| Oct. 18, 2025 |
Privilege Escalation Flaw Discovered in MinIO Service Accounts — CVE-2025-62506 |
https://securityonline.info/privilege-escalation-flaw-discovered-in-minio-service-accounts-cve-2025-62506/
|
| Oct. 18, 2025 |
ConnectWise fixes Automate bug allowing AiTM update attacks |
https://www.bleepingcomputer.com/news/security/connectwise-fixes-automate-bug-allowing-aitm-update-attacks/
|
| Oct. 17, 2025 |
September 2025 CVE Landscape |
https://www.recordedfuture.com/blog/september-2025-cve-landscape
|
| Oct. 16, 2025 |
yIKEs (WatchGuard Fireware OS IKEv2 Out-of-Bounds Write CVE-2025-9242) - watchTowr Labs |
https://www.reddit.com/r/netsec/comments/1o826c9/yikes_watchguard_fireware_os_ikev2_outofbounds/
|
| Oct. 16, 2025 |
CISA: Maximum-severity Adobe flaw now exploited in attacks |
https://www.bleepingcomputer.com/news/security/cisa-maximum-severity-adobe-flaw-now-exploited-in-attacks/
|
| Oct. 16, 2025 |
Critical VSCode Supply Chain Flaw: 550+ Secrets Leaked Via Extensions, Exposing 100K+ Users to Malware |
https://securityonline.info/critical-vscode-supply-chain-flaw/
|
| Oct. 15, 2025 |
Pixnapping Attack Lets Attackers Steal 2FA on Android |
https://www.darkreading.com/vulnerabilities-threats/pixnapping-attack-attackers-2fa-android
|
| Oct. 14, 2025 |
Patch Tuesday, October 2025 ‘End of 10’ Edition |
https://krebsonsecurity.com/2025/10/patch-tuesday-october-2025-end-of-10-edition/
|
| Oct. 14, 2025 |
Finding Critical Bugs in Adobe Experience Manager |
https://www.reddit.com/r/netsec/comments/1o65rww/finding_critical_bugs_in_adobe_experience_manager/
|
| Oct. 14, 2025 |
Microsoft Drops Terrifyingly Large October Patch Update |
https://www.darkreading.com/vulnerabilities-threats/microsoft-october-patch-update
|
| Oct. 14, 2025 |
SAP Patches Critical 10.0 Flaw in NetWeaver: Unauthenticated RCE Risk |
https://securityonline.info/sap-patches-critical-10-0-flaw-in-netweaver-unauthenticated-rce-risk/
|
| Oct. 14, 2025 |
Secure Boot bypass risk on nearly 200,000 Linux Framework sytems |
https://www.bleepingcomputer.com/news/security/secure-boot-bypass-risk-on-nearly-200-000-linux-framework-sytems/
|
| Oct. 13, 2025 |
Oracle Warns of Unauthenticated Vulnerability in E-Business Suite (CVE-2025-61884) |
https://securityonline.info/oracle-warns-of-unauthenticated-vulnerability-in-e-business-suite-cve-2025-61884/
|
| Oct. 13, 2025 |
Ivanti Endpoint Manager Discloses 13 Flaws: High-Severity RCE and 11 SQL Injection Vulnerabilities |
https://securityonline.info/ivanti-endpoint-manager-discloses-13-flaws-high-severity-rce-and-11-sql-injection-vulnerabilities/
|
| Oct. 13, 2025 |
Framelink Figma MCP Server Opens Orgs to Agentic AI Compromise |
https://www.darkreading.com/vulnerabilities-threats/figma-mcp-server-agentic-ai-compromise
|
| Oct. 13, 2025 |
Patch Now: 'RediShell' Threatens Cloud Via Redis RCE |
https://www.darkreading.com/cloud-security/patch-now-redishell-redis-rce
|
| Oct. 11, 2025 |
RondoDox Botnet: an 'Exploit Shotgun' for Edge Vulns |
https://www.darkreading.com/endpoint-security/rondodox-botnet-exploit-edge-vulns
|
| Oct. 11, 2025 |
Two 7-Zip Flaws Allow Code Execution via Malicious ZIP Files (CVE-2025-11001 & CVE-2025-11002) |
https://securityonline.info/two-7-zip-flaws-allow-code-execution-via-malicious-zip-files-cve-2025-11001-cve-2025-11002/
|
| Oct. 10, 2025 |
Hackers exploiting zero-day in Gladinet file sharing software |
https://www.bleepingcomputer.com/news/security/hackers-exploiting-zero-day-in-gladinet-file-sharing-software/
|
| Oct. 10, 2025 |
Living off Node.js Addons |
https://www.reddit.com/r/netsec/comments/1o326ys/living_off_nodejs_addons/
|
| Oct. 9, 2025 |
RondoDox botnet targets 56 n-day flaws in worldwide attacks |
https://www.bleepingcomputer.com/news/security/rondodox-botnet-targets-56-n-day-flaws-in-worldwide-attacks/
|
| Oct. 9, 2025 |
Critical Flowise RCE Flaw: CVE-2025-61913 (CVSS 10.0) Allows Arbitrary File Write |
https://securityonline.info/critical-flowise-rce-flaw-cve-2025-61913-cvss-10-0-allows-arbitrary-file-write/
|
| Oct. 8, 2025 |
New FileFix attack uses cache smuggling to evade security software |
https://www.bleepingcomputer.com/news/security/new-filefix-attack-uses-cache-smuggling-to-evade-security-software/
|
| Oct. 8, 2025 |
Exploiting CVE-2025-37947 (Linux kernel's ksmbd) |
https://www.reddit.com/r/netsec/comments/1o1f7v2/exploiting_cve202537947_linux_kernels_ksmbd/
|
| Oct. 8, 2025 |
Bash a newline: Exploiting SSH via ProxyCommand, again (CVE-2025-61984) |
https://www.reddit.com/r/netsec/comments/1o170wz/bash_a_newline_exploiting_ssh_via_proxycommand/
|
| Oct. 8, 2025 |
Hackers exploit auth bypass in Service Finder WordPress theme |
https://www.bleepingcomputer.com/news/security/hackers-exploit-auth-bypass-in-service-finder-wordpress-theme/
|
| Oct. 7, 2025 |
OpenSSH Flaw (CVE-2025-61984) Allows Remote Code Execution via Usernames |
https://securityonline.info/openssh-flaw-cve-2025-61984-allows-remote-code-execution-via-usernames/
|
| Oct. 7, 2025 |
Clop exploited Oracle zero-day for data theft since early August |
https://www.bleepingcomputer.com/news/security/oracle-zero-day-exploited-in-clop-data-theft-attacks-since-early-august/
|
| Oct. 6, 2025 |
Unity Flaw CVE-2025-59489 Allows Local Code Execution in Millions of Games |
https://securityonline.info/unity-flaw-cve-2025-59489-allows-local-code-execution-in-millions-of-games/
|
| Oct. 6, 2025 |
Steam and Microsoft warn of Unity flaw exposing gamers to attacks |
https://www.bleepingcomputer.com/news/security/steam-and-microsoft-warn-of-unity-flaw-exposing-gamers-to-attacks/
|
| Oct. 5, 2025 |
China Exploited New VMware Bug for Nearly a Year |
https://www.darkreading.com/remote-workforce/china-exploited-new-vmware-bug-nearly
|
| Oct. 5, 2025 |
Hackers exploited Zimbra flaw as zero-day using iCalendar files |
https://www.bleepingcomputer.com/news/security/hackers-exploited-zimbra-flaw-as-zero-day-using-icalendar-files/
|
| Oct. 5, 2025 |
When Audits Fail: Four Critical Pre-Auth Vulnerabilities in TRUfusion Enterprise |
https://www.reddit.com/r/netsec/comments/1nul6hm/when_audits_fail_four_critical_preauth/
|
| Oct. 4, 2025 |
Remote Code Execution and Authentication Bypass in Materialise OrthoView (CVE-2025-23049) |
https://www.reddit.com/r/netsec/comments/1nuq4j2/remote_code_execution_and_authentication_bypass/
|
| Oct. 4, 2025 |
Windows Heap Exploitation - From Heap Overflow to Arbitrary R/W |
https://www.reddit.com/r/netsec/comments/1nssfzo/windows_heap_exploitation_from_heap_overflow_to/
|
| Oct. 3, 2025 |
DrayTek warns of remote code execution bug in Vigor routers |
https://www.bleepingcomputer.com/news/security/draytek-warns-of-remote-code-execution-bug-in-vigor-routers/
|
| Oct. 3, 2025 |
CVE-2025-59489: Arbitrary Code Execution in Unity Runtime |
https://www.reddit.com/r/netsec/comments/1nwq9wj/cve202559489_arbitrary_code_execution_in_unity/
|
| Oct. 2, 2025 |
Software Secured | Hacking Furbo 2: Mobile App and P2P Exploits | USA |
https://www.reddit.com/r/netsec/comments/1nuvk0v/software_secured_hacking_furbo_2_mobile_app_and/
|
| Oct. 2, 2025 |
Critical Flaw in Termix Docker Image (CVE-2025-59951) Leaks SSH Credentials Without Authentication |
https://securityonline.info/critical-flaw-in-termix-docker-image-cve-2025-59951-leaks-ssh-credentials-without-authentication/
|
| Oct. 1, 2025 |
Apple fixes critical font processing bug. Update now! |
https://www.malwarebytes.com/blog/news/2025/09/apple-fixes-critical-font-processing-bug-update-now
|
| Oct. 1, 2025 |
CVE-2025-10725 (CVSS 9.9): Red Hat OpenShift AI Privilege Escalation Flaw Could Lead to Full Cluster Compromise |
https://securityonline.info/cve-2025-10725-cvss-9-9-red-hat-openshift-ai-privilege-escalation-flaw-could-lead-to-full-cluster-compromise/
|
| Oct. 1, 2025 |
NVIDIA Patches Multi Flaws in Delegated License Service, Allows Unauthenticated Access and DoS |
https://securityonline.info/nvidia-patches-multi-flaws-in-delegated-license-service-allows-unauthenticated-access-and-dos/
|
| Sept. 30, 2025 |
Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws |
https://www.bleepingcomputer.com/news/security/nearly-50-000-cisco-firewalls-vulnerable-to-actively-exploited-flaws/
|
| Sept. 30, 2025 |
Coldcard Delta PIN Bitcoin Private Key Recovery Vulnerability |
https://karma-x.io/blog/post/42/
|
| Sept. 30, 2025 |
Broadcom fixes high-severity VMware NSX bugs reported by NSA |
https://www.bleepingcomputer.com/news/security/broadcom-fixes-high-severity-vmware-nsx-bugs-reported-by-nsa/
|
| Sept. 30, 2025 |
CVE-2025-30247: Critical Command Injection Flaw in Western Digital My Cloud NAS Devices |
https://securityonline.info/cve-2025-30247-critical-command-injection-flaw-in-western-digital-my-cloud-nas-devices/
|
| Sept. 29, 2025 |
Broadcom Fixes Multiple VMware vCenter and NSX Vulnerabilities |
https://securityonline.info/broadcom-fixes-multiple-vmware-vcenter-and-nsx-vulnerabilities/
|
| Sept. 29, 2025 |
Karma-X has discovered a critical vulnerability in the ColdCard wallet which could compromise user funds. |
https://www.karma-x.io/blog/post/41/
|
| Sept. 28, 2025 |
Rack Security Update: High-Severity Flaw Bypasses Parameter Limit, Exposing Apps to DoS Attacks |
https://securityonline.info/rack-security-update-high-severity-flaw-bypasses-parameter-limit-exposing-apps-to-dos-attacks/
|
| Sept. 28, 2025 |
CRITICAL Cisco Zero-Day (CVE-2025-20333, CVSS 9.9) Under Active Attack: VPN Flaw Allows Root RCE |
https://securityonline.info/critical-cisco-zero-day-cve-2025-20333-cvss-9-9-under-active-attack-vpn-flaw-allows-root-rce/
|
| Sept. 28, 2025 |
SUSE Rancher Security Team Patches Three Vulnerabilities in Rancher Manager |
https://securityonline.info/suse-rancher-security-team-patches-three-vulnerabilities-in-rancher-manager/
|
| Sept. 27, 2025 |
CISA: Attackers Breach Federal Agency via Critical GeoServer Flaw |
https://www.darkreading.com/cyberattacks-data-breaches/cisa-attackers-breach-federal-agency-critical-geoserver-flaw
|
| Sept. 27, 2025 |
CVE-2025-59934: Critical Flaw in Formbricks Allows Unauthorized Password Resets via Forged JWT Tokens |
https://securityonline.info/cve-2025-59934-critical-flaw-in-formbricks-allows-unauthorized-password-resets-via-forged-jwt-tokens/
|
| Sept. 26, 2025 |
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens |
https://www.reddit.com/r/netsec/comments/1njfuz4/one_token_to_rule_them_all_obtaining_global_admin/
|
| Sept. 26, 2025 |
ReDisclosure: New technique for exploiting Full-Text Search in MySQL (myBB case study) |
https://www.reddit.com/r/netsec/comments/1npo7vj/redisclosure_new_technique_for_exploiting/
|
| Sept. 26, 2025 |
Cisco's Wave of Actively Exploited Zero-Day Bugs Targets Firewalls, IOS |
https://www.darkreading.com/vulnerabilities-threats/cisco-actively-exploited-zero-day-bugs-firewalls-ios
|
| Sept. 26, 2025 |
Maximum severity GoAnywhere MFT flaw exploited as zero day |
https://www.bleepingcomputer.com/news/security/maximum-severity-goanywhere-mft-flaw-exploited-as-zero-day/
|
| Sept. 25, 2025 |
CISA orders agencies to patch Cisco flaws exploited in zero-day attacks |
https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-cisco-flaws-exploited-in-zero-day-attacks/
|
| Sept. 25, 2025 |
Two WordPress Core Vulnerabilities Disclosed Without Patch: Sensitive Data Exposure and Stored XSS |
https://securityonline.info/two-wordpress-core-vulnerabilities-disclosed-without-patch-sensitive-data-exposure-and-stored-xss/
|
| Sept. 25, 2025 |
Unpatched flaw in OnePlus phones lets rogue apps text messages |
https://www.bleepingcomputer.com/news/security/unpatched-flaw-in-oneplus-phones-lets-rogue-apps-text-messages/
|
| Sept. 25, 2025 |
Cisco warns of ASA firewall zero-days exploited in attacks |
https://www.bleepingcomputer.com/news/security/cisco-warns-of-asa-firewall-zero-days-exploited-in-attacks/
|
| Sept. 24, 2025 |
CISA says hackers breached federal agency using GeoServer exploit |
https://www.bleepingcomputer.com/news/security/cisa-says-hackers-breached-federal-agency-using-geoserver-exploit/
|
| Sept. 24, 2025 |
Cisco SNMP Flaw (CVE-2025-20352) Actively Exploited: Patch Now to Stop Root Access! |
https://securityonline.info/cisco-snmp-flaw-cve-2025-20352-actively-exploited-patch-now-to-stop-root-access/
|
| Sept. 24, 2025 |
SolarWinds releases third patch to fix Web Help Desk RCE bug |
