24h | 7d | 30d

CVE-2025-61932

Overview

  • MOTEX Inc.
  • Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA))
20 Oct 2025
Published
20 Oct 2025
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
0.04%
KEV

Description

Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture
Spiegel's crawler @osanpo.bsky.social
> お知らせ:CyberNewsFlash「LANSCOPE エンドポイントマネージャー オンプレミス版における通信チャネルの送信元検証不備の脆弱性(CVE-2025-61932)について」 https://www.jpcert.or.jp/newsflash/2025102001.html
  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-20352

Overview

  • Cisco
  • IOS
24 Sep 2025
Published
30 Sep 2025
Updated
CVSS v3.1
HIGH (7.7)
EPSS
0.57%
KEV

Description

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials. An authenticated, remote attacker with high privileges could execute code as the root user on an affected device that is running Cisco IOS XE Software. To execute code as the root user, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials and administrative or privilege 15 credentials on the affected device. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks. This vulnerability is due to a stack overflow condition in the SNMP subsystem of the affected software. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system. Note: This vulnerability affects all versions of SNMP.

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture
キタきつね @kitafox.bsky.social
ハッカーはシスコのゼロデイ脆弱性を利用してネットワークスイッチにルートキットを仕掛けた(CVE-2025-20352) Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352) #HelpNetSecurity (Oct 17) www.helpnetsecurity.com/2025/10/17/h...
  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-62168

Overview

  • squid-cache
  • squid
17 Oct 2025
Published
18 Oct 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.21%
KEV

Description

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture
CrowdCyber @crowdcyber.bsky.social
Critical Squid Proxy Flaw (CVE-2025-62168, CVSS 10.0) Leaks HTTP Credentials and Security Tokens via Error Handling
  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-11002

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 7 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture
AlternativeTo @alternativeto

Windows users should update 7-Zip to version 25.00 or later to fix two significant “path traversal” vulnerabilities (CVE-2025-11001 and CVE-2025-11002) that can allow remote code execution, caused by the handling of symbolic links in ZIP files.
alternativeto.net/news/2025/10

  • 3
  • 4
  • 1
  • 1h ago

CVE-2025-27636

Overview

  • Apache Software Foundation
  • Apache Camel
  • org.apache.camel:camel
09 Mar 2025
Published
17 Mar 2025
Updated
CVSS
Pending
EPSS
33.09%
KEV

Description

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, to call another method on the bean, than was coded in the application. In the camel-jms component, then a malicious header can be used to send the message to another queue (on the same broker) than was coded in the application. This could also be seen by using the camel-exec component The attacker would need to inject custom headers, such as HTTP protocols. So if you have Camel applications that are directly connected to the internet via HTTP, then an attacker could include malicious HTTP headers in the HTTP requests that are send to the Camel application. All the known Camel HTTP component such as camel-servlet, camel-jetty, camel-undertow, camel-platform-http, and camel-netty-http would be vulnerable out of the box. In these conditions an attacker could be able to forge a Camel header name and make the bean component invoking other methods in the same bean. In terms of usage of the default header filter strategy the list of components using that is: * camel-activemq * camel-activemq6 * camel-amqp * camel-aws2-sqs * camel-azure-servicebus * camel-cxf-rest * camel-cxf-soap * camel-http * camel-jetty * camel-jms * camel-kafka * camel-knative * camel-mail * camel-nats * camel-netty-http * camel-platform-http * camel-rest * camel-sjms * camel-spring-rabbitmq * camel-stomp * camel-tahu * camel-undertow * camel-xmpp The vulnerability arises due to a bug in the default filtering mechanism that only blocks headers starting with "Camel", "camel", or "org.apache.camel.".  Mitigation: You can easily work around this in your Camel applications by removing the headers in your Camel routes. There are many ways of doing this, also globally or per route. This means you could use the removeHeaders EIP, to filter out anything like "cAmel, cAMEL" etc, or in general everything not starting with "Camel", "camel" or "org.apache.camel.".

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 16 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

🚨CVE-2025–27636 & CVE-2025-29891: Apache Camel PoC affecting versions: 4.10.0-4.10.1, 4.8.0-4.8.4, 3.10.0-3.22.3. Exploitation of these vulnerabilities can enable attackers to execute internal Camel methods.

