Overview
Description
An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack.
Statistics
- 1 Post
Last activity: 4 hours ago
Fediverse
📰 DeadLock Ransomware Uses Vulnerable Baidu Driver to Blind EDRs
DeadLock ransomware evolves, using a novel BYOVD attack to disable EDRs. 🛡️ The campaign exploits a vulnerable Baidu AV driver (CVE-2024-51324) to gain kernel-level control and kill security processes. #Ransomware #BYOVD #CyberSecurity #DeadLock
Overview
Description
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
Statistics
- 2 Posts
Last activity: 12 hours ago
Fediverse
Overview
- open-webui
- open-webui
04 Dec 2025
Published
08 Dec 2025
Updated
CVSS v3.1
HIGH (8.5)
EPSS
0.04%
KEV
Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints (AWS/GCP/Azure), scan internal networks, access internal services behind firewalls, and exfiltrate sensitive information. No special permissions beyond basic authentication are required. This vulnerability is fixed in 0.6.37.
Statistics
- 1 Post
Last activity: 22 hours ago
Bluesky
Description
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,
Statistics
- 2 Posts
Last activity: 12 hours ago
Fediverse
Overview
Description
pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
Statistics
- 1 Post
Last activity: 17 hours ago
Overview
- WBCE
- WBCE_CMS
09 Dec 2025
Published
09 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.03%
KEV
Description
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5.
Statistics
- 1 Post
Last activity: 16 hours ago
Fediverse
🔒 CVE-2025-67504: WBCE CMS <1.6.5 uses weak rand() for password generation, allowing attackers to predict or brute-force credentials. CRITICAL—upgrade to 1.6.5+ now! Monitor for suspicious logins. https://radar.offseq.com/threat/cve-2025-67504-cwe-331-insufficient-entropy-in-wbc-5bf971f6 #OffSeq #Vuln #WBCECMS #Security
Overview
- Apache Software Foundation
- Apache Tika PDF parser module
- org.apache.tika:tika-parser-pdf-module
20 Aug 2025
Published
04 Nov 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV
Description
Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard.
Users are recommended to upgrade to version 3.2.2, which fixes this issue.
Statistics
- 1 Post
Last activity: 11 hours ago
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
Last activity: 5 hours ago
Overview
Description
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Statistics
- 1 Post
Last activity: 23 hours ago
Bluesky
📢 Vaste campagne d’attaques contre les portails Palo Alto GlobalProtect depuis 7 000+ IP
📝 Selon Cyber Security News, une campagne d’exploitation…
https://cyberveille.ch/posts/2025-12-08-vaste-campagne-dattaques-contre-les-portails-palo-alto-globalprotect-depuis-7-000-ip/ #CVE_2024_3400 #Cyberveille