https://www.bleepingcomputer.com/news/security/solarwinds-releases-third-patch-to-fix-web-help-desk-rce-bug/
|
| Sept. 24, 2025 |
Cisco warns of IOS zero-day vulnerability exploited in attacks |
https://www.bleepingcomputer.com/news/security/cisco-warns-of-ios-zero-day-vulnerability-exploited-in-attacks/
|
| Sept. 24, 2025 |
CISA adds Chrome zero-day CVE-2025-10585 to KEV after public exploit appears |
https://securityonline.info/cisa-adds-chrome-zero-day-cve-2025-10585-to-kev-after-public-exploit-appears/
|
| Sept. 24, 2025 |
New Supermicro BMC flaws can create persistent backdoors |
https://www.bleepingcomputer.com/news/security/new-supermicro-bmc-flaws-can-create-persistent-backdoors/
|
| Sept. 23, 2025 |
Libraesva ESG issues emergency fix for bug exploited by state hackers |
https://www.bleepingcomputer.com/news/security/libraesva-esg-issues-emergency-fix-for-bug-exploited-by-state-hackers/
|
| Sept. 23, 2025 |
CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability |
https://securityonline.info/cve-2025-26399-cvss-9-8-solarwinds-web-help-desk-hit-by-critical-rce-vulnerability/
|
| Sept. 22, 2025 |
EDR-Freeze: How a Researcher Turned Windows Error Reporting Into a Weapon Against Antivirus |
https://securityonline.info/edr-freeze-how-a-researcher-turned-windows-error-reporting-into-a-weapon-against-antivirus/
|
| Sept. 22, 2025 |
CVE-2025-59689: Libraesva ESG Command Injection Flaw Exploited in the Wild |
https://securityonline.info/cve-2025-59689-libraesva-esg-command-injection-flaw-exploited-in-the-wild/
|
| Sept. 22, 2025 |
PoC Released for CVE-2025-41243 – A Spring Cloud Gateway Flaw with CVSS 10.0 |
https://securityonline.info/poc-released-for-cve-2025-41243-a-spring-cloud-gateway-flaw-with-cvss-10-0/
|
| Sept. 22, 2025 |
Electron App Vulnerabilities testcases |
https://www.reddit.com/r/netsec/comments/1nne01o/electron_app_vulnerabilities_testcases/
|
| Sept. 21, 2025 |
CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide |
https://securityonline.info/cve-2025-55241-microsoft-entra-id-flaw-with-cvss-10-0-could-have-compromised-every-tenant-worldwide/
|
| Sept. 21, 2025 |
BiDi Swap: A Decade-Old Unicode Flaw Still Enables URL Spoofing |
https://securityonline.info/bidi-swap-a-decade-old-unicode-flaw-still-enables-url-spoofing/
|
| Sept. 21, 2025 |
Patch Now: Max-Severity Fortra GoAnywhere Bug Allows Command Injection |
https://www.darkreading.com/cyberattacks-data-breaches/patch-fortra-goanywhere-bug-command-injection
|
| Sept. 21, 2025 |
Microsoft Entra ID flaw allowed hijacking any company's tenant |
https://www.bleepingcomputer.com/news/security/microsoft-entra-id-flaw-allowed-hijacking-any-companys-tenant/
|
| Sept. 20, 2025 |
CISA Warns of Critical Vulnerabilities in Dover Fueling Solutions’ ProGauge MagLink LX |
https://securityonline.info/cisa-warns-of-critical-vulnerabilities-in-dover-fueling-solutions-progauge-maglink-lx/
|
| Sept. 20, 2025 |
Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet |
https://www.bleepingcomputer.com/news/security/fortra-warns-of-max-severity-flaw-in-goanywhere-mfts-license-servlet/
|
| Sept. 20, 2025 |
CISA Warns of Critical Flaw in Delta DIALink: CVE-2025-58321 (CVSS 10.0) |
https://securityonline.info/cisa-warns-of-critical-flaw-in-delta-dialink-cve-2025-58321-cvss-10-0/
|
| Sept. 19, 2025 |
Update your Chrome today: Google patches 4 vulnerabilities including one zero-day |
https://www.malwarebytes.com/blog/news/2025/09/update-your-chrome-today-google-patches-4-vulnerabilities-including-one-zero-day
|
| Sept. 19, 2025 |
Stealing the keys from the octopus: Exfiltrate Git Credentials in Argocd |
https://www.reddit.com/r/netsec/comments/1ndqx9l/stealing_the_keys_from_the_octopus_exfiltrate_git/
|
| Sept. 19, 2025 |
CISA Warns of Malicious Listener Malware Exploiting Ivanti Endpoint Manager Mobile |
https://securityonline.info/cisa-warns-of-malicious-listener-malware-exploiting-ivanti-endpoint-manager-mobile/
|
| Sept. 19, 2025 |
CVE-2025-10035 (CVSS 10): Critical Deserialization Flaw in GoAnywhere MFT Exposes Enterprises to Remote Exploitation |
https://securityonline.info/cve-2025-10035-cvss-10-critical-deserialization-flaw-in-goanywhere-mft-exposes-enterprises-to-remote-exploitation/
|
| Sept. 19, 2025 |
Nokia Patches Critical Flaws in CloudBand and NCS: CVE-2023-49564 and CVE-2023-49565 |
https://securityonline.info/nokia-patches-critical-flaws-in-cloudband-and-ncs-cve-2023-49564-and-cve-2023-49565/
|
| Sept. 19, 2025 |
CVE-2025-59340: Critical HubSpot’s Jinjava Engine Flaw Exposes Thousands of Websites to RCE |
https://securityonline.info/cve-2025-59340-critical-hubspots-jinjava-engine-flaw-exposes-thousands-of-websites-to-rce/
|
| Sept. 18, 2025 |
Jenkins Patches High-Severity Vulnerabilities, Including a DoS Flaw |
https://securityonline.info/jenkins-patches-high-severity-vulnerabilities-including-a-dos-flaw/
|
| Sept. 18, 2025 |
WatchGuard warns of critical vulnerability in Firebox firewalls |
https://www.bleepingcomputer.com/news/security/watchguard-warns-of-critical-vulnerability-in-firebox-firewalls/
|
| Sept. 18, 2025 |
Google patches sixth Chrome zero-day exploited in attacks this year |
https://www.bleepingcomputer.com/news/security/google-patches-sixth-chrome-zero-day-exploited-in-attacks-this-year/
|
| Sept. 17, 2025 |
Update your Apple devices to fix dozens of vulnerabilities |
https://www.malwarebytes.com/blog/news/2025/09/update-your-apple-devices-to-fix-dozens-of-vulnerabilities
|
| Sept. 17, 2025 |
Hacking Electronic Safes |
https://www.schneier.com/blog/archives/2025/09/hacking-electronic-safes.html
|
| Sept. 17, 2025 |
CVE-2025-9242: Critical WatchGuard Flaw Allows Remote Code Execution |
https://securityonline.info/cve-2025-9242-critical-watchguard-flaw-allows-remote-code-execution/
|
| Sept. 17, 2025 |
Multiple High-Severity Vulnerabilities Found in HPE Aruba Networking EdgeConnect SD-WAN Gateways |
https://securityonline.info/multiple-high-severity-vulnerabilities-found-in-hpe-aruba-networking-edgeconnect-sd-wan-gateways/
|
| Sept. 17, 2025 |
Chrome Emergency Update: Zero-Day (CVE-2025-10585) in V8 Exploited in the Wild |
https://securityonline.info/chrome-emergency-update-zero-day-cve-2025-10585-in-v8-exploited-in-the-wild/
|
| Sept. 17, 2025 |
Critical Vulnerabilities Discovered in Planet Technology Industrial Cellular Gateways |
https://securityonline.info/critical-vulnerabilities-discovered-in-planet-technology-industrial-cellular-gateways/
|
| Sept. 17, 2025 |
NVIDIA Patches Critical RCE Flaw (CVE-2025-23316, CVSS 9.8) in Triton Inference Server |
https://securityonline.info/nvidia-patches-critical-rce-flaw-cve-2025-23316-cvss-9-8-in-triton-inference-server/
|
| Sept. 16, 2025 |
Apple backports zero-day patches to older iPhones and iPads |
https://www.bleepingcomputer.com/news/security/apple-backports-zero-day-patches-to-older-iphones-and-ipads/
|
| Sept. 16, 2025 |
Critical Bugs in Chaos Mesh Enable Cluster Takeover |
https://www.darkreading.com/cyber-risk/critical-bugs-chaos-mesh-cluster-takeover
|
| Sept. 16, 2025 |
Spring Framework and Spring Security Vulnerabilities Expose Authorization Bypass Risks (CVE-2025-41248 & CVE-2025-41249) |
https://securityonline.info/spring-framework-and-spring-security-vulnerabilities-expose-authorization-bypass-risks-cve-2025-41248-cve-2025-41249/
|
| Sept. 15, 2025 |
VMScape (CVE-2025-40300): A New CPU Flaw Threatens Cloud Security |
https://securityonline.info/vmscape-cve-2025-40300-a-new-cpu-flaw-threatens-cloud-security/
|
| Sept. 15, 2025 |
CVE-2025-5821: Critical Authentication Bypass in WordPress Case Theme User Plugin Exploited in the Wild |
https://securityonline.info/cve-2025-5821-critical-authentication-bypass-in-wordpress-case-theme-user-plugin-exploited-in-the-wild/
|
| Sept. 15, 2025 |
August 2025 CVE Landscape |
https://www.recordedfuture.com/blog/august-2025-cve-landscape
|
| Sept. 15, 2025 |
CVE-2025-9556 (CVSS 9.8):Critical Vulnerability in LangChainGo Puts LLM Apps at Risk |
https://securityonline.info/cve-2025-9556-cvss-9-8critical-vulnerability-in-langchaingo-puts-llm-apps-at-risk/
|
| Sept. 14, 2025 |
PoC Available: FlowiseAI Flaw (CVE-2025-58434) Allows Full Account Takeover (CVSS 9.8) |
https://securityonline.info/poc-available-flowiseai-flaw-cve-2025-58434-allows-full-account-takeover-cvss-9-8/
|
| Sept. 14, 2025 |
Digiever NVR Flaws (CVE-2025-10264, CVE-2025-10265) Let Hackers Steal Credentials & Take Control |
https://securityonline.info/digiever-nvr-flaws-cve-2025-10264-cve-2025-10265-let-hackers-steal-credentials-take-control/
|
| Sept. 13, 2025 |
PyInstaller Flaw : Are Your Python Apps Vulnerable to Hijacking? |
https://securityonline.info/pyinstaller-flaw-are-your-python-apps-vulnerable-to-hijacking/
|
| Sept. 13, 2025 |
Windows KASLR Bypass - CVE-2025-53136 |
https://www.reddit.com/r/netsec/comments/1necvz3/windows_kaslr_bypass_cve202553136/
|
| Sept. 13, 2025 |
Apple CarPlay RCE Exploit Left Unaddressed in Most Cars |
https://www.darkreading.com/vulnerabilities-threats/apple-carplay-rce-exploit
|
| Sept. 12, 2025 |
CISA warns of actively exploited Dassault RCE vulnerability |
https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-dassault-rce-vulnerability/
|
| Sept. 12, 2025 |
CVE-2025-10127 (CVSS 9.8): Critical Daikin Flaw Could Give Hackers Full System Access |
https://securityonline.info/cve-2025-10127-cvss-9-8-critical-daikin-flaw-could-give-hackers-full-system-access/
|
| Sept. 12, 2025 |
EoP Flaws Again Lead Microsoft Patch Tuesday |
https://www.darkreading.com/application-security/eop-flaws-again-lead-microsoft-patch-day
|
| Sept. 12, 2025 |
Samsung patches actively exploited zero-day reported by WhatsApp |
https://www.bleepingcomputer.com/news/security/samsung-patches-actively-exploited-zero-day-reported-by-whatsapp/
|
| Sept. 12, 2025 |
CISA Urges Immediate Patching: Critical Dassault Systèmes Flaw (CVE-2025-5086) Actively Exploited |
https://securityonline.info/cisa-urges-immediate-patching-critical-dassault-systemes-flaw-cve-2025-5086-actively-exploited/
|
| Sept. 12, 2025 |
CVE-2025-58754: Axios Vulnerability Puts Node.js Processes at Risk of DoS Attacks |
https://securityonline.info/cve-2025-58754-axios-vulnerability-puts-node-js-processes-at-risk-of-dos-attacks/
|
| Sept. 12, 2025 |
New VMScape attack breaks guest-host isolation on AMD, Intel CPUs |
https://www.bleepingcomputer.com/news/security/new-vmscape-attack-breaks-guest-host-isolation-on-amd-intel-cpus/
|
| Sept. 12, 2025 |
Akira ransomware exploiting critical SonicWall SSLVPN bug again |
https://www.bleepingcomputer.com/news/security/akira-ransomware-exploiting-critical-sonicwall-sslvpn-bug-again/
|
| Sept. 11, 2025 |
Angular SSR Flaw (CVE-2025-59052) Exposes User Data: What Developers Need to Know |
https://securityonline.info/angular-ssr-flaw-cve-2025-59052-exposes-user-data-what-developers-need-to-know/
|
| Sept. 10, 2025 |
Cursor AI editor lets repos “autorun” malicious code on devices |
https://www.bleepingcomputer.com/news/security/cursor-ai-editor-lets-repos-autorun-malicious-code-on-devices/
|
| Sept. 10, 2025 |
🚨 Google Drive’s Hidden Insider Threat: How I Accessed Another User’s Files Without Re‑Authentication |
https://www.reddit.com/r/netsec/comments/1n9t7tq/google_drives_hidden_insider_threat_how_i/
|
| Sept. 10, 2025 |
Microsoft fixes app install issues caused by August Windows updates |
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-app-install-issues-caused-by-august-windows-updates/
|
| Sept. 10, 2025 |
GitLab Urges Immediate Update for Two High-Severity Flaws |
https://securityonline.info/gitlab-urges-immediate-update-for-two-high-severity-flaws/
|
| Sept. 10, 2025 |
Patch Tuesday: Microsoft Fixes 86 Flaws, Including 9 Critical and 2 Zero-Days (CVE-2025-55234 & CVE-2024-21907) |
https://securityonline.info/patch-tuesday-microsoft-fixes-86-flaws-including-9-critical-and-2-zero-days-cve-2025-55234-cve-2024-21907/
|
| Sept. 9, 2025 |
Adobe patches critical SessionReaper flaw in Magento eCommerce platform |
https://www.bleepingcomputer.com/news/security/adobe-patches-critical-sessionreaper-flaw-in-magento-ecommerce-platform/
|
| Sept. 9, 2025 |
Microsoft Patch Tuesday, September 2025 Edition |
https://krebsonsecurity.com/2025/09/microsoft-patch-tuesday-september-2025-edition/
|
| Sept. 9, 2025 |
Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days |
https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2025-patch-tuesday-fixes-81-flaws-two-zero-days/
|
| Sept. 9, 2025 |
CVE-2025-7350: Critical RCE Flaw in Rockwell Stratix Switches Scores CVSS 9.6 |
https://securityonline.info/cve-2025-7350-critical-rce-flaw-in-rockwell-stratix-switches-scores-cvss-9-6/
|
| Sept. 9, 2025 |
SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE (CVE-2025-42944) |
https://securityonline.info/sap-security-patch-day-fixes-four-critical-flaws-including-a-cvss-10-0-rce-cve-2025-42944/
|
| Sept. 8, 2025 |
Progress Patches Remote Command Execution Flaw in OpenEdge AdminServer (CVE-2025-7388) |
https://securityonline.info/progress-patches-remote-command-execution-flaw-in-openedge-adminserver-cve-2025-7388/
|
| Sept. 8, 2025 |
CVE-2025-58450: Critical SQL Injection Flaw in pREST Puts PostgreSQL Databases at Risk |
https://securityonline.info/cve-2025-58450-critical-sql-injection-flaw-in-prest-puts-postgresql-databases-at-risk/
|
| Sept. 8, 2025 |
CVE-2025-58782: Apache Jackrabbit Vulnerability Exposes Systems to JNDI Injection and RCE |
https://securityonline.info/cve-2025-58782-apache-jackrabbit-vulnerability-exposes-systems-to-jndi-injection-and-rce/
|
| Sept. 8, 2025 |
CVE-2025-57807: A Critical Flaw in ImageMagick Could Lead to RCE, PoC Available |
https://securityonline.info/cve-2025-57807-a-critical-flaw-in-imagemagick-could-lead-to-rce-poc-available/
|
| Sept. 8, 2025 |
Podman Patches Symlink Traversal Vulnerability in kube play Command (CVE-2025-9566) |
https://securityonline.info/podman-patches-symlink-traversal-vulnerability-in-kube-play-command-cve-2025-9566/
|
| Sept. 8, 2025 |
Adobe Issues Emergency Patch for SessionReaper (CVE-2025-54236), One of Magento’s Most Critical Flaws |
https://securityonline.info/adobe-issues-emergency-patch-for-sessionreaper-cve-2025-54236-one-of-magentos-most-critical-flaws/
|
| Sept. 7, 2025 |
CVE-2025-58179: Astro Cloudflare Adapter Vulnerability Enables SSRF |
https://securityonline.info/cve-2025-58179-astro-cloudflare-adapter-vulnerability-enables-ssrf/
|
| Sept. 6, 2025 |
Windows Update Is Causing Unexpected UAC Prompts and App Installation Issues |
https://securityonline.info/windows-update-is-causing-unexpected-uac-prompts-and-app-installation-issues/
|
| Sept. 6, 2025 |
Critical SAP S/4HANA vulnerability now exploited in attacks |
https://www.bleepingcomputer.com/news/security/critical-sap-s-4hana-vulnerability-now-exploited-in-attacks/
|
| Sept. 6, 2025 |
Inline Style Exfiltration: leaking data with chained CSS conditionals |
https://www.reddit.com/r/netsec/comments/1n7fexe/inline_style_exfiltration_leaking_data_with/
|
| Sept. 6, 2025 |
Max severity Argo CD API flaw leaks repository credentials |
https://www.bleepingcomputer.com/news/security/max-severity-argo-cd-api-flaw-leaks-repository-credentials/
|
| Sept. 6, 2025 |
Critical SAP S/4HANA Vulnerability Under Attack, Patch Now |
https://www.darkreading.com/vulnerabilities-threats/sap-4hana-vulnerability-under-attack
|
| Sept. 5, 2025 |
Two New High-Severity Flaws in FreePBX Puts Admins and APIs at Risk |
https://securityonline.info/two-new-high-severity-flaws-in-freepbx-puts-admins-and-apis-at-risk/
|
| Sept. 5, 2025 |
CVE-2025-56752: Remote Attackers Can Gain Full Administrative Access to Affected Ruijie Networks Devices Without Authentication |
https://securityonline.info/cve-2025-56752-remote-attackers-can-gain-full-administrative-access-to-affected-ruijie-networks-devices-without-authentication/
|
| Sept. 5, 2025 |
CISA Adds Three New Vulnerabilities to Catalog, Urges Immediate Patching |
https://securityonline.info/cisa-adds-three-new-vulnerabilities-to-catalog-urges-immediate-patching/
|
| Sept. 5, 2025 |
Argo CD Patches Critical CVSS 10 Vulnerability Exposing Repository Credentials (CVE-2025-55190) |
https://securityonline.info/argo-cd-patches-critical-cvss-10-vulnerability-exposing-repository-credentials-cve-2025-55190/
|
| Sept. 5, 2025 |
New TP-Link zero-day surfaces as CISA warns other flaws are exploited |
https://www.bleepingcomputer.com/news/security/new-tp-link-zero-day-surfaces-as-cisa-warns-other-flaws-are-exploited/
|
| Sept. 5, 2025 |
Exploit development for IBM i - turning blind AS/400 command execution into a proper shell |
https://www.reddit.com/r/netsec/comments/1n87uzr/exploit_development_for_ibm_i_turning_blind_as400/
|
| Sept. 5, 2025 |
Marshal madness: A brief history of Ruby deserialization exploits |
https://www.reddit.com/r/netsec/comments/1n7fcwi/marshal_madness_a_brief_history_of_ruby/
|
| Sept. 5, 2025 |
TLS NoVerify: Bypass All The Things |
https://www.reddit.com/r/netsec/comments/1n9c2q5/tls_noverify_bypass_all_the_things/
|
| Sept. 5, 2025 |
PoC Available: macOS Sequoia Flaw Allows Keychain Dump and TCC Bypass (CVSS 9.8) |
https://securityonline.info/poc-available-macos-sequoia-flaw-allows-keychain-dump-and-tcc-bypass-cvss-9-8/
|
| Sept. 4, 2025 |
CVE-2025-53187: Critical RCE in ABB ASPECT BMS with CVSS 9.8, No Prior Authentication |
https://securityonline.info/cve-2025-53187-critical-rce-in-abb-aspect-bms-with-cvss-9-8-no-prior-authentication/
|
| Sept. 4, 2025 |
Sitecore Zero-Day Sparks New Round of ViewState Threats |
https://www.darkreading.com/vulnerabilities-threats/sitecore-zero-day-viewstate-threats
|
| Sept. 4, 2025 |
Hackers exploited Sitecore zero-day flaw to deploy backdoors |
https://www.bleepingcomputer.com/news/security/hackers-exploited-sitecore-zero-day-flaw-to-deploy-backdoors/
|
| Sept. 4, 2025 |
CVE-2025-5086 (CVSS 9.0): A Critical RCE in DELMIA Apriso with Exploit Attempts Seen in the Wild |
https://securityonline.info/cve-2025-5086-cvss-9-0-a-critical-rce-in-delmia-apriso-with-exploit-attempts-seen-in-the-wild/
|
| Sept. 4, 2025 |
Microsoft says recent Windows updates cause app install issues |
https://www.bleepingcomputer.com/news/microsoft/microsoft-says-recent-windows-updates-cause-app-install-issues-due-to-unexpected-admin-UAC-prompts/
|
| Sept. 4, 2025 |
TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts |
https://www.malwarebytes.com/blog/news/2025/09/tp-link-warns-of-botnet-infecting-routers-and-targeting-microsoft-365-accounts
|
| Sept. 4, 2025 |
Google fixes actively exploited Android flaws in September update |
https://www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-android-flaws-in-september-update/
|
| Sept. 3, 2025 |
A Single Click Can Hijack Your PC: CVE-2025-58176 RCE Flaw Found in Dive Desktop App |
https://securityonline.info/a-single-click-can-hijack-your-pc-cve-2025-58176-rce-flaw-found-in-dive-desktop-app/
|
| Sept. 3, 2025 |
Envoy Project Patches Two Flaws: DoS (CVE-2025-54588) and Session Hijacking (CVE-2025-55162) Risks |
https://securityonline.info/envoy-project-patches-two-flaws-dos-cve-2025-54588-and-session-hijacking-cve-2025-55162-risks/
|
| Sept. 3, 2025 |
Ksmbd Fuzzing Improvements and Vulnerability Discovery |
https://www.reddit.com/r/netsec/comments/1n6exne/ksmbd_fuzzing_improvements_and_vulnerability/
|
| Sept. 3, 2025 |
NVIDIA Issues Security Updates for BlueField, DOCA, Mellanox, ConnectX, Cumulus Linux, and NVOS |
https://securityonline.info/nvidia-issues-security-updates-for-bluefield-doca-mellanox-connectx-cumulus-linux-and-nvos/
|
| Sept. 3, 2025 |
Secondary Context Path Traversal in Omnissa Workspace ONE UEM |
https://www.reddit.com/r/netsec/comments/1n7b8m3/secondary_context_path_traversal_in_omnissa/
|
| Sept. 3, 2025 |
Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws |
https://www.bleepingcomputer.com/news/security/hackers-use-new-hexstrike-ai-tool-to-rapidly-exploit-n-day-flaws/
|
| Sept. 3, 2025 |
Update your Android! Google patches 111 vulnerabilities, 2 are critical |
https://www.malwarebytes.com/blog/news/2025/09/update-your-android-google-patches-111-vulnerabilities-including-2-critical-flaws
|
| Sept. 2, 2025 |
Citrix Gear Under Active Attack Again With Another Zero-Day |
https://www.darkreading.com/vulnerabilities-threats/citrix-zero-day-under-active-attack
|
| Sept. 2, 2025 |
CVE-2025-6507 (CVSS 9.8): Critical H2O-3 Vulnerability Puts Machine Learning at Risk |
https://securityonline.info/cve-2025-6507-cvss-9-8-critical-h2o-3-vulnerability-puts-machine-learning-at-risk/
|
| Sept. 1, 2025 |
CVE-2024-52284: SUSE Fleet Vulnerability Exposes Sensitive Helm Values in Plain Text |
https://securityonline.info/cve-2024-52284-suse-fleet-vulnerability-exposes-sensitive-helm-values-in-plain-text/
|
| Sept. 1, 2025 |
WhatsApp fixes vulnerability used in zero-click attacks |
https://www.malwarebytes.com/blog/news/2025/09/whatsapp-fixes-vulnerability-used-in-zero-click-attacks
|
| Sept. 1, 2025 |
MediaTek September 2025 Security Bulletin: High-Severity Modem Flaws Could Enable Remote Attacks |
https://securityonline.info/mediatek-september-2025-security-bulletin-high-severity-modem-flaws-could-enable-remote-attacks/
|
| Sept. 1, 2025 |
ReVault Flaw Exposed Millions of Dell Laptops to Malicious Domination |
https://www.darkreading.com/endpoint-security/revault-compromised-secure-soc
|
| Sept. 1, 2025 |
CVE-2025-54857 (CVSS 9.8): Critical Flaw in Seiko Solutions Device Allows Remote Takeover |
https://securityonline.info/cve-2025-54857-cvss-9-8-critical-flaw-in-seiko-solutions-device-allows-remote-takeover/
|
| Aug. 31, 2025 |
A Critical Zero-Click WhatsApp Flaw, CVE-2025-55177, Was Exploited in Zero-Day Attacks |
https://securityonline.info/a-critical-zero-click-whatsapp-flaw-cve-2025-55177-was-exploited-in-zero-day-attacks/
|
| Aug. 31, 2025 |
CVE-2025-57803: Critical Flaw in ImageMagick Could Lead to Remote Code Execution |
https://securityonline.info/cve-2025-57803-critical-flaw-in-imagemagick-could-lead-to-remote-code-execution/
|
| Aug. 31, 2025 |
CVE-2025-8077 (CVSS 9.8): CRITICAL Flaw in NeuVector Exposes Kubernetes Clusters to Full Takeover |
https://securityonline.info/cve-2025-8077-cvss-9-8-critical-flaw-in-neuvector-exposes-kubernetes-clusters-to-full-takeover/
|
| Aug. 31, 2025 |
QNAP Patches Critical Flaw (CVE-2025-52856) with CVSS 9.3 |
https://securityonline.info/qnap-patches-critical-flaw-cve-2025-52856-with-cvss-9-3/
|
| Aug. 31, 2025 |
IBM watsonx Orchestrate Vulnerability (CVE-2025-0165) Exposes Systems to SQL Injection Attacks |
https://securityonline.info/ibm-watsonx-orchestrate-vulnerability-cve-2025-0165-exposes-systems-to-sql-injection-attacks/
|
| Aug. 31, 2025 |
A Single URL Can Crash Your Website: Critical DoS Flaw (CVE-2025-58047) Found in Volto CMS |
https://securityonline.info/a-single-url-can-crash-your-website-critical-dos-flaw-cve-2025-58047-found-in-volto-cms/
|
| Aug. 30, 2025 |
WhatsApp patches vulnerability exploited in zero-day attacks |
https://www.bleepingcomputer.com/news/security/whatsapp-patches-vulnerability-exploited-in-zero-day-attacks/
|
| Aug. 30, 2025 |
Netskope Client for Windows - Local Privilege Escalation via Rogue Server (CVE-2025-0309) |
https://www.reddit.com/r/netsec/comments/1n43kvo/netskope_client_for_windows_local_privilege/
|
| Aug. 30, 2025 |
Proof-of-Concept in 15 Minutes? AI Turbocharges Exploitation |
https://www.darkreading.com/vulnerabilities-threats/proof-concept-15-minutes-ai-turbocharges-exploitation
|
| Aug. 30, 2025 |
Rage Against the Authentication State Machine (CVE-2024-28080) |
https://www.reddit.com/r/netsec/comments/1n31plm/rage_against_the_authentication_state_machine/
|
| Aug. 30, 2025 |
BadSuccessor (CVE-2025-53779) Technique Persists Despite Microsoft Patch |
https://securityonline.info/badsuccessor-cve-2025-53779-technique-persists-despite-microsoft-patch/
|
| Aug. 29, 2025 |
PoC Published: Critical Unauthenticated Command Injection Flaw in D-Link Routers (CVSS 9.8), No Patch! |
https://securityonline.info/poc-published-critical-unauthenticated-command-injection-flaw-in-d-link-routers-cvss-9-8-no-patch/
|
| Aug. 28, 2025 |
URGENT: Sangoma FreePBX Warns of Exploit, Urges Immediate Administrator Lockdown |
https://securityonline.info/urgent-sangoma-freepbx-warns-of-exploit-urges-immediate-administrator-lockdown/
|
| Aug. 28, 2025 |
Passwordstate dev urges users to patch auth bypass vulnerability |
https://www.bleepingcomputer.com/news/security/passwordstate-dev-urges-users-to-patch-auth-bypass-vulnerability-as-soon-as-possible/
|
| Aug. 28, 2025 |
Breaking the Passkey Promise: SquareX Discloses Major Passkey Vulnerability at DEF CON 33 |
