Overview
- Microsoft
- Azure App Gateway
26 Nov 2025
Published
27 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.09%
KEV
Description
Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network.
Statistics
- 1 Post
Last activity: Last hour
Bluesky
CVE 2025 64657: e il cielo non è più Azure!
Azure Application Gateway e l’elevazione di privilegi di novembre 2025
www.aiutocomputerhelp.it?p=16193
#bug_microsoft #CVE_2025_64657 #cybersicurezza #Microsoft #Vulnerabilità_Azure_Cloud
Overview
- Microsoft
- Windows 11 Version 25H2
11 Nov 2025
Published
26 Nov 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.05%
KEV
Description
Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Statistics
- 1 Post
Last activity: 20 hours ago
Fediverse
🚨 Alleged Sale of Exploit Code for CVE-2025-60709
https://darkwebinformer.com/alleged-sale-of-exploit-code-for-cve-2025-60709/
Overview
- Digital Bazaar
- node-forge
25 Nov 2025
Published
25 Nov 2025
Updated
CVSS
Pending
EPSS
0.07%
KEV
Description
An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.
Statistics
- 1 Post
Last activity: 17 hours ago
Bluesky
☕️ The node-forge toolkit for #JavaScript, which has been widely adopted as a provider for various encryption and digital signature purposes, has a vulnerability in versions through 1.3.1 that can lead to bypassing signature checks (CVE-2025-12816, CVSSv3 8.6). Update to 1.3.2 or newer. 🧵2/5
Overview
- Pulsar Web Design
- Weekly Class Schedule
- weekly-class-schedule
31 Mar 2024
Published
02 Aug 2024
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.06%
KEV
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pulsar Web Design Weekly Class Schedule allows Reflected XSS.This issue affects Weekly Class Schedule: from n/a through 3.19.
Statistics
- 1 Post
Last activity: 20 hours ago
Bluesky
Security Advisory Deep-Dive: CVE-2024-31084 in# GNU Binutils.
The recent patch for a heap-based buffer overflow in objdump underscores the persistent risks in foundational toolchains. Read more: 👉 tinyurl.com/rf9rzsrf #Security #Ubuntu
Overview
- stylemix
- Cost Calculator Builder
02 Dec 2025
Published
02 Dec 2025
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV
Description
The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles() function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths into the orders that are removed, when an administrator deletes them. This can lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability requires the Cost Calculator Builder Pro version to be installed along with the free version in order to be exploitable.
Statistics
- 1 Post
Last activity: 9 hours ago
Fediverse
⚠️ CVE-2025-12529 (HIGH) in stylemix Cost Calculator Builder for WordPress: Arbitrary file deletion via admin order removals can lead to RCE. Affects all versions ≤3.6.3. Audit, restrict, and monitor now! https://radar.offseq.com/threat/cve-2025-12529-cwe-73-external-control-of-file-nam-e14e9285 #OffSeq #WordPress #Vuln #ThreatIntel
Overview
- stellarwp
- Kadence WooCommerce Email Designer
02 Dec 2025
Published
02 Dec 2025
Updated
CVSS v3.1
HIGH (7.2)
EPSS
Pending
KEV
Description
The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Statistics
- 1 Post
Last activity: 7 hours ago
Fediverse
🔍 HIGH severity: CVE-2025-13387 in Kadence WooCommerce Email Designer (≤1.5.17) enables unauthenticated stored XSS via customer name field. Risk of data theft & session hijack. Patch or mitigate now! https://radar.offseq.com/threat/cve-2025-13387-cwe-79-improper-neutralization-of-i-26c42757 #OffSeq #WordPress #XSS #Infosec
Overview
- pytorch
- pytorch
18 Apr 2025
Published
01 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.39%
KEV
Description
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
Statistics
- 1 Post
Last activity: 22 hours ago
Bluesky
Critical vulnerability alert for the# AI community. CVE-2025-32434 allows remote code execution via PyTorch's model loading function. This is severe (9.8 CVSS). Read more: 👉 tinyurl.com/5waykudh #Security #Debian
Overview
- Microsoft
- Windows 11 version 22H2
11 Mar 2025
Published
19 May 2025
Updated
CVSS v3.1
HIGH (7.3)
EPSS
0.16%
KEV
Description
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
Statistics
- 1 Post
- 1 Interaction
Last activity: 3 hours ago
Bluesky
New video out!
Security analyst John Ostrowski show the hands-on process behind discovering CVE-2025-24076 and CVE-2025-24994 described in our recent blog post.
Watch here: youtu.be/YwNcTuHxnAI
#security #pentest #windowsinternals #vulnresearch
Overview
- Microsoft
- Windows 11 version 22H2
11 Mar 2025
Published
19 May 2025
Updated
CVSS v3.1
HIGH (7.3)
EPSS
1.92%
KEV
Description
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
Statistics
- 1 Post
- 1 Interaction
Last activity: 3 hours ago
Bluesky
New video out!
Security analyst John Ostrowski show the hands-on process behind discovering CVE-2025-24076 and CVE-2025-24994 described in our recent blog post.
Watch here: youtu.be/YwNcTuHxnAI
#security #pentest #windowsinternals #vulnresearch
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
- 2 Interactions
Last activity: 2 hours ago
Bluesky
🧠 December Android patch highlights:
🔓 CVE-2025-48633 — data leaks
⚠️ CVE-2025-48572 — privilege escalation
💥 CVE-2025-48631 — critical DoS
💀 Kernel flaws affect isolation
Patch level 2025-12-05 = fully fixed.
Anything older means known exploits remain.
#CVE #AndroidSecurity #Infosec