Overview
Description
Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Statistics
- 2 Posts
- 2 Interactions
Last activity: 9 hours ago
Fediverse
⚠️ Alert: A #WebXR flaw (CVE-2025-12443) affected Chrome, Edge, Brave, Opera and other Chromium browsers - over 4 billion devices at risk. Patch pushed - update your browser now! 🔐
Read: https://hackread.com/webxr-flaw-chromium-users-browser-update/
Overview
- WatchGuard
- Fireware OS
04 Dec 2025
Published
04 Dec 2025
Updated
CVSS v4.0
HIGH (7.5)
EPSS
Pending
KEV
Description
A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.2.
Statistics
- 1 Post
- 1 Interaction
Last activity: Last hour
Fediverse
Overview
Description
Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Statistics
- 1 Post
- 1 Interaction
Last activity: 2 hours ago
Fediverse
Good introduction to a blog post. I came to it by chance after finishing the work today, relaxing a bit after auditing a state machine, but not as complex as Array.prototype.concat implementation, for sure.
A Bug's Life: CVE-2021-21225
https://tiszka.com/blog/CVE_2021_21225.html
Overview
Description
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27803.
Statistics
- 1 Post
Last activity: 21 hours ago
Bluesky
🚨 Patch NOW: CVE-2025-10921 in #openSUSE Tumbleweed's GEGL library is a high-severity buffer overflow (CVSS 8.4). Can lead to RCE via a malicious HDR file. Read more: 👉 tinyurl.com/mwwhzzds #Security
Overview
- Microsoft
- Windows 10 Version 1809
14 May 2024
Published
03 May 2025
Updated
CVSS v3.1
MEDIUM (6.8)
EPSS
0.26%
KEV
Description
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Statistics
- 1 Post
Last activity: 3 hours ago
Bluesky
📌 Microsoft Silently Mitigates Critical Windows LNK Zero-Day Vulnerability (CVE-2024-30001) https://www.cyberhub.blog/article/16348-microsoft-silently-mitigates-critical-windows-lnk-zero-day-vulnerability-cve-2024-30001
Overview
Description
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Statistics
- 1 Post
Last activity: 22 hours ago
Bluesky
東京都が不正アクセス被害 ランサムウエア感染の可能性 - 日経クロステック(xTECH)
東京都が不正アクセスを受けた少し前に、オラクルがWebLogicの脆弱性(CVE-2019-2725)を発表していました(図4)。脆弱性があると、ネットワーク経由で任意のコード ...
xtech.nikkei.com/atcl/nxt/mag...
Overview
- ThinkInAIXYZ
- deepchat
03 Dec 2025
Published
03 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.7)
EPSS
0.15%
KEV
Description
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting (XSS) vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC bridge, this XSS can be escalated to Remote Code Execution (RCE) by registering and starting a malicious MCP (Model Context Protocol) server.
Statistics
- 1 Post
Last activity: 19 hours ago
Fediverse
🚨 CVE-2025-66222 (CRITICAL, CVSS 9.7): ThinkInAIXYZ deepchat <0.5.0 exposes stored XSS in Mermaid diagrams, leading to RCE via Electron IPC. Patch to 0.5.0+, restrict untrusted content, and monitor for abuse! https://radar.offseq.com/threat/cve-2025-66222-cwe-94-improper-control-of-generati-ddf80d66 #OffSeq #Vuln #AI #Security
Overview
- Monsta Limited of New Zealand
- Monsta FTP
07 Nov 2025
Published
19 Nov 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
10.77%
KEV
Description
Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.
Statistics
- 1 Post
Last activity: 4 hours ago
Fediverse
🚨 Alleged Leak of Unauthorized Monsta FTP Access; CVE-2025-34299
https://darkwebinformer.com/alleged-leak-of-unauthorized-monsta-ftp-access-cve-2025-34299/
Overview
- djangoproject
- Django
- django
05 Nov 2025
Published
08 Nov 2025
Updated
CVSS
Pending
EPSS
0.07%
KEV
Description
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.
Statistics
- 1 Post
Last activity: 10 hours ago
Bluesky
GitHub - omarkurt/django-connector-CVE-2025-64459-testbed: A self-contained testbed for Django CVE-2025-64459. Demonstrates QuerySet.filter() parameter injection via dictionary expansion using Docker.
Overview
Description
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
Statistics
- 2 Posts
Last activity: 14 hours ago
Fediverse
🚨 New plugin: FreePBXPlugin (CVE-2025-57819).
FreePBX unauthenticated SQL injection vulnerability detection - may lead to RCE.
Results: https://leakix.net/search?q=%2Bplugin%3AFreePBXPlugin&scope=leak