https://securityonline.info/breaking-the-passkey-promise-squarex-discloses-major-passkey-vulnerability-at-def-con-33/
|
| Aug. 28, 2025 |
A CVSS 9.6 Remote Flaw Allows Unauthenticated Attackers to Bypass Dell ThinOS |
https://securityonline.info/a-cvss-9-6-remote-flaw-allows-unauthenticated-attackers-to-bypass-dell-thinos/
|
| Aug. 28, 2025 |
Cisco Warns of High-Severity DoS Flaw (CVE-2025-20241) in Nexus Switches |
https://securityonline.info/cisco-warns-of-high-severity-dos-flaw-cve-2025-20241-in-nexus-switches/
|
| Aug. 28, 2025 |
Trimble Cityworks: CVE-2025-0994: Active Exploitation |
https://www.recordedfuture.com/blog/trimble-cityworks-cve-2025-0994-vulnerability-analysis
|
| Aug. 28, 2025 |
How to phish users on Android applications - A case study on Meta Threads application |
https://www.reddit.com/r/netsec/comments/1n2falf/how_to_phish_users_on_android_applications_a_case/
|
| Aug. 27, 2025 |
CISA warns of actively exploited Git code execution flaw |
https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-git-code-execution-flaw/
|
| Aug. 27, 2025 |
Commvault plugs holes in backup suite that allow remote code executio |
https://www.reddit.com/r/netsec/comments/1mvm9xp/commvault_plugs_holes_in_backup_suite_that_allow/
|
| Aug. 27, 2025 |
Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks |
https://www.bleepingcomputer.com/news/security/citrix-fixes-critical-netscaler-rce-flaw-exploited-in-zero-day-attacks/
|
| Aug. 26, 2025 |
Google Chrome Patches Critical ANGLE Vulnerability (CVE-2025-9478) Discovered by AI Agent Big Sleep |
https://securityonline.info/google-chrome-patches-critical-angle-vulnerability-cve-2025-9478-discovered-by-ai-agent-big-sleep/
|
| Aug. 26, 2025 |
URGENT: NetScaler Zero-Day CVE-2025-7775 Under Active Attack |
https://securityonline.info/urgent-netscaler-zero-day-cve-2025-7775-under-active-attack/
|
| Aug. 26, 2025 |
This House is Haunted: a decade old RCE in the AION client |
https://www.reddit.com/r/netsec/comments/1n0q5h7/this_house_is_haunted_a_decade_old_rce_in_the/
|
| Aug. 26, 2025 |
Apache Tomcat: CVE-2025-24813: Active Exploitation |
https://www.recordedfuture.com/blog/apache-tomcat-cve-2025-24813-vulnerability-analysis
|
| Aug. 25, 2025 |
Two RCE Vulnerabilities Found in Open-Source BI Tool DataEase |
https://securityonline.info/two-rce-vulnerabilities-found-in-open-source-bi-tool-dataease/
|
| Aug. 25, 2025 |
Critical Docker Desktop flaw lets attackers hijack Windows hosts |
https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/
|
| Aug. 25, 2025 |
Beyond Convenience: Why a Standalone 2FA App Is Your Best Defense |
https://securityonline.info/beyond-convenience-why-a-standalone-2fa-app-is-your-best-defense/
|
| Aug. 25, 2025 |
Vtenext 25.02: A three-way path to RCE |
https://www.reddit.com/r/netsec/comments/1mzmrnp/vtenext_2502_a_threeway_path_to_rce/
|
| Aug. 24, 2025 |
CVE-2025-34158 (CVSS 10): Plex Media Server Users Warned to Patch Critical Vulnerability Now |
https://securityonline.info/cve-2025-34158-cvss-10-plex-media-server-users-warned-to-patch-critical-vulnerability-now/
|
| Aug. 24, 2025 |
CVE-2025-9288: Critical Flaw in Popular JavaScript Library Threatens Global Web Security |
https://securityonline.info/cve-2025-9288-critical-flaw-in-popular-javascript-library-threatens-global-web-security/
|
| Aug. 24, 2025 |
Langflow: CVE-2025-3248: Active Exploitation |
https://www.recordedfuture.com/blog/langflow-cve-2025-3248
|
| Aug. 24, 2025 |
WinRAR vulnerability exploited by two different groups |
https://www.malwarebytes.com/blog/news/2025/08/winrar-vulnerability-exploited-by-two-different-groups
|
| Aug. 23, 2025 |
Microsoft patches some very important vulnerabilities in August’s patch Tuesday |
https://www.malwarebytes.com/blog/news/2025/08/microsoft-patches-some-very-important-vulnerabilities-in-augusts-patch-tuesday
|
| Aug. 23, 2025 |
All Apple users should update after company patches zero-day vulnerability in all platforms |
https://www.malwarebytes.com/blog/news/2025/08/all-apple-users-should-update-after-company-patches-zero-day-vulnerability-in-all-platforms
|
| Aug. 22, 2025 |
Why Patch Management Isn’t Enough: SharePoint, Webshells & the Modern Threat Landscape |
https://www.recordedfuture.com/blog/patch-management-glazing-wont-save-you
|
| Aug. 22, 2025 |
Anthropic MCP Inspector: CVE-2025-49596: Vulnerability Disclosure |
https://www.recordedfuture.com/blog/anthropic-mcp-inspector-cve-2025-49596
|
| Aug. 22, 2025 |
ToolShell Exploit: Critical SharePoint Zero-Day Threatens Global Enterprises |
https://www.recordedfuture.com/blog/toolshell-exploit-chain-thousands-sharepoint-servers-risk
|
| Aug. 22, 2025 |
CVE-2024-36401 Exploited in Stealthy Bandwidth-Monetization Campaign |
https://securityonline.info/cve-2024-36401-exploited-in-stealthy-bandwidth-monetization-campaign/
|
| Aug. 21, 2025 |
AI can be used to create working exploits for published CVEs in a few minutes and for a few dollars |
https://www.reddit.com/r/netsec/comments/1mwfks2/ai_can_be_used_to_create_working_exploits_for/
|
| Aug. 21, 2025 |
Guess Who Would Be Stupid Enough To Rob The Same Vault Twice? Pre-Auth RCE Chains in Commvault - watchTowr Labs |
https://www.reddit.com/r/netsec/comments/1mvb5bd/guess_who_would_be_stupid_enough_to_rob_the_same/
|
| Aug. 21, 2025 |
CVE-2025-55746: Critical Directus Flaw Exposes Servers to Unauthenticated File Upload and RCE |
https://securityonline.info/cve-2025-55746-critical-directus-flaw-exposes-servers-to-unauthenticated-file-upload-and-rce/
|
| Aug. 21, 2025 |
When a SSRF is enough: Full Docker Escape on Windows Docker Desktop (CVE-2025-9074) |
https://www.reddit.com/r/netsec/comments/1mwhisp/when_a_ssrf_is_enough_full_docker_escape_on/
|
| Aug. 20, 2025 |
CVE-2025-54336 (CVSS 9.8): Critical Flaw in Plesk Obsidian Exposes Servers to Full Compromise |
https://securityonline.info/cve-2025-54336-cvss-9-8-critical-flaw-in-plesk-obsidian-exposes-servers-to-full-compromise/
|
| Aug. 20, 2025 |
Trivial C# Random Exploitation |
https://www.reddit.com/r/netsec/comments/1muf1om/trivial_c_random_exploitation/
|
| Aug. 19, 2025 |
Microsoft Patch Tuesday, August 2025 Edition |
https://krebsonsecurity.com/2025/08/microsoft-patch-tuesday-august-2025-edition/
|
| Aug. 19, 2025 |
How We Exploited CodeRabbit: From a Simple PR to RCE and Write Access on 1M Repositories |
https://www.reddit.com/r/netsec/comments/1mumb6z/how_we_exploited_coderabbit_from_a_simple_pr_to/
|
| Aug. 19, 2025 |
Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers |
https://www.reddit.com/r/netsec/comments/1mux8yo/researcher_exposes_zeroday_clickjacking/
|
| Aug. 19, 2025 |
FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970) |
https://www.reddit.com/r/netsec/comments/1mouxyl/fortmajeure_authentication_bypass_in_fortiweb/
|
| Aug. 19, 2025 |
CVE-2025-55205: Critical Flaw in Capsule Kubernetes Exposes Clusters to Cross-Tenant Attacks |
https://securityonline.info/cve-2025-55205-critical-flaw-in-capsule-kubernetes-exposes-clusters-to-cross-tenant-attacks/
|
| Aug. 19, 2025 |
Zero-Day Exploit in WinRAR File |
https://www.schneier.com/blog/archives/2025/08/zero-day-exploit-in-winrar-file.html
|
| Aug. 19, 2025 |
40,000 WordPress websites at risk of being hijacked due to vulnerable Post SMTP plugin |
https://www.bitdefender.com/en-us/blog/hotforsecurity/40-000-wordpress-websites-at-risk-of-being-hijacked-due-to-vulnerable-post-smtp-plugin
|
| Aug. 19, 2025 |
CISA Flags Actively Exploited Trend Micro Apex One Vulnerability (CVE-2025-54948) |
https://securityonline.info/cisa-flags-actively-exploited-trend-micro-apex-one-vulnerability-cve-2025-54948/
|
| Aug. 19, 2025 |
How attackers can execute arbitrary code at the kernel level: A critical Linux Kernel netfilter: ipset: Missing Range Check LPE |
https://www.reddit.com/r/netsec/comments/1mth772/how_attackers_can_execute_arbitrary_code_at_the/
|
| Aug. 18, 2025 |
Researcher to release exploit for full auth bypass on FortiWeb |
https://www.bleepingcomputer.com/news/security/researcher-to-release-exploit-for-full-auth-bypass-on-fortiweb/
|
| Aug. 18, 2025 |
Microsoft Fix Targets Attacks on SharePoint Zero-Day |
https://krebsonsecurity.com/2025/07/microsoft-fix-targets-attacks-on-sharepoint-zero-day/
|
| Aug. 18, 2025 |
KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series |
https://krebsonsecurity.com/2025/08/krebsonsecurity-in-new-most-wanted-hbo-max-series/
|
| Aug. 18, 2025 |
Researcher to release exploit for full auth bypass on FortiWeb |
https://www.bleepingcomputer.com/news/security/researcher-to-release-exploit-for-full-auth-bypass-on-fortiweb/
|
| July 24, 2025 |
High-severity flaw (CVE-2025-8069) in AWS Client VPN for Windows Allows Privilege Escalation |
https://securityonline.info/high-severity-flaw-cve-2025-8069-in-aws-client-vpn-for-windows-allows-privilege-escalation/
|
| July 10, 2025 |
Unpatchable Vulnerabilities in Windows 10/11: Security Report 2025 |
https://www.reddit.com/r/netsec/comments/1lwd7q1/unpatchable_vulnerabilities_in_windows_1011/
|
| July 10, 2025 |
Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients |
https://www.reddit.com/r/netsec/comments/1lvrt2j/critical_rce_vulnerability_in_mcpremote/
|
| June 23, 2025 |
Critical Python Tarfile Flaw (CVE-2025-4517, CVSS 9.4): Arbitrary File Write, PoC Available |
https://securityonline.info/critical-python-tarfile-flaw-cve-2025-4517-cvss-9-4-arbitrary-file-write-poc-available/
|
| June 20, 2025 |
Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover |
https://securityonline.info/urgent-wordpress-alert-motors-theme-flaw-cve-2025-4322-actively-exploited-for-site-takeover/
|
| June 20, 2025 |
OpenVPN Driver Flaw: Local Users Can Crash Windows Systems via Buffer Overflow |
https://securityonline.info/openvpn-driver-flaw-local-users-can-crash-windows-systems-via-buffer-overflow/
|
| June 20, 2025 |
Critical Pterodactyl RCE (CVSS 10.0): Unauthenticated Attackers Exploiting Flaw Now! |
https://securityonline.info/critical-pterodactyl-rce-cvss-10-0-unauthenticated-attackers-exploiting-flaw-now/
|
| April 18, 2025 |
SonicWall SMA VPN devices targeted in attacks since January |
https://www.bleepingcomputer.com/news/security/sonicwall-sma-vpn-devices-targeted-in-attacks-since-january/
|
| March 6, 2025 |
CISA Identifies Five New Vulnerabilities Currently Being Exploited |
https://www.schneier.com/blog/archives/2025/03/cisa-identifies-five-new-vulnerabilities-currently-being-exploited.html
|
| March 6, 2025 |
CVE-2025-26776 (CVSS 10) in Chaty Pro Plugin Exposes Thousands of WordPress Sites to Takeover |
https://securityonline.info/cve-2025-26776-cvss-10-in-chaty-pro-plugin-exposes-thousands-of-wordpress-sites-to-takeover/
|
| March 6, 2025 |
CVE-2025-25012 (CVSS 9.9): Critical Code Execution Vulnerability Patched in Elastic Kibana |
https://securityonline.info/cve-2025-25012-cvss-9-9-critical-code-execution-vulnerability-patched-in-elastic-kibana/
|
| Feb. 19, 2025 |
CVE-2024-12284 in NetScaler Console Exposes Systems to Unauthorized Command Execution |
https://securityonline.info/cve-2024-12284-in-netscaler-console-exposes-systems-to-unauthorized-command-execution/
|
| Feb. 15, 2025 |
Hackers exploit authentication bypass in Palo Alto Networks PAN-OS |
https://www.bleepingcomputer.com/news/security/hackers-exploit-authentication-bypass-in-palo-alto-networks-pan-os/
|
| Feb. 15, 2025 |
Severe nvJPEG2000 Vulnerabilities (CVSS 9.8) in NVIDIA’s GPU Library Could Lead to Code Execution |
https://securityonline.info/severe-nvjpeg2000-vulnerabilities-cvss-9-8-in-nvidias-gpu-library-could-lead-to-code-execution/
|
| Feb. 15, 2025 |
PostgreSQL flaw exploited as zero-day in BeyondTrust breach |
https://www.bleepingcomputer.com/news/security/postgresql-flaw-exploited-as-zero-day-in-beyondtrust-breach/
|
| Jan. 23, 2025 |
Cisco warns of denial of service flaw with PoC exploit code |
https://www.bleepingcomputer.com/news/security/cisco-warns-of-denial-of-service-flaw-with-poc-exploit-code/
|
| Jan. 22, 2025 |
Critical Apache Ambari Security Vulnerabilities Discovered: What You Need to Know |
https://securityonline.info/critical-apache-ambari-security-vulnerabilities-discovered-what-you-need-to-know/
|
| Jan. 22, 2025 |
CVE-2024-52320 and More: Planet Switches Expose Networks to Attack |
