24h | 7d | 30d

Overview

  • Tenda
  • AC18

21 Dec 2025
Published
21 Dec 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.09%

KEV

Description

A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture

🚨 CVE-2025-14993 (HIGH): Stack-based buffer overflow in Tenda AC18 (v15.03.05.05) via /goform/SetDlnaCfg. Public exploit out—disable DLNA, segment networks, monitor for attacks. Patch ASAP when available! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Pending

31 Jan 2025
Published
21 Feb 2025
Updated

CVSS
Pending
EPSS
0.11%

KEV

Description

A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, or cache poisoning. NOTE: the Supplier's position is that the end user is supposed to edit the NGINX configuration template to set server_name (with this setting, Host header injection cannot occur).

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture

🚨 SOC Note: The AI Supply Chain is officially on fire. 🚨
Forget Log4j. In Dec 2025, we’re hunting CVE-2025-23001—a.k.a. "PickleScan."
Attackers are now embedding RCE payloads inside pre-trained AI models (.pkl/.h5). If your devs download a "helper" model from a public repo, you're compromised. 🧵👇

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Tenda
  • AC18

21 Dec 2025
Published
21 Dec 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.09%

KEV

Description

A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture

⚠️ CVE-2025-14992 (HIGH): Tenda AC18 (15.03.05.05) has a stack-based buffer overflow in /goform/GetParentControlInfo. Remote code execution possible; exploit code is public. Inventory & mitigate now. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Tenda
  • FH1201

21 Dec 2025
Published
21 Dec 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.09%

KEV

Description

A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture

🚨 HIGH severity: CVE-2025-14995 affects Tenda FH1201 v1.2.0.14(408) — stack buffer overflow via /goform/SetIpBind enables remote code execution. No patch yet. Restrict access & monitor traffic. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • wpxpo
  • Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

21 Dec 2025
Published
21 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.08%

KEV

Description

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/get_dynamic_content/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible for unauthenticated attackers to retrieve sensitive user metadata, including password hashes.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture

🔎 CVE-2025-12980 (HIGH): All PostX WordPress plugin versions up to 5.0.3 allow unauthenticated access to user metadata & password hashes via the '/ultp/v2/get_dynamic_content/' REST API endpoint. Patch or restrict ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture
URGENT: #Mageia 9 security advisory MGASA-2025-0330 patches high-severity PHP flaws (CVE-2025-14177/78/80). Read more: 👉 tinyurl.com/yukwzjf8 #Security
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture
FreeBSD Network Alert: Malicious IPv6 Packets Can Trigger Remote Code Execution via resolvconf (CVE-2025-14558)
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • elextensions
  • ELEX WordPress HelpDesk & Customer Ticketing System

21 Dec 2025
Published
21 Dec 2025
Updated

CVSS v3.1
HIGH (7.2)
EPSS
0.07%

KEV

Description

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture

🔒 HIGH severity XSS (CVE-2025-9343) in ELEX WordPress HelpDesk plugin—ALL versions affected. Unauthenticated attackers can inject scripts in ticket subjects, risking session hijack & data theft. Patch or mitigate now! Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago

Overview

  • nextcloud
  • security-advisories

05 Dec 2025
Published
05 Dec 2025
Updated

CVSS v3.1
MEDIUM (5.4)
EPSS
0.02%

KEV

Description

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture
CRITICAL: #Fedora 43 Nextcloud update 32.0.3 patches XSS flaw (CVE-2025-66512) in SVG images. Read more: 👉 tinyurl.com/4afdvzvt #Security
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture
oss-sec: [CVE-2025-14282] dropbear: privilege escalation via unix domain socket forwardings
  • 0
  • 0
  • 0
  • 12h ago
Showing 11 to 20 of 21 CVEs