24h | 7d | 30d

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 8 hours ago

Fediverse

Profile picture

RE: infosec.exchange/@DarkWebInfor

Did someone break embargo or what? These links are apparently for 0days for CVE-2025-11001 and CVE-2025-11002 but neither one of those are published as of right now.

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • 21h ago
Profile picture

Che la caccia abbia inizio! Il bug critico su 7-Zip mette milioni di utenti a rischio

Milioni di utenti sono esposti al rischio di infezioni da malware e compromissione del sistema a causa dello sfruttamento attivo da parte degli hacker di una vulnerabilità critica di esecuzione di codice remoto (RCE) nel noto software di archiviazione 7-Zip.

Svelata ad ottobre 2025, questa vulnerabilità ha un punteggio CVSS v3 pari a 7,0, ed evidenzia una gravità di sfruttamento locale, ma su larga scala senza richiedere privilegi elevati.

Nello specifico, il CVE-2025-11001, è un bug di sicurezza che coinvolge la gestione non corretta dei collegamenti simbolici all’interno degli archivi ZIP. Ciò permette agli aggressori di eseguire codice a loro scelta sui sistemi deboli, navigando attraverso le directory.

Il 18 novembre 2025, l’NHS England Digital del Regno Unitoha emesso un avviso urgente , confermando lo sfruttamento attivo del bug CVE-2025-11001 e sollecitando aggiornamenti immediati per mitigare i rischi.

La vulnerabilità è stata scoperta da Ryota Shiga di GMO Flatt Security Inc., in collaborazione con il loro strumento AppSec Auditor basato sull’intelligenza artificiale, e segnalata tempestivamente agli sviluppatori di 7-Zip.

Gli esperti di sicurezza della Zero Day Initiative (ZDI) di Trend Micro hanno reso noti i dettagli su come un attaccante potrebbe utilizzare questa vulnerabilità per eludere le restrizioni degli ambienti sandbox, aumentando notevolmente il rischio soprattutto nell’ambito dell’elaborazione automatizzata dei file nelle aziende.

Questo patch traversal, può consentire agli aggressori di sovrascrivere file di sistema critici o di iniettare payload dannosi, portando all’esecuzione completa del codice nel contesto dell’account utente o di servizio che esegue l’applicazione.

E’ stato anche reso pubblico un exploit proof-of-concept (PoC) , che dimostra come un file ZIP dannoso possa abusare della gestione dei collegamenti simbolici per facilitare scritture di file arbitrarie e, in determinati scenari, indirizzare l’RCE.

Il recente PoC ha ridotto la soglia di accesso per gli aggressori, incrementando così il numero degli attacchi effettivi rilevati. Basti pensare che lo sfruttamento della vulnerabilità richiede un’interazione minima da parte dell’utente: semplicemente, l’apertura o l’estrazione di un archivio insidioso è sufficiente a scatenare l’attacco, meccanismo spesso sfruttato nelle operazioni di phishing e nei download drive-by.

Gli autori delle minacce potrebbero utilizzare questo RCE per distribuire ransomware, rubare dati sensibili o creare backdoor persistenti, amplificando il pericolo negli attacchi alla supply chain in cui gli archivi compromessi si diffondono tramite e-mail o unità condivise.

Per scongiurare tale rischio, è necessario che gli utenti e le organizzazioni provvedano ad aggiornare 7-Zip alla versione 25.00 o superiore, reperibile sul sito ufficiale, il quale adotta una canonizzazione dei percorsi più stringente al fine di impedire tentativi di attraversamento.

La nuova patch risolvono due bug, sia il CVE-2025-11001 che il CVE-2025-11002. Sono coinvolte tutte le edizioni di Windows che hanno installato 7-Zip in versione precedente alla 25.00, mentre non sono stati riportati effetti su Linux o macOS.

L'articolo Che la caccia abbia inizio! Il bug critico su 7-Zip mette milioni di utenti a rischio proviene da Red Hot Cyber.

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Adobe
  • Adobe Commerce

13 Jun 2024
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
94.35%

Description

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

Statistics

  • 2 Posts

Last activity: 7 hours ago

Fediverse

Profile picture

🚨 New plugin: MagentoXxePlugin (CVE-2024-34102, CosmicSting).

Magento XXE injection vulnerability detection - may expose sensitive files, RCE possible in some cases.

Results: leakix.net/search?q=%2Bplugin%

  • 0
  • 0
  • 1
  • 7h ago

Overview

  • Pending

19 Nov 2025
Published
19 Nov 2025
Updated

CVSS
Pending
EPSS
0.07%

KEV

Description

The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response body during the loginWithUserName flow, the attacker can gain Superuser or Operator access without providing valid credentials.

