24h | 7d | 30d

Overview

  • Apple
  • macOS

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture

🔒 HIGH severity: CVE-2025-43328 in Apple macOS allows unauthorized app access to sensitive user data. Fixed in macOS Tahoe 26. Patch now, audit permissions, and monitor endpoints. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Daikin
  • Security Gateway

11 Sep 2025
Published
11 Sep 2025
Updated

CVSS v3.1
HIGH (7.3)
EPSS
0.08%

KEV

Description

Daikin Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture
ダイキン製「Daikin Security Gateway」で重大な脆弱性(CVE-2025-10127) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • RURBAN
  • Cpanel::JSON::XS
  • Cpanel-JSON-XS

08 Sep 2025
Published
08 Sep 2025
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture
Critical security update for all #SUSE Linux Enterprise 15 SP7 users. The perl-Cpanel-JSON-XS package contains a severe integer buffer overflow vulnerability (CVE-2025-40929). Rated 9.8 CVSS, it's remotely exploitable with no authentication required. Read more:👉 tinyurl.com/m9mpwyf2 #Security
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Apple
  • AirPlay audio SDK

30 Apr 2025
Published
01 May 2025
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture
[Apple CarPlay] 脆弱性CVE-2025-24132、なぜ修正パッチは適用されないのか?自動車業界の構造的課題に迫るーイノベトピア innovatopia.jp/cyber-securi... まず、この脆弱性の核心部分を簡単に解説します。今回発見された「CVE-2025-24132」は、専門的には「ゼロクリック・リモートコード実行(RCE)」と呼ばれる種類に分類されます。 「ゼロクリック」とは、その名の通り、ユーザーがリンクをクリックしたり、ファイルを開いたりといった操作を一切しなくても、攻撃が成立してしまうことを意味します。
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Apple
  • macOS

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture

CVE-2025-43332 (HIGH): A sandbox escape vuln in Apple macOS could let apps break isolation via file quarantine bypass. Update to Sequoia 15.7, Sonoma 14.8, or Tahoe 26. No exploits yet, patch ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • instawp
  • InstaWP Connect – 1-click WP Staging & Migration

11 Apr 2025
Published
11 Apr 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
9.79%

KEV

Description

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture

🚨 CVE-2025-2636: Critical Path Traversal in InstaWP Connect WordPress Plugin

The CrowdSec Network has detected a surge of exploitation attempts targeting CVE-2025-2636, a critical path traversal vulnerability in the InstaWP Connect WordPress plugin, which is turning website staging tools into backdoors.

🧵1/7

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • podman

05 Sep 2025
Published
16 Sep 2025
Updated

CVSS
Pending
EPSS
0.07%

KEV

Description

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture
[release-25.05] podman: patch CVE-2025-9566 https://github.com/NixOS/nixpkgs/pull/443023 #security
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • axios
  • axios

12 Sep 2025
Published
12 Sep 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.04%

KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to version 1.11.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`. Version 1.11.0 contains a patch for the issue.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture
Axiosの脆弱性がNode.jsのプロセスをクラッシュさせる可能性(CVE-2025-58754) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • BGS Interactive
  • SINAV.LINK Exam Result Module

16 Sep 2025
Published
16 Sep 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BGS Interactive SINAV.LINK Exam Result Module allows SQL Injection.This issue affects SINAV.LINK Exam Result Module: before 1.2.

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture

🚨 CVE-2025-4688: CRITICAL SQL Injection in SINAV.LINK Exam Result Module <1.2. Remotely exploitable, no patch yet — restrict access, enable WAF, and monitor logs. Protect exam data! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • DJI
  • Mavic Spark

11 Sep 2025
Published
11 Sep 2025
Updated

CVSS v4.0
LOW (2.3)
EPSS
0.01%

KEV

Description

A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture

The write-up on GitHub and the description in the CVE don't really match, but either way, go hack some EOL DJI shit.

github.com/ByteMe1001/DJI-Enha

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 0
  • 0
  • 21h ago
Showing 21 to 30 of 58 CVEs