Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
- 1 Interaction
Last activity: 23 hours ago
Fediverse
Sicherheitslücke: OpenAI Codex CLI führt versteckte Befehle aus Repository-Dateien aus
Die unter CVE-2025-61260 geführte Lücke ermöglicht es Angreifern, über manipulierte Repository-Dateien beliebigen Code auf Entwicklersystemen auszuführen – ganz ohne Wissen oder Zustimmung der Nutzer.
Overview
Description
In the Linux kernel, the following vulnerability has been resolved:
gfs2: No more self recovery
When a node withdraws and it turns out that it is the only node that has
the filesystem mounted, gfs2 currently tries to replay the local journal
to bring the filesystem back into a consistent state. Not only is that
a very bad idea, it has also never worked because gfs2_recover_func()
will refuse to do anything during a withdraw.
However, before even getting to this point, gfs2_recover_func()
dereferences sdp->sd_jdesc->jd_inode. This was a use-after-free before
commit 04133b607a78 ("gfs2: Prevent double iput for journal on error")
and is a NULL pointer dereference since then.
Simply get rid of self recovery to fix that.
Statistics
- 1 Post
- 1 Interaction
Last activity: 5 hours ago
Bluesky
CVE-2025-38659 gfs2: No more self recovery scq.ms/3KbMbil #cybersecurity #SecQube
Overview
- NVIDIA
- NVIDIA Isaac-GR00T N1.5
18 Nov 2025
Published
18 Nov 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV
Description
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Statistics
- 1 Post
- 1 Interaction
Last activity: 13 hours ago
Bluesky
ZDI-25-1041|CVE-2025-33183] NVIDIA Isaac-GR00T TorchSerializer Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVSS 9.8; Credit: Peter Girnus of Trend Zero Day Initiative)
www.zerodayinitiative.com/advisories/Z...
Overview
- WatchGuard
- Fireware OS
04 Dec 2025
Published
04 Dec 2025
Updated
CVSS v4.0
HIGH (7.5)
EPSS
Pending
KEV
Description
A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.2.
Statistics
- 1 Post
- 1 Interaction
Last activity: 13 hours ago
Fediverse
Overview
Description
Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Statistics
- 1 Post
- 1 Interaction
Last activity: 15 hours ago
Fediverse
Good introduction to a blog post. I came to it by chance after finishing the work today, relaxing a bit after auditing a state machine, but not as complex as Array.prototype.concat implementation, for sure.
A Bug's Life: CVE-2021-21225
https://tiszka.com/blog/CVE_2021_21225.html
Overview
- Microsoft
- Windows 10 Version 1809
14 May 2024
Published
03 May 2025
Updated
CVSS v3.1
MEDIUM (6.8)
EPSS
0.26%
KEV
Description
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Statistics
- 1 Post
Last activity: 16 hours ago
Bluesky
📌 Microsoft Silently Mitigates Critical Windows LNK Zero-Day Vulnerability (CVE-2024-30001) https://www.cyberhub.blog/article/16348-microsoft-silently-mitigates-critical-windows-lnk-zero-day-vulnerability-cve-2024-30001
Overview
- Docker
- Docker Desktop
20 Aug 2025
Published
25 Sep 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.01%
KEV
Description
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled.
This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
Statistics
- 1 Post
Last activity: 5 hours ago
Bluesky
Docker修复关键容器逃逸漏洞CVE-2025-9074:全面解读与安全防护指南
https://qian.cx/posts/AD8E8324-D24D-406F-8A2B-1406FC8B7062
Overview
- dripadmin
- CRM Memberships
05 Dec 2025
Published
05 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV
Description
The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.5. This is due to missing authorization and authentication checks on the `ntzcrm_changepassword` AJAX action. This makes it possible for unauthenticated attackers to reset arbitrary user passwords and gain unauthorized access to user accounts via the `ntzcrm_changepassword` endpoint, granted they can obtain or enumerate a target user's email address. The plugin also exposes the `ntzcrm_get_users` endpoint without authentication, allowing attackers to enumerate subscriber email addresses, facilitating the exploitation of the password reset vulnerability.
Statistics
- 1 Post
Last activity: 6 hours ago
Fediverse
⚠️ CRITICAL: CVE-2025-13313 in dripadmin CRM Memberships (≤2.5) lets unauth attackers reset user passwords & harvest emails via unprotected AJAX endpoints. Restrict access, monitor for abuse, patch ASAP. Details: https://radar.offseq.com/threat/cve-2025-13313-cwe-862-missing-authorization-in-dr-61158105 #OffSeq #WordPress #ThreatIntel #CVE202513313
Overview
- wphocus
- My auctions allegro
05 Dec 2025
Published
05 Dec 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV
Description
The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 3.6.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Statistics
- 1 Post
Last activity: 3 hours ago
Fediverse
🚨 CVE-2025-12850: HIGH severity SQL Injection in My auctions allegro WordPress plugin (all versions ≤3.6.32). Unauthenticated attackers can extract sensitive DB data. Patch when available, use WAF/input validation now. Details: https://radar.offseq.com/threat/cve-2025-12850-cwe-89-improper-neutralization-of-s-a9c55820 #OffSeq #WordPress #Vuln
Overview
- Monsta Limited of New Zealand
- Monsta FTP
07 Nov 2025
Published
19 Nov 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
10.77%
KEV
Description
Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.
Statistics
- 1 Post
Last activity: 17 hours ago
Fediverse
🚨 Alleged Leak of Unauthorized Monsta FTP Access; CVE-2025-34299
https://darkwebinformer.com/alleged-leak-of-unauthorized-monsta-ftp-access-cve-2025-34299/