24h | 7d | 30d

CVE-2025-63094

Overview

  • Pending
10 Dec 2025
Published
10 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and indirect branch prediction, allowing attackers to access sensitive information via side-channel analysis of the data cache.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 4 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Spectre on XiangShan for you low-level nerds. The post is six months old but the CVE was just published.

CVE-2025-63094

github.com/necst/aca25-xiangsh

  • 1
  • 1
  • 0
  • 4h ago

CVE-2022-30190

Overview

  • Microsoft
  • Windows 10 Version 1809
01 Jun 2022
Published
21 Oct 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
93.46%
KEV

Description

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 16 hours ago

Fediverse

Profile picture
Taggart @mttaggart

@fuzzyfuzzyfungus @badsamurai I will take this one: yes. The CVE-2022-30190 "Follina" vulnerability was exploitable by the terminal launching ms-msdt URLs due to this very "feature."

  • 0
  • 2
  • 0
  • 16h ago

CVE-2025-66373

Overview

  • Pending
04 Dec 2025
Published
08 Dec 2025
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk data, under certain circumstances, Akamai Ghost erroneously forwards the invalid request and subsequent superfluous bytes to the origin server. An attacker could hide a smuggled request in these superfluous bytes. Whether this is exploitable depends on the origin server's behavior and how it processes the invalid request it receives from Akamai Ghost.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture
sublimer@あすてろいどん鯖管 @sublimer

Akamaiのこの脆弱性、LINEが影響受けてたらしい

CVE-2025-66373: HTTP Request Smuggling Due to Invalid Chunked Body Size | Akamai : 👀
---
akamai.com/blog/security/cve-2

  • 0
  • 2
  • 0
  • 11h ago

CVE-2025-67501

Overview

  • LabRedesCefetRJ
  • WeGIA
09 Dec 2025
Published
10 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
0.04%
KEV

Description

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain an SQL Injection vulnerability in the /html/matPat/editar_categoria.php endpoint. The application fails to properly validate and sanitize user inputs in the id_categoria parameter, which allows attackers to inject malicious SQL payloads for direct execution. This issue is fixed in version 3.5.5.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2025-67501 in WeGIA (<3.5.5) enables SQL Injection via id_categoria in editar_categoria.php. Attackers can compromise database. Upgrade to 3.5.5+ ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-66293

Overview

  • pnggroup
  • libpng
03 Dec 2025
Published
04 Dec 2025
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.05%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite scq.ms/48qtwII #cybersecurity #SecQube
  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-66478

Overview

  • Pending
Pending
Published
03 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This CVE is a duplicate of CVE-2025-55182.

Statistics

  • 1 Post
Last activity: 18 hours ago

Bluesky

Profile picture
technews4869 @technews4869.bsky.social
nextjs.org/blog/CVE-2025-66478 Security Advisory: CVE-2025-66478
  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-13613

Overview

  • Elated Themes
  • Elated Membership
10 Dec 2025
Published
10 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.25%
KEV

Description

The Elated Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'eltdf_membership_check_facebook_user' and the 'eltdf_membership_login_user_from_social_network' function. This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site which can easily be created by default through the temp user functionality, and access to the administrative user's email.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-13613: Elated Membership plugin (WordPress, ≤1.2) has a CRITICAL auth bypass flaw (CVSS 9.8). Attackers can take admin control via social login. Disable plugin or apply mitigations until patched. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

CVE-2024-9042

Overview

  • Kubernetes
  • Kubelet
13 Mar 2025
Published
13 Mar 2025
Updated
CVSS v3.1
MEDIUM (5.9)
EPSS
0.06%
KEV

Description

This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture
SANS.edu Internet Storm Center @sansisc.bsky.social
Possible exploit variant for CVE-2024-9042 (Kubernetes OS Command Injection) https://isc.sans.edu/diary/32554
  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-39789

Overview

  • Linux
  • Linux
11 Sep 2025
Published
29 Sep 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2025-39789 crypto: x86/aegis - Add missing error checks scq.ms/4pO6RMg #SecQube #MicrosoftSecurity
  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-9056

Overview

  • TECNO
  • com.transsion.audiosmartconnect
10 Dec 2025
Published
10 Dec 2025
Updated
CVSS v4.0
CRITICAL (10.0)
EPSS
0.02%
KEV

Description

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-9056 (CRITICAL): TECNO AudioLink v1.3.0.87 allows local attackers to overwrite system files due to incorrect authorization. No patch yet—restrict access, monitor services, use MDM. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago
Showing 11 to 20 of 46 CVEs