24h | 7d | 30d

Overview

  • nanomq
  • nanomq

27 Dec 2025
Published
27 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.04%

KEV

Description

NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2.

Statistics

  • 1 Post

Last activity: 23 hours ago

Fediverse

Profile picture

🟠 CVE-2025-59946 - High (7.5)

NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 23h ago

Overview

  • IBM
  • API Connect

26 Dec 2025
Published
26 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.31%

KEV

Description

IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture

🚨 CRITICAL: CVE-2025-13915 in IBM API Connect (10.0.8.0–10.0.8.5, 10.0.11.0) enables remote auth bypass (CWE-305)! No patch yet. Restrict access, monitor logs, and prep for updates. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Duc
  • Duc

05 Dec 2025
Published
05 Dec 2025
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture
🔐 Patch Alert for #openSUSE: CVE-2025-13654, a buffer logic error in the 'duc' utility, has been fixed in version 1.4.6. Affects SLE-15-SP7 Backports. Read more: 👉 tinyurl.com/2ezx4vuw #Security
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • containernetworking
  • plugins

09 Dec 2025
Published
10 Dec 2025
Updated

CVSS v3.1
MEDIUM (6.6)
EPSS
0.01%

KEV

Description

The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus ignoring the destination IP. This includes traffic not intended for the node itself, i.e. traffic to containers hosted on the node. Containers that request HostPort forwarding can intercept all traffic destined for that port. This requires that the portmap plugin be explicitly configured to use the nftables backend. This issue is fixed in version 1.9.0. To workaround, configure the portmap plugin to use the iptables backend. It does not have this vulnerability.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture
New security advisory: #Fedora 43 has released an urgent patch for SingularityCE, addressing CVE-2025-67499. Read more: 👉 tinyurl.com/3cejjy2e #Security
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts

Last activity: 13 hours ago

Bluesky

Profile picture
Technical deep dive: Analyzing CVE-2025-9820 in #GNUTLS's gnutls_pkcs11_token_init. Read more: 👉 tinyurl.com/34z5d5hz #Security #SUSE
  • 0
  • 0
  • 0
  • 14h ago
Profile picture
🚨 SECURITY UPDATE for #openSUSE #SUSE users: Patch GnuTLS now for CVE-2025-9820, a buffer overflow in the PKCS#11 module. Local DoS risk. Read more: 👉 tinyurl.com/55fjtjyn #Security
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Palo Alto Networks
  • PAN-OS

14 May 2025
Published
14 May 2025
Updated

CVSS v4.0
MEDIUM (5.1)
EPSS
5.30%

KEV

Description

A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theft—particularly if you enabled Clientless VPN. There is no availability impact to GlobalProtect features or GlobalProtect users. Attackers cannot use this vulnerability to tamper with or modify contents or configurations of the GlobalProtect portal or gateways. The integrity impact of this vulnerability is limited to enabling an attacker to create phishing and credential-stealing links that appear to be hosted on the GlobalProtect portal. For GlobalProtect users with Clientless VPN enabled, there is a limited impact on confidentiality due to inherent risks of Clientless VPN that facilitate credential theft. You can read more about this risk in the informational bulletin PAN-SA-2025-0005 https://security.paloaltonetworks.com/PAN-SA-2025-0005 https://security.paloaltonetworks.com/PAN-SA-2025-0005 . There is no impact to confidentiality for GlobalProtect users if you did not enable (or you disable) Clientless VPN.

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture
How I Used Shodan to Hack a Major Bank and Discovered CVE-2025-0133 + Video Introduction: A single misconfigured search parameter on a major banking portal served as the gateway for a critical vulnerability. This case study details the discovery of CVE-2025-0133, a reflected Cross-Site Scripting…
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Pending

26 Dec 2025
Published
27 Dec 2025
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture

🟠 CVE-2025-66738 - High (8.8)

An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • M-Files Corporation
  • M-Files Server

19 Dec 2025
Published
19 Dec 2025
Updated

CVSS v4.0
HIGH (8.6)
EPSS
0.05%

KEV

Description

An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users.

Statistics

  • 1 Post

Last activity: 9 hours ago

Fediverse

Profile picture

M-Files has released patches for CVE-2025-13008, an information disclosure vulnerability involving session token exposure between authenticated users.

The issue affects several release branches and could allow impersonation within M-Files Web under specific conditions.

No exploitation has been observed publicly, but the potential impact on document confidentiality is notable.

This reinforces the need for:

• Strong session controls
• Log review for unusual user behavior
• Prompt patch deployment

Follow @technadu for unbiased, technically grounded security updates.

Source : cybersecuritynews.com/m-files-

  • 0
  • 0
  • 0
  • 9h ago
Showing 11 to 18 of 18 CVEs