24h | 7d | 30d

Overview

  • Adobe
  • ColdFusion

09 Dec 2025
Published
10 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.24%

KEV

Description

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction and scope is unchanged.

Statistics

  • 2 Posts

Last activity: 12 hours ago

Bluesky

Profile picture
> Adobe ColdFusionの脆弱性対策について(CVE-2025-61809) https://www.ipa.go.jp/security/security-alert/2025/alert20251211.html
  • 0
  • 0
  • 0
  • 13h ago
Profile picture
Adobe ColdFusionの脆弱性対策について(CVE-2025-61809) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構 https://www.ipa.go.jp/security/security-alert/2025/alert20251211.html
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • glib2

11 Dec 2025
Published
11 Dec 2025
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

Statistics

  • 1 Post
  • 5 Interactions

Last activity: 5 hours ago

Fediverse

Profile picture

BoF in glib.

access.redhat.com/security/cve

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

  • 3
  • 2
  • 0
  • 5h ago

Overview

  • Tenda
  • CH22

11 Dec 2025
Published
11 Dec 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

Statistics

  • 1 Post
  • 9 Interactions

Last activity: 5 hours ago

Overview

  • JBL
  • LIVE PRO 2 TWS

10 Dec 2025
Published
10 Dec 2025
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.02%

KEV

Description

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 14 hours ago

Fediverse

Profile picture

VDE-2024-076
BLE GATT Service Vulnerability in JBL Headphones

Due to improper BLE security configurations and lack of authentication on the GATT server of JBL LIVE PRO 2 TWS and JBL TUNE FLEX Headphones, unauthenticated users can read and write device control commands through the mobile app service.
CVE-2024-2104

certvde.com/en/advisories/vde-

harman.csaf-tp.certvde.com/.we

  • 1
  • 1
  • 0
  • 14h ago

Overview

  • JBL
  • Flip 5

10 Dec 2025
Published
10 Dec 2025
Updated

CVSS v3.1
MEDIUM (6.5)
EPSS
0.02%

KEV

Description

An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 14 hours ago

Fediverse

Profile picture

VDE-2025-089
BLE ICM Vulnerability in JBL Headphones

The BLE controller in certain consumer products fails to properly validate the channel map field in connection requests, enabling attackers within radio range to cause a denial of service through a specially crafted packet.
CVE-2024-2105

certvde.com/en/advisories/vde-

harman.csaf-tp.certvde.com/.we

  • 1
  • 1
  • 0
  • 14h ago

Overview

  • Pending

11 Dec 2025
Published
11 Dec 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture
  • 1
  • 1
  • 0
  • 2h ago

Overview

  • Kubernetes
  • Kubelet

13 Mar 2025
Published
13 Mar 2025
Updated

CVSS v3.1
MEDIUM (5.9)
EPSS
0.06%

KEV

Description

This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 18 hours ago

Bluesky

Profile picture
SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation https://isc.sans.edu/podcastdetail/9734
  • 1
  • 1
  • 0
  • 18h ago

Overview

  • neuron-core
  • neuron-ai

10 Dec 2025
Published
11 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.4)
EPSS
0.06%

KEV

Description

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 23 hours ago

Fediverse

Profile picture

CRITICAL: CVE-2025-67510 impacts neuron-core neuron-ai (<2.8.12). MySQLWriteTool allows arbitrary SQL via prompt injection—risk of data loss or escalation if DB privileges are broad. Upgrade ASAP! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 23h ago

Overview

  • UTT
  • 进取 512W

11 Dec 2025
Published
11 Dec 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

A vulnerability was determined in UTT 进取 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argument NatBind can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 3 hours ago

Overview

  • D-Link
  • DIR-803

11 Dec 2025
Published
11 Dec 2025
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
Pending

KEV

Description

A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 5 hours ago
Showing 11 to 20 of 80 CVEs