24h | 7d | 30d

CVE-2025-11411

Overview

  • NLnet Labs
  • Unbound
22 Oct 2025
Published
27 Nov 2025
Updated
CVSS v4.0
MEDIUM (5.7)
EPSS
0.07%
KEV

Description

NLnet Labs Unbound up to and including version 1.24.2 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. A malicious actor can exploit the possible poisonous effect by injecting NS RRSets (and possibly their respective address records) in a reply. This could be done for example by trying to spoof a packet or fragmentation attacks. Unbound would then proceed to update the NS RRSet data it already has since the new data has enough trust for it, i.e., in-zone data for the delegation point. Unbound 1.24.1 includes a fix that scrubs unsolicited NS RRSets (and their respective address records) from replies mitigating the possible poison effect. Unbound 1.24.2 includes an additional fix that scrubs unsolicited NS RRSets (and their respective address records) from YXDOMAIN and non-referral nodata replies, further mitigating the possible poison effect.

Statistics

  • 1 Post
Last activity: 8 hours ago

Bluesky

Profile picture
ohhara @shiojiri.com
This security release provides an additional fix for CVE-2025-11411.
  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-62593

Overview

  • ray-project
  • ray
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
0.02%
KEV

Description

Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the User-Agent header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the User-Agent header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement (malvertising). This issue has been patched in version 2.52.0.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-62593 (CRITICAL): Ray AI <2.52.0 is vulnerable to RCE via DNS rebinding attacks (Firefox/Safari). Exploit enables unauthenticated code execution. Patch to 2.52.0+ ASAP! Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-13538

Overview

  • Elated Themes
  • FindAll Listing
27 Nov 2025
Published
27 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.07%
KEV

Description

The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findall_listing_user_registration_additional_params' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can only be exploited if the FindAll Membership plugin is also activated, because user registration is in that plugin.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-13538 (CRITICAL, CVSS 9.8): Elated Themes FindAll Listing plugin for WordPress lets unauthenticated attackers escalate to admin via registration if FindAll Membership is active. Disable user registration & monitor accounts! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-59287

Overview

  • Microsoft
  • Windows Server 2019
14 Oct 2025
Published
22 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
64.04%
KEV

Description

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 CVE-2025-59287 : une faille WSUS exploitée pour déployer le malware ShadowPad 📝 Selon l’AhnLab Security Intelligence Center (ASEC), dans un rapport pub… https://cyberveille.ch/posts/2025-11-25-cve-2025-59287-une-faille-wsus-exploitee-pour-deployer-le-malware-shadowpad/ #CVE_2025_59287 #Cyberveille
  • 0
  • 0
  • 0
  • 21h ago

CVE-2025-9501

Overview

  • Unknown
  • W3 Total Cache
17 Nov 2025
Published
17 Nov 2025
Updated
CVSS
Pending
EPSS
1.16%
KEV

Description

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post.

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture
OpsMatters @opsmatters.com
The latest update for #IONIX includes "CVE-2025-61757: Critical Pre-Auth RCE in Oracle Identity Manager" and "CVE-2025-9501: Identifying High-Risk #WordPress Instances Using W3 Total Cache". #cybersecurity #AttackSurfaceManagement https://opsmtrs.com/3TB5mSA
  • 0
  • 0
  • 0
  • 14h ago

CVE-2024-53375

Overview

  • Pending
02 Dec 2024
Published
17 Dec 2024
Updated
CVSS
Pending
EPSS
21.63%
KEV

Description

An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the activation of the HomeShield functionality.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 5h ago

CVE-2023-52163

Overview

  • Pending
03 Feb 2025
Published
05 Feb 2025
Updated
CVSS
Pending
EPSS
0.15%
KEV

Description

Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 5h ago

CVE-2020-25506

Overview

  • Pending
02 Feb 2021
Published
21 Oct 2025
Updated
CVSS
Pending
EPSS
93.55%
KEV

Description

D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 5h ago

CVE-2024-10915

Overview

  • D-Link
  • DNS-320
06 Nov 2024
Published
06 Nov 2024
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
92.70%
KEV

Description

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 5h ago

CVE-2024-3721

Overview

  • TBK
  • DVR-4104
13 Apr 2024
Published
01 Aug 2024
Updated
CVSS v3.1
MEDIUM (6.3)
EPSS
83.57%
KEV

Description

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 5h ago
Showing 21 to 30 of 33 CVEs