Statistics

  • 1 Post

Last activity: 9 hours ago

Fediverse

Profile picture

🚨 CVE-2025-63210: CRITICAL auth bypass in Newtec Celox UHD (CELOXA504, CELOXA820, fw 21.6.13). Attackers can intercept & inject login responses to get admin access. Encrypt traffic, segment networks, restrict access! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

Overview

  • OP-TEE
  • optee_os

29 Nov 2022
Published
22 Apr 2025
Updated

CVSS v3.1
HIGH (8.2)
EPSS
0.47%

KEV

Description

OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The commands `OPTEE_MSG_CMD_OPEN_SESSION` and `OPTEE_MSG_CMD_INVOKE_COMMAND` can be executed from the normal world via an OP-TEE SMC. This function is not validating the `num_params` argument, which is only limited to `OPTEE_MSG_MAX_NUM_PARAMS` (127) in the function `get_cmd_buffer()`. Therefore, an attacker in the normal world can craft an SMC call that will cause out-of-bounds reading in `cleanup_shm_refs` and potentially freeing of fake-objects in the function `mobj_put()`. A normal-world attacker with permission to execute SMC instructions may exploit this flaw. Maintainers believe this problem permits local privilege escalation from the normal world to the secure world. Version 3.19.0 contains a fix for this issue. There are no known workarounds.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture
The Swagger-UI Menace: How a 3-Year-Old XSS Flaw Continues to Haunt APIs Introduction: A critical reflected Cross-Site Scripting (XSS) vulnerability in Swagger-UI, designated CVE-2022-46152, continues to plague API deployments years after its initial disclosure. This persistent threat stems from…
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • pgadmin.org
  • pgAdmin 4

13 Nov 2025
Published
14 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.09%

KEV

Description

pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture
pgAdminに深刻な脆弱性4件(CVE-2025-12762, CVSS 9.1)など rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • grub2

18 Nov 2025
Published
19 Nov 2025
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture
URGENT: #openSUSE GRUB2 update patches 5 CVEs (CVE-2025-54771, etc.) that could lead to system compromise. Read more: 👉 tinyurl.com/3pz645nd #Security
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Linux
  • Linux

11 Sep 2025
Published
17 Nov 2025
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture
Critical Security Patch for #Ubuntu 22.04 LTS on AWS The USN-7861-4 advisory details patches for multiple Linux kernel vulnerabilities, including the high-severity VMSCAPE flaw (CVE-2025-40300). Read more: 👉 tinyurl.com/yc28tav9 #Security
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • withastro
  • astro

19 Nov 2025
Published
19 Nov 2025
Updated

CVSS v3.1
HIGH (7.1)
EPSS
0.03%

KEV

Description

Astro is a web framework. Prior to version 5.15.8, a reflected XSS vulnerability is present when the server islands feature is used in the targeted application, regardless of what was intended by the component template(s). This issue has been patched in version 5.15.8.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture

beautiful women called CVE-2025-64764 messaging me

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • lukevella
  • rallly

19 Nov 2025
Published
19 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.04%

KEV

Description

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in the request. This allows unauthorized users to finalize other users’ polls and convert them into events without proper authorization checks, potentially disrupting user workflows and causing data integrity and availability issues. This issue has been patched in version 4.5.4.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture

🔴 CVE-2025-65021 (CRITICAL, CVSS 9.1) in lukevella Rallly <4.5.4: Auth’d users can finalize others' polls via IDOR, risking data integrity. Patch to v4.5.4 ASAP! Monitor & audit poll actions. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • AudioCodes Limited
  • AudioCodes Fax/IVR Appliance

19 Nov 2025
Published
19 Nov 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.70%

KEV

Description

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application configuration, creates the directory if it does not exist, and then moves an uploaded file to that location using the attacker-controlled filename, without any authentication, authorization, or file-type validation. On default Windows deployments where the backup directory resolves to the system drive, a remote attacker can upload web server or interpreter configuration files that cause a log file or other server-controlled resource to be treated as executable code. This allows subsequent HTTP requests to trigger arbitrary command execution under the web server account, which runs as NT AUTHORITY\\SYSTEM.

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture

🚨 CVE-2025-34329 (CRITICAL): AudioCodes Fax/IVR appliances ≤2.6.23 vulnerable to unauthenticated file upload. Exploit = SYSTEM-level RCE. Restrict access, monitor logs, patch ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago
Showing 21 to 30 of 51 CVEs