https://securityonline.info/cve-2024-52320-and-more-planet-switches-expose-networks-to-attack/
|
| Jan. 22, 2025 |
CVE-2025-23083: Node.js Vulnerability Exposes Sensitive Data and Resources |
https://securityonline.info/cve-2025-23083-node-js-vulnerability-exposes-sensitive-data-and-resources/
|
| Dec. 3, 2024 |
Critical Vulnerabilities in mySCADA myPRO Software Pose Significant Risk to Industrial Control Systems |
https://securityonline.info/critical-vulnerabilities-in-myscada-mypro-software-pose-significant-risk-to-industrial-control-systems/
|
| Dec. 3, 2024 |
CVE-2024-48651: ProFTPD Vulnerability Grants Root Access to Attackers |
https://securityonline.info/cve-2024-48651-proftpd-vulnerability-grants-root-access-to-attackers/
|
| Dec. 3, 2024 |
Zero-Day Exploit Code Released for Windows Task Scheduler Flaw (CVE-2024-49039), Actively Exploited by RomCom Group |
https://securityonline.info/zero-day-exploit-code-released-for-windows-task-scheduler-flaw-cve-2024-49039-actively-exploited-by-romcom-group/
|
| Nov. 30, 2024 |
CVE-2024-52338: Critical Security Flaw in Apache Arrow R Package Allows Arbitrary Code Execution |
https://securityonline.info/cve-2024-52338-critical-security-flaw-in-apache-arrow-r-package-allows-arbitrary-code-execution/
|
| Nov. 29, 2024 |
CVE-2024-11667: Critical Vulnerability in Zyxel Firewalls Actively Exploited |
https://securityonline.info/cve-2024-11667-critical-vulnerability-in-zyxel-firewalls-actively-exploited/
|
| Nov. 29, 2024 |
Integer Overflow Vulnerability in Windows Driver Enables Privilege Escalation, PoC Published |
https://securityonline.info/integer-overflow-vulnerability-in-windows-driver-enables-privilege-escalation-poc-published/
|
| Nov. 29, 2024 |
Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC |
https://securityonline.info/zero-day-in-active-directory-certificate-services-researcher-exposes-cve-2024-49019-with-poc/
|
| Nov. 29, 2024 |
CVE-2024-52338: Critical Security Flaw in Apache Arrow R Package Allows Arbitrary Code Execution |
https://securityonline.info/cve-2024-52338-critical-security-flaw-in-apache-arrow-r-package-allows-arbitrary-code-execution/
|
| Nov. 21, 2024 |
CVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses, PoC Published |
https://securityonline.info/cve-2024-52940-anydesk-vulnerability-exposes-user-ip-addresses-poc-published/
|
| Nov. 21, 2024 |
CVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution |
https://securityonline.info/cve-2024-10220-kubernetes-vulnerability-allows-arbitrary-command-execution/
|
| Nov. 21, 2024 |
Critical VMware vCenter Server Flaws Under Active Attack: CISA Issues Urgent Warning |
https://securityonline.info/critical-vmware-vcenter-server-flaws-under-active-attack-cisa-issues-urgent-warning/
|
| Nov. 4, 2024 |
Okta Patches Vulnerability (CVE-2024-9191) in Verify Desktop MFA for Windows |
https://securityonline.info/okta-patches-vulnerability-cve-2024-9191-in-verify-desktop-mfa-for-windows/
|
| Nov. 4, 2024 |
CVE-2024-8956 & CVE-2024-8957: Two Actively Exploited Vulnerabilities in PTZ Cameras |
https://securityonline.info/cve-2024-8956-cve-2024-8957-two-actively-exploited-vulnerabilities-in-ptz-cameras/
|
| Nov. 4, 2024 |
CVE-2024-46538: Unpatched XSS Flaw in pfSense Allows Remote Exploits, PoC Published |
https://securityonline.info/cve-2024-46538-unpatched-xss-flaw-in-pfsense-allows-remote-exploits-poc-published/
|
| Sept. 10, 2024 |
Ivanti Issues Patch for Critical Vulnerabilities in Endpoint Manager, Including CVE-2024-29847 (CVSS 10.0) |
https://securityonline.info/ivanti-issues-patch-for-critical-vulnerabilities-in-endpoint-manager-including-cve-2024-29847-cvss-10-0/
|
| Sept. 10, 2024 |
Siemens Issues Critical Security Advisory for User Management Component (UMC) – CVE-2024-33698 |
https://securityonline.info/siemens-issues-critical-security-advisory-for-user-management-component-umc-cve-2024-33698/
|
| Sept. 10, 2024 |
CVE-2024-6342: Critical Command Injection Flaw in Zyxel NAS Devices, Hotfixes Released for End-of-Support Products |
https://securityonline.info/cve-2024-6342-critical-command-injection-flaw-in-zyxel-nas-devices-hotfixes-released-for-end-of-support-products/
|
| Sept. 9, 2024 |
YubiKey Side-Channel Attack |
https://www.schneier.com/blog/archives/2024/09/yubikey-side-channel-attack.html
|
| Sept. 9, 2024 |
Critical Kibana Flaws (CVE-2024-37288, CVE-2024-37285) Expose Systems to Arbitrary Code Execution |
https://securityonline.info/critical-kibana-flaws-cve-2024-37288-cve-2024-37285-expose-systems-to-arbitrary-code-execution/
|
| Sept. 9, 2024 |
HAProxy Vulnerability CVE-2024-45506 Under Active Exploit: Urgent Patching Required |
https://securityonline.info/haproxy-vulnerability-cve-2024-45506-under-active-exploit-urgent-patching-required/
|
| Sept. 9, 2024 |
PoC Exploit Releases for Windows Elevation of Privilege Vulnerability CVE-2024-26230 |
https://securityonline.info/poc-exploit-releases-for-windows-elevation-of-privilege-vulnerability-cve-2024-26230/
|
| Sept. 9, 2024 |
MindsDB Fixes Critical CVE-2024-24759: DNS Rebinding Attack Bypasses Security Protections |
https://securityonline.info/mindsdb-fixes-critical-cve-2024-24759-dns-rebinding-attack-bypasses-security-protections/
|
| Aug. 23, 2024 |
Urgent Edge Security Update: Microsoft Patches Zero-day & RCE Vulnerabilities |
https://securityonline.info/urgent-edge-security-update-microsoft-patches-zero-day-rce-vulnerabilities/
|
| Aug. 23, 2024 |
Exploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows Kernel Streaming WOW Thunk |
https://securityonline.info/exploit-for-cve-2024-38054-released-elevation-of-privilege-flaw-in-windows-kernel-streaming-wow-thunk/
|
| Aug. 14, 2024 |
CVE-2024-28986 (CVSS 9.8): SolarWinds Web Help Desk Users Must Patch Now! |
https://securityonline.info/cve-2024-28986-cvss-9-8-solarwinds-web-help-desk-users-must-patch-now/
|
| Aug. 14, 2024 |
CVE-2024-38063 (CVSS 9.8): 0-Click RCE Affects All Windows Systems |
https://securityonline.info/cve-2024-38063-cvss-9-8-0-click-rce-affects-all-windows-systems/
|
| Aug. 14, 2024 |
ArtiPACKED: A New GitHub Actions Vulnerability Exposes Critical Credentials |
https://securityonline.info/artipacked-a-new-github-actions-vulnerability-exposes-critical-credentials/
|
| Aug. 8, 2024 |
Critical Progress WhatsUp RCE flaw now under active exploitation |
https://www.bleepingcomputer.com/news/security/critical-progress-whatsup-rce-flaw-now-under-active-exploitation/
|
| Aug. 7, 2024 |
CVE-2024-43044: Critical Jenkins Vulnerability Exposes Servers to RCE Attacks |
https://securityonline.info/cve-2024-43044-critical-jenkins-vulnerability-exposes-servers-to-rce-attacks/
|
| Aug. 3, 2024 |
From Limited file read to full access on Jenkins (CVE-2024-23897) |
https://www.reddit.com/r/netsec/comments/1ehd85y/from_limited_file_read_to_full_access_on_jenkins/
|
| Aug. 3, 2024 |
Windows AppLocker Driver LPE Vulnerability - CVE-2024-21338 |
https://www.reddit.com/r/netsec/comments/1ehjatd/windows_applocker_driver_lpe_vulnerability/
|
| July 26, 2024 |
Critical ServiceNow RCE flaws actively exploited to steal credentials |
https://www.bleepingcomputer.com/news/security/critical-servicenow-rce-flaws-actively-exploited-to-steal-credentials/
|
| July 20, 2024 |
Cisco Warns of Unpatched Vulnerability (CVE-2024-20416) in RV340 and RV345 Routers |
https://securityonline.info/cisco-warns-of-unpatched-vulnerability-cve-2024-20416-in-rv340-and-rv345-routers/
|
| July 20, 2024 |
CVE-2024-22442 (CVSS 9.8): HPE Patches Critical 3PAR Service Processor Flaw |
https://securityonline.info/cve-2024-22442-cvss-9-8-hpe-patches-critical-3par-service-processor-flaw/
|
| July 20, 2024 |
Oracle WebLogic Users Urged to Patch Critical Vulnerability (CVE-2024-21181, CVSS 9.8) |
https://securityonline.info/oracle-weblogic-users-urged-to-patch-critical-vulnerability-cve-2024-21181-cvss-9-8/
|
| July 20, 2024 |
Broadcom Urges Immediate Patching for Critical Symantec PAM Vulnerabilities |
https://securityonline.info/broadcom-urges-immediate-patching-for-critical-symantec-pam-vulnerabilities/
|
| July 17, 2024 |
CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks |
https://www.bleepingcomputer.com/news/security/cisa-warns-critical-geoserver-geotools-rce-flaw-is-exploited-in-attacks/
|
| July 9, 2024 |
CVE-2024-6409: New Remote Code Execution Vulnerability in OpenSSH |
https://securityonline.info/cve-2024-6409-new-remote-code-execution-vulnerability-in-openssh/
|
| July 9, 2024 |
Hackers are Actively Exploiting CVE-2024-5441 Flaw, 150,000 Sites at Risk |
https://securityonline.info/hackers-are-actively-exploiting-cve-2024-5441-flaw-150000-sites-at-risk/
|
| July 9, 2024 |
Turla APT Group Unleashes Sophisticated Fileless Backdoor via Compromised Site |
https://securityonline.info/turla-apt-group-unleashes-sophisticated-fileless-backdoor-via-compromised-site/
|
| July 9, 2024 |
Critical Security Advisory for Apache CloudStack: CVE-2024-38346 and CVE-2024-39864 |
https://securityonline.info/critical-security-advisory-for-apache-cloudstack-cve-2024-38346-and-cve-2024-39864/
|
| July 9, 2024 |
CVE-2024-36138: High-Severity Vulnerability in Node.js Allows Code Execution on Windows |
https://securityonline.info/cve-2024-36138-high-severity-vulnerability-in-node-js-allows-code-execution-on-windows/
|
| July 9, 2024 |
VMware vCenter Server RCE (CVE-2024-22274): PoC Exposes Systems to Remote Takeover |
https://securityonline.info/vmware-vcenter-server-rce-cve-2024-22274-poc-exposes-systems-to-remote-takeover/
|
| July 9, 2024 |
BlastRADIUS Vulnerability (CVE-2024-3596): Flaw in RADIUS Protocol Exposes Networks to Attack |
https://securityonline.info/blastradius-vulnerability-cve-2024-3596-flaw-in-radius-protocol-exposes-networks-to-attack/
|
| July 8, 2024 |
Cisco Confirms Critical OpenSSH regreSSHion (CVE-2024-6387) Flaw in Multiple Products |
https://securityonline.info/cisco-confirms-critical-openssh-regresshion-cve-2024-6387-flaw-in-multiple-products/
|
| July 8, 2024 |
CVE-2024-39349 (CVSS 9.8): Critical Vulnerability in Synology Surveillance Cameras |
https://securityonline.info/cve-2024-39349-cvss-9-8-critical-vulnerability-in-synology-surveillance-cameras/
|
| July 3, 2024 |
New Open SSH Vulnerability |
https://www.schneier.com/blog/archives/2024/07/new-open-ssh-vulnerability.html
|
| June 30, 2024 |
CVE-2024-36072 (CVSS 10): Unauthenticated RCE Flaw in CoSoSys Endpoint Protector |
https://securityonline.info/cve-2024-36072-unauthenticated-rce-flaw-in-cososys-endpoint-protector/
|
| June 30, 2024 |
PoC Released for Unauthenticated RCE Vulnerability in TP-Link VIGI NVR4032H Network Video Recorder |
https://securityonline.info/poc-released-for-unauthenticated-rce-vulnerability-in-tp-link-vigi-nvr4032h-network-video-recorder/
|
| June 30, 2024 |
CVE-2024-2973 (CVSS 10): Juniper Session Smart Router Authentication Bypass Vulnerability |
https://securityonline.info/cve-2024-2973-cvss-10-juniper-session-smart-router-authentication-bypass-vulnerability/
|
| June 30, 2024 |
Microsoft Issues CVE Numbers for Cloud Service Vulnerabilities |
https://securityonline.info/microsoft-issues-cve-numbers-for-cloud-service-vulnerabilities/
|
| June 23, 2024 |
CosmicSting (CVE-2024-34102): A Critical E-Commerce Vulnerability Threatening Millions of Online Stores |
https://securityonline.info/cosmicsting-cve-2024-34102-a-critical-e-commerce-vulnerability-threatening-millions-of-online-stores/
|
| June 23, 2024 |
Ghostscript Patches Multiple Vulnerabilities, Potential for Arbitrary Code Execution |
https://securityonline.info/ghostscript-patches-multiple-vulnerabilities-potential-for-arbitrary-code-execution/
|
| June 23, 2024 |
ESET Issues Security Patch for Privilege Escalation Flaw in Windows Products |
https://securityonline.info/eset-issues-security-patch-for-privilege-escalation-flaw-in-windows-products/
|
| June 21, 2024 |
SolarWinds Serv-U path traversal flaw actively exploited in attacks |
https://www.bleepingcomputer.com/news/security/solarwinds-serv-u-path-traversal-flaw-actively-exploited-in-attacks/
|
| June 21, 2024 |
CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites |
https://www.bleepingcomputer.com/news/security/cosmicsting-flaw-impacts-75-percent-of-adobe-commerce-magento-sites/
|
| June 21, 2024 |
Phoenix UEFI vulnerability impacts hundreds of Intel PC models |
