24h | 7d | 30d

Overview

  • Refirm Labs
  • binwalk
  • binwalk

25 Jan 2023
Published
16 Dec 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
41.77%

KEV

Description

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture
CRITICAL: CVE-2022-4510 in binwalk allows RCE via path traversal in PFS extractor. #Debian 11 users must patch NOW (DLA-4410-1). Read more: 👉 tinyurl.com/ymp2jsra #Security
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Zoom Communications Inc.
  • Zoom Rooms

10 Dec 2025
Published
12 Dec 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.03%

KEV

Description

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture
Zoom、「Zoom Rooms」の脆弱性を修正するアップデート(CVE-2025-67460) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Microsoft
  • Windows Server 2025 (Server Core installation)

09 Jul 2024
Published
09 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
3.75%

KEV

Description

Windows Cryptographic Services Security Feature Bypass Vulnerability

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture
CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability scq.ms/4iWcoOM #SecQube #MicrosoftSecurity
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Pending

25 Aug 2018
Published
05 Aug 2024
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture
URGENT: #SUSE Linux patch for CVE-2018-15853 (XKBComp buffer overflow) now available. Critical privilege escalation flaw patched in SU-2025:4407-1. Read more: 👉 tinyurl.com/bdem35au #Security
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • FreePBX
  • security-reporting

09 Dec 2025
Published
10 Dec 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.09%

KEV

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture

📰 FreePBX Patches Critical Auth Bypass and RCE Flaws; Update VoIP Platforms Immediately

⚠️ Critical vulnerabilities patched in FreePBX! Flaws including auth bypass (CVE-2025-66039) & SQLi can lead to full RCE on VoIP servers. Update your systems immediately to prevent takeover. 📞 #FreePBX #VoIP #CyberSecurity #Vulnerability

🔗 cyber.netsecops.io/articles/cr

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • pypa
  • setuptools

17 May 2025
Published
28 May 2025
Updated

CVSS v4.0
HIGH (7.7)
EPSS
0.10%

KEV

Description

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture
🔍 Lambda Watchdog detected that CVE-2025-47273 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/295 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 3 Posts

Last activity: 19 hours ago

Fediverse

Profile picture

CISA KEV Catalog has added 2 more vulnerabilities

CVE-2025-14611: Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability

CVSS: 7.1

CVE-2025-43529: Apple Multiple Products Use-After-Free WebKit Vulnerability

darkwebinformer.com/cisa-kev-c

  • 0
  • 0
  • 0
  • 22h ago

Bluesky

Profile picture
CISAが2つの既知の脆弱性をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Dec 15) CVE-2025-14611 Gladinet CentreStack および Triofox のハードコードされた暗号化の脆弱性 CVE-2025-43529 Apple 複数製品における WebKit の解放後使用の脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 19h ago
Profile picture
悪用される脆弱性を修正するために、Apple デバイスを更新してください。(CVE-2025-14174、CVE-2025-43529) Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529) #HelpNetSecurity (Dec 15) www.helpnetsecurity.com/2025/12/15/i...
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • ThinkInAIXYZ
  • deepchat

16 Dec 2025
Published
16 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.7)
EPSS
0.15%

KEV

Description

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer to the DOM, this Cross-Site Scripting (XSS) flaw escalates to full Remote Code Execution (RCE), allowing an attacker to execute arbitrary system commands. Two concurrent issues, unsafe Mermaid configuration and an exposed IPC interface, cause this issue. Version 0.5.3 contains a patch.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture

CRITICAL: CVE-2025-67744 in ThinkInAIXYZ DeepChat (<0.5.3) allows remote code execution via unsafe Mermaid diagram rendering & exposed Electron IPC. User interaction needed, no auth required. Patch ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Canonical
  • python-apt
  • python-apt

05 Dec 2025
Published
15 Dec 2025
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.02%

KEV

Description

NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture
🚨 CRITICAL: Debian 11 Bullseye users must patch python-apt for CVE-2025-6966 (DoS flaw). Fixed in version 2.2.1.1 via DLA-4408-1 Read more: 👉 tinyurl.com/52wma598 #Security
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture
New cybersecurity bulletin: CVE-2025-11563 affects #SUSE Linux systems via curl path traversal vulnerability. Moderate severity (CVSS 6.5) but requires prompt attention due to curl's ubiquitous deployment. Read more: 👉 tinyurl.com/3c5kd3fk #Security
  • 0
  • 0
  • 0
  • 3h ago
Showing 21 to 30 of 73 CVEs