Mastodon @Mastodon

182 posts34 participants30 posts today

**Daily-CVE** @CyberSignaler · 4h

CVE-2025-2636 - InstaWP Connect WordPress Local File Inclusion Vulnerability April 11, 2025 at 05:15AM https://ift.tt/BFuHTtv #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 6hCVE-2025-2636 - InstaWP Connect WordPress Local File Inclusion VulnerabilityThe InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of …

**CEOTECH.IT** @ceotech · 6h

CEOTECH.IT @ceotech

Google Pixel: patch aprile 2025 corregge falle attive e bug
#Aggiornamenti #Android #Aprile2025 #BugFix #CVE #GooglePixel #Notizie #Novità #PatchDiSicurezza #Pixel6 #Pixel7 #Pixel8 #Pixel9 #Pixel9a #PixelFold #PixelTablet #Smartphone #TechNews #Tecnologia

https://www.ceotech.it/google-pixel-patch-aprile-2025-corregge-falle-attive-e-bug/

**Socket** @SocketSecurity@fosstodon.org · 11h

11h

Socket @SocketSecurity@fosstodon.org

At #VulnCon, NIST revealed that the NVD is scrapping its consortium plan, walking back last year’s promise of reform, while pitching new tools that critics say won't meaningfully address the backlog or transparency problem.

https://socket.dev/blog/vulncon-2025-nvd-scraps-consortium-plan #CVE #CyberSecurity #VulnCon2025

SocketVulnCon 2025: NVD Scraps Industry Consortium Plan, Raising Q...At VulnCon 2025, NIST scrapped its NVD consortium plans, admitted it can't keep up with CVEs, and outlined automation efforts amid a mounting backlog.

**vermaden** @vermaden@bsd.cafe · 11h

11h

vermaden @vermaden@bsd.cafe

New 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗝𝗮𝗶𝗹𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 (𝘃𝗲𝗿𝘀𝘂𝘀 𝗣𝗼𝗱𝗺𝗮𝗻) [FreeBSD Jails Security (versus Podman)] article on the blog.

https://vermaden.wordpress.com/2025/04/11/freebsd-jails-security/

#verblog #containers #CVE

**vermaden** @vermaden · 11h

11h

vermaden @vermaden

https://vermaden.wordpress.com/2025/04/11/freebsd-jails-security/

#verblog #containers #CVE

**Daily-CVE** @CyberSignaler · 14h

14h

Daily-CVE @CyberSignaler

CVE-2024-55210 - TOTVS Framework (Linha Protheus) Websocket MFA Bypass April 09, 2025 at 08:15PM https://ift.tt/RghdKLN #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 1dCVE-2024-55210 - TOTVS Framework (Linha Protheus) Websocket MFA BypassAn issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) via a crafted websocket message.

**Daily-CVE** @CyberSignaler · 18h

18h

Daily-CVE @CyberSignaler

CVE-2025-29017 - Code Astro Internet Banking System RCE File Upload Validation Bypass April 10, 2025 at 02:15PM https://ift.tt/wPZRxN2 #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 21hCVE-2025-29017 - Code Astro Internet Banking System RCE File Upload Validation BypassA Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php.

**Brandon H** @bc3tech@hachyderm.io · 19h

19h

Brandon H @bc3tech@hachyderm.io

via @dotnet : .NET and .NET Framework April 2025 servicing releases updates

https://ift.tt/WRnZhzB
#DotNet #DotNetFramework #April2025 #SecurityUpdates #CVE #ReleaseNotes #ASPNetCore #EntityFramework #SDK #Winforms #SoftwareDevelopment #Programming #DevCommunity…

.NET Blog · 1d.NET and .NET Framework April 2025 servicing releases updates - .NET BlogA recap of the latest servicing updates for .NET and .NET Framework for April 2025.

**Daily-CVE** @CyberSignaler · 20h

20h

Daily-CVE @CyberSignaler

CVE-2025-32743 - ConnMan DNS Truncated Response Denial of Service/Arbitrary Code Execution Vulnerability April 10, 2025 at 02:15PM https://ift.tt/kOlL6Mq #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 21hCVE-2025-32743 - ConnMan DNS Truncated Response Denial of Service/Arbitrary Code Execution VulnerabilityIn ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code, because those lookup values lead …

**Daily-CVE** @CyberSignaler · 20h

20h

Daily-CVE @CyberSignaler

CVE-2025-27813 - MSI Center Missing PE Signature Validation April 10, 2025 at 01:15PM https://ift.tt/gRryj68 #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 22hCVE-2025-27813 - MSI Center Missing PE Signature ValidationMSI Center before 2.0.52.0 has Missing PE Signature Validation.

