24h | 7d | 30d

CVE-2025-36096

Overview

  • IBM
  • AIX
13 Nov 2025
Published
14 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.0)
EPSS
0.04%
KEV

Description

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-36096 (CRITICAL): IBM AIX 7.2/7.3 & VIOS 3.1/4.1 store NIM private keys insecurely, exposing systems to MitM attacks. Harden NIM access, segment networks, monitor for threats, and prep for urgent patching. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago

CVE-2025-46705

Overview

  • Entr'ouvert
  • Lasso
05 Nov 2025
Published
05 Nov 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.05%
KEV

Description

A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Statistics

  • 1 Post
Last activity: 10 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 URGENT SECURITY UPDATE for #Fedora 41 Users 🚨A critical buffer overflow (CVE-2025-46705) has been patched in the Lasso #SAML library. This high-severity flaw could allow remote code execution. Read more: 👉 tinyurl.com/ypstjy6h #security
  • 0
  • 0
  • 0
  • 10h ago

CVE-2025-64444

Overview

  • Sony Network Communications Inc.
  • NCP-HG100/Cellular model
14 Nov 2025
Published
14 Nov 2025
Updated
CVSS v3.0
HIGH (7.2)
EPSS
0.65%
KEV

Description

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in to the management page of the product may execute an arbitrary OS command with root privileges.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-64444 (HIGH): OS command injection in Sony NCP-HG100 Cellular (≤1.4.48.16). Attackers with credentials can run root commands. Restrict mgmt access, enforce strong auth, monitor logs. Patch pending. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-46430

Overview

  • Dell
  • Display and Peripheral Manager
10 Nov 2025
Published
11 Nov 2025
Updated
CVSS v3.1
HIGH (7.3)
EPSS
0.01%
KEV

Description

Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

CVE-2025-46430: Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulnerability in the Installer.

CVSS: 7.3

NVD Published Date: 2025-11-10

Advisory: dell.com/support/kbdoc/en-us/0

  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-42887

Overview

  • SAP_SE
  • SAP Solution Manager
11 Nov 2025
Published
12 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.05%
KEV

Description

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability of the system.

Statistics

  • 1 Post
Last activity: 18 hours ago

Bluesky

Profile picture
ohhara @shiojiri.com
SAP Pushes Emergency Patch for 9.9 Rated CVE-2025-42887 After Full Takeover Risk – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More https://hackread.com/sap-patch-cve-2025-42887-takeover-vulnerability/
  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-12904

Overview

  • otacke
  • SNORDIAN's H5PxAPIkatchu
14 Nov 2025
Published
14 Nov 2025
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.07%
KEV

Description

The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insert_data' AJAX endpoint in all versions up to, and including, 0.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🔎 New HIGH severity XSS vuln (CVE-2025-12904, CVSS 7.2) in SNORDIAN's H5PxAPIkatchu WordPress plugin (≤0.4.17). Unauthenticated attackers can inject persistent scripts via 'insert_data' AJAX. Remove or mitigate now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-36251

Overview

  • IBM
  • AIX
13 Nov 2025
Published
14 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.6)
EPSS
0.07%
KEV

Description

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CRITICAL: IBM AIX 7.2/7.3 & VIOS 3.1/4.1 vulnerable (CVE-2025-36251, CVSS 9.6). Remote code execution via nimsh SSL/TLS. Restrict service, monitor IBM advisories, patch ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-61884

Overview

  • Oracle Corporation
  • Oracle Configurator
12 Oct 2025
Published
21 Oct 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
34.03%
KEV

Description

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Statistics

  • 2 Posts
Last activity: 2 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

A Russian national has pleaded guilty to acting as an initial access broker for Yanluowang ransomware attacks, while an international effort called Operation Endgame dismantled over 1000 servers linked to infostealers and botnets. Additionally, a critical vulnerability in Gladinet Triofox (CVE-2025-12480) allowed for remote code execution, and The Washington Post is notifying nearly 10,000 individuals about a data breach involving Oracle software (CVE-2025-61884), suspected to be carried out by the Cl0p ransomware operation.
sentinelone.com/blog/the-good-

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
Oracle EBSのサイバー攻撃 キャンペーン、Cl0p(Clop)が30社をリークサイトに掲載(CVE-2025-61882,CVE-2025-61884) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-21042

Overview

  • Samsung Mobile
  • Samsung Mobile Devices
12 Sep 2025
Published
11 Nov 2025
Updated
CVSS v3.1
HIGH (8.8)
EPSS
21.61%
KEV

Description

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Samsung mobile security advisory AV25-757 addresses vulnerabilities in Samsung mobile devices prior to SMR-NOV-2025, with a security update released on November 4, 2025. The Canadian Centre for Cyber Security urges users to apply the update to maintain protection against emerging threats, especially as CVE-2025-21042 was added to CISA's Known Exploited Vulnerabilities Catalog.
cyber.gc.ca/en/alerts-advisori

  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-64513

Overview

  • milvus-io
  • milvus
10 Nov 2025
Published
12 Nov 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.24%
KEV

Description

Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the Milvus cluster. This grants the attacker the ability to read, modify, or delete data, and to perform privileged administrative operations such as database or collection management. This issue has been fixed in Milvus 2.4.24, 2.5.21, and 2.6.5. If immediate upgrade is not possible, a temporary mitigation can be applied by removing the sourceID header from all incoming requests at the gateway, API gateway, or load balancer level before they reach the Milvus Proxy. This prevents attackers from exploiting the authentication bypass behavior.

Statistics

  • 2 Posts
Last activity: 18 hours ago

Bluesky

Profile picture
/r/netsec @r-netsec-bot.bsky.social
Milvus Proxy Authentication Bypass Vulnerability(CVE-2025-64513)
  • 0
  • 0
  • 1
  • 18h ago
Showing 21 to 30 of 49 CVEs