24h | 7d | 30d

CVE-2024-53141

Overview

  • Linux
  • Linux
06 Dec 2024
Published
03 Nov 2025
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical #SUSE Linux Kernel Security Update. We've detailed the newly disclosed netfilter vulnerability (CVE-2024-53141). Read more: 👉 tinyurl.com/yc9j5h2k #Security
  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-41729

Overview

  • Janitza
  • UMG 96-PA
24 Nov 2025
Published
24 Nov 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.08%
KEV

Description

An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
CERT@VDE @certvde

VDE-2025-094
Janitza: Vulnerability in Modbus interface of UMG 96-PA and UMG 96-PA-MID+

A vulnerability in the devices UMG 96-PA and UMG 96-PA-MID+ enables an unauthenticated remote attacker to cause the device to become unavailable.
CVE-2025-41729

certvde.com/en/advisories/vde-

janitza.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-38616

Overview

  • Linux
  • Linux
22 Aug 2025
Published
29 Sep 2025
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: tls: handle data disappearing from under the TLS ULP TLS expects that it owns the receive queue of the TCP socket. This cannot be guaranteed in case the reader of the TCP socket entered before the TLS ULP was installed, or uses some non-standard read API (eg. zerocopy ones). Replace the WARN_ON() and a buggy early exit (which leaves anchor pointing to a freed skb) with real error handling. Wipe the parsing state and tell the reader to retry. We already reload the anchor every time we (re)acquire the socket lock, so the only condition we need to avoid is an out of bounds read (not having enough bytes in the socket for previously parsed record len). If some data was read from under TLS but there's enough in the queue we'll reload and decrypt what is most likely not a valid TLS record. Leading to some undefined behavior from TLS perspective (corrupting a stream? missing an alert? missing an attack?) but no kernel crash should take place.

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Just published a deep-dive on a critical #SUSE Linux kernel security patch. CVE-2025-38616 is a TLS vulnerability that could cause data to "disappear" mid-transmission. It's a high-severity issue (7.4) for enterprise users. Read more: 👉 tinyurl.com/bddarm72 #Security
  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-9501

Overview

  • Unknown
  • W3 Total Cache
17 Nov 2025
Published
17 Nov 2025
Updated
CVSS
Pending
EPSS
1.16%
KEV

Description

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture
OpsMatters @opsmatters.com
The latest update for #IONIX includes "CVE-2025-9501: Identifying High-Risk #WordPress Instances Using W3 Total Cache" and "Why External Exposure Management Must Be at the Core of Your #SecurityOperations". #cybersecurity #AttackSurfaceManagement https://opsmtrs.com/3TB5mSA
  • 0
  • 0
  • 0
  • 11h ago

CVE-2024-4577

Overview

  • PHP Group
  • PHP
09 Jun 2024
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
94.39%
KEV

Description

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture
UndercodeTesting @undercode.bsky.social
The PHP-CGI Argument Injection Vulnerability (CVE-2024-4577): A Deep Dive into Exploitation and Hardening Introduction: A critical vulnerability in PHP-CGI, identified as CVE-2024-4577, has emerged, posing a significant threat to servers utilizing the `php-cgi` binary. This flaw allows attackers…
  • 0
  • 0
  • 0
  • 9h ago

CVE-2025-61882

Overview

  • Oracle Corporation
  • Oracle Concurrent Processing
05 Oct 2025
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
77.70%
KEV

Description

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Cox Enterprises discloses Oracle E-Business Suite data breach
bleepingcomputer.com/news/secu

Cox Enterprises is notifying impacted individuals of a data breach that
exposed their personal data to hackers who breached the company network after
exploiting a zero-day flaw in Oracle E-Business Suite.

The compromise occurred in August, but the company didn’t detect the intrusion
until late September, when it launched its internal investigation.

“On September 29, 2025, we became aware of suspicious activity involving
Oracle’s E-Business Suite, which is a platform we use for some of our
back-office business operations,” reads the notice.

The company has not named the attackers, but the Cl0p ransomware has taken
credit for exploiting CVE-2025-61882 as a zero-day vulnerability, long before
Oracle released a patch on October 5.

  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-13552

Overview

  • D-Link
  • DIR-822K
23 Nov 2025
Published
24 Nov 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.08%
KEV

Description

A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 HIGH severity (CVSS 8.7) buffer overflow in D-Link DIR-822K (CVE-2025-13552): Remote, unauthenticated exploit in /boafrm/formWlEncrypt—public PoC available. Restrict WAN access & monitor for updates! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-13550

Overview

  • D-Link
  • DIR-822K
23 Nov 2025
Published
24 Nov 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.08%
KEV

Description

A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-13550: HIGH severity buffer overflow (CVSS 8.7) in D-Link DIR-822K & DWR-M920 routers. Exploit is public. No patch—restrict access, monitor, and use IDS/IPS. Act now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-13553

Overview

  • D-Link
  • DWR-M920
23 Nov 2025
Published
24 Nov 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 Buffer overflow (HIGH, CVSS 8.7) in D-Link DWR-M920 v1.1.50! Remote, unauthenticated exploit possible via /boafrm/formPinManageSetup—public exploit out. Restrict access, monitor now, patch ASAP. CVE-2025-13553 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-13551

Overview

  • D-Link
  • DIR-822K
23 Nov 2025
Published
24 Nov 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.08%
KEV

Description

A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🔥 CVE-2025-13551 (HIGH): Buffer overflow in D-Link DIR-822K/DWR-M920 (firmware 1.00_20250513164613, 1.1.50). Remote, unauthenticated RCE possible; public exploit out. Isolate & monitor now! More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago
Showing 21 to 30 of 32 CVEs