24h | 7d | 30d

Overview

  • Microsoft
  • Windows Server 2019

14 Oct 2025
Published
22 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
62.31%

Description

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture
Hidden in Plain Sight: How a Popular CVE-2025-59287 PoC Threatens Every Pentester’s Workstation Introduction: The discovery of a malicious Proof-of-Concept (PoC) for CVE-2025-59287 on GitHub underscores a dangerous evolution in cyber threats, where attackers now weaponize the very tools security…
  • 0
  • 0
  • 0
  • Last hour

Overview

  • ibexa
  • user

11 Dec 2025
Published
11 Dec 2025
Updated

CVSS v4.0
HIGH (8.5)
EPSS
Pending

KEV

Description

Ibexa is a composable end-to-end DXP (Digital Experience Platform). Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This makes it possible for a logged in user to change their password in the back office without knowing the previous password. For example, if a user logs into their account and walks away without locking their workstation, an attacker could access the unattended session and change the password, therefore locking the legitimate user out. This issue is fixed in version 5.0.4.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture

CVE-2025-67719 (HIGH): Ibexa (v5.0.0-beta1–5.0.3) lets logged-in users change passwords without verifying the old one. Upgrade to 5.0.4+ ASAP. Monitor for anomalous changes. 🔐 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Kubernetes
  • Kubelet

13 Mar 2025
Published
13 Mar 2025
Updated

CVSS v3.1
MEDIUM (5.9)
EPSS
0.06%

KEV

Description

This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.

Statistics

  • 2 Posts

Last activity: 4 hours ago

Bluesky

Profile picture
Possible exploit variant for CVE-2024-9042 (Kubernetes OS Command Injection) https://isc.sans.edu/diary/32554
  • 0
  • 0
  • 0
  • 17h ago
Profile picture
SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation https://isc.sans.edu/podcastdetail/9734
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Linux
  • Linux

11 Sep 2025
Published
29 Sep 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture
CVE-2025-39789 crypto: x86/aegis - Add missing error checks scq.ms/4pO6RMg #SecQube #MicrosoftSecurity
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Atlassian
  • Crowd

03 Jun 2019
Published
21 Oct 2025
Updated

CVSS
Pending
EPSS
94.41%

Description

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture
~Paloalto~ A new multi-platform (Windows/Linux) ransomware named 01flip, written in Rust, is targeting organizations in the Asia-Pacific region. - IOCs: proton. me, CVE-2019-11580 - #Ransomware #Rust #ThreatIntel
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • WBCE
  • WBCE_CMS

10 Dec 2025
Published
10 Dec 2025
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
Pending

KEV

Description

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively bypassing all security controls. The vulnerability exists in the admin/users/save.php script, which handles updates to user profiles. The script improperly processes the groups[] parameter sent from the user edit form. This issue is fixed in version 1.6.5.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture

🚨 CVE-2025-65950: CRITICAL SQL Injection in WBCE CMS (<1.6.5) lets low-priv users with modify rights inject arbitrary SQL. Full DB compromise possible. Patch to 1.6.5+ ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • PowerDNS
  • Recursor
  • pdns-recursor

09 Dec 2025
Published
09 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.02%

KEV

Description

An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture
🔓 Critical DNS vuln: CVE-2025-59030 in PowerDNS Recursor allows DoS via cache clearance. Patch #Debian to 5.2.7-0+deb13u1. Read more: 👉 tinyurl.com/4t5zwauc #Security
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture
Unpatched and Exposed: The Critical Synology DSM Update (732-86009) You Can’t Afford to Miss Introduction: Synology has rolled out DSM 7.3.2-86009, a critical update addressing a severe authentication bypass vulnerability (CVE-2025-13392) that could allow remote attackers to access your NAS…
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Pending

11 Feb 2025
Published
12 Feb 2025
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack.

Statistics

  • 2 Posts

Last activity: 18 hours ago

Fediverse

Profile picture

DeadLock ransomware now uses a new BYOVD loader exploiting Baidu driver CVE-2024-51324 to terminate EDR processes at the kernel level. Pre-encryption PowerShell scripting disables defenses and wipes shadow copies before deploying custom time-based encryption.
technadu.com/deadlock-ransomwa

  • 0
  • 0
  • 1
  • 18h ago

Overview

  • ApusTheme
  • WP CarDealer

11 Dec 2025
Published
11 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP_CarDealer_User::process_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture

🚨 CVE-2025-13764 (CRITICAL): ApusTheme WP CarDealer plugin for WordPress lets attackers register as admins—full site compromise! All versions up to 1.2.16 affected. Restrict registration & monitor admin users. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago
Showing 11 to 20 of 50 CVEs