Overview
Description
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Statistics
- 1 Post
Last activity: 21 hours ago
Bluesky
Deep dive analysis: The technical implications of CVE-2024-26929 in the Linux kernel. This isn't just another update—it's a patch for a memory corruption flaw in the core Netfilter framework. Read more:👉 tinyurl.com/35cd5tj8 #Ubuntu
Overview
- djangoproject
- Django
- django
05 Nov 2025
Published
08 Nov 2025
Updated
CVSS
Pending
EPSS
0.07%
KEV
Description
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.
Statistics
- 1 Post
Last activity: 8 hours ago
Bluesky
GitHub - omarkurt/django-connector-CVE-2025-64459-testbed: A self-contained testbed for Django CVE-2025-64459. Demonstrates QuerySet.filter() parameter injection via dictionary expansion using Docker.
Overview
Description
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
Statistics
- 2 Posts
Last activity: 11 hours ago
Fediverse
🚨 New plugin: FreePBXPlugin (CVE-2025-57819).
FreePBX unauthenticated SQL injection vulnerability detection - may lead to RCE.
Results: https://leakix.net/search?q=%2Bplugin%3AFreePBXPlugin&scope=leak
Overview
- calcom
- cal.com
03 Dec 2025
Published
03 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.9)
EPSS
0.08%
KEV
Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Statistics
- 1 Post
Last activity: 18 hours ago
Fediverse
🚨 CVE-2025-66489: CRITICAL bug in cal.com (<5.9.8) lets attackers bypass password checks with valid TOTP, risking account compromise. Patch to 5.9.8+ ASAP! Details: https://radar.offseq.com/threat/cve-2025-66489-cwe-303-incorrect-implementation-of-10655bf9 #OffSeq #calcom #vuln #CVE202566489 #infosec
Overview
- Go standard library
- crypto/x509
- crypto/x509
03 Dec 2025
Published
03 Dec 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV
Description
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.
Statistics
- 1 Post
Last activity: 7 hours ago
Bluesky
🚨 New UNKNOWN CVE detected in AWS Lambda 🚨
CVE-2025-61727 impacts stdlib in 27 Lambda base images.
Details: https://github.com/aws/aws-lambda-base-images/issues/357
More: https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless
Overview
- Dunamu
- StockPlus App
20 Jul 2025
Published
21 Jul 2025
Updated
CVSS v4.0
MEDIUM (4.8)
EPSS
0.04%
KEV
Description
A vulnerability was found in Dunamu StockPlus App up to 7.62.10 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.dunamu.stockplus. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Statistics
- 1 Post
Last activity: 20 hours ago
Bluesky
Technical Deep Dive: CVE-2025-7890.
Analyzing the newly disclosed privilege escalation vulnerability in #Ubuntu's PostgreSQL contrib packages. Read more: 👉 tinyurl.com/yk3b6urt #Security
Overview
- TOTOLINK
- N300RT
03 Dec 2025
Published
03 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
1.84%
KEV
Description
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.
Statistics
- 1 Post
Last activity: 12 hours ago
Fediverse
🔥 CVE-2025-34319: CRITICAL OS Command Injection in TOTOLINK N300RT (firmware < V3.4.0-B20250430). Unauthenticated RCE via Boa formWsc—patch ASAP or segment & restrict access. Monitor for exploit attempts! https://radar.offseq.com/threat/cve-2025-34319-cwe-78-improper-neutralization-of-s-9672dc71 #OffSeq #CVE202534319 #IoTSecurity
Overview
Description
In the Linux kernel, the following vulnerability has been resolved:
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
This reverts commit 1a1975551943f681772720f639ff42fbaa746212.
This commit causes interrupts to be lost for FCoE devices, since it changed
sping locks from "bh" to "irqsave".
Instead, a work queue should be used, and will be addressed in a separate
commit.
Statistics
- 1 Post
Last activity: 21 hours ago
Bluesky
CRITICAL: Linux kernel vuln CVE-2024-26917 patched. Heap OOB write in netfilter. Local privilege escalation to root, DoS possible. High risk for containers/cloud (CAP_NET_ADMIN in user ns).
Read more: 👉 tinyurl.com/y9x2rpuf #Security #Ubuntu
Overview
Description
In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Statistics
- 1 Post
Last activity: 21 hours ago
Fediverse
Proof-of-concept for CVE-2025-48593: No, this Android Bluetooth issue does NOT affect your phone or tablet | Worth Doing Badly
https://worthdoingbadly.com/bluetooth/
Overview
- Artifex
- Ghostscript
22 Sep 2025
Published
03 Nov 2025
Updated
CVSS v3.1
MEDIUM (4.3)
EPSS
0.02%
KEV
Description
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.
Statistics
- 1 Post
Last activity: 19 hours ago
Bluesky
New #Ubuntu Security Notice: USN-7904-1 addresses CVE-2025-59798/9 in Ghostscript. The flaw in file writing logic could lead to a service crash (Denial of Service). Read more: 👉 tinyurl.com/47edzrhs #Security