Overview
- Sangfor Technologies Co., Ltd.
- Endpoint Detection and Response Platform
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse

LMAO. It's an older vuln and was added to CNVD in 2020 but just got a CVE last week. 🥳
sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds.
https://www.cnvd.org.cn/flaw/show/CNVD-2020-46552
https://nvd.nist.gov/vuln/detail/CVE-2025-34041
And FWIW, ShadowServer shows EITW in CN.
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Overview
- wpopal
- Opal Estate Pro – Property Management and Submission
Description
Statistics
- 1 Post
Fediverse

⚠️ CRITICAL: CVE-2025-6934 in Opal Estate Pro plugin (<=1.7.5) lets unauth attackers register as admins on WordPress sites. Disable plugin, restrict registrations, and review accounts ASAP! https://radar.offseq.com/threat/cve-2025-6934-cwe-269-improper-privilege-managemen-c1a44303 #OffSeq #WordPress #Infosec #PrivilegeEscalation
Overview
- notepad-plus-plus
- notepad-plus-plus
Description
Statistics
- 1 Post
Fediverse

CVE Record: CVE-2025-49144 - Notepad++ Privilege Escalation In Installer Via Uncontrolled Executable Search Path #SuggestedRead #devopsish https://www.cve.org/CVERecord?id=CVE-2025-49144
Overview
- LizardByte
- Sunshine
Description
Statistics
- 1 Post
Fediverse

🛡️ CRITICAL CSRF vuln in LizardByte Sunshine (<2025.628.4510): attackers can trigger admin-level OS commands via web UI if users visit malicious links. Patch to 2025.628.4510+ ASAP! CVE-2025-53095 https://radar.offseq.com/threat/cve-2025-53095-cwe-352-cross-site-request-forgery--44568b1d #OffSeq #CSRF #Vulnerability #GameStreaming #PatchNow
Overview
- Cisco
- Cisco Identity Services Engine Software
Description
Statistics
- 2 Posts
Fediverse

🚨CVE-2025-20281 & CVE-2025-20282: Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC
• CVSS: 10
• ZoomEye Dork: app="Cisco ISE"
• Results: 1,937
• Advisory:
github.com/advisories/GHSA-rc4f-42xm-hvjwgithub.com/advisories/GHSA-w8p2-wjjr-hr24
• PoC: github.com/abrewer251/CVE-2025-20281-2-Citrix-ISE-RCE
• ZoomEye Search: zoomeye.ai/searchResult?q=YXBwPSJDaXNjbyBJU0Ui
—————
Follow @zoomeye_team's official Twitter/X account and send the message “Dark Web Informer” via DM to receive an extra 15-day membership. 💙

