Overview
Description
The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (`/cgi-bin/luci`). An unauthenticated attacker on the local network can perform unlimited password attempts against the admin interface.
Statistics
- 1 Post
- 2 Interactions
Last activity: 21 hours ago
Overview
- livewire
- livewire
17 Jul 2025
Published
17 Jul 2025
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.10%
KEV
Description
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.
Statistics
- 1 Post
- 1 Interaction
Last activity: 4 hours ago
Bluesky
C'est un beau début d'année pour la FrenchTech avec :
💥 Vulns CVE-2026-21858 et CVE-2025-68613 n8n par @chocapikk.bsky.social
💥 Vuln Livewire CVE-2025-54068* par @w0rty.bsky.social et @remsio.bsky.social
Bravo à vous 🎉 et bonne année 2026 😄
*allez.... fin 2025 c'est presque début 2026 😅
Description
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
Statistics
- 2 Posts
Last activity: Last hour
Fediverse
The three bugs, tracked as CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226, and named ESXicape, allow privileged attackers to execute arbitrary code and escape the VM to compromise the hypervisor itself. https://www.securityweek.com/exploit-for-vmware-zero-day-flaws-likely-built-a-year-before-public-disclosure/
Overview
Description
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
Statistics
- 2 Posts
Last activity: Last hour
Fediverse
The three bugs, tracked as CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226, and named ESXicape, allow privileged attackers to execute arbitrary code and escape the VM to compromise the hypervisor itself. https://www.securityweek.com/exploit-for-vmware-zero-day-flaws-likely-built-a-year-before-public-disclosure/
Overview
- Trend Micro, Inc.
- Trend Micro Apex Central
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.09%
KEV
Description
A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability.
Statistics
- 1 Post
Last activity: 2 hours ago
Bluesky
Trend Micro Apex Central: Vulnerabilità RCE con CVSS 9.8
Vulnerabilità Critica RCE Apex Central è, per molte aziende, il cuore silenzioso della sicurezza. È la console che governa...
www.aiutocomputerhelp.it?p=16524
#Apex_Central #CVE_2025_69258 #CVE_2025_69259 #CVE_2025_69260 #news #Vulnerabilità
Overview
- Trend Micro, Inc.
- Trend Micro Apex Central
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.09%
KEV
Description
A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability..
Statistics
- 1 Post
Last activity: 2 hours ago
Bluesky
Trend Micro Apex Central: Vulnerabilità RCE con CVSS 9.8
Vulnerabilità Critica RCE Apex Central è, per molte aziende, il cuore silenzioso della sicurezza. È la console che governa...
www.aiutocomputerhelp.it?p=16524
#Apex_Central #CVE_2025_69258 #CVE_2025_69259 #CVE_2025_69260 #news #Vulnerabilità
Overview
Description
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Statistics
- 2 Posts
Last activity: Last hour
Fediverse
The three bugs, tracked as CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226, and named ESXicape, allow privileged attackers to execute arbitrary code and escape the VM to compromise the hypervisor itself. https://www.securityweek.com/exploit-for-vmware-zero-day-flaws-likely-built-a-year-before-public-disclosure/
Overview
Description
When doing SSH-based transfers using either SCP or SFTP, and asked to do
public key authentication, curl would wrongly still ask and authenticate using
a locally running SSH agent.
Statistics
- 1 Post
- 3 Interactions
Last activity: 22 hours ago
Overview
Description
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer
performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP,
POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new
target host.
Statistics
- 1 Post
- 3 Interactions
Last activity: 22 hours ago
Overview
Description
When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`
with the curl tool,curl should check the public key of the server certificate
to verify the peer.
This check was skipped in a certain condition that would then make curl allow
the connection without performing the proper check, thus not noticing a
possible impostor. To skip this check, the connection had to be done with QUIC
with ngtcp2 built to use GnuTLS and the user had to explicitly disable the
standard certificate verification.
Statistics
- 1 Post
- 3 Interactions
Last activity: 22 hours ago