Overview
- Pulsar Web Design
- Weekly Class Schedule
- weekly-class-schedule
31 Mar 2024
Published
02 Aug 2024
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.06%
KEV
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pulsar Web Design Weekly Class Schedule allows Reflected XSS.This issue affects Weekly Class Schedule: from n/a through 3.19.
Statistics
- 1 Post
Last activity: 10 hours ago
Bluesky
Security Advisory Deep-Dive: CVE-2024-31084 in# GNU Binutils.
The recent patch for a heap-based buffer overflow in objdump underscores the persistent risks in foundational toolchains. Read more: 👉 tinyurl.com/rf9rzsrf #Security #Ubuntu
Overview
- orionsec
- orion-ops
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
0.04%
KEV
Description
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way.
Statistics
- 1 Post
Last activity: 21 hours ago
Fediverse
🛡️ MEDIUM SSRF in orionsec orion-ops (SSH Connection Handler, up to 5925824997a3109651bbde07460958a7be249ed1). Remote exploit possible—no patch from vendor. Restrict access, monitor traffic, validate inputs. CVE-2025-13809. https://radar.offseq.com/threat/cve-2025-13809-server-side-request-forgery-in-orio-708d56f9 #OffSeq #SSRF #Security
Overview
- pytorch
- pytorch
18 Apr 2025
Published
01 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.39%
KEV
Description
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
Statistics
- 1 Post
Last activity: 12 hours ago
Bluesky
Critical vulnerability alert for the# AI community. CVE-2025-32434 allows remote code execution via PyTorch's model loading function. This is severe (9.8 CVSS). Read more: 👉 tinyurl.com/5waykudh #Security #Debian
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
- 2 Interactions
Last activity: 5 hours ago
Fediverse
Android December security bulletin:
https://source.android.com/docs/security/bulletin/2025-12-01
Including:
Note: There are indications that the following may be under limited, targeted exploitation.
- CVE-2025-48633
- CVE-2025-48572
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
- 2 Interactions
Last activity: 5 hours ago
Fediverse
Android December security bulletin:
https://source.android.com/docs/security/bulletin/2025-12-01
Including:
Note: There are indications that the following may be under limited, targeted exploitation.
- CVE-2025-48633
- CVE-2025-48572
Overview
Description
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
Statistics
- 1 Post
Last activity: 15 hours ago
Bluesky
~Sekoia~
Sekoia details a method to automate C2 configuration extraction from the Kaiji IoT botnet malware.
-
IOCs: CVE-2024-7954, CVE-2023-1389
-
#Botnet #Kaiji #Malware #ThreatIntel
Overview
Description
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.
Statistics
- 1 Post
Last activity: 15 hours ago
Bluesky
~Sekoia~
Sekoia details a method to automate C2 configuration extraction from the Kaiji IoT botnet malware.
-
IOCs: CVE-2024-7954, CVE-2023-1389
-
#Botnet #Kaiji #Malware #ThreatIntel
Overview
Description
A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file.
Statistics
- 1 Post
- 2 Interactions
Last activity: 10 hours ago
Fediverse
IDK what Live555 is but if you do, maybe take a look at these:
https://www.cve.org/CVERecord?id=CVE-2025-65404
https://www.cve.org/CVERecord?id=CVE-2025-65405
Overview
Description
A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.
Statistics
- 1 Post
- 2 Interactions
Last activity: 10 hours ago
Fediverse
IDK what Live555 is but if you do, maybe take a look at these:
https://www.cve.org/CVERecord?id=CVE-2025-65404
https://www.cve.org/CVERecord?id=CVE-2025-65405
Overview
Description
A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.
Statistics
- 1 Post
- 2 Interactions
Last activity: 10 hours ago
Fediverse
IDK what Live555 is but if you do, maybe take a look at these:
https://www.cve.org/CVERecord?id=CVE-2025-65404
https://www.cve.org/CVERecord?id=CVE-2025-65405