24h | 7d | 30d

CVE-2025-55013

Overview

  • CybercentreCanada
  • assemblyline
09 Aug 2025
Published
09 Aug 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.04%
KEV

Description

The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (task_handler.py) accepts a SHA-256 value returned by the service server and uses it directly as a local file name.A malicious or compromised server (or any MITM that can speak to client) can return a path-traversal payload such as `../../../etc/cron.d/evil` and force the client to write the downloaded bytes to an arbitrary location on disk. This is fixed in version 4.6.1.dev138.

Statistics

  • 1 Post

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CRITICAL: CVE-2025-55013 in Assemblyline (<4.6.1.dev138) — Path traversal allows remote file writes, risking RCE & SOC compromise. Upgrade to 4.6.1.dev138+ ASAP! Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 18 hours ago

CVE-2025-8730

Overview

  • Belkin
  • F9K1009
08 Aug 2025
Published
08 Aug 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.06%
KEV

Description

A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2025-8730 impacts Belkin F9K1009/F9K1010 (2.00.04/2.00.09)—hard-coded web UI creds, remote exploit disclosed. No patch. Isolate, replace, and disable remote mgmt ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 12 hours ago

CVE-2025-8356

Overview

  • Xerox
  • FreeFlow Core
08 Aug 2025
Published
08 Aug 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.34%
KEV

Description

In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.

Statistics

  • 1 Post

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-8356: CRITICAL path traversal in Xerox FreeFlow Core v8.0.4 enables unauthenticated RCE—no patch out yet. Restrict access, monitor logs, and deploy WAF rules to defend your environment. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 15 hours ago

CVE-2025-8731

Overview

  • TRENDnet
  • TI-G160i
08 Aug 2025
Published
08 Aug 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

A vulnerability was found in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. It has been classified as critical. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Fediverse

Profile picture
Offensive Sequence @offseq

🔒 CVE-2025-8731 (CRITICAL, CVSS 9.3): TRENDnet TI-G160i, TI-PG102i & TPL-430AP devices (≤20250724) use default SSH creds—remote exploit is public, no patch. Change creds, restrict SSH, segment networks! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 14 hours ago

CVE-2025-54254

Overview

  • Adobe
  • Adobe Experience Manager
05 Aug 2025
Published
05 Aug 2025
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.11%
KEV

Description

Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction.

Statistics

  • 1 Post

Fediverse

Profile picture
RF Wave @rfwaveio

Adobe has released software updates for two zero-day flaws in Adobe Experience Manager after a proof-of-concept exploit was disclosed

Vulnerabilities: One authentication bypass flaw, and one improper restriction of XML External Entity Reference

Impact: Arbitrary code execution, and arbitrary file system read

Vulnerability IDs: CVE-2025-54253, CVE-2025-54254

Recommendation: Patch ASAP

#cybersecurity #vulnerabilitymanagement #Adobe

bleepingcomputer.com/news/secu

  • 0
  • 0
  • 1 hour ago

CVE-2025-54253

Overview

  • Adobe
  • Adobe Experience Manager
05 Aug 2025
Published
07 Aug 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
1.04%
KEV

Description

Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.

Statistics

  • 1 Post

Fediverse

Profile picture
RF Wave @rfwaveio

Adobe has released software updates for two zero-day flaws in Adobe Experience Manager after a proof-of-concept exploit was disclosed

Vulnerabilities: One authentication bypass flaw, and one improper restriction of XML External Entity Reference

Impact: Arbitrary code execution, and arbitrary file system read

Vulnerability IDs: CVE-2025-54253, CVE-2025-54254

Recommendation: Patch ASAP

#cybersecurity #vulnerabilitymanagement #Adobe

bleepingcomputer.com/news/secu

  • 0
  • 0
  • 1 hour ago
Showing 11 to 16 of 16 CVEs