24h | 7d | 30d

Overview

  • Case-Themes
  • Case Theme User

23 Aug 2025
Published
25 Aug 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.16%

KEV

Description

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_callback(). This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site, and access to the administrative user's email.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture
CVE-2025-5821: Critical Authentication Bypass in WordPress Case Theme User Plugin Exploited in the Wild
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Pending

27 May 2024
Published
13 Feb 2025
Updated

CVSS
Pending
EPSS
2.84%

KEV

Description

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture
CVE-2024-29415: problem solution https://cstu.io/4163b4 #iot #robotics #developer
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Kubernetes
  • Kubernetes CSharp Client

16 Sep 2025
Published
16 Sep 2025
Updated

CVSS v3.1
MEDIUM (6.8)
EPSS
Pending

KEV

Description

A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.

Statistics

  • 3 Posts

Last activity: 7 hours ago

Fediverse

Profile picture

CVE-2025-9708: Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks - github.com/kubernetes/kubernet

  • 0
  • 0
  • 2
  • 7h ago

Overview

  • OpenSSL
  • OpenSSL

15 Mar 2022
Published
17 Sep 2024
Updated

CVSS
Pending
EPSS
8.42%

KEV

Description

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture
~Cisa~ A remote DoS vulnerability (CVE-2022-0778) in numerous Siemens industrial products can be triggered by a crafted certificate, causing an infinite loop. - IOCs: CVE-2022-0778 - #CVE20220778 #ICS #Siemens #ThreatIntel
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • OpenSSL
  • OpenSSL

24 Aug 2021
Published
16 Sep 2024
Updated

CVSS
Pending
EPSS
1.14%

KEV

Description

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture
~Cisa~ An OpenSSL out-of-bounds read vulnerability (CVSS 7.4) in numerous Siemens industrial products could allow remote code execution or DoS. - IOCs: CVE-2021-3712 - #CVE20213712 #ICS #Siemens #ThreatIntel
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Apple
  • iOS and iPadOS

15 Sep 2025
Published
16 Sep 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26 and iPadOS 26. Keyboard suggestions may display sensitive information on the lock screen.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture
The Hidden Arsenal: 25+ Commands That Unlocked a Critical Apple iOS CVE Introduction: The recent discovery of CVE-2025-24133, a vulnerability within Apple's iOS, underscores the critical importance of persistent security testing and a deep understanding of system internals. This achievement by a…
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Delta Electronics
  • DIALink

11 Sep 2025
Published
11 Sep 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.35%

KEV

Description

Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture
~Cisa~ Critical path traversal vulnerabilities (CVSS 10.0) in Delta Electronics DIALink v1.6.0.0 and prior allow for authentication bypass. - IOCs: CVE-2025-58321 - #CVE-2025-58321 #ICS #ThreatIntel
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Apple
  • macOS

15 Sep 2025
Published
16 Sep 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture

🚨 CVE-2025-43308 (HIGH): macOS flaw may let apps access sensitive user data due to weak entitlement checks. Patch ASAP—update to Sequoia 15.7, Sonoma 14.8, or Tahoe 26. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Linux
  • Linux

10 Feb 2025
Published
04 May 2025
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <g1042620637@gmail.com> found that ets_class_from_arg() can index an Out-Of-Bound class in ets_class_from_arg() when passed clid of 0. The overflow may cause local privilege escalation. [ 18.852298] ------------[ cut here ]------------ [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20 [ 18.853743] index 18446744073709551615 is out of range for type 'ets_class [16]' [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17 [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 18.856532] Call Trace: [ 18.857441] <TASK> [ 18.858227] dump_stack_lvl+0xc2/0xf0 [ 18.859607] dump_stack+0x10/0x20 [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0 [ 18.864022] ets_class_change+0x3d6/0x3f0 [ 18.864322] tc_ctl_tclass+0x251/0x910 [ 18.864587] ? lock_acquire+0x5e/0x140 [ 18.865113] ? __mutex_lock+0x9c/0xe70 [ 18.866009] ? __mutex_lock+0xa34/0xe70 [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0 [ 18.866806] ? __lock_acquire+0x578/0xc10 [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 18.867503] netlink_rcv_skb+0x59/0x110 [ 18.867776] rtnetlink_rcv+0x15/0x30 [ 18.868159] netlink_unicast+0x1c3/0x2b0 [ 18.868440] netlink_sendmsg+0x239/0x4b0 [ 18.868721] ____sys_sendmsg+0x3e2/0x410 [ 18.869012] ___sys_sendmsg+0x88/0xe0 [ 18.869276] ? rseq_ip_fixup+0x198/0x260 [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190 [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0 [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220 [ 18.870547] ? do_syscall_64+0x93/0x150 [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290 [ 18.871157] __sys_sendmsg+0x69/0xd0 [ 18.871416] __x64_sys_sendmsg+0x1d/0x30 [ 18.871699] x64_sys_call+0x9e2/0x2670 [ 18.871979] do_syscall_64+0x87/0x150 [ 18.873280] ? do_syscall_64+0x93/0x150 [ 18.874742] ? lock_release+0x7b/0x160 [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0 [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210 [ 18.879608] ? irqentry_exit+0x77/0xb0 [ 18.879808] ? clear_bhb_loop+0x15/0x70 [ 18.880023] ? clear_bhb_loop+0x15/0x70 [ 18.880223] ? clear_bhb_loop+0x15/0x70 [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 18.880683] RIP: 0033:0x44a957 [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10 [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957 [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003 [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0 [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001 [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001 [ 18.888395] </TASK> [ 18.888610] ---[ end trace ]---

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture

🚨 Proof of concept exploit source code for CVE-2025-21692 Linux Kernel up to 6.13.0

GitHub: github.com/volticks/CVE-2025-2

Write-up: volticks.github.io/CVE-2025-21

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Apple
  • macOS

15 Sep 2025
Published
16 Sep 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture

🔒 HIGH severity: CVE-2025-43328 in Apple macOS allows unauthorized app access to sensitive user data. Fixed in macOS Tahoe 26. Patch now, audit permissions, and monitor endpoints. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago
Showing 11 to 20 of 44 CVEs