24h | 7d | 30d

CVE-2025-14440

Overview

  • jayarsiech
  • JAY Login & Register
13 Dec 2025
Published
13 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in the 'jay_login_register_process_switch_back' function with the 'jay_login_register_process_switch_back' cookie value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2025-14440 in JAY Login & Register plugin (≤2.4.01) enables auth bypass—attackers can hijack any WordPress account, incl. admin. Disable plugin & monitor now. No patch yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-11693

Overview

  • recorp
  • Export WP Pages to HTML & PDF – Simply Create a Static Website
13 Dec 2025
Published
13 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.4 through publicly exposed cookies.txt files containing authentication cookies. This makes it possible for unauthenticated attackers to cookies that may have been injected into the log file if the site administrator triggered a back-up using a specific user role like 'administrator.'

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-11693 (CRITICAL, CVSS 9.8): recorp Export WP Pages to HTML & PDF plugin exposes admin cookies via cookies.txt — risk of WordPress site takeover. Disable plugin & secure backups. No patch yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-12735

Overview

  • silentmatt
  • expr-eval
05 Nov 2025
Published
22 Nov 2025
Updated
CVSS
Pending
EPSS
0.06%
KEV

Description

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
robrich @robrich

docker.com/blog/security-that- - #Docker hardened #images fix #vulnerabilities FAST! I love they're contributing to upstream too.

  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-40277

Overview

  • Linux
  • Linux
06 Dec 2025
Published
06 Dec 2025
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE This data originates from userspace and is used in buffer offset calculations which could potentially overflow causing an out-of-bounds access.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2025-40277 drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE scq.ms/4q0N0tu #MicrosoftSecurity #cybersecurity
  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-66429

Overview

  • Pending
11 Dec 2025
Published
12 Dec 2025
Updated
CVSS
Pending
EPSS
0.07%
KEV

Description

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture
r/blueteamsec bot @r-blueteamsec.bsky.social
CVE-2025-66429 - cPanel Directory Traversal Privilege Escalation
  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-46288

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
Dan (he/him) :twit: @brass75

If you needed a reason to update your Mac to 26.2 sooner rather than later:

App Store
Available for: macOS Tahoe

Impact: An app may be able to access sensitive payment tokens

Description: A permissions issue was addressed with additional restrictions.

CVE-2025-46288: floeki, Zhongcheng Li from IES Red Team of ByteDance

Source: support.apple.com/en-us/125886

(In case you're wondering, yes this CVE does impact iPad and and iPhone as well.)

  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-66039

Overview

  • FreePBX
  • security-reporting
09 Dec 2025
Published
10 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%
KEV

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.

Statistics

  • 2 Posts
Last activity: 23 hours ago

Bluesky

Profile picture
/r/netsec @r-netsec-bot.bsky.social
The FreePBX Rabbit Hole: CVE-2025-66039 & More
  • 0
  • 0
  • 1
  • 23h ago

CVE-2025-21042

Overview

  • Samsung Mobile
  • Samsung Mobile Devices
12 Sep 2025
Published
11 Nov 2025
Updated
CVSS v3.1
HIGH (8.8)
EPSS
3.98%
KEV

Description

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture
Cyber Kendra @cyberkendra.com
🚨 BREAKING: Samsung Galaxy users were silently infected with LANDFALL spyware through WhatsApp images. The zero-click exploit (CVE-2025-21042) was active July 2024-Feb 2025. 🔗 [Read Details- www.cyberkendra.com/2025/12/sams... #CyberSecurity #Samsung #WhatsApp #ZeroDay
  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-65854

Overview

  • Pending
12 Dec 2025
Published
12 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CRITICAL: CVE-2025-65854 in MineAdmin v3.x—Insecure scheduled tasks allow arbitrary command execution & possible full account takeover. Audit permissions, restrict access, and monitor logs ASAP. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-13089

Overview

  • listingthemes
  • WP Directory Kit
13 Dec 2025
Published
13 Dec 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hide_fields' and the 'attr_search' parameter in all versions up to, and including, 1.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-13089: HIGH-severity SQL Injection in WP Directory Kit (all versions). Unauthenticated attackers can leak sensitive DB info via 'hide_fields' & 'attr_search'. Mitigate: disable plugin or use WAF. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago
Showing 21 to 30 of 37 CVEs