24h | 7d | 30d

Overview

  • apptainer
  • apptainer

02 Dec 2025
Published
02 Dec 2025
Updated

CVSS v3.1
MEDIUM (4.5)
EPSS
0.02%

KEV

Description

Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor:<profile> and --security=selinux:<label> which otherwise put restrictions on operations that containers can do. The --security option has always been mentioned in Apptainer documentation as being a feature for the root user, although these forms do also work for unprivileged users on systems where the corresponding feature is enabled. Apparmor is enabled by default on Debian-based distributions and SElinux is enabled by default on RHEL-based distributions, but on SUSE it depends on the distribution version. This vulnerability is fixed in 1.4.5.

Statistics

  • 2 Posts

Last activity: 4 hours ago

Bluesky

Profile picture
Critical: #Fedora 42 Apptainer 1.4.5-2 update patches CVE-2025-65105 + fixes broken fuse2fs patches (were empty files in 1.4.4-1). Read more: 👉 tinyurl.com/ymaujzht #Security
  • 0
  • 0
  • 0
  • 4h ago
Profile picture
Critical security maintenance for #Fedora 41. The apptainer package update addresses CVE-2025-65105 and fixes a packaging error that shipped empty patches. Read more: 👉 tinyurl.com/2jep7wjc #Security
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Consilium Safety
  • CS5000 Fire Panel

29 May 2025
Published
30 May 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.06%

KEV

Description

The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access to the panel. Such access could enable an attacker to operate the panel remotely, potentially putting the fire panel into a non-functional state and causing serious safety issues.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture

Why Bother? Regulating Operational Technology Beyond Critical National Infrastructure

cfp.bsides.london/bsides-londo

Oh dear: cve.org/CVERecord?id=CVE-2025-

#BSidesLDN2025 #BSidesLondon

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • F5
  • BIG-IP

05 May 2022
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
94.46%

Description

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding the active exploitation of a vulnerability in Sierra Wireless's Modem Management Service (MMS). This vulnerability, tracked as CVE-2022-1388, can be exploited remotely without authentication.
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Microsoft
  • Windows 10 Version 1809

09 Dec 2025
Published
12 Dec 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.16%

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture
From Zero to Admin: How We Exploited CVE-2025-54100 for a ,000 Microsoft Bounty + Video Introduction: In the high-stakes world of cybersecurity, local privilege escalation (LPE) vulnerabilities represent a critical chokepoint for attackers seeking to dominate a network. The recent disclosure of…
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • vercel
  • next.js

21 Mar 2025
Published
08 Apr 2025
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
92.53%

KEV

Description

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture
I just completed Next.js: CVE-2025-29927 room on TryHackMe. Explore an authorisation bypass vulnerability in Next.js. tryhackme.com/room/nextjsc... #tryhackme
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Pending

12 Dec 2025
Published
12 Dec 2025
Updated

CVSS
Pending
EPSS
0.07%

KEV

Description

Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture

⚠️ CRITICAL: CVE-2025-65854 in MineAdmin v3.x—Insecure scheduled tasks allow arbitrary command execution & possible full account takeover. Audit permissions, restrict access, and monitor logs ASAP. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 20h ago

Overview

  • listingthemes
  • WP Directory Kit

13 Dec 2025
Published
13 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.07%

KEV

Description

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hide_fields' and the 'attr_search' parameter in all versions up to, and including, 1.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Statistics

  • 1 Post

Last activity: 16 hours ago

Fediverse

Profile picture

🚨 CVE-2025-13089: HIGH-severity SQL Injection in WP Directory Kit (all versions). Unauthenticated attackers can leak sensitive DB info via 'hide_fields' & 'attr_search'. Mitigate: disable plugin or use WAF. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

Overview

  • N/A
  • Vuetify
  • vuetify

12 Dec 2025
Published
12 Dec 2025
Updated

CVSS v3.1
HIGH (8.6)
EPSS
0.05%

KEV

Description

The Preset configuration https://v2.vuetifyjs.com/en/features/presets  feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html  due to the internal 'mergeDeep' utility function used to merge options with defaults. Using a specially-crafted, malicious preset can result in polluting all JavaScript objects with arbitrary properties, which can further negatively affect all aspects of the application's behavior. This can lead to a wide range of security issues, including resource exhaustion/denial of service or unauthorized access to data. If the application utilizes Server-Side Rendering (SSR), this vulnerability could affect the whole server process. This issue affects Vuetify versions greater than or equal to 2.2.0-beta.2 and less than 3.0.0-alpha.10. Note: Version 2.x of Vuetify is End-of-Life and will not receive any updates to address this issue. For more information see here https://v2.vuetifyjs.com/en/about/eol/ .

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture
見てる: "Vuetify has a Prototype Pollution vulnerability · CVE-2025-8083 · GitHub Advisory Database" https://github.com/advisories/GHSA-3jp5-5f8r-q2wg
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509

03 Dec 2025
Published
03 Dec 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture
Critical Go sec update for #Mageia 9: MGASA-2025-0326 patches CVE-2025-61727 (DNS constraint bypass in crypto/x509) & CVE-2025-61729 (resource exhaustion DoS). Read more: 👉 tinyurl.com/rztdvndu #Security
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509

02 Dec 2025
Published
03 Dec 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture
Critical Go sec update for #Mageia 9: MGASA-2025-0326 patches CVE-2025-61727 (DNS constraint bypass in crypto/x509) & CVE-2025-61729 (resource exhaustion DoS). Read more: 👉 tinyurl.com/rztdvndu #Security
  • 0
  • 0
  • 0
  • 3h ago
Showing 21 to 30 of 31 CVEs