24h | 7d | 30d

CVE-2024-5243

Overview

  • TP-Link
  • Omada ER605
23 May 2024
Published
01 Aug 2024
Updated
CVSS v3.0
HIGH (7.5)
EPSS
1.74%
KEV

Description

TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DNS names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22523.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
buherator @buherator
[RSS] TP-Link ER605 DDNS Pre-Auth RCE: Chaining CVE-2024-5242, CVE-2024-5243, CVE-2024-5244

https://www.oobs.io/posts/er605-1day-exploit/
  • 2
  • 1
  • 0
  • 3h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
[RSS] TP-Link ER605 DDNS Pre-Auth RCE: Chaining CVE-2024-5242, CVE-2024-5243, CVE-2024-5244 www.oobs.io -> Original->
  • 0
  • 0
  • 0
  • 3h ago

CVE-2024-5244

Overview

  • TP-Link
  • Omada ER605
23 May 2024
Published
01 Aug 2024
Updated
CVSS v3.0
MEDIUM (5.0)
EPSS
0.08%
KEV

Description

TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the cmxddnsd executable. The issue results from reliance on obscurity to secure network data. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22439.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
buherator @buherator
[RSS] TP-Link ER605 DDNS Pre-Auth RCE: Chaining CVE-2024-5242, CVE-2024-5243, CVE-2024-5244

https://www.oobs.io/posts/er605-1day-exploit/
  • 2
  • 1
  • 0
  • 3h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
[RSS] TP-Link ER605 DDNS Pre-Auth RCE: Chaining CVE-2024-5242, CVE-2024-5243, CVE-2024-5244 www.oobs.io -> Original->
  • 0
  • 0
  • 0
  • 3h ago

CVE-2024-5242

Overview

  • TP-Link
  • Omada ER605
23 May 2024
Published
01 Aug 2024
Updated
CVSS v3.0
HIGH (7.5)
EPSS
1.74%
KEV

Description

TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DDNS error codes. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22522.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
buherator @buherator
[RSS] TP-Link ER605 DDNS Pre-Auth RCE: Chaining CVE-2024-5242, CVE-2024-5243, CVE-2024-5244

https://www.oobs.io/posts/er605-1day-exploit/
  • 2
  • 1
  • 0
  • 3h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
[RSS] TP-Link ER605 DDNS Pre-Auth RCE: Chaining CVE-2024-5242, CVE-2024-5243, CVE-2024-5244 www.oobs.io -> Original->
  • 0
  • 0
  • 0
  • 3h ago

CVE-2018-19333

Overview

  • Pending
17 Nov 2018
Published
05 Aug 2024
Updated
CVSS
Pending
EPSS
0.17%
KEV

Description

pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 23 hours ago

Fediverse

Profile picture fallback
alip @alip

To compare #sydbox and #gvisor, take 2 CVEs: CVE-2018-19333, gvisor proc2proc arbitrary-memory-write which wasn't classified as sandbox break. Vuln is there because gvisor uses the seccomp-trap API to run all in a single process ignoring ASLR.. CVE-2024-42318 aka Houdini is a #landlock break where a keyrings(7) call would unlock the sandbox. Syd wasn't affected: 1. keyrings is def disabled 2. open call happens in a syd emulator thread confined by same landlock sandbox. #exherbo #linux #security

  • 1
  • 1
  • 0
  • 23h ago

CVE-2024-42318

Overview

  • Linux
  • Linux
17 Aug 2024
Published
03 Nov 2025
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on cred_transfer When a process' cred struct is replaced, this _almost_ always invokes the cred_prepare LSM hook; but in one special case (when KEYCTL_SESSION_TO_PARENT updates the parent's credentials), the cred_transfer LSM hook is used instead. Landlock only implements the cred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes all information on Landlock restrictions to be lost. This basically means that a process with the ability to use the fork() and keyctl() syscalls can get rid of all Landlock restrictions on itself. Fix it by adding a cred_transfer hook that does the same thing as the existing cred_prepare hook. (Implemented by having hook_cred_prepare() call hook_cred_transfer() so that the two functions are less likely to accidentally diverge in the future.)

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 23 hours ago

Fediverse

Profile picture fallback
alip @alip

To compare #sydbox and #gvisor, take 2 CVEs: CVE-2018-19333, gvisor proc2proc arbitrary-memory-write which wasn't classified as sandbox break. Vuln is there because gvisor uses the seccomp-trap API to run all in a single process ignoring ASLR.. CVE-2024-42318 aka Houdini is a #landlock break where a keyrings(7) call would unlock the sandbox. Syd wasn't affected: 1. keyrings is def disabled 2. open call happens in a syd emulator thread confined by same landlock sandbox. #exherbo #linux #security

  • 1
  • 1
  • 0
  • 23h ago

CVE-2026-21858

Overview

  • n8n-io
  • n8n
07 Jan 2026
Published
12 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
5.37%
KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
n8nで複数の重大な脆弱性、大規模スキャンも観測(CVE-2026-25049,CVE-2026-21858) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-68613

Overview

  • n8n-io
  • n8n
19 Dec 2025
Published
22 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
71.72%
KEV

Description

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
guardian360.bsky.social @guardian360.bsky.social
The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that was patched by n8n in December 2025. thehackernews.com/2026/02/cr...
  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-11953

