24h | 7d | 30d

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture
CVE-2025-64656 Application Gateway Elevation of Privilege Vulnerability scq.ms/486Q6Vf #cybersecurity #SecQube
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • nmedia
  • Simple User Registration

21 Nov 2025
Published
21 Nov 2025
Updated

CVSS v3.1
HIGH (7.2)
EPSS
0.07%

KEV

Description

The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpr_admin_msg' parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture

⚠️ HIGH severity CVE-2025-12160: Stored XSS in nmedia Simple User Registration (≤6.6) for WordPress. Unauthenticated attackers can inject scripts via 'wpr_admin_msg'. Disable plugin & monitor for abuse. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture
URGENT: Critical GRUB2 Auth Bypass Patched (CVE-2024-1045) SUSE-2025-4152-1 patches a high-severity flaw in GRUB2. Read more: 👉 tinyurl.com/mww366y9 #Security #SUSE
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Grafana
  • Grafana

22 May 2025
Published
22 Jul 2025
Updated

CVSS v3.1
HIGH (7.6)
EPSS
8.84%

KEV

Description

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF. The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture
Unmasking CVE-2025-4123: The Grafana Open Redirect Vulnerability Phishers Don’t Want You to Find Introduction: Open redirect vulnerabilities, often underestimated, serve as a critical enabler for sophisticated phishing campaigns and security chain attacks. The recent discovery of CVE-2025-4123 in…
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Microsoft
  • Windows Server 2019

14 Oct 2025
Published
22 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
60.40%

Description

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture
WSUS 원격 코드 실행 취약점(CVE-2025-59287)을 악용한 ShadowPad 공격 사례 분석 - APT Malware Analysis of a ShadowPad attack exploiting the WSUS remote code execution vulnerability (CVE-2025-59287)
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • workos
  • authkit-nextjs

21 Nov 2025
Published
21 Nov 2025
Updated

CVSS v4.0
HIGH (8.0)
EPSS
0.10%

KEV

Description

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications deployed on Vercel are unaffected unless they manually enable CDN caching by setting cache headers on authenticated paths. Patched in authkit-nextjs 2.11.1, which applies anti-caching headers to all responses behind authentication.

Statistics

  • 1 Post

Last activity: 23 hours ago

Fediverse

Profile picture

🚨 CVE-2025-64762 (HIGH): workos authkit-nextjs <2.11.1 fails to set anti-caching headers, risking session token leaks via CDN caches. Upgrade to 2.11.1+ or review CDN cache configs now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 23h ago

Overview

  • libexpat project
  • libexpat

15 Sep 2025
Published
04 Nov 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.12%

KEV

Description

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Statistics

  • 2 Posts

Last activity: 10 hours ago

Bluesky

Profile picture
#Oracle Linux Security Advisory ELSA-2025-21776 addresses CVE-2025-59375, an important severity vulnerability in libexpat. Read more: 👉 tinyurl.com/47phexrs #Security
  • 0
  • 0
  • 1
  • 10h ago

Overview

  • Oracle Corporation
  • Oracle Concurrent Processing

05 Oct 2025
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
79.99%

Description

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 14 hours ago

Fediverse

Profile picture

Weiteres Zero-Day Sicherheitsloch bei Oracle angegriffen

Im Oktober hatte ich über CVE-2025-61882 berichtet, eine Zero-Day Sicherheitslücke bei Oracle. Die wurde vorher schon, und erst recht nach der Veröffentlichung, für viele Angriffe ausgenutzt. Diese wiederum haben zu Datenlecks geführt. Jetzt hat ein Sicherheitsunternehmen veröffentlicht, dass es schon vorher eine weitere Zero-Day Sicherheitslücke (CVE-2025-61757) gefunden und an Oracle gemeldet hatte. Oracle hat sie mit den Oktober-Updates geflickt, aber Honigtopf-Protokolle zeigen Angriffe darauf bereits seit dem 2025-08-30. Außerdem ist sie geradezu trivial einfach auszunutzen: Durch Anhängen von ";.wadl" wird

pc-fluesterer.info/wordpress/2

#Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #hintertür #wissen

  • 1
  • 0
  • 0
  • 14h ago

Overview

  • OpenPrinting
  • cups-filters

12 Nov 2025
Published
13 Nov 2025
Updated

CVSS v3.1
MEDIUM (4.0)
EPSS
0.02%

KEV

Description

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large `MediaBox` value, an attacker can cause CUPS-Filter 1.x’s `pdftoraster` tool to write beyond the bounds of an array. First, a PDF with a large `MediaBox` width value causes `header.cupsWidth` to become large. Next, the calculation of `bytesPerLine = (header.cupsBitsPerPixel * header.cupsWidth + 7) / 8` overflows, resulting in a small value. Then, `lineBuf` is allocated with the small `bytesPerLine` size. Finally, `convertLineChunked` calls `writePixel8`, which attempts to write to `lineBuf` outside of its buffer size (out of bounds write). In libcupsfilters, the maintainers found the same `bytesPerLine` multiplication without overflow check, but the provided test case does not cause an overflow there, because the values are different. Commit 50d94ca0f2fa6177613c97c59791bde568631865 contains a patch, which is incorporated into cups-filters version 1.28.18.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture
#Ubuntu Security Alert: libcupsfilters vulnerabilities CVE-2025-57812 and CVE-2025-64503. Read more: 👉 tinyurl.com/yz3cd38s #Security
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • VICIdial
  • VICIdial

10 Sep 2024
Published
04 Nov 2025
Updated

CVSS
Pending
EPSS
92.34%

KEV

Description

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

Statistics

  • 2 Posts

Last activity: 21 hours ago

Fediverse

Profile picture

🚨 New plugin: ViciboxVersionPlugin (CVE-2024-8503, CVE-2024-8504).

VICIdial outdated version detection - unauthenticated SQL injection and authenticated RCE, versions <= 2.14-917a affected.

Results: leakix.net/search?q=%2Bplugin%

  • 0
  • 0
  • 1
  • 21h ago
Showing 21 to 30 of 41 CVEs