24h | 7d | 30d

CVE-2025-14307

Overview

  • Robocode Project
  • Robocode
  • robocode
09 Dec 2025
Published
09 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CVE-2025-14307 (CRITICAL, CVSS 9.3): Robocode 1.9.3.6 vulnerable to arbitrary code execution via insecure temp file creation (CWE-377). Restrict temp dir permissions, use sandboxing, and monitor logs. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

CVE-2024-9088

Overview

  • SourceCodester
  • Telecom Billing Management System
22 Sep 2024
Published
23 Sep 2024
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
Pending
KEV

Description

A vulnerability has been found in SourceCodester Telecom Billing Management System 1.0 and classified as critical. This vulnerability affects the function login. The manipulation of the argument uname leads to buffer overflow. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Security Advisory: #OpenSSL CVE-2024-9088 Analysis The OpenSSL Project has disclosed a high-severity vulnerability (CVSS 7.5) in multiple versions of the widely deployed cryptographic library. Read more: 👉 tinyurl.com/mrhrsymx #Security
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-65959

Overview

  • open-webui
  • open-webui
04 Dec 2025
Published
05 Dec 2025
Updated
CVSS v3.1
HIGH (8.7)
EPSS
0.03%
KEV

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as PDF. This vulnerability can be exploited by any authenticated user, and unauthenticated external attackers can steal session tokens from users (both admin and regular users) by sharing specially crafted markdown files. This vulnerability is fixed in 0.6.37.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture
Checkmarx Zero @checkmarxzero.bsky.social
🚨 CVE-2025-65959 | Open WebUI | Stored XSS via Notes PDF Download (High) Malicious SVG/HTML in Markdown notes can execute JavaScript when downloaded as PDF, enabling session token theft. All users are at risk. Affects versions < 0.6.37. buff.ly/EVaSAOB buff.ly/RFK4ZIl
  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-67504

Overview

  • WBCE
  • WBCE_CMS
09 Dec 2025
Published
09 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
Pending
KEV

Description

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🔒 CVE-2025-67504: WBCE CMS <1.6.5 uses weak rand() for password generation, allowing attackers to predict or brute-force credentials. CRITICAL—upgrade to 1.6.5+ now! Monitor for suspicious logins. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

CVE-2025-65964

Overview

  • n8n-io
  • n8n
08 Dec 2025
Published
08 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
Pending
KEV

Description

n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can point to a malicious Git hook that executes arbitrary commands on the n8n host during subsequent Git operations. Exploitation requires the ability to create or modify an n8n workflow using the Git node. This issue is fixed in version 1.119.2. Workarounds include excluding the Git Node (Docs) and avoiding cloning or interacting with untrusted repositories using the Git Node.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-65964: CRITICAL RCE in n8n-io n8n (0.123.1–1.119.1). Exploit via Git node lets attackers run arbitrary code through malicious Git hooks. Upgrade to 1.119.2, disable Git node if needed. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-54988

Overview

  • Apache Software Foundation
  • Apache Tika PDF parser module
  • org.apache.tika:tika-parser-pdf-module
20 Aug 2025
Published
04 Nov 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue.

Statistics

  • 1 Post
Last activity: 4 hours ago

Bluesky

Profile picture
Sami Laiho @samilaiho.com
Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected URL: lists.apache.org/thread/s5x3k... Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 10.0
  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-48633

Overview

  • Google
  • Android
08 Dec 2025
Published
09 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
Last activity: 18 hours ago

Bluesky

Profile picture
HN Link Bot @hnews.southla.social
📰 Google Confirms Android Attacks-No Fix for Most Samsung Users 💬 CVE-2025-48633 is a messy exploit that needs user action to thrive. Concerns about OS updates leave users jittery. 🤔 https://news.ycombinator.com/item?id=46194315
  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-13837

Overview

  • Python Software Foundation
  • CPython
01 Dec 2025
Published
02 Dec 2025
Updated
CVSS v4.0
LOW (2.1)
EPSS
0.02%
KEV

Description

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2025-13837 Out-of-memory when loading Plist scq.ms/4pkcZvR #cybersecurity #SecQube
  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-66481

Overview

  • ThinkInAIXYZ
  • deepchat
09 Dec 2025
Published
09 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.7)
EPSS
Pending
KEV

Description

DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insufficient and can be bypassed using unquoted HTML attributes combined with HTML entity encoding. Remote Code Execution is possible on the victim's machine via the electron.ipcRenderer interface, bypassing the regex filter intended to strip dangerous attributes. There is no fix at time of publication.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2025-66481 affects DeepChat <=0.5.1—XSS via unpatched Mermaid content can lead to RCE through Electron’s ipcRenderer. No fix yet. Disable Mermaid, harden input sanitization, monitor activity. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-6389

Overview

  • Sneeit
  • Sneeit Framework
25 Nov 2025
Published
25 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.34%
KEV

Description

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leveraged to inject backdoors or, for example, create new administrative user accounts.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture
guardian360.bsky.social @guardian360.bsky.social
The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.8), which affects all versions of the plugin prior to and including 8.3. It has been patched in version 8.4, released on August 5, 2025. The plugin has more than 1,700 active installations.
  • 0
  • 0
  • 0
  • 19h ago
Showing 21 to 30 of 64 CVEs