24h | 7d | 30d

Overview

  • Pending

08 Dec 2025
Published
08 Dec 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the web_action.do endpoint.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 14 hours ago

Overview

  • IBM
  • WebSphere Application Server

08 Dec 2025
Published
08 Dec 2025
Updated

CVSS v3.1
MEDIUM (5.4)
EPSS
Pending

KEV

Description

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site.

Statistics

  • 3 Posts

Last activity: 14 hours ago

Bluesky

Profile picture
PH68243:IBM WebSphere Application Server is affected by cross-site scripting (CVE-2025-12635 CVSS 5.4) https://tinyurl.com/24vwpd2o
  • 0
  • 0
  • 0
  • 14h ago
Profile picture
PH68817:IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by cross-site scripting (CVE-2025-12635) https://tinyurl.com/26c9hks7
  • 0
  • 0
  • 1
  • 14h ago

Overview

  • Pending

25 Sep 2025
Published
26 Sep 2025
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture
CVE-2025-55554 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). scq.ms/3MmLlQr #MicrosoftSecurity #cybersecurity
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Palo Alto Networks
  • PAN-OS

12 Apr 2024
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
94.30%

Description

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture
📢 Vaste campagne d’attaques contre les portails Palo Alto GlobalProtect depuis 7 000+ IP 📝 Selon Cyber Security News, une campagne d’exploitation… https://cyberveille.ch/posts/2025-12-08-vaste-campagne-dattaques-contre-les-portails-palo-alto-globalprotect-depuis-7-000-ip/ #CVE_2024_3400 #Cyberveille
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Pending

25 Sep 2025
Published
29 Sep 2025
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture
CVE-2025-55552 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. scq.ms/48Cnl39 #MicrosoftSecurity #cybersecurity
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Wibu
  • CodeMeter Runtime

13 Sep 2023
Published
27 Aug 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.41%

KEV

Description

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture

VDE-2025-105
Endress+Hauser: Multiple products affected by Wibu-Systems CodeMeter Vulnerability

A vulnerability in Wibu-Systems CodeMeter (up to version 7.60b) affects multiple Endress+Hauser products. This flaw can lead to a heap buffer overflow, which may allow remote code execution under certain conditions.
CVE-2023-3935

certvde.com/en/advisories/vde-

endress-hauser.csaf-tp.certvde

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • open-webui
  • open-webui

04 Dec 2025
Published
05 Dec 2025
Updated

CVSS v3.1
HIGH (8.7)
EPSS
0.03%

KEV

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as PDF. This vulnerability can be exploited by any authenticated user, and unauthenticated external attackers can steal session tokens from users (both admin and regular users) by sharing specially crafted markdown files. This vulnerability is fixed in 0.6.37.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture
🚨 CVE-2025-65959 | Open WebUI | Stored XSS via Notes PDF Download (High) Malicious SVG/HTML in Markdown notes can execute JavaScript when downloaded as PDF, enabling session token theft. All users are at risk. Affects versions < 0.6.37. buff.ly/EVaSAOB buff.ly/RFK4ZIl
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • WBCE
  • WBCE_CMS

09 Dec 2025
Published
09 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
Pending

KEV

Description

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture

🔒 CVE-2025-67504: WBCE CMS <1.6.5 uses weak rand() for password generation, allowing attackers to predict or brute-force credentials. CRITICAL—upgrade to 1.6.5+ now! Monitor for suspicious logins. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • n8n-io
  • n8n

08 Dec 2025
Published
08 Dec 2025
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
Pending

KEV

Description

n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can point to a malicious Git hook that executes arbitrary commands on the n8n host during subsequent Git operations. Exploitation requires the ability to create or modify an n8n workflow using the Git node. This issue is fixed in version 1.119.2. Workarounds include excluding the Git Node (Docs) and avoiding cloning or interacting with untrusted repositories using the Git Node.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture

🚨 CVE-2025-65964: CRITICAL RCE in n8n-io n8n (0.123.1–1.119.1). Exploit via Git node lets attackers run arbitrary code through malicious Git hooks. Upgrade to 1.119.2, disable Git node if needed. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Google
  • Android

08 Dec 2025
Published
09 Dec 2025
Updated

CVSS
Pending
EPSS
Pending

Description

In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture
📰 Google Confirms Android Attacks-No Fix for Most Samsung Users 💬 CVE-2025-48633 is a messy exploit that needs user action to thrive. Concerns about OS updates leave users jittery. 🤔 https://news.ycombinator.com/item?id=46194315
  • 0
  • 0
  • 0
  • 11h ago
Showing 11 to 20 of 36 CVEs