GitHub: github.com/akamai/CVE-2025-276

Advisory: camel.apache.org/security/CVE-

Write-up: akamai.com/blog/security-resea

  • 0
  • 1
  • 0
  • 16h ago

CVE-2020-5902

Overview

  • BIG-IP
01 Jul 2020
Published
30 Jul 2025
Updated
CVSS
Pending
EPSS
94.43%
KEV

Description

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 1 hour ago

Fediverse

Profile picture
CrowdSec @CrowdSec

🚨 F5 Breach Ignites Global Scanning Frenzy: 300% Spike Detected by the CrowdSec Network

The CrowdSec Network has detected a dramatic surge in scanning activity targeting all F5 BIG-IP vulnerabilities following F5 Networks' disclosure of a nation-state security breach on October 15th, 2025. Attack volumes across the entire F5 CVE landscape peaked on October 16th at three times normal levels, highlighting how public security incidents immediately attract opportunistic threat actors seeking to exploit enterprise infrastructure.

🔍Key findings:

🔹Comprehensive F5 targeting: All F5 CVE scanning activity increased 300% within 24 hours of F5's breach disclosure on October 15th, peaking on October 16th across the entire vulnerability portfolio.
🔹Critical infrastructure targeting: CVE-2022-1388 (authentication bypass) shows 577 active exploiting IPs with "surging attack volumes" - making your load balancer an open door for attackers.
🔹Legacy threat persistence: CVE-2020-5902 (RCE) maintains 11,622 exploiting IPs despite being a 5-year-old vulnerability, proving enterprise infrastructure remains attractive regardless of patch status.

📊Trend analysis:

The timing is no coincidence. When a major infrastructure vendor discloses a nation-state breach, it creates a "feeding frenzy" effect among cybercriminals who assume other organizations using the same technology might have similar vulnerabilities. CrowdSec data shows this pattern repeatedly: public security incidents trigger immediate surges in scanning activity as attackers race to exploit the publicity window before organizations can respond.

The fact that CVE-2020-5902 still shows over 11,000 active exploiting IPs demonstrates why these disclosure-driven attacks work - attackers target the entire F5 ecosystem, knowing that organizations often struggle with comprehensive protection across their critical infrastructure.

🛡️How to protect your systems:

🔹Real-time threat intelligence: Deploy CrowdSec CTI intelligence to automatically identify and block the 577+ IP addresses actively exploiting CVE-2022-1388 and 11,622+ IPs targeting CVE-2020-5902. This creates an immediate protective shield around your F5 infrastructure regardless of patch status: app.crowdsec.net/cti
🔹Behavioral protection layer: Implement CrowdSec's Web Application Firewall to detect and block F5-specific attack patterns, authentication bypass attempts, and exploitation behaviors in real-time. Our WAF provides virtual patching capabilities with over 100 rules that protect against vulnerabilities affecting F5 and all other major product vendors: doc.crowdsec.net/docs/next/app

For more information, visit crowdsec.net

  • 0
  • 1
  • 0
  • 1h ago

CVE-2022-1388

Overview

  • F5
  • BIG-IP
05 May 2022
Published
30 Jul 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
94.46%
KEV

Description

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 1 hour ago

Fediverse

Profile picture
CrowdSec @CrowdSec

🚨 F5 Breach Ignites Global Scanning Frenzy: 300% Spike Detected by the CrowdSec Network

The CrowdSec Network has detected a dramatic surge in scanning activity targeting all F5 BIG-IP vulnerabilities following F5 Networks' disclosure of a nation-state security breach on October 15th, 2025. Attack volumes across the entire F5 CVE landscape peaked on October 16th at three times normal levels, highlighting how public security incidents immediately attract opportunistic threat actors seeking to exploit enterprise infrastructure.

🔍Key findings:

🔹Comprehensive F5 targeting: All F5 CVE scanning activity increased 300% within 24 hours of F5's breach disclosure on October 15th, peaking on October 16th across the entire vulnerability portfolio.
🔹Critical infrastructure targeting: CVE-2022-1388 (authentication bypass) shows 577 active exploiting IPs with "surging attack volumes" - making your load balancer an open door for attackers.
🔹Legacy threat persistence: CVE-2020-5902 (RCE) maintains 11,622 exploiting IPs despite being a 5-year-old vulnerability, proving enterprise infrastructure remains attractive regardless of patch status.

