24h | 7d | 30d

Overview

  • Google
  • Chrome

14 May 2024
Published
21 Oct 2025
Updated

CVSS
Pending
EPSS
52.38%

Description

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture
Just published a detailed analysis of the urgent #Fedora 41 Chromium security update. This isn't just a routine patch. It fixes CVE-2024-4761, a type confusion bug in the V8 engine that malicious websites can use for remote code execution. Read more: 👉 tinyurl.com/4fz764ba #Security
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • NEC Corporation
  • RakurakuMusen Start EX

19 Nov 2025
Published
19 Nov 2025
Updated

CVSS v4.0
HIGH (8.4)
EPSS
0.01%

KEV

Description

DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user's device.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture

NEC RakurakuMusen Start EX (all versions) hit by HIGH severity DLL loading vuln (CVE-2025-12852, CVSS 8.4). Local attackers can hijack DLLs—no patch yet. Harden DLL paths & monitor for abuse. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Pending

04 Jul 2024
Published
18 Mar 2025
Updated

CVSS
Pending
EPSS
41.89%

KEV

Description

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture
The Exim Root Exploit: How a Single DNS Query Can Give Attackers Total Control of Your Mail Server Introduction: A critical vulnerability in the ubiquitous Exim mail transfer agent has sent shockwaves through the cybersecurity community. Designated CVE-2024-39929, this flaw in the DKIM…
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • D-Link
  • DIR-816L

14 Nov 2025
Published
17 Nov 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.17%

KEV

Description

A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture
#exploit #vulnerability #zeroday #flaw #POC for CVE-2025-13188 D-Link DIR-816L 2_06_b09_beta CVSS: 8.9 HIGH github.com/scanleale/IO...
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • HAProxy Technologies
  • HAProxy Community Edition

19 Nov 2025
Published
19 Nov 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.11%

KEV

Description

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.

Statistics

  • 1 Post

Last activity: 7 hours ago

Fediverse

Profile picture

⚠️ CVE-2025-11230: HIGH severity flaw in HAProxy Community Edition (2.4.0–3.2.0) lets remote attackers cause DoS via crafted JSON. Monitor for patches, rate-limit, and filter JSON traffic. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

Overview

  • emmanuelg
  • EG-Series

15 May 2025
Published
15 May 2025
Updated

CVSS v3.1
MEDIUM (6.4)
EPSS
0.06%

KEV

Description

The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [series] shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes in the shortcode_title function. This makes it possible for authenticated attackers - with contributor-level access and above, on sites with the Classic Editor plugin activated - to inject arbitrary JavaScript code in the titletag attribute that will execute whenever a user access an injected page.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture
Just published a deep dive on the newly disclosed OpenSSL vulnerability for SUSE systems (CVE-2025-4126). Read more: 👉 tinyurl.com/4ftcxc7a #SUSE #Security
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • flatpak
  • flatpak

15 Aug 2024
Published
02 Apr 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
3.69%

KEV

Description

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox. Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code. For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson "wrap" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture
Just published: A deep dive into the critical Flatpak sandbox vulnerability, CVE-2024-42472. Read more: 👉 tinyurl.com/yz672jsj #Security #Mageia
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Microsoft
  • Windows 10 Version 1809

14 Jan 2025
Published
09 Sep 2025
Updated

CVSS v3.1
HIGH (8.8)
EPSS
1.89%

KEV

Description

Windows Telephony Service Remote Code Execution Vulnerability

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture
Breaking down the critical Ghostscript patch every sysadmin needs to know. CVE-2025-21250 isn't just another CVE. It's a remotely exploitable flaw in a core component used for PDF processing. Read more: 👉 tinyurl.com/3kwuvt4d #Security #SUSE
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • pgadmin.org
  • pgAdmin 4

03 Apr 2025
Published
04 Apr 2025
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
46.09%

KEV

Description

Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. This issue affects pgAdmin 4: before 9.2.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture
#exploit #vulnerability #RCE #zeroday #flaw #POC for Remote Code Execution Vulnerability in pgAdmin 4 CVE-2025-2945 github.com/pgadmin-org/...
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Pending

18 Nov 2025
Published
19 Nov 2025
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

A remote command execution (RCE) vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points (versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03, WAP611-WPT330-R1348-OASIS, WAP662-WPT330-R2262, WAP662H-WPT330-R2262, USG300V2-WPT330-R2129, MSG300-WPT330-R1350, and MSG326-WPT330-R2129). Attackers are able to exploit this vulnerability via injecting crafted commands into the sessionid parameter.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 22 hours ago
Showing 21 to 30 of 50 CVEs