24h | 7d | 30d

CVE-2025-48593

Overview

  • Google
  • Android
18 Nov 2025
Published
19 Nov 2025
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
Gaurav @gauravssnl

Proof-of-concept for CVE-2025-48593: No, this Android Bluetooth issue does NOT affect your phone or tablet | Worth Doing Badly
worthdoingbadly.com/bluetooth/

  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-59798

Overview

  • Artifex
  • Ghostscript
22 Sep 2025
Published
03 Nov 2025
Updated
CVSS v3.1
MEDIUM (4.3)
EPSS
0.02%
KEV

Description

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.

Statistics

  • 1 Post
Last activity: 18 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
New #Ubuntu Security Notice: USN-7904-1 addresses CVE-2025-59798/9 in Ghostscript. The flaw in file writing logic could lead to a service crash (Denial of Service). Read more: 👉 tinyurl.com/47edzrhs #Security
  • 0
  • 0
  • 0
  • 18h ago

CVE-2024-26924

Overview

  • Linux
  • Linux
24 Apr 2024
Published
04 Nov 2025
Updated
CVSS
Pending
EPSS
0.17%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... add_elem("0000000X") timeout 100 ms del_elem("0000000X") <---------------- delete one that was just added ... add_elem("00005000") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano)

Statistics

  • 1 Post
Last activity: 20 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 USN-7907-2 Alert: Critical vuln (CVE-2024-26924) patched in #Ubuntu FIPS kernel. Impacts cryptographic integrity for regulated enterprises. Local exploit -> potential compliance breach. Read more: 👉 tinyurl.com/yz4f32pz #Security
  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-66373

Overview

  • Pending
04 Dec 2025
Published
04 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk data, under certain circumstances, Akamai Ghost erroneously forwards the invalid request and subsequent superfluous bytes to the origin server. An attacker could hide a smuggled request in these superfluous bytes. Whether this is exploitable depends on the origin server's behavior and how it processes the invalid request it receives from Akamai Ghost.

Statistics

  • 2 Posts
Last activity: 19 hours ago

Fediverse

Profile picture
geeknik @geeknik

Akamai patched CVE-2025-66373: the chunk-size ≠ chunk-data loophole that let smuggled requests ride “extra” bytes straight into origin. “Fixed Nov 17” is corp-speak for “it silently forwarded your traffic for 2 months.”
akamai.com/blog/security/2025/

  • 0
  • 0
  • 1
  • 19h ago

CVE-2025-63938

Overview

  • Pending
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
#Fedora 43 Security Advisory: Critical patch released for Tinyproxy (CVE-2025-63938). An integer overflow vulnerability in this lightweight HTTP/SSL proxy daemon requires immediate attention for network security. Read more: 👉 tinyurl.com/yhw7xnx9 #Security
  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-54988

Overview

  • Apache Software Foundation
  • Apache Tika PDF parser module
  • org.apache.tika:tika-parser-pdf-module
20 Aug 2025
Published
04 Nov 2025
Updated
CVSS
Pending
EPSS
0.08%
KEV

Description

Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue.

Statistics

  • 1 Post
  • 6 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Perfect 10 XXE in Apache Tika tika-core. 🥳

lists.apache.org/thread/s5x3k9

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \n\nThis CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \n\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. \n\nSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \"org.apache.tika:tika-parsers\" module.

cve.org/CVERecord?id=CVE-2025-

  • 2
  • 4
  • 0
  • 1h ago

CVE-2025-66516

Overview

  • Apache Software Foundation
  • Apache Tika core
  • org.apache.tika:tika-core
04 Dec 2025
Published
04 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.

Statistics

  • 1 Post
  • 6 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Perfect 10 XXE in Apache Tika tika-core. 🥳

lists.apache.org/thread/s5x3k9

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \n\nThis CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \n\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. \n\nSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \"org.apache.tika:tika-parsers\" module.

cve.org/CVERecord?id=CVE-2025-

  • 2
  • 4
  • 0
  • 1h ago

CVE-2025-13751

Overview

  • OpenVPN
  • OpenVPN
03 Dec 2025
Published
03 Dec 2025
Updated
CVSS v4.0
LOW (1.3)
EPSS
0.01%
KEV

Description

Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 19 hours ago

Bluesky

Profile picture
OMO @omo.bsky.social
SIOSセキュリティブログを更新しました。 OpenVPNの脆弱性(Critical: CVE-2025-12106, Medium: CVE-2025-13086, Low: CVE-2025-13751) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #openvpn security.sios.jp/vulnerabilit...
  • 1
  • 1
  • 0
  • 19h ago

CVE-2025-12106

Overview

  • OpenVPN
  • OpenVPN
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS
Pending
EPSS
0.06%
KEV

Description

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 19 hours ago

Bluesky

Profile picture
OMO @omo.bsky.social
SIOSセキュリティブログを更新しました。 OpenVPNの脆弱性(Critical: CVE-2025-12106, Medium: CVE-2025-13086, Low: CVE-2025-13751) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #openvpn security.sios.jp/vulnerabilit...
  • 1
  • 1
  • 0
  • 19h ago

CVE-2023-41993

Overview

  • Apple
  • macOS
21 Sep 2023
Published
04 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
21.53%
KEV

Description

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture
piggo @pigondrugs.bsky.social
~Mandiant~ Despite US sanctions, spyware vendor Intellexa remains a prolific user of zero-day exploits to deploy its Predator spyware. - IOCs: CVE-2025-6554, CVE-2023-41993, CVE-2023-41992 - #Intellexa #ThreatIntel #ZeroDay
  • 0
  • 0
  • 0
  • 5h ago
Showing 31 to 40 of 50 CVEs