24h | 7d | 30d

Overview

  • FluentBit
  • FluentBit

24 Nov 2025
Published
24 Nov 2025
Updated

CVSS
Pending
EPSS
0.10%

KEV

Description

Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture
📢 Chaîne de 5 vulnérabilités critiques dans Fluent Bit expose les environnements cloud à une prise de contrôle 📝 Selon O… https://cyberveille.ch/posts/2025-11-25-chaine-de-5-vulnerabilites-critiques-dans-fluent-bit-expose-les-environnements-cloud-a-une-prise-de-controle/ #CVE_2025_12972 #Cyberveille
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • wazuh
  • wazuh

10 Feb 2025
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
93.80%

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix.

Statistics

  • 2 Posts

Last activity: 19 hours ago

Fediverse

Profile picture

🚨 New plugin: WazuhPlugin (CVE-2025-24016).

Wazuh default credentials and RCE vulnerability detection - RCE possible on multi-node configurations, versions 4.4.0 to 4.9.1 affected.

Results: leakix.net/search?q=%2Bplugin%

  • 0
  • 0
  • 1
  • 19h ago

Overview

  • Microsoft
  • Windows 10 Version 1809

11 Mar 2025
Published
21 Oct 2025
Updated

CVSS v3.1
HIGH (7.0)
EPSS
9.34%

Description

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 1 Post

Last activity: 10 hours ago

Fediverse

Profile picture

📰 Water Gamayun APT Exploits Novel 'MSC EvilTwin' Windows Flaw in Stealthy Attacks

⚠️ Russia-aligned APT Water Gamayun exploits novel 'MSC EvilTwin' Windows flaw (CVE-2025-26633). The attack uses malicious .msc files to proxy PowerShell execution via mmc.exe, bypassing defenses. #APT #Vulnerability #CyberAttack #WaterGamayun

🔗 cyber.netsecops.io/articles/wa

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • ray-project
  • ray

26 Nov 2025
Published
26 Nov 2025
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
Pending

KEV

Description

Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the User-Agent header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the User-Agent header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement (malvertising). This issue has been patched in version 2.52.0.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture

🚨 CVE-2025-62593 (CRITICAL): Ray AI <2.52.0 is vulnerable to RCE via DNS rebinding attacks (Firefox/Safari). Exploit enables unauthenticated code execution. Patch to 2.52.0+ ASAP! Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • r-lib
  • gh

03 Aug 2025
Published
25 Nov 2025
Updated

CVSS v3.1
LOW (3.2)
EPSS
0.02%

KEV

Description

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture
Security update for #Debian and R users. The vulnerability CVE-2025-54956 concerned the 'gh' package, which could inadvertently expose authorization headers. Read more: 👉 tinyurl.com/bt9w2xj5 #Security
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • NVIDIA
  • NeMo Agent ToolKit

25 Nov 2025
Published
26 Nov 2025
Updated

CVSS v3.1
HIGH (7.6)
EPSS
0.03%

KEV

Description

NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service.

Statistics

  • 1 Post

Last activity: 10 hours ago

Fediverse

Profile picture

📰 NVIDIA AI Toolkit and WordPress Plugins Hit with High-Severity Flaws

Vulnerability alert: NVIDIA's NeMo AI toolkit is exposed to a high-severity SSRF flaw (CVE-2025-33203). Meanwhile, WordPress plugins 'Just Highlight' & 'Locker Content' are hit with XSS & info disclosure bugs. PATCH NOW! #Vulnerability #NVIDIA #Wor...

🔗 cyber.netsecops.io/articles/nv

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Microsoft
  • Azure App Gateway

26 Nov 2025
Published
26 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.09%

KEV

Description

Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture
🚨 CVE-2025-64657 — Azure Application Gateway A stack buffer overflow allows remote attackers to escalate privileges across the network. Cloud admins should patch immediately. 🔗 basefortify.eu/cve_reports/... #CVE #Azure #CloudSecurity #PrivilegeEscalation
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Microsoft
  • Windows Server 2019

14 Oct 2025
Published
22 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
64.04%

Description

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture
📢 CVE-2025-59287 : une faille WSUS exploitée pour déployer le malware ShadowPad 📝 Selon l’AhnLab Security Intelligence Center (ASEC), dans un rapport pub… https://cyberveille.ch/posts/2025-11-25-cve-2025-59287-une-faille-wsus-exploitee-pour-deployer-le-malware-shadowpad/ #CVE_2025_59287 #Cyberveille
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Canonical Ltd.
  • Ubuntu EDK II
  • edk2

14 Feb 2024
Published
08 May 2025
Updated

CVSS v3.1
MEDIUM (6.7)
EPSS
0.01%

KEV

Description

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 9 hours ago

Fediverse

Profile picture

Not the most confidence-inspiring CVE description.

cve.org/CVERecord?id=CVE-2025-

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be sufficient to enforce Secure Boot restrictions. This is an additional repair on top of the incomplete fix for CVE-2023-48733.

  • 2
  • 1
  • 0
  • 9h ago

Overview

  • Ubuntu
  • edk2

26 Nov 2025
Published
26 Nov 2025
Updated

CVSS v4.0
LOW (3.7)
EPSS
Pending

KEV

Description

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be sufficient to enforce Secure Boot restrictions. This is an additional repair on top of the incomplete fix for CVE-2023-48733.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 9 hours ago

Fediverse

Profile picture

Not the most confidence-inspiring CVE description.

cve.org/CVERecord?id=CVE-2025-

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be sufficient to enforce Secure Boot restrictions. This is an additional repair on top of the incomplete fix for CVE-2023-48733.

  • 2
  • 1
  • 0
  • 9h ago
Showing 21 to 30 of 39 CVEs