24h | 7d | 30d

Overview

  • Tenda
  • WH450

23 Dec 2025
Published
23 Dec 2025
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
Pending

KEV

Description

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 1 hour ago

Overview

  • Pending

12 Nov 2025
Published
18 Nov 2025
Updated

CVSS
Pending
EPSS
0.07%

KEV

Description

Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 3 hours ago

Fediverse

Profile picture

IDK if I shared this dumb Tenda one already or not:

github.com/Remenis/CVE-2025-63

I know this sort of thing used to be fairly common but it's weird seeing it in a 2025 CVE.

  • 0
  • 1
  • 0
  • 3h ago

Overview

  • Unknown
  • W3 Total Cache

17 Nov 2025
Published
17 Nov 2025
Updated

CVSS
Pending
EPSS
2.04%

KEV

Description

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 9 hours ago

Fediverse

Profile picture

I’ve updated my blog post about CVE-2025-9501 and included bypasses for all W3 Total Cache versions up to and including the latest 2.8.15.

rcesecurity.com/2025/11/exploi

  • 0
  • 1
  • 1
  • 9h ago

Overview

  • Apache Software Foundation
  • Apache Log4j2

10 Dec 2021
Published
21 Oct 2025
Updated

CVSS
Pending
EPSS
94.36%

Description

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture
Log4Shell Exposed: How a Single Vulnerability Shook the Internet and What You Must Do Now + Video Introduction: The Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j sent shockwaves through the cybersecurity world, exposing millions of systems to remote code execution. This critical flaw in…
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • glib

26 Nov 2025
Published
27 Nov 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture
CRITICAL: #SUSE glib2 vulnerability (CVE-2025-13601, CVSS 7.8) allows local privilege escalation. Read more: 👉 tinyurl.com/2a4tjsbb #Security
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • nanbingxyz
  • 5ire

23 Dec 2025
Published
23 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.7)
EPSS
Pending

KEV

Description

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin is initialized with securityLevel: 'loose'. This configuration explicitly permits the rendering of HTML tags within Mermaid diagram nodes. This issue has not been patched at time of publication.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture

🚨 CVE-2025-68669 (CRITICAL, CVSS 9.7) impacts nanbingxyz 5ire ≤0.15.2. Unpatched RCE via markdown-it-mermaid plugin’s loose security—malicious Mermaid diagrams can execute arbitrary code. Disable plugin & validate inputs! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour

Overview

  • livewire
  • livewire

17 Jul 2025
Published
17 Jul 2025
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.08%

KEV

Description

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture
🚨 Pre-Auth RCE in #Livewire (CVE-2025-54068)! Our specialists uncovered a critical flaw allowing remote code execution without the APP_KEY, exploiting Livewire’s hydration mechanism + PHP’s loose typing. 🔗 Patch now! (v3.6.4+) www.synacktiv.com/en/publicati...
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Tenda
  • WH450

23 Dec 2025
Published
23 Dec 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing manipulation of the argument Username results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.

Statistics

  • 1 Post

Last activity: 2 hours ago

Overview

  • Linux
  • Linux

12 Nov 2025
Published
01 Dec 2025
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture
🚨 CRITICAL KERNEL UPDATE: #openSUSE Leap 15.5 / SUSE Linux Enterprise 15 SP5 patches 8 vulnerabilities including CVE-2025-40204 (CVSS 8.7 - network info disclosure). Read more: 👉 tinyurl.com/mk8xfhpk #Security
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Python Software Foundation
  • CPython

03 Dec 2025
Published
22 Dec 2025
Updated

CVSS v4.0
MEDIUM (6.3)
EPSS
0.16%

KEV

Description

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture
🚨 Attention #Fedora users and Python developers! A critical security update is available for Fedora 42, patching a denial-of-service vulnerability (CVE-2025-12084) in the #MinGW #Python3 package. Read more: 👉 tinyurl.com/nw556ha2
  • 0
  • 0
  • 0
  • 11h ago
Showing 11 to 20 of 65 CVEs