Overview
- ShaneIsrael
- fireshare
Description
Statistics
- 1 Post
Fediverse
🔥 CRITICAL: CVE-2025-67728 in ShaneIsrael fireshare (<1.3.0) enables RCE via crafted file uploads—no auth needed if Public Uploads is on. Patch to 1.3.0+ now & disable Public Uploads! https://radar.offseq.com/threat/cve-2025-67728-cwe-77-improper-neutralization-of-s-a1dfe2f1 #OffSeq #Vulnerability #RCE #fireshare
Overview
- sh1zen
- Multi Uploader for Gravity Forms
Description
Statistics
- 1 Post
Fediverse
🚨 CRITICAL (CVSS 9.8): Path traversal in sh1zen Multi Uploader for Gravity Forms (all versions) lets unauthenticated attackers delete files on WordPress servers. Audit, disable, or remove plugin now. CVE-2025-14344 https://radar.offseq.com/threat/cve-2025-14344-cwe-22-improper-limitation-of-a-pat-561e2c4d #OffSeq #WordPress #CVE202514344
Overview
Description
Statistics
- 2 Posts
Fediverse
🚨 New plugin: GeoserverXxePlugin (CVE-2025-58360).
GeoServer XXE vulnerability detection - XML External Entity injection in WMS GetMap operation, added to CISA KEV catalog.
Results: https://leakix.net/search?q=%2Bplugin%3AGeoserverXxePlugin&scope=leak
Overview
- recorp
- Export WP Pages to HTML & PDF – Simply Create a Static Website
Description
Statistics
- 1 Post
Fediverse
🚨 CVE-2025-11693 (CRITICAL, CVSS 9.8): recorp Export WP Pages to HTML & PDF plugin exposes admin cookies via cookies.txt — risk of WordPress site takeover. Disable plugin & secure backups. No patch yet. https://radar.offseq.com/threat/cve-2025-11693-cwe-200-exposure-of-sensitive-infor-d010e42a #OffSeq #WordPress #Vuln #Infosec
Overview
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Fediverse
https://www.docker.com/blog/security-that-strengthens-the-ecosystem-dockers-upstream-approach-to-cve-2025-12735/ - #Docker hardened #images fix #vulnerabilities FAST! I love they're contributing to upstream too.
Overview
Description
Statistics
- 1 Post
Overview
- Grassroots
- DICOM (GDCM)
Description
Statistics
- 1 Post
Fediverse
I have identified an out-of-bounds write vulnerability affecting the Grassroots DICOM library versions 3.0.24 and prior. Parsing a malformed DICOM image triggers out-of-bound memory access resulting in a segfault. Software utlizing GDCM for DICOM parsing is affected. GDCM, SimpleITK, and medInria have released patches.
CVE-2025-11266
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-345-01
Overview
Description
Statistics
- 1 Post
Fediverse
If you needed a reason to update your Mac to 26.2 sooner rather than later:
App Store
Available for: macOS Tahoe
Impact: An app may be able to access sensitive payment tokens
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-46288: floeki, Zhongcheng Li from IES Red Team of ByteDance
Source: https://support.apple.com/en-us/125886
(In case you're wondering, yes this CVE does impact iPad and and iPhone as well.)
Overview
- FreePBX
- security-reporting
Description
Statistics
- 2 Posts