24h | 7d | 30d

CVE-2025-42887

Overview

  • SAP_SE
  • SAP Solution Manager
11 Nov 2025
Published
12 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.05%
KEV

Description

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability of the system.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
đź“Ś Critical SAP Vulnerability CVE-2025-42887 Poses Severe Risk of System Takeover https://www.cyberhub.blog/article/15616-critical-sap-vulnerability-cve-2025-42887-poses-severe-risk-of-system-takeover
  • 0
  • 0
  • 0
  • 2h ago

CVE-2022-42475

Overview

  • Fortinet
  • FortiProxy
02 Jan 2023
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
93.94%
KEV

Description

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture
UndercodeTesting @undercode.bsky.social
FortiWeb Under Siege: How a Critical Auth Bypass Lets Attackers Seize Control of Your Security Perimeter Introduction: A critical authentication bypass vulnerability in Fortinet FortiWeb web application firewalls (WAFs) is being actively exploited in the wild. This flaw, tracked as CVE-2022-42475,…
  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-48924

Overview

  • Apache Software Foundation
  • Apache Commons Lang
  • commons-lang:commons-lang
11 Jul 2025
Published
04 Nov 2025
Updated
CVSS
Pending
EPSS
0.07%
KEV

Description

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Just published a deep dive on the new #Mageia security advisory. MGASA-2025-0293 patches a serious flaw in Apache Commons Lang (CVE-2025-48924). Read more: 👉 tinyurl.com/5b3cvzdk #Security
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-6140

Overview

  • spdlog
16 Jun 2025
Published
17 Jun 2025
Updated
CVSS v4.0
MEDIUM (4.8)
EPSS
0.02%
KEV

Description

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.2 is able to address this issue. The identifier of the patch is 10320184df1eb4638e253a34b1eb44ce78954094. It is recommended to upgrade the affected component.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Just published: An analysis of CVE-2025-6140 for the #Mageia community. We break down the spdlog resource consumption vulnerability, its CVSS scores, and the exact package (spdlog-1.11.0-4.1.mga9) you need to update via MGASA-2025-0294. Read more: 👉 tinyurl.com/26z5vwm8 #Security
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-58083

Overview

  • General Industrial Controls
  • Lynx+ Gateway
14 Nov 2025
Published
14 Nov 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.08%
KEV

Description

General Industrial Controls Lynx+ Gateway  is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

CRITICAL: CVE-2025-58083 in General Industrial Controls Lynx+ Gateway (R08/V03/V05/V18) allows unauthenticated remote resets (CVSS 10). No in-the-wild exploits yet—prioritize segmentation & monitoring while awaiting patches. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-21042

Overview

  • Samsung Mobile
  • Samsung Mobile Devices
12 Sep 2025
Published
11 Nov 2025
Updated
CVSS v3.1
HIGH (8.8)
EPSS
21.61%
KEV

Description

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Samsung mobile security advisory AV25-757 addresses vulnerabilities in Samsung mobile devices prior to SMR-NOV-2025, with a security update released on November 4, 2025. The Canadian Centre for Cyber Security urges users to apply the update to maintain protection against emerging threats, especially as CVE-2025-21042 was added to CISA's Known Exploited Vulnerabilities Catalog.
cyber.gc.ca/en/alerts-advisori

  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-20362

Overview

  • Cisco
  • Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
25 Sep 2025
Published
05 Nov 2025
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
29.72%
KEV

Description

Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. Cisco strongly recommends that all customers upgrade to the fixed software releases that are listed in the Fixed Software ["#fs"] section of this advisory. A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication.

Statistics

  • 2 Posts
Last activity: 20 hours ago

Fediverse

Profile picture
Hackread.com @Hackread

🚨 The Cybersecurity and Infrastructure Security Agency (#CISA) has flagged active attacks exploiting two critical flaws in #Cisco ASA and Firepower devices (CVE-2025-20362 + CVE-2025-20333) used in the #ArcaneDoor campaign.

Read: hackread.com/cisa-attacks-cisc

#CyberSecurity #Vulnerability #Infosec #Firepower

  • 0
  • 0
  • 0
  • 23h ago
Profile picture
ekiledjian @edwardk

CISA has issued an urgent warning about active attacks exploiting CVE-2025-20362 and CVE-2025-20333 in Cisco ASA and Firepower devices, which are being used in the ArcaneDoor campaign. Organizations must immediately patch their devices to the correct minimum software versions to prevent unauthorized access and potential root-level control.
hackread.com/cisa-attacks-cisc

  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-54343

Overview

  • Pending
14 Nov 2025
Published
14 Nov 2025
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-54343: CRITICAL vuln in Desktop Alert PingAlert v6.1.0.11–6.1.1.2 — remote attackers can escalate privileges due to incorrect access control. Segment networks, limit access, & monitor closely until patched. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-59287

Overview

  • Microsoft
  • Windows Server 2019
14 Oct 2025
Published
11 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
56.16%
KEV

Description

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Statistics

  • 1 Post
Last activity: 8 hours ago

Bluesky

Profile picture
ohhara @shiojiri.com
Microsoft Issues Emergency Patch for Windows Server Update Services RCE Vulnerability CVE-2025-59287 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/microsoft-issues-emergency-patch-for-windows-server-update-services-rce-vulnerability-cve-2025-59287/
  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-12480

Overview

  • TrioFox
  • TrioFox
10 Nov 2025
Published
12 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
51.65%
KEV

Description

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

A Russian national has pleaded guilty to acting as an initial access broker for Yanluowang ransomware attacks, while an international effort called Operation Endgame dismantled over 1000 servers linked to infostealers and botnets. Additionally, a critical vulnerability in Gladinet Triofox (CVE-2025-12480) allowed for remote code execution, and The Washington Post is notifying nearly 10,000 individuals about a data breach involving Oracle software (CVE-2025-61884), suspected to be carried out by the Cl0p ransomware operation.
sentinelone.com/blog/the-good-

  • 0
  • 0
  • 0
  • 20h ago
Showing 11 to 20 of 27 CVEs