**Daily-CVE** @CyberSignaler · 20h

20h

Daily-CVE @CyberSignaler

CVE-2025-27812 - MSI Center TOCTOU Local Privilege Escalation April 10, 2025 at 01:15PM https://ift.tt/4vdQxfG #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 22hCVE-2025-27812 - MSI Center TOCTOU Local Privilege EscalationMSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation.

**Daily-CVE** @CyberSignaler · 20h

20h

Daily-CVE @CyberSignaler

CVE-2025-32755 - Jenkins SSH Slave Debian Host Key Spoofing Vulnerability April 10, 2025 at 12:15PM https://ift.tt/8Nv5fEP #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 23hCVE-2025-32755 - Jenkins SSH Slave Debian Host Key Spoofing VulnerabilityIn jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client …

**Daily-CVE** @CyberSignaler · 20h

20h

Daily-CVE @CyberSignaler

CVE-2025-32754 - Jenkins SSH-Agent SSH Host Key Prediction April 10, 2025 at 12:15PM https://ift.tt/oRiBUug #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 23hCVE-2025-32754 - Jenkins SSH-Agent SSH Host Key PredictionIn jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client …

**CWE Program** @CWE_Program · 22h

22h

CWE Program @CWE_Program

Day 4 of “CVE/FIRST VulnCon 2025”!

Today’s agenda for all 4 tracks:
https://first.org/conference/vulncon2025/program#d20250410

#CWE #VulnerabilityManagement #Vulnerability #CVE #FIRST #VulnCon25

The CVE Program and FIRST are co-hosting "VulnCon 2025" at the McKimmon Center in Raleigh, North Carolina, USA, on April 7-10, 2025.

**CVE Program** @CVE_Program · 23h

23h

CVE Program @CVE_Program

Day 4 of “CVE/FIRST VulnCon 2025”!

Today’s agenda for all 4 tracks:
https://www.first.org/conference/vulncon2025/program#d20250410

#VulnerabilityManagement #Vulnerability #CVE #FIRST #VulnCon25

**Daily-CVE** @CyberSignaler · 1d

Daily-CVE @CyberSignaler

CVE-2025-32687 - Magnigenie Review Stars Count For WooCommerce SQL Injection April 10, 2025 at 08:15AM https://ift.tt/Hem1Z9q #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 1dCVE-2025-32687 - Magnigenie Review Stars Count For WooCommerce SQL InjectionImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce allows SQL Injection. This issue affects Review Stars Count For WooCommerce: from n/a through 2.0.

**Daily-CVE** @CyberSignaler · 1d

Daily-CVE @CyberSignaler

CVE-2025-32668 - Rameez Iqbal Real Estate Manager PHP Remote File Inclusion Vulnerability April 10, 2025 at 08:15AM https://ift.tt/jg4cOHJ #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 1dCVE-2025-32668 - Rameez Iqbal Real Estate Manager PHP Remote File Inclusion VulnerabilityImproper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager allows PHP Local File Inclusion. This issue affects Real Estate Manager: from n/a through 7.3.

**Daily-CVE** @CyberSignaler · 1d

Daily-CVE @CyberSignaler

CVE-2025-32206 - LABCAT Processing Projects Unrestricted File Upload Vulnerability April 10, 2025 at 08:15AM https://ift.tt/NnC6kSB #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 1dCVE-2025-32206 - LABCAT Processing Projects Unrestricted File Upload VulnerabilityUnrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects allows Upload a Web Shell to a Web Server. This issue affects Processing Projects: from n/a through 1.0.2.

**Daily-CVE** @CyberSignaler · 1d

Daily-CVE @CyberSignaler

CVE-2025-32202 - Brian Batt - elearningfreak.com WordPress Articulate Content Unrestricted File Upload RCE April 10, 2025 at 08:15AM https://ift.tt/QoYFEuP #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 1dCVE-2025-32202 - Brian Batt - elearningfreak.com WordPress Articulate Content Unrestricted File Upload RCEUnrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress allows Upload a Web Shell to a Web Server. This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000025.

**Daily-CVE** @CyberSignaler · 1d

Daily-CVE @CyberSignaler

CVE-2025-32145 - Magepeopleteam WpEvently Deserialization of Untrusted Data Object Injection April 10, 2025 at 08:15AM https://ift.tt/wueRAEH #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 1dCVE-2025-32145 - Magepeopleteam WpEvently Deserialization of Untrusted Data Object InjectionDeserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.3.5.

Drag & drop to upload

Recent searches

Search options

Administered by:

Server stats:

#cve