Overview
- Cisco
- Cisco IP Phones with Multiplatform Firmware
03 Mar 2023
Published
28 Oct 2024
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
20.10%
KEV
Description
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
Statistics
- 1 Post
Last activity: 5 hours ago
Bluesky
CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones https://lobste.rs/s/jv25vw #security
Overview
- Microsoft
- Windows
26 Aug 2025
Published
05 Dec 2025
Updated
CVSS v3.0
HIGH (7.0)
EPSS
0.23%
KEV
Description
Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373.
Statistics
- 1 Post
Last activity: 22 hours ago
Bluesky
Microsoft Silently Patched CVE-2025-9491 - We Think Our Patch Provides More Security
Overview
Description
Issue summary: An application trying to decrypt CMS messages encrypted using
password based encryption can trigger an out-of-bounds read and write.
Impact summary: This out-of-bounds read may trigger a crash which leads to
Denial of Service for an application. The out-of-bounds write can cause
a memory corruption which can have various consequences including
a Denial of Service or Execution of attacker-supplied code.
Although the consequences of a successful exploit of this vulnerability
could be severe, the probability that the attacker would be able to
perform it is low. Besides, password based (PWRI) encryption support in CMS
messages is very rarely used. For that reason the issue was assessed as
Moderate severity according to our Security Policy.
The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this
issue, as the CMS implementation is outside the OpenSSL FIPS module
boundary.
Statistics
- 1 Post
Last activity: 19 hours ago
Bluesky
🚨 Security Alert for #Oracle Linux 10 users 🚨
New OpenSSL patch (ELSA-2025-21248) addresses CVE-2025-9230 (Moderate severity). Out-of-bounds read/write flaw in RFC 3211 KEK Unwrap. Read more: tinyurl.com/yeyn4bhk #Security
Overview
- 10web
- 10Web Booster – Website speed optimization, Cache & Page Speed optimizer
06 Dec 2025
Published
06 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.6)
EPSS
Pending
KEV
Description
The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the get_cache_dir_for_page_from_url() function in all versions up to, and including, 2.32.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary folders on the server, which can easily lead to a loss of data or a denial of service condition.
Statistics
- 1 Post
Last activity: 4 hours ago
Fediverse
🚨 CRITICAL vuln: 10Web Booster WordPress plugin (all versions ≤2.32.7) allows authenticated users to delete arbitrary folders via path traversal (CVE-2025-13377, CVSS 9.6). Risk: data loss, DoS. Restrict access & monitor systems. https://radar.offseq.com/threat/cve-2025-13377-cwe-22-improper-limitation-of-a-pat-7c7aa1e1 #OffSeq #WordPress #vuln
Overview
- Advantech Co., Ltd.
- WISE-DeviceOn Server
05 Dec 2025
Published
05 Dec 2025
Updated
CVSS v4.0
CRITICAL (10.0)
EPSS
Pending
KEV
Description
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote unauthenticated attacker to generate arbitrary tokens and impersonate any DeviceOn account, including the root super admin. Successful exploitation permits full administrative control of the DeviceOn instance and can be leveraged to execute code on managed agents through DeviceOn’s remote management features.
Statistics
- 1 Post
Last activity: 8 hours ago
Fediverse
🚨 CVE-2025-34256: CRITICAL (CVSS 10) vuln in Advantech WISE-DeviceOn Server <5.4—remote attackers can forge JWTs & gain full admin access via hard-coded key. Patch to v5.4+ or restrict access now! https://radar.offseq.com/threat/cve-2025-34256-cwe-321-use-of-hard-coded-cryptogra-3c681503 #OffSeq #ICS #IoTSecurity #Vulnerability
Overview
- ajitdas
- Flex QR Code Generator
06 Dec 2025
Published
06 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV
Description
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_qr_code() function in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Statistics
- 1 Post
Last activity: 2 hours ago
Fediverse
🚨 CRITICAL: CVE-2025-12673 in Flex QR Code Generator for WordPress (≤1.2.6) allows unauthenticated arbitrary file uploads—possible RCE! Disable plugin, monitor for patches, restrict file exec in uploads. https://radar.offseq.com/threat/cve-2025-12673-cwe-434-unrestricted-upload-of-file-74b9ba78 #OffSeq #WordPress #Vulnerability #Infosec
Overview
Description
In the Linux kernel, the following vulnerability has been resolved:
io_uring/kbuf: reallocate buf lists on upgrade
IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it
was created for legacy selected buffer and has been emptied. It violates
the requirement that most of the field should stay stable after publish.
Always reallocate it instead.
Statistics
- 1 Post
Last activity: 10 hours ago
Bluesky
DĂ©jĂ Vu in Linux io_uring
Talk by Pumpkin about exploiting CVE-2025-21836 — a race condition that leads to a use-after-free in the io_uring subsystem.
Video: www.youtube.com/watch?v=Ry4e...
Slides: u1f383.github.io/slides/talks...
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
Last activity: 20 hours ago
Fediverse
"When Password FieldsAren’t Enough – Client-Side SecretExposure in PagerDuty Cloud Runbook"
Overview
Description
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.
Statistics
- 1 Post
Last activity: 11 hours ago
Fediverse
đź“° Critical 7-Zip RCE Vulnerability Now Under Active Exploitation
A critical RCE vulnerability in 7-Zip (CVE-2025-11001) is now being actively exploited. ⚠️ The path traversal flaw allows code execution via malicious archives. Update to version 25.0.0 or later immediately! #7Zip #RCE #CyberSecurity
Overview
Description
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.
Statistics
- 1 Post
Last activity: 8 hours ago
Bluesky
CVE-2025-11731 Libxslt: type confusion in exsltfuncresultcompfunction of libxslt scq.ms/4rG6IMz #SecQube #MicrosoftSecurity