📊Trend analysis:

The timing is no coincidence. When a major infrastructure vendor discloses a nation-state breach, it creates a "feeding frenzy" effect among cybercriminals who assume other organizations using the same technology might have similar vulnerabilities. CrowdSec data shows this pattern repeatedly: public security incidents trigger immediate surges in scanning activity as attackers race to exploit the publicity window before organizations can respond.

The fact that CVE-2020-5902 still shows over 11,000 active exploiting IPs demonstrates why these disclosure-driven attacks work - attackers target the entire F5 ecosystem, knowing that organizations often struggle with comprehensive protection across their critical infrastructure.

🛡️How to protect your systems:

🔹Real-time threat intelligence: Deploy CrowdSec CTI intelligence to automatically identify and block the 577+ IP addresses actively exploiting CVE-2022-1388 and 11,622+ IPs targeting CVE-2020-5902. This creates an immediate protective shield around your F5 infrastructure regardless of patch status: app.crowdsec.net/cti
🔹Behavioral protection layer: Implement CrowdSec's Web Application Firewall to detect and block F5-specific attack patterns, authentication bypass attempts, and exploitation behaviors in real-time. Our WAF provides virtual patching capabilities with over 100 rules that protect against vulnerabilities affecting F5 and all other major product vendors: doc.crowdsec.net/docs/next/app

For more information, visit crowdsec.net

  • 0
  • 1
  • 0
  • 1h ago

CVE-2025-29891

Overview

  • Apache Software Foundation
  • Apache Camel
  • org.apache.camel:camel
12 Mar 2025
Published
19 Mar 2025
Updated
CVSS
Pending
EPSS
0.13%
KEV

Description

Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, or the camel-exec component. If you have Camel applications that are directly connected to the internet via HTTP, then an attacker could include parameters in the HTTP requests that are sent to the Camel application that get translated into headers.  The headers could be both provided as request parameters for an HTTP methods invocation or as part of the payload of the HTTP methods invocation. All the known Camel HTTP component such as camel-servlet, camel-jetty, camel-undertow, camel-platform-http, and camel-netty-http would be vulnerable out of the box. This CVE is related to the CVE-2025-27636: while they have the same root cause and are fixed with the same fix, CVE-2025-27636 was assumed to only be exploitable if an attacker could add malicious HTTP headers, while we have now determined that it is also exploitable via HTTP parameters. Like in CVE-2025-27636, exploitation is only possible if the Camel route uses particular vulnerable components.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 16 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

🚨CVE-2025–27636 & CVE-2025-29891: Apache Camel PoC affecting versions: 4.10.0-4.10.1, 4.8.0-4.8.4, 3.10.0-3.22.3. Exploitation of these vulnerabilities can enable attackers to execute internal Camel methods.

GitHub: github.com/akamai/CVE-2025-276

Advisory: camel.apache.org/security/CVE-

Write-up: akamai.com/blog/security-resea

  • 0
  • 1
  • 0
  • 16h ago

CVE-2021-41617

Overview

  • Pending
26 Sep 2021
Published
04 Aug 2024
Updated
CVSS
Pending
EPSS
0.37%
KEV

Description

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
GCP Weekly @gcpweekly.bsky.social
The following vulnerabilities are fixed in 1.16.5-gke.28: High-severity container vulnerabilities: CVE-2021-41617 CVE-2023-4911 CVE-2023-5869 CVE-2023-39417.
  • 0
  • 0
  • 0
  • 22h ago

CVE-2023-4911

Overview

  • glibc
  • glibc
03 Oct 2023
Published
21 Aug 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
78.36%
KEV

Description

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
GCP Weekly @gcpweekly.bsky.social
The following vulnerabilities are fixed in 1.16.5-gke.28: High-severity container vulnerabilities: CVE-2021-41617 CVE-2023-4911 CVE-2023-5869 CVE-2023-39417.
  • 0
  • 0
  • 0
  • 22h ago
Showing 21 to 30 of 38 CVEs