24h | 7d | 30d

Overview

  • Google
  • Android

18 Nov 2025
Published
19 Nov 2025
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture

Proof-of-concept for CVE-2025-48593: No, this Android Bluetooth issue does NOT affect your phone or tablet | Worth Doing Badly
worthdoingbadly.com/bluetooth/

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Artifex
  • Ghostscript

22 Sep 2025
Published
03 Nov 2025
Updated

CVSS v3.1
MEDIUM (4.3)
EPSS
0.02%

KEV

Description

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture
New #Ubuntu Security Notice: USN-7904-1 addresses CVE-2025-59798/9 in Ghostscript. The flaw in file writing logic could lead to a service crash (Denial of Service). Read more: 👉 tinyurl.com/47edzrhs #Security
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Linux
  • Linux

24 Apr 2024
Published
04 Nov 2025
Updated

CVSS
Pending
EPSS
0.17%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... add_elem("0000000X") timeout 100 ms del_elem("0000000X") <---------------- delete one that was just added ... add_elem("00005000") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano)

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture
🚨 USN-7907-2 Alert: Critical vuln (CVE-2024-26924) patched in #Ubuntu FIPS kernel. Impacts cryptographic integrity for regulated enterprises. Local exploit -> potential compliance breach. Read more: 👉 tinyurl.com/yz4f32pz #Security
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Pending

04 Dec 2025
Published
04 Dec 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk data, under certain circumstances, Akamai Ghost erroneously forwards the invalid request and subsequent superfluous bytes to the origin server. An attacker could hide a smuggled request in these superfluous bytes. Whether this is exploitable depends on the origin server's behavior and how it processes the invalid request it receives from Akamai Ghost.

Statistics

  • 2 Posts

Last activity: 19 hours ago

Fediverse

Profile picture

Akamai patched CVE-2025-66373: the chunk-size ≠ chunk-data loophole that let smuggled requests ride “extra” bytes straight into origin. “Fixed Nov 17” is corp-speak for “it silently forwarded your traffic for 2 months.”
akamai.com/blog/security/2025/

  • 0
  • 0
  • 1
  • 19h ago

Overview

  • Pending

26 Nov 2025
Published
26 Nov 2025
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture
#Fedora 43 Security Advisory: Critical patch released for Tinyproxy (CVE-2025-63938). An integer overflow vulnerability in this lightweight HTTP/SSL proxy daemon requires immediate attention for network security. Read more: 👉 tinyurl.com/yhw7xnx9 #Security
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Apache Software Foundation
  • Apache Tika PDF parser module
  • org.apache.tika:tika-parser-pdf-module

20 Aug 2025
Published
04 Nov 2025
Updated

CVSS
Pending
EPSS
0.08%

KEV

Description

Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue.

Statistics

  • 1 Post
  • 6 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture

Perfect 10 XXE in Apache Tika tika-core. 🥳

lists.apache.org/thread/s5x3k9

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \n\nThis CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \n\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. \n\nSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \"org.apache.tika:tika-parsers\" module.

cve.org/CVERecord?id=CVE-2025-

  • 2
  • 4
  • 0
  • 1h ago

Overview

  • Apache Software Foundation
  • Apache Tika core
  • org.apache.tika:tika-core

04 Dec 2025
Published
04 Dec 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.

Statistics

  • 1 Post
  • 6 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture

Perfect 10 XXE in Apache Tika tika-core. 🥳

lists.apache.org/thread/s5x3k9

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \n\nThis CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \n\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. \n\nSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \"org.apache.tika:tika-parsers\" module.

cve.org/CVERecord?id=CVE-2025-

  • 2
  • 4
  • 0
  • 1h ago

Overview

  • OpenVPN
  • OpenVPN

03 Dec 2025
Published
03 Dec 2025
Updated

CVSS v4.0
LOW (1.3)
EPSS
0.01%

KEV

Description

Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 19 hours ago

Bluesky

Profile picture
SIOSセキュリティブログを更新しました。 OpenVPNの脆弱性(Critical: CVE-2025-12106, Medium: CVE-2025-13086, Low: CVE-2025-13751) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #openvpn security.sios.jp/vulnerabilit...
  • 1
  • 1
  • 0
  • 19h ago

Overview

  • OpenVPN
  • OpenVPN

01 Dec 2025
Published
01 Dec 2025
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 19 hours ago

Bluesky

Profile picture
SIOSセキュリティブログを更新しました。 OpenVPNの脆弱性(Critical: CVE-2025-12106, Medium: CVE-2025-13086, Low: CVE-2025-13751) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #openvpn security.sios.jp/vulnerabilit...
  • 1
  • 1
  • 0
  • 19h ago

Overview

  • Apple
  • macOS

21 Sep 2023
Published
04 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
21.53%

Description

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture
~Mandiant~ Despite US sanctions, spyware vendor Intellexa remains a prolific user of zero-day exploits to deploy its Predator spyware. - IOCs: CVE-2025-6554, CVE-2023-41993, CVE-2023-41992 - #Intellexa #ThreatIntel #ZeroDay
  • 0
  • 0
  • 0
  • 5h ago
Showing 31 to 40 of 50 CVEs