24h | 7d | 30d

CVE-2025-58034

Overview

  • Fortinet
  • FortiWeb
18 Nov 2025
Published
21 Nov 2025
Updated
CVSS v3.1
MEDIUM (6.7)
EPSS
2.69%
KEV

Description

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture
r/blueteamsec bot @r-blueteamsec.bsky.social
Fortinet published an advisory for CVE-2025-58034. it is an authenticated command injection vulnerability affecting FortiWeb. Fortinet and CISA have indicated that it has been exploited in-the-wild
  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-65947

Overview

  • jzeuzs
  • thread-amount
21 Nov 2025
Published
21 Nov 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the thread_amount function calls CreateToolhelp32Snapshot but fails to close the returned HANDLE using CloseHandle. Repeated calls to this function will cause the handle count of the process to grow indefinitely, eventually leading to system instability or process termination when the handle limit is reached. In Apple platforms, the thread_amount function calls task_threads (via Mach kernel APIs) which allocates memory for the thread list. The function fails to deallocate this memory using vm_deallocate. Repeated calls will result in a steady memory leak, eventually causing the process to be killed by the OOM (Out of Memory) killer. This issue has been patched in version 0.2.2.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CVE-2025-65947: HIGH severity in jzeuzs thread-amount <0.2.2. Resource leaks on Windows (handle) & Apple (memory) can crash apps or systems. Patch to v0.2.2+ ASAP! More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-13384

Overview

  • codepeople
  • CP Contact Form with PayPal
22 Nov 2025
Published
22 Nov 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.09%
KEV

Description

The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint (via the 'cp_contactformpp_ipncheck' query parameter) that processes payment confirmations without any authentication, nonce verification, or PayPal IPN signature validation. This makes it possible for unauthenticated attackers to mark form submissions as paid without making actual payments by sending forged payment notification requests with arbitrary POST data (payment_status, txn_id, payer_email).

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🔴 CVE-2025-13384 (HIGH): CP Contact Form with PayPal for WordPress exposes an unauthenticated endpoint, letting attackers forge payment confirmations. All versions up to 1.3.56 affected. Disable or block endpoint now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

CVE-2024-30045

Overview

  • Microsoft
  • .NET 8.0
14 May 2024
Published
03 May 2025
Updated
CVSS v3.1
MEDIUM (6.3)
EPSS
0.29%
KEV

Description

.NET and Visual Studio Remote Code Execution Vulnerability

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 CRITICAL: Fedora 39 #dotnet7.0 update patches RCE vulnerability (CVE-2024-30045). System.Drawing.Common flaw allows remote code execution via a malicious image. Read more: 👉 tinyurl.com/4pc39pp9
  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-11127

Overview

  • Unknown
  • Mstoreapp Mobile App
21 Nov 2025
Published
21 Nov 2025
Updated
CVSS
Pending
EPSS
0.07%
KEV

Description

The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to retrieve a valid session for arbitrary users by knowing their email address.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CRITICAL: CVE-2025-11127 in Mstoreapp Mobile App & Multivendor WP plugins (≤2.08/9.0.1). Auth bypass via AJAX lets attackers hijack sessions with just an email. Patch unavailable—restrict access & monitor logs. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-64459

Overview

  • djangoproject
  • Django
  • django
05 Nov 2025
Published
08 Nov 2025
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture
ekiledjian @edwardk

This GitHub post presents a testbed for Django CVE-2025-64459, a parameter injection vulnerability in QuerySet.filter() affecting Django versions prior to 5.1.14. The testbed, runnable via Docker, demonstrates how attackers can exploit this by injecting parameters like _connector to manipulate query logic, potentially bypassing filters and accessing unauthorized data.
github.com/omarkurt/django-con

  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-59375

Overview

  • libexpat project
  • libexpat
15 Sep 2025
Published
04 Nov 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.13%
KEV

Description

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Statistics

  • 2 Posts
Last activity: 23 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
#Oracle Linux Security Advisory ELSA-2025-21776 addresses CVE-2025-59375, an important severity vulnerability in libexpat. Read more: 👉 tinyurl.com/47phexrs #Security
  • 0
  • 0
  • 1
  • 23h ago

CVE-2024-1086

Overview

  • Linux
  • Kernel
  • kernel
31 Jan 2024
Published
21 Oct 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
87.03%
KEV

Description

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 Deep Dive: #Ubuntu USN-7879-1 | Linux Kernel Netfilter Vulnerabilities Just published a technical analysis of the critical CVE-2024-1086 (use-after-free) and CVE-2024-26909 patches. Read more: 👉 tinyurl.com/yvce6vvt #Security
  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-4581

Overview

  • Liferay
  • Portal
09 Aug 2025
Published
11 Aug 2025
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
0.09%
KEV

Description

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems, potentially leading to internal network enumeration or further exploitation.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
Cybersecurity & cyberwarfare @cybersecurity

Oracle sotto attacco: scoperta una vulnerabilità RCE pre-auth che compromette interi sistemi

Una vulnerabilità, contrassegnata come CVE-2025-61757, è stata resa pubblica Searchlight Cyber giovedì scorso. I ricercatori dell’azienda hanno individuato il problema e hanno informato Oracle, che ha portato alla sua divulgazione.

