24h | 7d | 30d

CVE-2025-10870

Overview

  • DIAL
  • CentrosNet
07 Nov 2025
Published
07 Nov 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.03%
KEV

Description

SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CRITICAL SQL injection (CVE-2025-10870) in DIAL CentrosNet <2.65 lets unauthenticated attackers control the DB via 'ultralogin'. Patch when available, restrict access, and monitor for abuse. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-12487

Overview

  • oobabooga
  • text-generation-webui
06 Nov 2025
Published
06 Nov 2025
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
0.75%
KEV

Description

oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the trust_remote_code parameter provided to the join endpoint. The issue results from the lack of proper validation of a user-supplied argument before using it to load a model. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26681.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-12487: oobabooga text-generation-webui v2.5 has a CRITICAL RCE flaw via trust_remote_code in the join endpoint—no auth required. Restrict access & disable trust_remote_code now. Patch awaited. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-12727

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture
SecQube | Harvey | AI Platform for MS Graph @secqube.com
Chromium: CVE-2025-12727 Inappropriate implementation in V8 scq.ms/492fUnN #cybersecurity #SecQube
  • 0
  • 0
  • 0
  • 9h ago

CVE-2024-27146

Overview

  • Toshiba Tec Corporation
  • Toshiba Tec e-Studio multi-function peripheral (MFP)
14 Jun 2024
Published
13 Feb 2025
Updated
CVSS v3.1
MEDIUM (6.7)
EPSS
0.07%
KEV

Description

The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference URL.

Statistics

  • 1 Post
Last activity: 4 hours ago

Bluesky

Profile picture
UndercodeTesting @undercode.bsky.social
Unmasking the Hidden Threat: A Deep Dive into the Critical SAP NetWeaver Vulnerability (CVE-2024-27146) Introduction: A critical vulnerability in SAP NetWeaver, designated CVE-2024-27146, has sent shockwaves through the cybersecurity community. This security flaw, an unauthenticated OS command…
  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-12488

Overview

  • oobabooga
  • text-generation-webui
06 Nov 2025
Published
06 Nov 2025
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
0.75%
KEV

Description

oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the trust_remote_code parameter provided to the load endpoint. The issue results from the lack of proper validation of a user-supplied argument before using it to load a model. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-26680.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-12488: oobabooga text-generation-webui v2.5 suffers CRITICAL RCE via untrusted trust_remote_code input. No auth needed! Restrict endpoint, disable trust_remote_code, and monitor for abuse. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-48985

Overview

  • Vercel
  • AI SDK
07 Nov 2025
Published
07 Nov 2025
Updated
CVSS v3.1
LOW (3.7)
EPSS
0.03%
KEV

Description

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture
cR0w 🦃 @cR0w

Go hack more AI shit.

vercel.com/changelog/cve-2025-

  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-11546

Overview

  • NEC Corporation
  • CLUSTERPRO X for Linux (EXPRESSCLUSTER X for Linux)
07 Nov 2025
Published
07 Nov 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.07%
KEV

Description

CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, EXPRESSCLUSTER X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 allows an attacker sends specially crafted network packets to the product, arbitrary OS commands may be executed without authentication.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CRITICAL: CVE-2025-11546 (CVSS 9.3) — OS command injection in NEC CLUSTERPRO X for Linux v4.0–5.2. Remote, no-auth exploit = full cluster compromise. Patch ASAP, restrict access, monitor traffic. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-64180

Overview

  • Manager-io
  • Manager
07 Nov 2025
Published
07 Nov 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.06%
KEV

Description

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use (TOCTOU) condition that allows attackers to bypass network isolation and access internal services, cloud metadata endpoints, and protected network segments. The Desktop edition requires no authentication; the Server edition requires only standard authentication. This issue is fixed in version 25.11.1.3086.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🔒 CRITICAL: CVE-2025-64180 in Manager-io Manager (<25.11.1.3086) enables attackers to bypass DNS validation & access internal networks. Patch ASAP! Desktop needs no auth. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-64336

Overview

  • MacWarrior
  • clipbucket-v5
07 Nov 2025
Published
07 Nov 2025
Updated
CVSS v4.0
HIGH (7.2)
EPSS
0.06%
KEV

Description

ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. While the payload does not execute in the user-facing photo gallery or detail pages, it is rendered unsafely in the Admin → Manage Photos section, resulting in JavaScript execution in the administrator’s browser. This issue is fixed in version 5.5.2-#147.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🔍 CVE-2025-64336: HIGH severity stored XSS in ClipBucket v5 (<5.5.2-#147). Auth’d users can inject JS in photo titles; payload executes in Admin → Manage Photos, risking admin takeover. Patch now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-12725

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture
SecQube | Harvey | AI Platform for MS Graph @secqube.com
Chromium: CVE-2025-12725 Out of bounds write in WebGPU scq.ms/47HK513 #cybersecurity #SecQube
  • 0
  • 0
  • 0
  • 13h ago
Showing 21 to 30 of 45 CVEs