https://www.bleepingcomputer.com/news/security/phoenix-uefi-vulnerability-impacts-hundreds-of-intel-pc-models/
|
| June 20, 2024 |
VMware fixes critical vCenter RCE vulnerability, patch now |
https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-vcenter-rce-vulnerability-patch-now/
|
| June 13, 2024 |
CVE-2024-26169: Windows Zero-Day Vulnerability Abused by Black Basta Ransomware |
https://securityonline.info/cve-2024-26169-windows-zero-day-vulnerability-abused-by-black-basta-ransomware/
|
| June 13, 2024 |
Adobe Patches Critical Flaws in Multiple Products, Urging Users to Update |
https://securityonline.info/adobe-patches-critical-flaws-in-multiple-products-urging-users-to-update/
|
| June 13, 2024 |
CVE-2024-35213: Critical Vulnerability Discovered in BlackBerry QNX SDP |
https://securityonline.info/cve-2024-35213-critical-vulnerability-discovered-in-blackberry-qnx-sdp/
|
| June 13, 2024 |
CVE-2024-37051: Critical JetBrains Flaw Exposes GitHub Tokens in IntelliJ IDEs, PoC Published |
https://securityonline.info/cve-2024-37051-exploit-poc-jetbrains-github-tokens/
|
| June 13, 2024 |
CVE-2024-32896: Google Patches Actively Exploited Zero-Day Vulnerability in Pixel Devices |
https://securityonline.info/cve-2024-32896-google-patches-actively-exploited-zero-day-vulnerability-in-pixel-devices/
|
| June 13, 2024 |
Urgent Security Alert: SuiteCRM Users Urged to Patch Multiple Critical Vulnerabilities |
https://securityonline.info/urgent-security-alert-suitecrm-users-urged-to-patch-multiple-critical-vulnerabilities/
|
| June 13, 2024 |
VLC Media Player Patches Two Vulnerabilities: Users Urged to Update Immediately |
https://securityonline.info/vlc-media-player-patches-two-vulnerabilities-users-urged-to-update-immediately/
|
| June 13, 2024 |
CVE-2024-27801: Critical Vulnerability Discovered in Apple Ecosystem, PoC Published |
https://securityonline.info/cve-2024-27801-critical-vulnerability-discovered-in-apple-ecosystem-poc-published/
|
| June 11, 2024 |
Veeam Patches Critical Security Flaw in Recovery Orchestrator (CVE-2024-29855) |
https://securityonline.info/veeam-patches-critical-security-flaw-in-recovery-orchestrator-cve-2024-29855/
|
| June 3, 2024 |
Patch Now to Avoid Apache OFBiz Remote Code Execution – CVE-2024-36104 |
https://securityonline.info/patch-now-to-avoid-apache-ofbiz-remote-code-execution-cve-2024-36104/
|
| June 3, 2024 |
CVE-2024-3820 (CVSS 10) in wpDataTables Puts 70,000 WordPress Sites at Risk |
https://securityonline.info/cve-2024-3820-cvss-10-in-wpdatatables-puts-70000-wordpress-sites-at-risk/
|
| June 3, 2024 |
13,800+ Check Point Gateways Exposed: 0-Day CVE-2024-24919 Flaw Under Attack |
https://securityonline.info/13800-check-point-gateways-exposed-0-day-cve-2024-24919-flaw-under-attack/
|
| May 15, 2024 |
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers |
https://www.bleepingcomputer.com/news/security/poc-exploit-released-for-rce-zero-day-in-d-link-exo-ax4800-routers/
|
| May 13, 2024 |
[KIS-2024-04] Cacti <= 1.2.26 Remote Code Execution Vulnerability |
https://www.reddit.com/r/netsec/comments/1cqurbm/kis202404_cacti_1226_remote_code_execution/
|
| May 9, 2024 |
New BIG-IP Next Central Manager bugs allow device takeover |
https://www.bleepingcomputer.com/news/security/new-big-ip-next-central-manager-bugs-allow-device-takeover/
|
| May 2, 2024 |
Cisco IP Phones Exposed: Vulnerabilities Allow Hackers to Disrupt, Spy, and Even Make Calls |
https://securityonline.info/cisco-ip-phones-exposed-vulnerabilities-allow-hackers-to-disrupt-spy-and-even-make-calls/
|
| May 2, 2024 |
HPE Aruba Networking Patches Critical Vulnerabilities in Mobility Controllers and Gateways |
https://securityonline.info/hpe-aruba-networking-patches-critical-vulnerabilities-in-mobility-controllers-and-gateways/
|
| May 2, 2024 |
CVE-2024-32962 (CVSS 10): Critical Vulnerability in XML-Crypto Affects Millions |
https://securityonline.info/cve-2024-32962-cvss-10-critical-vulnerability-in-xml-crypto-affects-millions/
|
| May 2, 2024 |
CVE-2024-32971: Critical Vulnerability in Apollo Router Compromises Data Integrity |
https://securityonline.info/cve-2024-32971-critical-vulnerability-in-apollo-router-compromises-data-integrity/
|
| May 2, 2024 |
CVE-2024-32114: High-Severity Vulnerability Exposed in Apache ActiveMQ |
https://securityonline.info/cve-2024-32114-high-severity-vulnerability-exposed-in-apache-activemq/
|
| April 30, 2024 |
New R Vulnerability CVE-2024-27322: Code Execution Risk in Data Files |
https://securityonline.info/new-r-vulnerability-cve-2024-27322-code-execution-risk-in-data-files/
|
| April 30, 2024 |
Ant Media Server Flaw Grants Local Users Root Access (CVE-2024-32656) |
https://securityonline.info/ant-media-server-flaw-grants-local-users-root-access-cve-2024-32656/
|
| April 29, 2024 |
CVE-2024-32766 (CVSS 10) – QNAP Vulnerability: Hackers Can Hijack Your NAS |
https://securityonline.info/cve-2024-32766-cvss-10-qnap-vulnerability-hackers-can-hijack-your-nas/
|
| April 29, 2024 |
Telegram Patches Flaw in Web Version, Vulnerability Exposed User Accounts to Hackers |
https://securityonline.info/telegram-patches-flaw-in-web-version-vulnerability-exposed-user-accounts-to-hackers/
|
| April 29, 2024 |
Researchers Uncover ‘Pathfinder’ Exploit, Putting CPUs at Risk of High-Precision Attacks |
https://securityonline.info/researchers-uncover-pathfinder-exploit-putting-cpus-at-risk-of-high-precision-attacks/
|
| April 28, 2024 |
Mitel Issues Critical Fixes for XSS Vulnerabilities in MiContact Center Business |
https://securityonline.info/mitel-issues-critical-fixes-for-xss-vulnerabilities-in-micontact-center-business/
|
| April 28, 2024 |
Windows Kernel EoP Vulnerability (CVE-2024-21345) Gets PoC Exploit Code |
https://securityonline.info/windows-kernel-eop-vulnerability-cve-2024-21345-gets-poc-exploit-code/
|
| April 26, 2024 |
PoC Exploit Releases for Critical Progress Flowmon Bug – CVE-2024-2389 (CVSS 10) |
https://securityonline.info/poc-exploit-releases-for-critical-progress-flowmon-bug-cve-2024-2389-cvss-10/
|
| April 26, 2024 |
Skylab IGX IIoT Gateway Vulnerability (CVE-2024-4163): Root Access for Attackers |
https://securityonline.info/skylab-igx-iiot-gateway-vulnerability-cve-2024-4163-root-access-for-attackers/
|
| April 26, 2024 |
Security Update for Webmin: Addressing Privilege Escalation Vulnerability |
https://securityonline.info/critical-security-update-for-webmin-addressing-privilege-escalation-vulnerability/
|
| April 25, 2024 |
18 vulnerabilities in Brocade SANnav |
https://www.reddit.com/r/netsec/comments/1cbztz4/18_vulnerabilities_in_brocade_sannav/
|
| April 25, 2024 |
Multiple Vulnerabilities in Open Devin (Autonomous AI Software Engineer) |
https://www.reddit.com/r/netsec/comments/1cctaah/multiple_vulnerabilities_in_open_devin_autonomous/
|
| April 25, 2024 |
Cisco ASA exploit in the wild. |
https://www.reddit.com/r/netsec/comments/1cc62sy/cisco_asa_exploit_in_the_wild/
|
| April 24, 2024 |
CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon |
https://www.reddit.com/r/netsec/comments/1cb7vz5/cve20242389_command_injection_vulnerability_in/
|
| April 24, 2024 |
Grafana backend sql injection affected all version |
https://www.reddit.com/r/netsec/comments/1cbrrg8/grafana_backend_sql_injection_affected_all_version/
|
| April 23, 2024 |
Oracle VirtualBox Elevation of Privilege Vulnerability (CVE-2024-21111): PoC Published |
https://securityonline.info/oracle-virtualbox-elevation-of-privilege-vulnerability-cve-2024-21111-poc-published/
|
| April 23, 2024 |
Linux Systems Targeted: Open-Source Pupy RAT Exploited in Attacks Across Asia |
https://securityonline.info/linux-systems-targeted-open-source-pupy-rat-exploited-in-attacks-across-asia/
|
| April 23, 2024 |
CVE-2024-2796: Critical Vulnerability Discovered in Popular API Developer Portal |
https://securityonline.info/cve-2024-2796-critical-vulnerability-discovered-in-popular-api-developer-portal/
|
| April 23, 2024 |
Citrix uberAgent Update for Privilege Escalation Vulnerability (CVE-2024-3902) |
https://securityonline.info/citrix-uberagent-update-for-privilege-escalation-vulnerability-cve-2024-3902/
|
| April 23, 2024 |
Multiple Vulnerabilities Patched in Apache HugeGraph – Update Immediately |
https://securityonline.info/multiple-vulnerabilities-patched-in-apache-hugegraph-update-immediately/
|
| April 22, 2024 |
CrushFTP warns users to patch exploited zero-day “immediately” |
https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/
|
| April 22, 2024 |
Critical Forminator plugin flaw impacts over 300k WordPress sites |
https://www.bleepingcomputer.com/news/security/critical-forminator-plugin-flaw-impacts-over-300k-wordpress-sites/
|
| April 18, 2024 |
An Obscure Actions Workflow Vulnerability in Google’s Flank |
https://www.reddit.com/r/netsec/comments/1c6i2pj/an_obscure_actions_workflow_vulnerability_in/
|
| April 18, 2024 |
Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers - Shielder |
https://www.reddit.com/r/netsec/comments/1c6z1bn/element_android_cve202426131_cve202426132_never/
|
| April 17, 2024 |
Ivanti warns of critical flaws in its Avalanche MDM solution |
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-flaws-in-its-avalanche-mdm-solution/
|
| April 17, 2024 |
CVE-2024-32019 in Popular Monitoring Tool Netdata Could Allow Hackers Root Access |
https://securityonline.info/cve-2024-32019-in-popular-monitoring-tool-netdata-could-allow-hackers-root-access/
|
| April 17, 2024 |
PoC Exploit Released for 0-day Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-21338) |
https://securityonline.info/poc-exploit-released-for-0-day-windows-kernel-elevation-of-privilege-vulnerability-cve-2024-21338/
|
| April 17, 2024 |
Cisco discloses root escalation flaw with public exploit code |
https://www.bleepingcomputer.com/news/security/cisco-discloses-root-escalation-flaw-with-public-exploit-code/
|
| April 16, 2024 |
Exploit released for Palo Alto PAN-OS bug used in attacks, patch now |
https://www.bleepingcomputer.com/news/security/exploit-released-for-palo-alto-pan-os-bug-used-in-attacks-patch-now/
|
| April 16, 2024 |
PuTTY SSH client flaw allows recovery of cryptographic private keys |
https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/
|
| April 16, 2024 |
Ivanti warns of critical flaws in its Avalanche MDM solution |
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-flaws-in-its-avalanche-mdm-solution/
|
| April 14, 2024 |
CVE-2024-22734 – Critical Flaw in Trux Software: Hackers Can Take Over Systems |
https://securityonline.info/cve-2024-22734-critical-flaw-in-trux-software-hackers-can-take-over-systems/
|
| April 14, 2024 |
CVE-2024-20670 Report - "New Outlook" NTLM Leak and File Execution |
https://www.reddit.com/r/netsec/comments/1c28wyp/cve202420670_report_new_outlook_ntlm_leak_and/
|
| April 14, 2024 |
Bitdefender Patches Critical Vulnerabilities in GravityZone and Endpoint Security |
https://securityonline.info/bitdefender-patches-critical-vulnerabilities-in-gravityzone-and-endpoint-security/
|
| April 14, 2024 |
CVE-2024-22262: Spring Framework Hit by New Vulnerability, Urgent Update Needed |
https://securityonline.info/cve-2024-22262-spring-framework-hit-by-new-vulnerability-urgent-update-needed/
|
| April 14, 2024 |
PoC Released for Zero-Click CVE-2023-35628 Vulnerability in Microsoft Windows |
https://securityonline.info/poc-released-for-zero-click-cve-2023-35628-vulnerability-in-microsoft-windows/
|
| Feb. 29, 2024 |
Urgent Security Alert: Avada WordPress Theme Vulnerability (CVE-2024-1468) |
https://securityonline.info/urgent-security-alert-avada-wordpress-theme-vulnerability-cve-2024-1468/
|
| Feb. 29, 2024 |
Zero-Day Alert (CVE-2024-21338): Lazarus Group Exploits Windows Kernel Vulnerability |
https://securityonline.info/zero-day-alert-cve-2024-21338-lazarus-group-exploits-windows-kernel-vulnerability/
|
| Feb. 29, 2024 |
NVIDIA Tackles Severe GPU Display Driver Vulnerabilities – Urgent Update Required |
https://securityonline.info/nvidia-tackles-severe-gpu-display-driver-vulnerabilities-urgent-update-required/
|
| Feb. 16, 2024 |
PoC Exploit Released for Microsoft Outlook RCE Flaw – CVE-2024-21413 |
https://securityonline.info/poc-exploit-released-for-microsoft-outlook-rce-flaw-cve-2024-21413/#google_vignette
|
| Feb. 11, 2024 |
