnglishNormalizer.normalize_numbers() — long digit strings spike CPU, DoS NLP/TTS. Update 4.53.0; add input limits/timeouts. 🛡️ 🔗 basefortify.eu/cve_reports/... #MLSec #AppSec #NLP
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Broadcom
  • BCM5820X

13 Jun 2025
Published
17 Jun 2025
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.15%

KEV

Description

A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromise a ControlVault firmware and have it craft a malicious response to trigger this vulnerability.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture

💥 An RCE in your SIEM means attackers could own your monitoring.

Detect and validate the impact of Fortinet FortiSIEM (CVE-2025-24919) with our new module, now live in both:
1️⃣ Network Scanner
2️⃣ Sniper: Auto-Exploiter

Full vulnerability details here 👉 pentest-tools.com/vulnerabilit

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • M-Files Corporation
  • Hubshare

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v4.0
HIGH (7.0)
EPSS
0.06%

KEV

Description

Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture

🚨 HIGH severity: CVE-2025-9826 — Stored XSS in M-Files Hubshare <25.8 lets authenticated users inject persistent scripts, risking data theft & workflow compromise. Upgrade & harden input validation! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • libexpat project
  • libexpat

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.05%

KEV

Description

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture

🔎 CVE-2025-59375: HIGH severity in libexpat (<2.7.2) — attackers can remotely exhaust system memory via crafted small XML docs, causing DoS. Patch to 2.7.2+ or mitigate with input controls. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Mercury
  • KM08-708H GiGA WiFi Wave2

14 Sep 2025
Published
15 Sep 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%

KEV

Description

A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture

🚨 CVE-2025-10392 | CRITICAL stack buffer overflow in Mercury KM08-708H GiGA WiFi Wave2 v1.1.14. Remote attackers can exploit via HTTP Host header—public exploit available! Isolate & monitor devices. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • github.com/chaos-mesh/chaos-mesh

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture

🔥 CRITICAL: CVE-2025-59361 in Chaos Controller Manager enables unauthenticated in-cluster OS command injection—full RCE possible! No patch yet. Segment networks, monitor for abuse, and audit configs ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour

Overview

  • Gotac
  • Statistical Database System

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.13%

KEV

Description

Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture

🚨 CVE-2025-10452 (CRITICAL, CVSS 9.3): Gotac Statistical Database System lacks authentication for critical functions — unauthenticated remote attackers can read, modify, & delete data. Isolate & restrict access now. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago
Showing 11 to 20 of 54 CVEs