Overview
- Go standard library
- crypto/x509
- crypto/x509
02 Dec 2025
Published
03 Dec 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV
Description
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
Statistics
- 1 Post
Last activity: 4 hours ago
Bluesky
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509 scq.ms/3KrNee1 #cybersecurity #SecQube
Overview
- open-webui
- open-webui
04 Dec 2025
Published
08 Dec 2025
Updated
CVSS v3.1
HIGH (8.5)
EPSS
0.04%
KEV
Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints (AWS/GCP/Azure), scan internal networks, access internal services behind firewalls, and exfiltrate sensitive information. No special permissions beyond basic authentication are required. This vulnerability is fixed in 0.6.37.
Statistics
- 1 Post
Last activity: 16 hours ago
Bluesky
🚨 CVE-2025-65958 | Open WebUI | Authenticated SSRF (High)
Authenticated users can force the server to send HTTP requests to arbitrary URLs, enabling internal network scanning and access to internal services. Affects versions < 0.6.37.
Patch: Upgrade to v0.6.37
buff.ly/1dg6IHi
buff.ly/Yewlmqu
Overview
Description
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Statistics
- 1 Post
Last activity: 7 hours ago
Bluesky
彼らは以前から、F5 BIG-IP(CVE-2023-46747)やAtlassian Confluence(CVE-2023-22518)などの重大N-dayを公開から数日以内に軍事速度で悪用することで知られる初期侵入ブローカー(IAB)です。
今回も同様に、脆弱性公開後ほぼ即時に攻撃オペレーションが展開されています。
Overview
Description
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Statistics
- 1 Post
Last activity: 7 hours ago
Bluesky
彼らは以前から、F5 BIG-IP(CVE-2023-46747)やAtlassian Confluence(CVE-2023-22518)などの重大N-dayを公開から数日以内に軍事速度で悪用することで知られる初期侵入ブローカー(IAB)です。
今回も同様に、脆弱性公開後ほぼ即時に攻撃オペレーションが展開されています。
Overview
- Splunk
- Splunk Enterprise
03 Dec 2025
Published
04 Dec 2025
Updated
CVSS v3.1
HIGH (8.0)
EPSS
0.02%
KEV
Description
In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.
Statistics
- 1 Post
Last activity: 9 hours ago
Bluesky
Splunk Windows版に高リスクの脆弱性(CVE-2025-20386,CVE-2025-20387) EnterpriseとUniversal Forwarderの両方が対象に
rocket-boys.co.jp/security-mea...
#セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
Overview
Description
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Statistics
- 1 Post
Last activity: 21 hours ago
Bluesky
中国拠点のハッキンググループLinen Typhoon、Violet Typhoon、Storm-2603が、Microsoft SharePointの脆弱性CVE-2025-49704とCVE-2025-49706を悪用するToolShellキャンペーンを展開していた。3グループはほぼ同時期に同じ脆弱性を悪用。 therecord.media/three-hackin...
Overview
- Splunk
- Splunk Enterprise
03 Dec 2025
Published
04 Dec 2025
Updated
CVSS v3.1
HIGH (8.0)
EPSS
0.02%
KEV
Description
In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.
Statistics
- 1 Post
Last activity: 9 hours ago
Bluesky
Splunk Windows版に高リスクの脆弱性(CVE-2025-20386,CVE-2025-20387) EnterpriseとUniversal Forwarderの両方が対象に
rocket-boys.co.jp/security-mea...
#セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
Overview
- mervinpraison
- Featured Image
11 Nov 2025
Published
12 Nov 2025
Updated
CVSS v3.1
MEDIUM (4.4)
EPSS
0.03%
KEV
Description
The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Statistics
- 1 Post
Last activity: 1 hour ago
Fediverse
🚨 MAJOR DISCOVERY: 7 WordPress Plugin Vulnerabilities, ZERO False Positives!
Our AI security research agent just uncovered 7 verified stored XSS flaws in WordPress plugins — missed by traditional tools!
Key Vulnerabilities Found:
✅ Double the Donation plugin (CVE-2025-12020) - CVSS 4.9
✅ YouTube Subscribe plugin (CVE-2025-12025) - CVSS 4.4
✅ Featured Image plugin (CVE-2025-12019) - CVSS 4.4
✅ 4 more similar vulnerabilities in other plugins
Automated PoC verification = 100% actionable results for security teams 🛡️
🔗 Full technical report: https://tinyurl.com/ms8678jc
Overview
- kanwei_doublethedonation
- Double the Donation – A workplace giving tool
11 Nov 2025
Published
12 Nov 2025
Updated
CVSS v3.1
MEDIUM (4.9)
EPSS
0.03%
KEV
Description
The Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Statistics
- 1 Post
Last activity: 1 hour ago
Fediverse
🚨 MAJOR DISCOVERY: 7 WordPress Plugin Vulnerabilities, ZERO False Positives!
Our AI security research agent just uncovered 7 verified stored XSS flaws in WordPress plugins — missed by traditional tools!
Key Vulnerabilities Found:
✅ Double the Donation plugin (CVE-2025-12020) - CVSS 4.9
✅ YouTube Subscribe plugin (CVE-2025-12025) - CVSS 4.4
✅ Featured Image plugin (CVE-2025-12019) - CVSS 4.4
✅ 4 more similar vulnerabilities in other plugins
Automated PoC verification = 100% actionable results for security teams 🛡️
🔗 Full technical report: https://tinyurl.com/ms8678jc
Overview
- mahabubs
- YouTube Subscribe
25 Nov 2025
Published
25 Nov 2025
Updated
CVSS v3.1
MEDIUM (4.4)
EPSS
0.03%
KEV
Description
The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Statistics
- 1 Post
Last activity: 1 hour ago
Fediverse
🚨 MAJOR DISCOVERY: 7 WordPress Plugin Vulnerabilities, ZERO False Positives!
Our AI security research agent just uncovered 7 verified stored XSS flaws in WordPress plugins — missed by traditional tools!
Key Vulnerabilities Found:
✅ Double the Donation plugin (CVE-2025-12020) - CVSS 4.9
✅ YouTube Subscribe plugin (CVE-2025-12025) - CVSS 4.4
✅ Featured Image plugin (CVE-2025-12019) - CVSS 4.4
✅ 4 more similar vulnerabilities in other plugins
Automated PoC verification = 100% actionable results for security teams 🛡️
🔗 Full technical report: https://tinyurl.com/ms8678jc