Oracle ha corretto CVE-2025-61757 con le patch di ottobre 2025 e ha confermato che si tratta di un problema critico che può essere facilmente sfruttato senza autenticazione.

L’azienda di sicurezza l’ha descritta come una vulnerabilità critica di esecuzione di codice remoto pre-autenticazione in Oracle Identity Manager. L’exploit, che concatena una vulnerabilità di bypass dell’autenticazione e l’esecuzione di codice arbitrario, può consentire a un aggressore di compromettere completamente il sistema.

Searchlight Cyber ha avvertito giovedì che la vulnerabilità può “consentire agli aggressori di manipolare i flussi di autenticazione, aumentare i privilegi e muoversi lateralmente nei sistemi principali di un’organizzazione”, sottolineando che può “portare alla violazione dei server che gestiscono le informazioni personali identificabili (PII) e le credenziali degli utenti”.

“Ci sono diversi IP che stanno scansionando attivamente il bug, ma tutti utilizzano lo stesso user agent, il che suggerisce che potremmo avere a che fare con un singolo aggressore”, ha spiegato Ullrich. “Purtroppo non abbiamo catturato i corpi per queste richieste, ma erano tutte richieste POST”, ha aggiunto.

Il SANS Technology Institute ha utilizzato le informazioni tecniche e il codice PoC resi pubblici da Searchlight giovedì per controllare i propri registri honeypot alla ricerca di segnali di potenziale sfruttamento .

Secondo Johannes Ullrich di SANS, possibili casi di sfruttamento sono stati osservati più volte tra il 30 agosto e il 9 settembre, settimane prima che Oracle rilasciasse una patch.

L’esperto ha affermato che gli stessi indirizzi IP erano stati precedentemente visti mentre scansionavano il web alla ricerca di una vulnerabilità del prodotto Liferay (CVE-2025-4581) e conducevano scansioni che sembrano essere associate a bug bounty.

L'articolo Oracle sotto attacco: scoperta una vulnerabilità RCE pre-auth che compromette interi sistemi proviene da Red Hot Cyber.

  • 0
  • 0
  • 0
  • 9h ago

CVE-2024-26909

Overview

  • Linux
  • Linux
17 Apr 2024
Published
04 May 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on pmic_glink_altmode probe deferral. This has manifested itself as the display subsystem occasionally failing to initialise and NULL-pointer dereferences during boot of machines like the Lenovo ThinkPad X13s. Specifically, the dp-hpd bridge is currently registered before all resources have been acquired which means that it can also be deregistered on probe deferrals. In the meantime there is a race window where the new aux bridge driver (or PHY driver previously) may have looked up the dp-hpd bridge and stored a (non-reference-counted) pointer to the bridge which is about to be deallocated. When the display controller is later initialised, this triggers a use-after-free when attaching the bridges: dp -> aux -> dp-hpd (freed) which may, for example, result in the freed bridge failing to attach: [drm:drm_bridge_attach [drm]] *ERROR* failed to attach bridge /soc@0/phy@88eb000 to encoder TMDS-31: -16 or a NULL-pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 ... Call trace: drm_bridge_attach+0x70/0x1a8 [drm] drm_aux_bridge_attach+0x24/0x38 [aux_bridge] drm_bridge_attach+0x80/0x1a8 [drm] dp_bridge_init+0xa8/0x15c [msm] msm_dp_modeset_init+0x28/0xc4 [msm] The DRM bridge implementation is clearly fragile and implicitly built on the assumption that bridges may never go away. In this case, the fix is to move the bridge registration in the pmic_glink_altmode driver to after all resources have been looked up. Incidentally, with the new dp-hpd bridge implementation, which registers child devices, this is also a requirement due to a long-standing issue in driver core that can otherwise lead to a probe deferral loop (see commit fbc35b45f9f6 ("Add documentation on meaning of -EPROBE_DEFER")). [DB: slightly fixed commit message by adding the word 'commit']

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 Deep Dive: #Ubuntu USN-7879-1 | Linux Kernel Netfilter Vulnerabilities Just published a technical analysis of the critical CVE-2024-1086 (use-after-free) and CVE-2024-26909 patches. Read more: 👉 tinyurl.com/yvce6vvt #Security
  • 0
  • 0
  • 0
  • 22h ago
Showing 11 to 20 of 24 CVEs