Google Chrome Zero-Day PoC Code Released |
https://securityonline.info/google-chrome-zero-day-poc-code-released/#google_vignette
|
| Feb. 11, 2024 |
Exploiting the probmon.sys Minifilter driver in order to create a process killer. |
https://github.com/enkomio/s4killer
|
| Feb. 6, 2024 |
Critical Alert: CVE-2024-23917 Exposes TeamCity to Unauthenticated Attacks |
https://securityonline.info/critical-alert-cve-2024-23917-exposes-teamcity-to-unauthenticated-attacks/#google_vignette
|
| Feb. 5, 2024 |
Escaping the Sandbox: CVE-2024-21399 Microsoft Edge RCE Vulnerability |
https://securityonline.info/escaping-the-sandbox-cve-2024-21399-microsoft-edge-rce-vulnerability/
|
| Feb. 5, 2024 |
CVE-2024-23208 Exposed: A PoC Tool Unveils iOS Kernel Flaw |
https://securityonline.info/cve-2024-23208-exposed-a-poc-tool-unveils-ios-kernel-flaw/
|
| Jan. 24, 2024 |
CVE-2023-6546 (ZDI-24-020) - Linux Kernel GSM Multiplexing Race Condition LPE |
https://github.com/Nassim-Asrir/ZDI-24-020/
|
| Dec. 29, 2023 |
POC for Apache ActiveMQ CVE-2023-46604 |
https://github.com/X1r0z/ActiveMQ-RCE
|
| Dec. 28, 2023 |
Critical Apache OFBiz Zero-day -AuthBiz |
https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/
|
| Dec. 23, 2023 |
Full Chain Baseband Exploits, Part 1 |
https://labs.taszk.io/articles/post/full_chain_bb_part1/
|
| Dec. 16, 2023 |
Microsoft office buffer overflow |
https://www.redpacketsecurity.com/microsoft-office-buffer-overflow/
|
| Dec. 16, 2023 |
Microsoft Office SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
https://www.zerodayinitiative.com/advisories/ZDI-23-1785/
|
| Dec. 16, 2023 |
The new In-The-Wild Google Chrome Heap buffer overflow in WebP (CVE-2023-4863) is due to an out-of-bounds write vulnerability within the "BuildHuffmanTable" function |
https://chromium.googlesource.com/webm/libwebp.git/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76
|
| Dec. 12, 2023 |
Researcher to Release PoC for 0-day Windows CVE-2023-36036 Flaw |
https://securityonline.info/researcher-to-release-poc-0day-cve-2023-36036-vulnerability/#google_vignette
|
| Dec. 9, 2023 |
CVE-2023-45866: Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS |
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
|
| Nov. 21, 2023 |
Log4Shell - different avenues of exploitation |
https://olexvel.substack.com/p/log4shell-different-avenues-of-exploitation
|
| Nov. 18, 2023 |
AI Exploits |
https://github.com/protectai/ai-exploits
|
| Nov. 16, 2023 |
Padre - Blazing Fast, Advanced Padding Oracle Exploit |
https://www.kitploit.com/2023/11/padre-blazing-fast-advanced-padding.html
|
| Nov. 15, 2023 |
Reptar: an Intel Ice Lake CPU vulnerability, by Tavis Ormandy |
https://lock.cmpxchg8b.com/reptar.html
|
| Nov. 14, 2023 |
Ubuntu Privilege Escalation bash one-liner using CVE-2023-32629 & CVE-2023-2640 |
https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation
|
| Nov. 14, 2023 |
Randstorm: You Can’t Patch a House of Cards (BitcoinJS) |
https://www.unciphered.com/blog/randstorm-you-cant-patch-a-house-of-cards
|
| Nov. 11, 2023 |
SpoolSploit - A collection of Windows print spooler exploits containerized with other utilities for practical exploitation. |
https://github.com/BeetleChunks/SpoolSploit
|
| Nov. 11, 2023 |
unauth RCE exploit against Cisco IOS XE (CVE-2023-20198 and CVE-2023-20273) |
https://www.rapid7.com/blog/post/2023/11/10/metasploit-weekly-wrap-up-35/
|
| Nov. 9, 2023 |
Hacking the Canon imageCLASS MF742Cdw/MF743Cdw (again) |
https://haxx.in/posts/hacking-canon-imageclass/
|
| Oct. 26, 2023 |
CitrixBleed Exploit |
https://github.com/assetnote/exploits/blob/main/citrix/CVE-2023-4966/exploit.py
|
| Oct. 5, 2023 |
Zero-days for hacking WhatsApp are now worth millions of dollars |
https://techcrunch.com/2023/10/05/zero-days-for-hacking-whatsapp-are-now-worth-millions-of-dollars/?guccounter=1&guce_referrer=aHR0cHM6Ly90LmNvLw&guce_referrer_sig=AQAAAKdeU5wm3OO2aerJISEVsN0GtLjIZD2h
|
| Oct. 3, 2023 |
ShellTorch: Multiple Critical Vulnerabilities in PyTorch Model Server (TorchServe) (CVSS 9.9, CVSS 9.8) Threatens Countless AI Users - Immediate Action Required |
https://www.oligo.security/blog/shelltorch-torchserve-ssrf-vulnerability-cve-2023-43654
|
| Oct. 3, 2023 |
CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution |
https://pyn3rd.github.io/2023/09/15/CVE-2023-34040-Spring-Kafka-Deserialization-Remote-Code-Execution/
|
| Sept. 20, 2023 |
Alert Regarding Vulnerability in Trend Micro Multiple Endpoint Security Products for Enterprises |
https://www.jpcert.or.jp/english/at/2023/at230021.html
|
| Sept. 14, 2023 |
CVE-2023-38146: Arbitrary Code Execution via Windows Themes |
https://exploits.forsale/themebleed/
|
| Sept. 12, 2023 |
Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863) |
https://www.helpnetsecurity.com/2023/09/12/cve-2023-4863/
|
| Sept. 11, 2023 |
PoC Exploit for CVE-2023-27524 in Apache Superset Leads to RCE Released |
https://securityonline.info/poc-exploit-for-cve-2023-27524-in-apache-superset-leads-to-rce-released/
|
| Sept. 8, 2023 |
BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild |
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
|
| Sept. 6, 2023 |
Code Vulnerabilities Leak Emails in Proton Mail |
https://www.sonarsource.com/blog/code-vulnerabilities-leak-emails-in-proton-mail/?utm_source=twitter&utm_medium=social&utm_campaign=protonmail&utm_content=security&utm_term=mofu
|
| Sept. 3, 2023 |
CVE-2023-37895: Apache Jackrabbit RMI RCE |
https://y4er.com/posts/cve-2023-37895-apache-jackrabbit-rmi-rce/
|
| Sept. 3, 2023 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331 |
https://www.cve.org/CVERecord?id=CVE-2023-4751
|
| Sept. 3, 2023 |
Vulnerability in Windows’s File History Service allows local users to gain elevated privileges on the Windows operating system |
https://ssd-disclosure.com/ssd-advisory-file-history-service-fhsvc-dll-elevation-of-privilege/
|
| Sept. 1, 2023 |
Researcher releases PoC exploit for critical VMware Aria (CVE-2023-34039) bug |
https://securityonline.info/researcher-releases-poc-exploit-for-critical-vmware-aria-cve-2023-34039-bug/
|
| Sept. 1, 2023 |
Multiple Security Vulnerabilities Found in NVIDIA DGX H100 System |
https://securityonline.info/multiple-security-vulnerabilities-found-in-nvidia-dgx-h100-system/#google_vignette
|
| Aug. 31, 2023 |
Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL |
https://advisory.splunk.com/advisories/SVD-2023-0805
|
| Aug. 28, 2023 |
Exploit released for Juniper firewall bugs allowing RCE attacks |
https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844
|
| Aug. 28, 2023 |
Multiple Vulnerabilities found in Techview LA-5570 Wireless Gateway Home Automation Controller |
https://www.exploitsecurity.io/post/cve-2023-34723-cve-2023-34724-cve-2023-34725
|
| Aug. 28, 2023 |
Busybox cpio directory traversal vulnerability (CVE-2023-39810) |
https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/
|
| Aug. 25, 2023 |
Full exploit chain for Faronics-DeepFreeze-8 |
https://github.com/snowcra5h/Faronics-DeepFreeze-8-Exploit
|
| Aug. 21, 2023 |
CVE-2023-3269: Linux kernel privilege escalation vulnerability |
https://github.com/lrh2000/StackRot
|
| Aug. 21, 2023 |
CVE-2023-36874: proof-of-concept exploit written in C++ that demonstrates the exploitation of a vulnerability affecting the Windows Error Reporting (WER) |
https://github.com/d0rb/CVE-2023-36874
|
| Aug. 19, 2023 |
WinRAR flaw lets hackers run programs when you open RAR archives |
https://www.bleepingcomputer.com/news/security/winrar-flaw-lets-hackers-run-programs-when-you-open-rar-archives/
|
| Aug. 19, 2023 |
CVE-2023-40477: WinRAR Code Execution Vulnerability |
https://securityonline.info/cve-2023-40477-winrar-code-execution-vulnerability/
|
| Aug. 17, 2023 |
Creating an Exploit: SolarWinds Vulnerability CVE-2021-35211 |
https://bishopfox.com/blog/exploit-for-cve-2021-35211
|
| Aug. 15, 2023 |
AMD issued the second patch to fix “Division by zero” vulnerability in AMD Zen 1 |
https://securityonline.info/amd-issued-the-second-patch-to-fix-division-by-zero-vulnerability-in-amd-zen-1/
|
| Aug. 14, 2023 |
WPS Office Remote Code Execution Exploit On 2023-08-10 |
https://github.com/ba0gu0/wps-rce
|
| Aug. 11, 2023 |
Google details 0-click bug in Pixel 6 modem: Advises users to disable 2G |
https://www.scmagazine.com/news/google-details-0-click-bug-in-pixel-6-modem-advises-users-to-disable-2g
|
| Aug. 8, 2023 |
Downfall Attacks - Downfall attacks targets a critical weakness found in billions of modern processors used in personal and cloud computers |
https://downfall.page/
|
| Aug. 7, 2023 |
Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege / Remote Code Execution |
https://0day.today/exploit/description/38891
|
| Aug. 7, 2023 |
Rudder Server SQL Injection / Remote Code Execution Exploit |
https://0day.today/exploit/description/38923
|
| Aug. 7, 2023 |
General Device Manager 2.5.2.2 - Buffer Overflow (SEH) Exploit |
https://0day.today/exploit/description/38921
|
| Aug. 7, 2023 |
Checkpoint Gaia Portal R81.10 Remote Command Execution Vulnerability |
https://0day.today/exploit/description/38928
|
| Aug. 7, 2023 |
Western Digital MyCloud Unauthenticated Command Injection Exploit |
https://0day.today/exploit/description/38924
|
| Aug. 7, 2023 |
VMWare Aria Operations For Networks Remote Command Execution Exploit |
https://0day.today/exploit/description/38902
|
| Aug. 4, 2023 |
[remote] ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE) |
https://www.exploit-db.com/exploits/51642?utm_source=dlvr.it&utm_medium=twitter
|
| Aug. 3, 2023 |
CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability |
https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/
|
| Aug. 3, 2023 |
SpoolSploit: A collection of Windows print spooler exploits containerized with other utilities for practical exploitation |
https://github.com/BeetleChunks/SpoolSploit
|
| Aug. 2, 2023 |
CVE-2023-35086 POC - ASUS routers format string vulnerability |
https://github.com/tin-z/CVE-2023-35086-POC
|
| Aug. 2, 2023 |
CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You |
https://emily.id.au/tailscale
|
| Aug. 2, 2023 |
CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You |
https://emily.id.au/tailscale
|
| Aug. 2, 2023 |
MikroTik remote jailbreak for v6.x.x |
https://github.com/MarginResearch/FOISted
|
| July 31, 2023 |
CVE-2023-35086 POC - ASUS routers format string vulnerability |
https://github.com/tin-z/CVE-2023-35086-POC
|
| July 28, 2023 |
Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646) |
https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/
|
| July 27, 2023 |
V8 CreateLiteral type confusion when processing ..spread leads to RCE |
https://bugs.chromium.org/p/chromium/issues/detail?id=1260129
|
| July 27, 2023 |
CVE-2023-33802 - SumatraPDF 3.4.6 -32-bit Denial Of Services (DoS) |
https://github.com/CDACesec/CVE-2023-33802
|
| July 27, 2023 |
GameOverlay: Easy to exploit local privilege escalation vulnerabilities in Ubuntu Linux affecting 40% of Ubuntu users |
https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability
|
| July 27, 2023 |
CVE-2023-3390: Use After Free on Linux Netfilter nftables MFT_MSG_NEWRULE leads to Local Privilege Escalation |
https://github.com/google/security-research/pull/40
|
| July 26, 2023 |
CVE-2023-38647: Critical Deserialization Vulnerability in Apache Helix Workflow and REST |
https://seclists.org/oss-sec/2023/q3/73
|
| July 26, 2023 |
CVE-2023-38646: Remote Command Execution Vulnerability in Metabase |
https://www.metabase.com/blog/security-advisory
|
| July 26, 2023 |
CVE-2023-37895: Apache Jackrabbit RMI access can lead to RCE |
https://lists.apache.org/thread/hy0h3hfqln934oy98frhgfjono6zgqps
|
| July 26, 2023 |
Microsoft Edge MSDCPDF Javascript addIcon type confusion vulnerability |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1747
|
| July 26, 2023 |
Remote Code Execution - Atlassian Products |
https://confluence.atlassian.com/security/security-bulletin-july-18-2023-1251417643.html
|
| July 25, 2023 |
Integer arithmetic bug within the Windows Kernel Ancillary Function Driver (AFD.sys) |
https://versprite.com/vs-labs/afd-sys-primitives-in-the-pocket/
|
| July 25, 2023 |
CVE-2023-26045: NodeBB Forum Software Remote Code Execution Flaw |
https://securityonline.info/cve-2023-26045-nodebb-forum-software-remote-code-execution-flaw/