Overview

  • @react-native-community/cli-server-api
03 Nov 2025
Published
06 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
15.61%
KEV

Description

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA added two actively exploited vulnerabilities, CVE-2025-11953 (React Native) and CVE-2026-24423 (SmarterMail), to its KEV catalog. - IOCs: CVE-2025-11953, CVE-2026-24423 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-6978

Overview

  • Arista Networks
  • Arista Edge Threat Management - Arista Next Generation Firewall
23 Oct 2025
Published
23 Oct 2025
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.24%
KEV

Description

Diagnostics command injection vulnerability

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture fallback
DragonJAR @dragonjar

En las últimas 24 horas, se detectaron técnicas avanzadas de smuggling de imágenes en LLMs, ataques man-in-the-middle con el framework chino DKnife, fallas críticas en firewalls Arista, campañas de espionaje APT28 usando vulnerabilidades en la nube, y vulnerabilidades en n8n, Windows y routers TP-Link que exigen parches urgentes para proteger redes e infraestructuras. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 06/02/26 📆 |====

🔍 SMUGGLING DE IMÁGENES PÍXEL A PÍXEL EN LLMS

Chema Alonso comparte un análisis detallado sobre técnicas avanzadas para ocultar imágenes dentro de modelos de lenguaje grande (LLMs). Esta innovadora forma de smuggling puede ser utilizada para evadir detección y comprometer sistemas mediante transferencia encubierta de datos. Entender estas amenazas es clave para fortalecer la seguridad en entornos con IA. Descubre cómo protegete frente a este riesgo emergente 👉 djar.co/3gi55N

🛡️ DISPOSITIVO DE VIGILANCIA Y FRAMEWORK AITM CON ORIGEN CHINO

Cisco Talos ha identificado "DKnife", un sofisticado framework de ataques man-in-the-middle (AitM) que compromete gateways mediante implantes en Linux. Esta herramienta permite vigilancia y manipulación avanzada del tráfico en redes, especialmente en infraestructuras críticas. Conocer su funcionamiento es vital para anticiparse a posibles brechas en sistemas corporativos y gubernamentales. Profundiza en este hallazgo y cómo proteger tus redes 👉 djar.co/l5Tg

⚠️ INICIATIVA ZERO DAY — CVE-2025-6978: EJECUCIÓN ARBITRARIA DE CÓDIGO EN ARISTA NG FIREWALL

Se reporta una grave vulnerabilidad en los firewalls Arista NG que permitía la ejecución remota de código, poniendo en riesgo la integridad de las redes protegidas. Aunque ya fue parcheada, esta falla subraya la importancia de mantener los sistemas actualizados y monitorizar posibles exploits en infraestructuras críticas. Infórmate sobre esta vulnerabilidad y las mejores prácticas de mitigación 👉 djar.co/nnTY

🕵️‍♂️ CAMPAÑA DE ESPIONAJE CON MÚLTIPLES FASES USANDO CVE‑2026‑21509 Y INFRAESTRUCTURA EN LA NUBE

El grupo ruso APT28 lanzó una campaña avanzada de espionaje dirigida a objetivos militares y gubernamentales en Europa y regiones cercanas. Aprovechan la vulnerabilidad CVE-2026-21509 y despliegan infraestructura en la nube para ocultar sus operaciones. Conocer estas tácticas permite a las organizaciones fortalecer sus defensas proactivamente contra amenazas sofisticadas. Analiza esta campaña y cómo detectar actividades maliciosas 👉 djar.co/7dI7V

🚨 VULNERABILIDAD CVE-2026-25049 EN N8N PERMITE EJECUCIÓN REMOTA DE CÓDIGO

Investigadores de Endor Labs detectaron una falla crítica en la plataforma de automatización n8n que posibilita a usuarios sin autenticación ejecutar código remotamente. Esto representa un riesgo significativo para flujos de trabajo automatizados en entornos corporativos. Revisar y aplicar los parches correspondientes es indispensable para evitar compromisos. Aprende más sobre esta vulnerabilidad y cómo proteger tu plataforma 👉 djar.co/bfoqak

🔎 VULNERABILIDADES EN LA SEGURIDAD WINDOWS PARA ANÁLISIS DE INCIDENTES

Un análisis detallado destaca cómo la configuración y las herramientas de Windows impactan en el análisis efectivo de incidentes de seguridad. Entender estas vulnerabilidades es fundamental para optimizar la respuesta y mitigación ante ataques, mejorando la postura defensiva de la organización. Explora estrategias clave para reforzar la seguridad en sistemas Windows 👉 djar.co/hLyM4A

📡 VULNERABILIDADES MÚLTIPLES EN DISPOSITIVOS TP-LINK QUE PERMITEN CONTROL ADMINISTRADOR

Se han reportado varias fallas críticas de inyección de comandos en los routers Wi-Fi TP-Link Archer BE230, que podrían permitir a atacantes remotos obtener acceso con privilegios administrativos. Esta amenaza compromete la privacidad y la integridad de las redes domésticas y empresariales. Es crucial actualizar el firmware y aplicar medidas de seguridad recomendadas. Conoce las vulnerabilidades y cómo proteger tus dispositivos TP-Link 👉 djar.co/oSjus0

  • 1
  • 1
  • 0
  • 9h ago
Showing 31 to 39 of 39 CVEs