24h | 7d | 30d

Overview

  • Pending

17 Oct 2025
Published
20 Oct 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture
Just dissected the latest #Ubuntu security advisory. Critical patch for Radare2 (hex editor/reverse engineering tool) is out. Memory leak flaws (CVE-2025-60359-61) can cause DoS. Read more: 👉 tinyurl.com/4kbj6zdj #Security
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture
Zoomに、Highの脆弱性情報 ZSB-25050 が公開されました。 「CVE-2025-67460 : Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure」 CVSSv3: 7.8 → https://www.zoom.com/en/trust/security-bulletin/ZSB-25050/
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Robocode Project
  • Robocode
  • robocode

09 Dec 2025
Published
09 Dec 2025
Updated

CVSS v4.0
CRITICAL (10.0)
EPSS
0.06%

KEV

Description

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture

⚠️ CRITICAL: CVE-2025-14308 in Robocode 1.9.3.6—Integer overflow in Buffer.write() enables unauthenticated remote code execution. No patch yet—immediate isolation & runtime protections advised! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • n8n-io
  • n8n

08 Dec 2025
Published
09 Dec 2025
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
0.04%

KEV

Description

n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can point to a malicious Git hook that executes arbitrary commands on the n8n host during subsequent Git operations. Exploitation requires the ability to create or modify an n8n workflow using the Git node. This issue is fixed in version 1.119.2. Workarounds include excluding the Git Node (Docs) and avoiding cloning or interacting with untrusted repositories using the Git Node.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture

🚨 CVE-2025-65964: CRITICAL RCE in n8n-io n8n (0.123.1–1.119.1). Exploit via Git node lets attackers run arbitrary code through malicious Git hooks. Upgrade to 1.119.2, disable Git node if needed. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509

02 Dec 2025
Published
03 Dec 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509 scq.ms/3KrNee1 #cybersecurity #SecQube
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Microsoft
  • GitHub Copilot Plugin for JetBrains IDEs

09 Dec 2025
Published
09 Dec 2025
Updated

CVSS v3.1
HIGH (8.4)
EPSS
Pending

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 4 hours ago

Fediverse

Profile picture

Here are the publicly disclosed ones.

Command injection in GitHub Copilot for JetBrains:

msrc.microsoft.com/update-guid

an command injection in PowerShell:

msrc.microsoft.com/update-guid

  • 0
  • 2
  • 0
  • 4h ago

Overview

  • Microsoft
  • Microsoft Office LTSC 2024

09 Dec 2025
Published
09 Dec 2025
Updated

CVSS v3.1
HIGH (8.4)
EPSS
Pending

KEV

Description

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 4 hours ago

Overview

  • Microsoft
  • Microsoft Office LTSC 2024

09 Dec 2025
Published
09 Dec 2025
Updated

CVSS v3.1
HIGH (8.4)
EPSS
Pending

KEV

Description

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 4 hours ago

Overview

  • RARLAB
  • WinRAR

21 Jun 2025
Published
09 Dec 2025
Updated

CVSS v3.0
HIGH (7.8)
EPSS
0.49%

Description

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture
~Cisa~ CISA adds actively exploited WinRAR (CVE-2025-6218) and Windows (CVE-2025-62221) vulnerabilities to its KEV catalog, requiring federal remediation. - IOCs: CVE-2025-6218, CVE-2025-62221 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Atlassian
  • Confluence Data Center

31 Oct 2023
Published
21 Oct 2025
Updated

CVSS v3.0
CRITICAL (10.0)
EPSS
94.38%

Description

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability.  Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture
彼らは以前から、F5 BIG-IP(CVE-2023-46747)やAtlassian Confluence(CVE-2023-22518)などの重大N-dayを公開から数日以内に軍事速度で悪用することで知られる初期侵入ブローカー(IAB)です。 今回も同様に、脆弱性公開後ほぼ即時に攻撃オペレーションが展開されています。
  • 0
  • 0
  • 0
  • 15h ago
Showing 31 to 40 of 87 CVEs