Overview
- Refirm Labs
- binwalk
- binwalk
25 Jan 2023
Published
16 Dec 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
41.77%
KEV
Description
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins.
This vulnerability is associated with program files src/binwalk/plugins/unpfs.py.
This issue affects binwalk from 2.1.2b through 2.3.3 included.
Statistics
- 1 Post
Last activity: 2 hours ago
Bluesky
CRITICAL: CVE-2022-4510 in binwalk allows RCE via path traversal in PFS extractor. #Debian 11 users must patch NOW (DLA-4410-1). Read more: 👉 tinyurl.com/ymp2jsra #Security
Overview
- Zoom Communications Inc.
- Zoom Rooms
10 Dec 2025
Published
12 Dec 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.03%
KEV
Description
Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access.
Statistics
- 1 Post
Last activity: 16 hours ago
Bluesky
Zoom、「Zoom Rooms」の脆弱性を修正するアップデート(CVE-2025-67460)
rocket-boys.co.jp/security-mea...
#セキュリティ対策Lab #セキュリティ #Security
Overview
- Microsoft
- Windows Server 2025 (Server Core installation)
09 Jul 2024
Published
09 Dec 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
3.75%
KEV
Description
Windows Cryptographic Services Security Feature Bypass Vulnerability
Statistics
- 1 Post
Last activity: 18 hours ago
Bluesky
CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability scq.ms/4iWcoOM #SecQube #MicrosoftSecurity
Overview
Description
Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.
Statistics
- 1 Post
Last activity: 5 hours ago
Bluesky
URGENT: #SUSE Linux patch for CVE-2018-15853 (XKBComp buffer overflow) now available. Critical privilege escalation flaw patched in SU-2025:4407-1. Read more: 👉 tinyurl.com/bdem35au #Security
Overview
- FreePBX
- security-reporting
09 Dec 2025
Published
10 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.09%
KEV
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.
Statistics
- 1 Post
Last activity: 4 hours ago
Fediverse
📰 FreePBX Patches Critical Auth Bypass and RCE Flaws; Update VoIP Platforms Immediately
⚠️ Critical vulnerabilities patched in FreePBX! Flaws including auth bypass (CVE-2025-66039) & SQLi can lead to full RCE on VoIP servers. Update your systems immediately to prevent takeover. 📞 #FreePBX #VoIP #CyberSecurity #Vulnerability
Overview
Description
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
Statistics
- 1 Post
Last activity: 8 hours ago
Bluesky
🔍 Lambda Watchdog detected that CVE-2025-47273 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/295 #AWS #Lambda #Security #CVE #DevOps #SecOps
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 3 Posts
Last activity: 19 hours ago
Fediverse
CISA KEV Catalog has added 2 more vulnerabilities
CVE-2025-14611: Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability
CVSS: 7.1
CVE-2025-43529: Apple Multiple Products Use-After-Free WebKit Vulnerability
Bluesky
CISAが2つの既知の脆弱性をカタログに追加
CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Dec 15)
CVE-2025-14611 Gladinet CentreStack および Triofox のハードコードされた暗号化の脆弱性
CVE-2025-43529 Apple 複数製品における WebKit の解放後使用の脆弱性
www.cisa.gov/news-events/...
悪用される脆弱性を修正するために、Apple デバイスを更新してください。(CVE-2025-14174、CVE-2025-43529)
Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529) #HelpNetSecurity (Dec 15)
www.helpnetsecurity.com/2025/12/15/i...
Overview
- ThinkInAIXYZ
- deepchat
16 Dec 2025
Published
16 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.7)
EPSS
0.15%
KEV
Description
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer to the DOM, this Cross-Site Scripting (XSS) flaw escalates to full Remote Code Execution (RCE), allowing an attacker to execute arbitrary system commands. Two concurrent issues, unsafe Mermaid configuration and an exposed IPC interface, cause this issue. Version 0.5.3 contains a patch.
Statistics
- 1 Post
Last activity: 17 hours ago
Fediverse
CRITICAL: CVE-2025-67744 in ThinkInAIXYZ DeepChat (<0.5.3) allows remote code execution via unsafe Mermaid diagram rendering & exposed Electron IPC. User interaction needed, no auth required. Patch ASAP! https://radar.offseq.com/threat/cve-2025-67744-cwe-94-improper-control-of-generati-e699b3d7 #OffSeq #DeepChat #Vuln #RCE
Overview
- Canonical
- python-apt
- python-apt
05 Dec 2025
Published
15 Dec 2025
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.02%
KEV
Description
NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.
Statistics
- 1 Post
Last activity: 9 hours ago
Bluesky
🚨 CRITICAL: Debian 11 Bullseye users must patch python-apt for CVE-2025-6966 (DoS flaw). Fixed in version 2.2.1.1 via DLA-4408-1 Read more: 👉 tinyurl.com/52wma598 #Security
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
Last activity: 3 hours ago
Bluesky
New cybersecurity bulletin: CVE-2025-11563 affects #SUSE Linux systems via curl path traversal vulnerability. Moderate severity (CVSS 6.5) but requires prompt attention due to curl's ubiquitous deployment. Read more: 👉 tinyurl.com/3c5kd3fk #Security