24h | 7d | 30d

Overview

  • Kubernetes
  • Kubelet

13 Mar 2025
Published
13 Mar 2025
Updated

CVSS v3.1
MEDIUM (5.9)
EPSS
0.06%

KEV

Description

This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture
Possible exploit variant for CVE-2024-9042 (Kubernetes OS Command Injection) https://isc.sans.edu/diary/32554
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • TECNO
  • com.transsion.audiosmartconnect

10 Dec 2025
Published
10 Dec 2025
Updated

CVSS v4.0
CRITICAL (10.0)
EPSS
0.02%

KEV

Description

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation.

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture

🚨 CVE-2025-9056 (CRITICAL): TECNO AudioLink v1.3.0.87 allows local attackers to overwrite system files due to incorrect authorization. No patch yet—restrict access, monitor services, use MDM. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Atlassian
  • Crowd

03 Jun 2019
Published
21 Oct 2025
Updated

CVSS
Pending
EPSS
94.41%

Description

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture
~Paloalto~ A new multi-platform (Windows/Linux) ransomware named 01flip, written in Rust, is targeting organizations in the Asia-Pacific region. - IOCs: proton. me, CVE-2019-11580 - #Ransomware #Rust #ThreatIntel
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture
Unpatched and Exposed: The Critical Synology DSM Update (732-86009) You Can’t Afford to Miss Introduction: Synology has rolled out DSM 7.3.2-86009, a critical update addressing a severe authentication bypass vulnerability (CVE-2025-13392) that could allow remote attackers to access your NAS…
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Pending

11 Feb 2025
Published
12 Feb 2025
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack.

Statistics

  • 2 Posts

Last activity: 3 hours ago

Fediverse

Profile picture

DeadLock ransomware now uses a new BYOVD loader exploiting Baidu driver CVE-2024-51324 to terminate EDR processes at the kernel level. Pre-encryption PowerShell scripting disables defenses and wipes shadow copies before deploying custom time-based encryption.
technadu.com/deadlock-ransomwa

  • 0
  • 0
  • 1
  • 3h ago

Overview

  • PowerDNS
  • Recursor
  • pdns-recursor

09 Dec 2025
Published
09 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.02%

KEV

Description

An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture
🔓 Critical DNS vuln: CVE-2025-59030 in PowerDNS Recursor allows DoS via cache clearance. Patch #Debian to 5.2.7-0+deb13u1. Read more: 👉 tinyurl.com/4t5zwauc #Security
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • astral-sh
  • tokio-tar

21 Oct 2025
Published
22 Oct 2025
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.02%

KEV

Description

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture
~Socket~ A new Rust RFC proposes adding a 'Security' tab to crates.io pages to display vulnerability advisories from RustSec. - IOCs: CVE-2025-62518 - #Rust #Security #SupplyChain #ThreatIntel
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • EZCast
  • EZCast Pro II

10 Dec 2025
Published
10 Dec 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.02%

KEV

Description

Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II version 1.17478.146 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default password from observable device identifiers

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture

🚨 CRITICAL: CVE-2025-13955 in EZCast Pro II v1.17478.146 — Predictable default Wi-Fi password lets attackers nearby calculate access credentials. Review your AP configs & restrict access. More info: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Linux
  • Linux

06 Jun 2025
Published
03 Nov 2025
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF." To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture
An RbTree Family Drama Talk by William Liu and Savino Dicanosa @cor_ctf about exploiting CVE-2025-38001 — a use-after-free in the network packet scheduler. Video: www.youtube.com/watch?v=C-52... Slides: storage.googleapis.com/static.cor.t...
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Linux
  • Linux

11 Sep 2025
Published
29 Sep 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Add error handling for krealloc in metadata setup Function msm_ioctl_gem_info_set_metadata() now checks for krealloc failure and returns -ENOMEM, avoiding potential NULL pointer dereference. Explicitly avoids __GFP_NOFAIL due to deadlock risks and allocation constraints. Patchwork: https://patchwork.freedesktop.org/patch/661235/

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture
CVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setup scq.ms/3KIn86y #SecQube #MicrosoftSecurity
  • 0
  • 0
  • 0
  • 10h ago
Showing 21 to 30 of 64 CVEs