24h | 7d | 30d

CVE-2025-65287

Overview

  • Pending
09 Dec 2025
Published
09 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary files. The CGI concatenates the user-supplied params directly onto the base path (/var/www/files/userScript/) using memcpy + strcat without validation or canonicalization, enabling ../ sequences to escape the intended directory. The download branch also echoes the unsanitized params into Content-Disposition, introducing header-injection risk.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 16 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

SNMP and ../ in the same vuln, kind of.

damiri.fr/en/cve/CVE-2025-65287

  • 1
  • 3
  • 0
  • 16h ago

CVE-2025-62156

Overview

  • argoproj
  • argo-workflows
14 Oct 2025
Published
14 Oct 2025
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.11%
KEV

Description

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic (workflow/executor/executor.go) uses filepath.Join(dest, filepath.Clean(header.Name)) without validating that header.Name stays within the intended extraction directory. A malicious archive entry can supply a traversal or absolute path that, after cleaning, overrides the destination directory and causes files to be written outside the /work/tmp extraction path and into system directories such as /etc inside the container. The vulnerability enables arbitrary file creation or overwrite in system configuration locations (for example /etc/passwd, /etc/hosts, /etc/crontab), which can lead to privilege escalation or persistence within the affected container. Update to 3.6.12 or 3.7.3 to remediate the issue.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

ZipSlip RCE in argo-workflows.

github.com/argoproj/argo-workf

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's target and the subsequent check are flawed. An attacker can overwrite the file /var/run/argo/argoexec with a script of their choice, which would be executed at the pod's start. The patch deployed against CVE-2025-62156 is ineffective against malicious archives containing symbolic links. This issue is fixed in versions 3.6.14 and 3.7.5.

  • 1
  • 2
  • 0
  • 11h ago

CVE-2024-3721

Overview

  • TBK
  • DVR-4104
13 Apr 2024
Published
01 Aug 2024
Updated
CVSS v3.1
MEDIUM (6.3)
EPSS
85.42%
KEV

Description

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 15 hours ago

Fediverse

Profile picture
CyberNetsecIO @netsecio

📰 New 'Broadside' Botnet Exploits DVRs to Target Maritime Logistics

New 'Broadside' botnet, a Mirai variant, targets the maritime sector by exploiting a critical DVR flaw (CVE-2024-3721). 🚢 Beyond DDoS, it harvests credentials, posing a risk to vessel OT systems. #Botnet #Mirai #Maritime #IoT #CyberSecurity

🔗 cyber.netsecops.io/articles/br

  • 1
  • 0
  • 0
  • 15h ago

CVE-2025-13607

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

D-Link

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 3
  • 0
  • 13h ago

CVE-2025-65882

Overview

  • Pending
09 Dec 2025
Published
09 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function create_xor_ipad_opad allowing attackers to potentially write arbitrary files or execute arbitrary commands.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Oh I like this one.

An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function create_xor_ipad_opad allowing attackers to potentially write arbitrary files or execute arbitrary commands.

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 2
  • 0
  • 12h ago

CVE-2022-30190

Overview

  • Microsoft
  • Windows 10 Version 1809
01 Jun 2022
Published
21 Oct 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
93.46%
KEV

Description

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture
Taggart @mttaggart

@fuzzyfuzzyfungus @badsamurai I will take this one: yes. The CVE-2022-30190 "Follina" vulnerability was exploitable by the terminal launching ms-msdt URLs due to this very "feature."

  • 0
  • 2
  • 0
  • 2h ago

CVE-2021-21300

Overview

  • git
  • git
09 Mar 2021
Published
03 Aug 2024
Updated
CVSS v3.1
HIGH (8.0)
EPSS
62.18%
KEV

Description

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 21 hours ago

Fediverse

Profile picture
flacs @flacs

@scarlet maybe CVE-2021-21300 spooked people

  • 0
  • 1
  • 0
  • 21h ago

CVE-2025-13601

Overview

  • glib
26 Nov 2025
Published
27 Nov 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 19 hours ago

Bluesky

Profile picture
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2025-13601 impacts glib2 in 28 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/360 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 1
  • 0
  • 19h ago

CVE-2025-67501

Overview

  • LabRedesCefetRJ
  • WeGIA
09 Dec 2025
Published
09 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
Pending
KEV

Description

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain an SQL Injection vulnerability in the /html/matPat/editar_categoria.php endpoint. The application fails to properly validate and sanitize user inputs in the id_categoria parameter, which allows attackers to inject malicious SQL payloads for direct execution. This issue is fixed in version 3.5.5.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2025-67501 in WeGIA (<3.5.5) enables SQL Injection via id_categoria in editar_categoria.php. Attackers can compromise database. Upgrade to 3.5.5+ ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-59287

Overview

  • Microsoft
  • Windows Server 2019
14 Oct 2025
Published
22 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
62.31%
KEV

Description

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
Finn John @finnjohn3344.bsky.social
Microsoft Rushes Emergency Fix for WSUS Remote Code Execution Flaw (CVE-2025-59287)
  • 0
  • 0
  • 0
  • 22h ago
Showing 11 to 20 of 74 CVEs