24h | 7d | 30d

Overview

  • Red Hat
  • Red Hat OpenShift Virtualization 4
  • container-native-virtualization/hyperconverged-cluster-operator

23 Oct 2025
Published
06 Nov 2025
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 10 hours ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 33 Interactions

Last activity: 14 hours ago

Bluesky

Profile picture
🥳 Go 1.25.5 and 1.24.11 are released! 🔐 Security: Includes security fixes for crypto/x509 (CVE-2025-61729, CVE-2025-61727). 🗣 Announcement: https://groups.google.com/g/golang-announce/c/8FJoBkPddm4/m/kYpVlPw1CQAJ 📦 Download: https://go.dev/dl/#go1.25.5 #golang
  • 8
  • 25
  • 0
  • 14h ago

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509

02 Dec 2025
Published
02 Dec 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Statistics

  • 1 Post
  • 33 Interactions

Last activity: 14 hours ago

Bluesky

Profile picture
🥳 Go 1.25.5 and 1.24.11 are released! 🔐 Security: Includes security fixes for crypto/x509 (CVE-2025-61729, CVE-2025-61727). 🗣 Announcement: https://groups.google.com/g/golang-announce/c/8FJoBkPddm4/m/kYpVlPw1CQAJ 📦 Download: https://go.dev/dl/#go1.25.5 #golang
  • 8
  • 25
  • 0
  • 14h ago

Overview

  • hwk-fr
  • Advanced Custom Fields: Extended

03 Dec 2025
Published
03 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the function accepting user input and then passing that through call_user_func_array(). This makes it possible for unauthenticated attackers to execute arbitrary code on the server, which can be leveraged to inject backdoors or create new administrative user accounts.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture
Critical ACF Extended Flaw (CVE-2025-13486, CVSS 9.8) Allows Unauthenticated RCE on 100K WordPress Sites
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • DesignThemes
  • DesignThemes LMS

02 Dec 2025
Published
02 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture

🚨 CRITICAL: CVE-2025-13542 in DesignThemes LMS for WordPress allows unauth'd attackers to create admin accounts via front-end registration. Disable reg, audit accounts, & patch ASAP. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Microsoft
  • ASP.NET Core 8.0

14 Oct 2025
Published
22 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
0.06%

KEV

Description

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Statistics

  • 2 Posts

Last activity: 23 hours ago

Fediverse

Profile picture

🚨 New plugin: KestrelPlugin (CVE-2025-55315).

Kestrel HTTP request smuggling vulnerability detection.

Results: leakix.net/search?q=%2Bplugin%

  • 0
  • 0
  • 1
  • 23h ago

Overview

  • FERMAX ELECTRÓNICA S.A.U
  • MeetMe

02 Dec 2025
Published
02 Dec 2025
Updated

CVSS v4.0
HIGH (8.8)
EPSS
0.01%

KEV

Description

Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture

🔒 CVE-2025-10971 (HIGH, CVSS 8.8) affects FERMAX MeetMe (iOS/Android): insecure storage of sensitive data. Exploitation needs local access, but impact on confidentiality is major. Patch pending — enforce MDM & encryption now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Oracle Corporation
  • Java SE JDK and JRE

16 Jan 2024
Published
03 Nov 2025
Updated

CVSS v3.1
HIGH (7.4)
EPSS
0.24%

KEV

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture
Just published a critical security advisory. The OpenJDK 21 runtime in #Ubuntu has a severe vulnerability (CVE-2024-20918) that could lead to remote code execution. Read more: 👉 tinyurl.com/4srw3zs4 #Security
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • wpchill
  • Image Gallery – Photo Grid & Video Gallery

03 Dec 2025
Published
03 Dec 2025
Updated

CVSS v3.1
HIGH (7.2)
EPSS
Pending

KEV

Description

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture

🔍 CVE-2025-13645: HIGH severity path traversal in wpchill Image Gallery (v2.13.1) for WordPress. Author+ users can delete any file—potential RCE if wp-config.php is hit. Audit, restrict access, and consider disabling plugin. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour

Overview

  • expressjs
  • express

01 Dec 2025
Published
02 Dec 2025
Updated

CVSS v4.0
LOW (2.7)
EPSS
0.01%

KEV

Description

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture
見てる: "express improperly controls modification of query properties · CVE-2024-51999 · GitHub Advisory Database" https://github.com/advisories/GHSA-pj86-cfqh-vqx6
  • 0
  • 0
  • 0
  • 20h ago
Showing 11 to 20 of 33 CVEs