Cisco centra il bersaglio: 9,8 su 10 per due RCE su Identity Services Engine e Passive Identity Connector
Cisco ha segnalato due vulnerabilitĂ RCE critiche che non richiedono autenticazione e interessano Cisco Identity Services Engine (ISE) e Passive Identity Connector (ISE-PIC). Alle vulnerabilitĂ sono stati assegnati gli identificatori CVE-2025-20281 e CVE-2025-20282 e hanno ottenuto il punteggio massimo di 9,8 punti su 10 sulla scala CVSS. Il primo problema riguarda le versioni 3.4 e 3.3 di ISE e ISE-PIC, mentre il secondo riguarda solo la versione 3.4.
La causa principale dell’errore CVE-2025-20281 era l’insufficiente convalida dell’input utente in un’API esposta. Ciò consentiva a un aggressore remoto e non autenticato di inviare richieste API contraffatte per eseguire comandi arbitrari come utente root. Il secondo problema, CVE-2025-20282, era causato da una convalida dei file insufficiente nell’API interna, che consentiva la scrittura di file in directory privilegiate. Questo bug consentiva ad aggressori remoti non autenticati di caricare file arbitrari sul sistema di destinazione ed eseguirli con privilegi di root.
La piattaforma Cisco Identity Services Engine (ISE) è progettata per gestire le policy di sicurezza di rete e il controllo degli accessi e in genere funge da motore di controllo degli accessi alla rete (NAC), gestione delle identità e applicazione delle policy. Questo prodotto è un elemento chiave della rete aziendale ed è spesso utilizzato da grandi aziende, enti governativi, università e fornitori di servizi.
Gli esperti Cisco segnalano che finora non si sono verificati casi di sfruttamento attivo di nuove vulnerabilità (né exploit resi pubblici), ma si consiglia a tutti gli utenti di installare gli aggiornamenti il prima possibile. Gli utenti dovrebbero aggiornare alla versione 3.3 Patch 6 (ise-apply-CSCwo99449_3.3.0.430_patch4) e alla versione 3.4 Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1) o successive. Non esistono soluzioni alternative per risolvere i problemi senza applicare patch.
E’ ovvio che con vulnerabilità di tale entità , sia necessario procedere con urgenza all’aggiornamento delle patch, al fine di prevenire possibili tentativi di violazione. Il fornitore raccomanda pertanto di effettuare tempestivamente gli aggiornamenti necessari.
L'articolo Cisco centra il bersaglio: 9,8 su 10 per due RCE su Identity Services Engine e Passive Identity Connector proviene da il blog della sicurezza informatica.
Overview
Description
Statistics
- 1 Post
Fediverse

💣 Actively exploited vulnerability gives extraordinary control over server fleets • Ars Technica
「 The vulnerability, carrying a severity rating of 10 out of a possible 10, resides in the AMI MegaRAC, a widely used firmware package that allows large fleets of servers to be remotely accessed and managed even when power is unavailable or the operating system isn't functioning 」
Description
Statistics
- 1 Post
Fediverse

Okay, I spent some time going through some of my MOVEit logs and I think I see at least part of what's going on with the increase in MOVEit scans noted by @greynoise.
One thing I have noticed is a group of GCP hosts performing high volume scans against the MOVEit servers every seven days, but not against adjacent servers or other servers for the same orgs. This kind of makes it look targeted but the scans are generic kitchen sink vuln scans.
I did notice that some of these and other scanners I've seen over the past few months now have a couple requests that appear to be testing for CVE-2023-34362 mixed in to their other requests. It's like they loaded their automated scanners with updated payload lists.
There are a lot of Cloudflare and AWS IPs in the logs, as indicated by GreyNoise in their blog post. There are not a lot of unique Google IPs but I'm seeing a ton of noise from the ones I do see. But only every seven days. The servers I have logs for all block Tencent so I can't confirm the activity from their infrastructure.
I have also put my juicy eyes on every single GET and POST sent to these MOVEit Transfer servers for the past 60 days and I do not see any payloads that appear to be new or novel. That's not to say there isn't anything new going on, but I'm now comfortable with treating MOVEit servers with the same concern as before the GreyNoise blog post as I don't see any indication of impending action. There may be some WAF or rate limit or geolocation filter testing going on that's disguised as generic scans, but I have no evidence to suggest that's the case.
Caveat: I have relatively low visibility into what's going on at scale like GreyNoise does so take this with a grain of salt and if it's of interest, go confirm it yourself. This is intended to be informational, not actionable.
Overview
Description
Statistics
- 1 Post
- 9 Interactions
Fediverse

Woohoo! Another perfect 10 from last week. And this could hit hard. 🥳
https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7
sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUN_USER in the configuration. Allowing attackers to access and alter any users' code hosted on the same instance. This issue has been patched in version 0.13.3.
Overview
Description
Statistics
- 1 Post
- 9 Interactions
Fediverse

Woohoo! Another perfect 10 from last week. And this could hit hard. 🥳
https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7
sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUN_USER in the configuration. Allowing attackers to access and alter any users' code hosted on the same instance. This issue has been patched in version 0.13.3.