|
| July 24, 2023 |
Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege / Remote Code Execution |
https://0day.today/exploit/description/38891
|
| July 24, 2023 |
ServiceNow Insecure Access Control To Full Admin Takeover https://x64. sh/posts/ServiceNow-Insecure-access-control-to-admin/ |
https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/
|
| July 24, 2023 |
ZenBleed - Use-after-free Bug in AMD Zen2 processors! |
https://lock.cmpxchg8b.com/zenbleed.html
|
| July 24, 2023 |
Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit |
https://0day.today/exploit/description/38888
|
| July 23, 2023 |
CVE-2023-38408 Remote Code Execution in OpenSSH's forwarded ssh-agent |
https://github.com/snowcra5h/CVE-2023-38408
|
| July 21, 2023 |
Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway |
https://blog.assetnote.io/2023/07/21/citrix-CVE-2023-3519-analysis/
|
| July 21, 2023 |
Atlassian Confluence and Bamboo Remote Code Execution Vulnerabilities |
https://securityonline.info/atlassian-confluence-and-bamboo-remote-code-execution-vulnerabilities/
|
| July 21, 2023 |
PoC released for critical CloudPanel CVE-2023-35885 vulnerability |
https://securityonline.info/poc-released-for-critical-cloudpanel-cve-2023-35885-vulnerability/
|
| July 20, 2023 |
Google says Apple employee found a zero-day but did not report it |
https://techcrunch.com/2023/07/20/google-says-apple-employee-found-a-zero-day-but-did-not-report-it/
|
| July 19, 2023 |
CVE-2023-38357 - RWS WorldServer: Session Token Enumeration |
https://www.redteam-pentesting.de/de/advisories/rt-sa-2023-001/-session-token-enumeration-in-rws-worldserver
|
| July 19, 2023 |
CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent |
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
|
| July 19, 2023 |
Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 |
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
|
| July 19, 2023 |
CVE-2023-3765: Critical flaw in open source machine learning development MLflow |
https://securityonline.info/cve-2023-3765-critical-flaw-in-open-source-machine-learning-development-mlflow/
|
| July 18, 2023 |
Pluck v4.7.18 - Remote Code Execution Exploit |
https://0day.today/exploit/description/38873
|
| July 18, 2023 |
ProjeQtOr - Project Management System v10.4.1 - Multiple XSS Vulnerabilities |
https://0day.today/exploit/description/38869
|
| July 18, 2023 |
Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass |
https://0day.today/exploit/description/38871
|
| July 18, 2023 |
WinterCMS < 1.2.3 - Persistent Cross-Site Scripting Vulnerability |
https://0day.today/exploit/description/38872
|
| July 17, 2023 |
PoC script for CVE-2023-20110 - Cisco Smart Software Manager On-Prem SQL Injection Vulnerability |
https://github.com/redfr0g/CVE-2023-20110
|
| July 17, 2023 |
CISA - Known Exploited Vulnerabilities |
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
|
| July 17, 2023 |
EchOh-No! - An exploit in @echodotac's #minecraft #anticheat driver - allowing simple arbitrary Kernel and Virtual memory Read and Write, demonstrated with a simple Privilege Escalation PoC. |
https://ioctl.fail/echo-ac-writeup/
|
| July 17, 2023 |
MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path (MTAgentService) Vulnerability |
https://en.0day.today/exploit/description/38859
|
| July 17, 2023 |
MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path (MTSchedulerService) Vulnerability |
https://en.0day.today/exploit/description/38860
|
| July 17, 2023 |
AVG Anti Spyware 7.5 - Unquoted Service Path (AVG Anti-Spyware Guard) Vulnerability |
https://en.0day.today/exploit/description/38862
|
| July 17, 2023 |
Apache RocketMQ 5.1.0 Arbitrary Code Injection Exploit |
https://en.0day.today/exploit/description/38856
|
| July 17, 2023 |
Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution Exploit |
https://en.0day.today/exploit/description/38855
|
| July 15, 2023 |
CVE-2023-37466: Critical Sandbox Escape Vulnerabilities in VM2 Library |
https://securityonline.info/cve-2023-37466-critical-sandbox-escape-vulnerabilities-in-vm2-library/
|
| July 14, 2023 |
Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation |
https://thehackernews.com/2023/07/zimbra-warns-of-critical-zero-day-flaw.html
|
| July 14, 2023 |
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation |
https://blog.talosintelligence.com/weaknesses-mac-os-vmware-msrpc/
|
| July 12, 2023 |
Critical RCE found in popular Ghostscript open-source PDF library |
https://www.bleepingcomputer.com/news/security/critical-rce-found-in-popular-ghostscript-open-source-pdf-library/
|
| July 12, 2023 |
Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs - CVE-2023-35803 |
https://research.aurainfosec.io/pentest/bee-yond-capacity/
|
| July 11, 2023 |
Apple releases emergency update to fix zero-day exploited in attacks |
https://www.bleepingcomputer.com/news/apple/apple-releases-emergency-update-to-fix-zero-day-exploited-in-attacks/
|
| July 10, 2023 |
A More Complete Exploit for Fortinet CVE-2022-42475 |
https://bishopfox.com/blog/exploit-cve-2022-42475
|
| July 7, 2023 |
FuguHub 8.1 - Remote Code Execution Exploit |
https://0day.today/exploit/description/38831
|
| July 7, 2023 |
Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software |
https://thehackernews.com/2023/07/another-critical-unauthenticated-sqli.html?m=1
|
| July 7, 2023 |
Critical TootRoot bug lets attackers hijack Mastodon servers |
https://www.bleepingcomputer.com/news/security/critical-tootroot-bug-lets-attackers-hijack-mastodon-servers/
|
| July 7, 2023 |
CVE-2023-3269: Linux kernel privilege escalation vulnerability |
https://github.com/lrh2000/StackRot
|
| July 7, 2023 |
Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities |
https://thehackernews.com/2023/07/google-releases-android-patch-update.html?m=1
|
| July 7, 2023 |
Rukovoditel 3.4.1 - Multiple Stored XSS Vulnerability |
https://0day.today/exploit/description/38829
|
| July 7, 2023 |
Sales of Cashier Goods v1.0 - Cross Site Scripting Exploit |
https://0day.today/exploit/description/38830
|
| July 7, 2023 |
POS Codekop v2.0 - Authenticated Remote Code Execution Vulnerability |
https://0day.today/exploit/description/38832
|
| July 7, 2023 |
WebsiteBaker v2.13.3 - Stored XSS Vulnerability |
https://0day.today/exploit/description/38833
|
| July 7, 2023 |
WebsiteBaker v2.13.3 - Directory Traversal Vulnerability |
https://0day.today/exploit/description/38834
|
| July 7, 2023 |
D-Link DAP-1325 - Broken Access Control Vulnerability |
https://0day.today/exploit/description/38835
|
| July 7, 2023 |
SPIP v4.1.10 - Spoofing Admin account Vulnerability |
https://0day.today/exploit/description/38836
|
| July 7, 2023 |
Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting Vulnerability |
https://0day.today/exploit/description/38837
|
| July 7, 2023 |
Super Store Finder PHP Script 3.6 SQL Injection Vulnerability |
https://0day.today/exploit/description/38848
|
| July 7, 2023 |
Beauty Salon Management System v1.0 - SQL injection Vulnerability |
https://0day.today/exploit/description/38847
|
| July 7, 2023 |
Car Rental Script 1.8 - Stored Cross-site scripting Vulnerability |
https://0day.today/exploit/description/38846
|
| July 7, 2023 |
WBCE CMS 1.6.1 - Open Redirect & CSRF Vulnerability |
https://0day.today/exploit/description/38845
|
| July 7, 2023 |
Prestashop 8.0.4 - Cross-Site Scripting Vulnerability |
https://0day.today/exploit/description/38842
|
| July 7, 2023 |
Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting Vulnerability |
https://0day.today/exploit/description/38843
|
| July 7, 2023 |
Vacation Rental 1.8 - Stored Cross-Site Scripting Vulnerability |
https://0day.today/exploit/description/38841
|
| July 7, 2023 |
PodcastGenerator 3.2.9 - Blind SSRF via XML Injection Vulnerability |
https://0day.today/exploit/description/38844
|
| July 7, 2023 |
Wordpress WP AutoComplete 1.0.4 - Unauthenticated SQL injection Vulnerability |
https://0day.today/exploit/description/38839
|
| July 7, 2023 |
GZ Forum Script 1.8 - Stored Cross-Site Scripting Vulnerability |
https://0day.today/exploit/description/38838
|
| July 7, 2023 |
Steam Community turn up the level Exploit |
https://0day.today/exploit/description/38849
|
| July 7, 2023 |
TP-Link TL-WR940N V4 - Buffer OverFlow Exploit |
https://0day.today/exploit/description/38840
|
| July 6, 2023 |
CVE-2023-36664: Flaw in Ghostscript Could Allow Command Execution |
https://securityonline.info/cve-2023-36664-flaw-in-ghostscript-could-allow-command-execution/
|
| July 5, 2023 |
CVE-2023-37212 Memory safety bugs present in Firefox 114 |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37212
|
| July 3, 2023 |
Windows 11 22h2 - Kernel Privilege Elevation Exploit |
https://en.0day.today/exploit/description/38816
|
| July 3, 2023 |
Apache Druid JNDI Injection Remote Code Execution Exploit |
https://en.0day.today/exploit/description/38825
|
| July 3, 2023 |
PoC released for Windows Common Log File System 0-Day (CVE-2023-28252) |
https://securityonline.info/poc-released-for-windows-common-log-file-system-0-day-cve-2023-28252/
|
| July 3, 2023 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
https://github.com/fortra/CVE-2023-28252
|
| July 3, 2023 |
CVE-2023-27997: heap overflow 👉 preauth RCE in FortiGate firewalls |
https://twitter.com/noperator/status/1674959251435925504
|
| July 3, 2023 |
WordPress Social Login And Register 7.6.4 Authentication Bypass Vulnerability |
https://en.0day.today/exploit/description/38828
|
| June 29, 2023 |
CVE-2023-33246_RocketMQ_RCE_EXPLOIT |
https://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT
|
| June 26, 2023 |
CVE-2023-36675 - MediaWiki - BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature. |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
|
| June 26, 2023 |
CVE-2023-30261 Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30261
|
| June 23, 2023 |
Directory browsing vulnerability in MCL-Net version 4.3.5.8788 webserver |
https://www.exploit-db.com/exploits/51542?utm_source=dlvr.it&utm_medium=twitter
|
| June 23, 2023 |
PoC Released for Windows SysInternals Sysmon Privilege Escalation (CVE-2023-29343) Bug |
https://github.com/Wh04m1001/CVE-2023-29343
|
| June 23, 2023 |
Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing |
https://www.exploit-db.com/exploits/51538?utm_source=dlvr.it&utm_medium=twitter
|
| June 23, 2023 |
POC for CVE-2023-20887 VMWare Aria Operations for Networks (vRealize Network Insight) unauthenticated RCE |
https://github.com/sinsinology/CVE-2023-20887
|
| June 22, 2023 |
WordPress Medic Theme v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Exploit |
https://en.0day.today/exploit/description/38804
|
| June 22, 2023 |
Exploit released for Cisco AnyConnect bug giving SYSTEM privileges |
https://www.bleepingcomputer.com/news/security/exploit-released-for-cisco-anyconnect-bug-giving-system-privileges/
|
| June 22, 2023 |
LibreOffice Arbitrary File Write (CVE-2023-1883) |
https://secfault-security.com/blog/libreoffice.html
|
| June 21, 2023 |
CVE-2023-20887 Pre-Authenticated Remote Code Execution in VMWare vRealize Network Insight |
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
|
| June 21, 2023 |
Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS) |
https://0day.today/exploit/description/38801
|
| June 21, 2023 |
CVE-2023-27997 - Heap buffer overflow in FortiGate SSL VPN |
https://bishopfox.com/blog/cve-2023-27997-vulnerability-scanner-fortigate
|
| June 20, 2023 |
TP-Link Archer AX10(EU)_V1.2_230220 Buffer Overflow Vulnerability |
https://en.0day.today/exploit/description/38797
|
| June 20, 2023 |
cve-2023-33476 - ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. |
http://blog.coffinsec.com/0day/2023/06/19/minidlna-cve-2023-33476-exploits.html
|
| June 19, 2023 |
Powershell Code Arbitary Execution Builder FUD Exploit |
https://en.0day.today/exploit/description/37910
|
| June 19, 2023 |
Symmetricom SyncServer Unauthenticated Remote Command Execution Exploit |
https://en.0day.today/exploit/description/38796
|
| June 19, 2023 |
Microsoft Outlook Remote Code Execution 0day Exploit |
https://en.0day.today/exploit/description/38261
|
| June 15, 2023 |
Sales Tracker Management System v1.0 - Multiple Vulnerabilities |
https://0day.today/exploit/description/38786
|