24h | 7d | 30d

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 4 Interactions

Last activity: 5 hours ago

Fediverse

Profile picture

🍃 Spring Security and Spring Framework have released joint fixes for CVE-2025-41248 and CVE-2025-41249.

Please upgrade your Spring Security and Spring Framework dependencies accordingly.

spring.io/blog/2025/09/15/spri

  • 2
  • 2
  • 0
  • 5h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 4 Interactions

Last activity: 5 hours ago

Fediverse

Profile picture

🍃 Spring Security and Spring Framework have released joint fixes for CVE-2025-41248 and CVE-2025-41249.

Please upgrade your Spring Security and Spring Framework dependencies accordingly.

spring.io/blog/2025/09/15/spri

  • 2
  • 2
  • 0
  • 5h ago

Overview

  • Google
  • Android

04 Sep 2025
Published
06 Sep 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 5 hours ago

Fediverse

Profile picture

Falls ein Sams mit Android 13, 14, 15 und 16 im eigenen Bestand sein sollte: Unbedingt nachsehen, ob das Sicherheitsupdate bereits verfügbar ist. Dieses schließt die kritische Sicherheitslücke CVE-2025-48539, CVE-2025-27034, die bereits angegriffen wird. Eher nicht so optimal: Noch nicht alle Geräte, sondern nur "ausgewählte" haben das Update zur Verfügung...
security.samsungmobile.com/sec
#Samsung #infosec #BeDiS

  • 2
  • 0
  • 0
  • 5h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 5 hours ago

Fediverse

Profile picture

Falls ein Sams mit Android 13, 14, 15 und 16 im eigenen Bestand sein sollte: Unbedingt nachsehen, ob das Sicherheitsupdate bereits verfügbar ist. Dieses schließt die kritische Sicherheitslücke CVE-2025-48539, CVE-2025-27034, die bereits angegriffen wird. Eher nicht so optimal: Noch nicht alle Geräte, sondern nur "ausgewählte" haben das Update zur Verfügung...
security.samsungmobile.com/sec
#Samsung #infosec #BeDiS

  • 2
  • 0
  • 0
  • 5h ago

Overview

  • Qix-
  • node-error-ex

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v4.0
HIGH (8.8)
EPSS
Pending

KEV

Description

error-ex allows error subclassing and stack customization. On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct <script> inclusion, or via a bundling tool such as Babel, Rollup, Vite, Next.js, etc.) there is a chance the malware still exists and such bundles will need to be rebuilt. The malware seemingly only targets cryptocurrency transactions and wallets such as MetaMask. npm removed the offending package from the registry over the course of the day on 8 September, preventing further downloads from npm proper. On 13 September, the package owner published new patch versions to help cache-bust those using private registries who might still have the compromised version cached. Users should update to the latest patch version, completely remove their node_modules directory, clean their package manager's global cache, and rebuild any browser bundles from scratch. Those operating private registries or registry mirrors should purge the offending versions from any caches. This issue is resolved in 1.3.4.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 4 hours ago

Overview

  • Qix-
  • node-is-arrayish

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v4.0
HIGH (8.8)
EPSS
Pending

KEV

Description

is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct <script> inclusion, or via a bundling tool such as Babel, Rollup, Vite, Next.js, etc.) there is a chance the malware still exists and such bundles will need to be rebuilt. The malware seemingly only targets cryptocurrency transactions and wallets such as MetaMask. See references below for more information on the payload. npm removed the offending package from the registry over the course of the day on 8 September, preventing further downloads from npm proper. On 13 September, the package owner published new patch versions to help cache-bust those using private registries who might still have the compromised version cached. Users should update to the latest patch version, completely remove their node_modules directory, clean their package manager's global cache, and rebuild any browser bundles from scratch. Those operating private registries or registry mirrors should purge the offending versions from any caches. This issue is resolved in 0.3.4.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 4 hours ago

Overview

  • Cisco
  • Cisco IOS XE Software

16 Oct 2023
Published
30 Jul 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
94.09%

Description

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture
1️⃣ Don’t wait for 0-days. Patch known CVEs CVE-2024-3400 and CVE-2023-20198 were publicly disclosed and actively exploited, yet they remained unpatched. 💥 That’s not a zero-day problem. 💥 It’s a zero-discipline problem. Set patching SLAs and enforce post-remediation scans.
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Digiever
  • DS-1200

12 Sep 2025
Published
15 Sep 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.29%

KEV

Description

Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture
Digiever NVR Flaws (CVE-2025-10264, CVE-2025-10265) Let Hackers Steal Credentials & Take Control
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Palo Alto Networks
  • PAN-OS

12 Apr 2024
Published
30 Jul 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
94.33%

Description

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture
1️⃣ Don’t wait for 0-days. Patch known CVEs CVE-2024-3400 and CVE-2023-20198 were publicly disclosed and actively exploited, yet they remained unpatched. 💥 That’s not a zero-day problem. 💥 It’s a zero-discipline problem. Set patching SLAs and enforce post-remediation scans.
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Digiever
  • DS-1200

12 Sep 2025
Published
12 Sep 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.04%

KEV

Description

Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture
Digiever NVR Flaws (CVE-2025-10264, CVE-2025-10265) Let Hackers Steal Credentials & Take Control
  • 0
  • 0
  • 0
  • 20h ago
Showing 31 to 40 of 54 CVEs