24h | 7d | 30d

Overview

  • Huawei
  • HarmonyOS

28 Nov 2025
Published
28 Nov 2025
Updated

CVSS v3.1
HIGH (7.3)
EPSS
Pending

KEV

Description

Vulnerability of improper criterion security check in the call module. Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture

⚠️ HIGH severity: CVE-2025-58308 in Huawei HarmonyOS (5.0.1, 5.1.0, 6.0.0) exposes call module to local exploitation—no patch available. Abnormal feature behavior could lead to data leaks or DoS. Restrict access & monitor! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Simple SA
  • Wirtualna Uczelnia

27 Nov 2025
Published
27 Nov 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution. This issue was fixed in version wu#2016.1.5513#0#20251014_113353

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture

⚠️ CRITICAL CVE-2025-12140: Simple SA Wirtualna Uczelnia is vulnerable to unauth RCE via eval injection in 'redirectToUrl'. Patch to wu#2016.1.5513#0#20251014_113353 now! Full system compromise risk. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • win.rar GmbH
  • WinRAR

08 Aug 2025
Published
21 Oct 2025
Updated

CVSS v4.0
HIGH (8.4)
EPSS
2.92%

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture
Autumn Dragonは中国系と推定され、DLLサイドローディングとWinRARゼロデイ(CVE-2025-8088)を組み合わせた多段階の感染チェーンにより、高度なステルス性と持続性を備えた侵入を実行しています。 特に、政府機関と報道機関を重点標的とした点は、世論形成と政策意思決定の中枢を狙った情報戦と理解すべきでしょう。 この構造は、現在の日本国内で見られる情報空間の混乱や誤報をめぐる現象とも明確な共通性を持っています。
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • FFmpeg

31 Dec 2024
Published
21 Aug 2025
Updated

CVSS
Pending
EPSS
0.32%

KEV

Description

A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture
Security Deep Dive: The recently disclosed FFmpeg flaw (CVE-2023-6603) is a classic example of a parser vulnerability in a ubiquitous tool. Read more: 👉 tinyurl.com/ms4s3h83 #Security #Ubuntu
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Huawei
  • HarmonyOS

28 Nov 2025
Published
28 Nov 2025
Updated

CVSS v3.1
HIGH (8.4)
EPSS
Pending

KEV

Description

Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture

🔒 CVE-2025-58302 (HIGH, CVSS 8.4) in Huawei HarmonyOS (2.0.0–4.3.1): Local attackers can bypass Settings module permission checks, risking data exposure. Restrict device access & monitor for unusual activity. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Uniong
  • WebITR

28 Nov 2025
Published
28 Nov 2025
Updated

CVSS v4.0
HIGH (7.1)
EPSS
Pending

KEV

Description

WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture

CVE-2025-13771: HIGH severity path traversal in Uniong WebITR lets authenticated users read any file on the server. Review input validation, tighten access, and monitor logins. No patch yet—mitigate now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • cerebrate-project
  • Cerebrate

28 Nov 2025
Published
28 Nov 2025
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
Pending

KEV

Description

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by supplying or modifying role_id or organisation_id fields in the edit request.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture

🚨 CRITICAL: CVE-2025-66385 in Cerebrate <1.30 lets auth'd users escalate privileges via user-edit endpoint (role_id/org_id). Upgrade ASAP, monitor logs, and apply stricter validation. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Linux
  • Linux

01 May 2024
Published
04 Nov 2025
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: serial: core: Clearing the circular buffer before NULLifying it The circular buffer is NULLified in uart_tty_port_shutdown() under the spin lock. However, the PM or other timer based callbacks may still trigger after this event without knowning that buffer pointer is not valid. Since the serial code is a bit inconsistent in checking the buffer state (some rely on the head-tail positions, some on the buffer pointer), it's better to have both aligned, i.e. buffer pointer to be NULL and head-tail possitions to be the same, meaning it's empty. This will prevent asynchronous calls to dereference NULL pointer as reported recently in 8250 case: BUG: kernel NULL pointer dereference, address: 00000cf5 Workqueue: pm pm_runtime_work EIP: serial8250_tx_chars (drivers/tty/serial/8250/8250_port.c:1809) ... ? serial8250_tx_chars (drivers/tty/serial/8250/8250_port.c:1809) __start_tx (drivers/tty/serial/8250/8250_port.c:1551) serial8250_start_tx (drivers/tty/serial/8250/8250_port.c:1654) serial_port_runtime_suspend (include/linux/serial_core.h:667 drivers/tty/serial/serial_port.c:63) __rpm_callback (drivers/base/power/runtime.c:393) ? serial_port_remove (drivers/tty/serial/serial_port.c:50) rpm_suspend (drivers/base/power/runtime.c:447) The proposed change will prevent ->start_tx() to be called during suspend on shut down port.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture
New security advisory analysis is live. We've deconstructed the recent CVE-2024-26998 patch for the #openSUSE Leap 15.6 kernel. Read more: 👉 tinyurl.com/25pbfkre #Security
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • angular
  • angular

26 Nov 2025
Published
26 Nov 2025
Updated

CVSS v4.0
HIGH (7.7)
EPSS
0.05%

KEV

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture
Angular Alert: Protocol-Relative URLs Leak XSRF Tokens (CVE-2025-66035)
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • ASUS
  • Router

25 Nov 2025
Published
25 Nov 2025
Updated

CVSS v4.0
HIGH (8.2)
EPSS
0.20%

KEV

Description

A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture
ASUS製ルーターに複数の脆弱性。計8件中、緊急が1件。アップデートを。『CVE-2025-59366』『CVE-2025-12003』など | ニッチなPCゲーマーの環境構築Z https://www.nichepcgamer.com/archives/asus-routers-multiple-vulnerabilities-cve-2025-59366-etc.html
  • 0
  • 0
  • 0
  • 5h ago
Showing 11 to 20 of 21 CVEs