Overview
Description
Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the web_action.do endpoint.
Statistics
- 1 Post
- 1 Interaction
Last activity: 14 hours ago
Fediverse
Overview
- IBM
- WebSphere Application Server
08 Dec 2025
Published
08 Dec 2025
Updated
CVSS v3.1
MEDIUM (5.4)
EPSS
Pending
KEV
Description
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site.
Statistics
- 3 Posts
Last activity: 14 hours ago
Bluesky
PH68243:IBM WebSphere Application Server is affected by cross-site scripting (CVE-2025-12635 CVSS 5.4) https://tinyurl.com/24vwpd2o
PH68817:IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by cross-site scripting (CVE-2025-12635) https://tinyurl.com/26c9hks7
Overview
Description
pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
Statistics
- 1 Post
Last activity: 4 hours ago
Bluesky
CVE-2025-55554 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). scq.ms/3MmLlQr #MicrosoftSecurity #cybersecurity
Overview
Description
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Statistics
- 1 Post
Last activity: 9 hours ago
Bluesky
📢 Vaste campagne d’attaques contre les portails Palo Alto GlobalProtect depuis 7 000+ IP
📝 Selon Cyber Security News, une campagne d’exploitation…
https://cyberveille.ch/posts/2025-12-08-vaste-campagne-dattaques-contre-les-portails-palo-alto-globalprotect-depuis-7-000-ip/ #CVE_2024_3400 #Cyberveille
Overview
Description
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
Statistics
- 1 Post
Last activity: 20 hours ago
Bluesky
CVE-2025-55552 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. scq.ms/48Cnl39 #MicrosoftSecurity #cybersecurity
Overview
- Wibu
- CodeMeter Runtime
13 Sep 2023
Published
27 Aug 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.41%
KEV
Description
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
Statistics
- 1 Post
Last activity: 21 hours ago
Fediverse
#OT #Advisory VDE-2025-105
Endress+Hauser: Multiple products affected by Wibu-Systems CodeMeter Vulnerability
A vulnerability in Wibu-Systems CodeMeter (up to version 7.60b) affects multiple Endress+Hauser products. This flaw can lead to a heap buffer overflow, which may allow remote code execution under certain conditions.
#CVE CVE-2023-3935
https://certvde.com/en/advisories/vde-2025-105/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-105.json
Overview
- open-webui
- open-webui
04 Dec 2025
Published
05 Dec 2025
Updated
CVSS v3.1
HIGH (8.7)
EPSS
0.03%
KEV
Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as PDF. This vulnerability can be exploited by any authenticated user, and unauthenticated external attackers can steal session tokens from users (both admin and regular users) by sharing specially crafted markdown files. This vulnerability is fixed in 0.6.37.
Statistics
- 1 Post
Last activity: 9 hours ago
Bluesky
🚨 CVE-2025-65959 | Open WebUI | Stored XSS via Notes PDF Download (High)
Malicious SVG/HTML in Markdown notes can execute JavaScript when downloaded as PDF, enabling session token theft. All users are at risk. Affects versions < 0.6.37.
buff.ly/EVaSAOB
buff.ly/RFK4ZIl
Overview
- WBCE
- WBCE_CMS
09 Dec 2025
Published
09 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
Pending
KEV
Description
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5.
Statistics
- 1 Post
Last activity: 2 hours ago
Fediverse
🔒 CVE-2025-67504: WBCE CMS <1.6.5 uses weak rand() for password generation, allowing attackers to predict or brute-force credentials. CRITICAL—upgrade to 1.6.5+ now! Monitor for suspicious logins. https://radar.offseq.com/threat/cve-2025-67504-cwe-331-insufficient-entropy-in-wbc-5bf971f6 #OffSeq #Vuln #WBCECMS #Security
Overview
- n8n-io
- n8n
08 Dec 2025
Published
08 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
Pending
KEV
Description
n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can point to a malicious Git hook that executes arbitrary commands on the n8n host during subsequent Git operations. Exploitation requires the ability to create or modify an n8n workflow using the Git node. This issue is fixed in version 1.119.2. Workarounds include excluding the Git Node (Docs) and avoiding cloning or interacting with untrusted repositories using the Git Node.
Statistics
- 1 Post
Last activity: 6 hours ago
Fediverse
🚨 CVE-2025-65964: CRITICAL RCE in n8n-io n8n (0.123.1–1.119.1). Exploit via Git node lets attackers run arbitrary code through malicious Git hooks. Upgrade to 1.119.2, disable Git node if needed. Details: https://radar.offseq.com/threat/cve-2025-65964-cwe-829-inclusion-of-functionality--14b531c0 #OffSeq #n8n #Vuln #RCE
Overview
Description
In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Statistics
- 1 Post
Last activity: 11 hours ago
Bluesky
đź“° Google Confirms Android Attacks-No Fix for Most Samsung Users
💬 CVE-2025-48633 is a messy exploit that needs user action to thrive. Concerns about OS updates leave users jittery. 🤔
https://news.ycombinator.com/item?id=46194315