GreyNoise<p>In-the-wild activity targeting SonicWall, Zyxel, F5, Linksys, Zoho, and Ivanti. Surge on March 28. Full analysis: <a href="https://www.greynoise.io/blog/heightened-in-the-wild-activity-key-technologies" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">greynoise.io/blog/heightened-i</span><span class="invisible">n-the-wild-activity-key-technologies</span></a> </p><p><a href="https://infosec.exchange/tags/GreyNoise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GreyNoise</span></a> <a href="https://infosec.exchange/tags/F5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>F5</span></a> <a href="https://infosec.exchange/tags/Ivanti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ivanti</span></a> <a href="https://infosec.exchange/tags/SonicWall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SonicWall</span></a> <a href="https://infosec.exchange/tags/Zoho" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zoho</span></a> <a href="https://infosec.exchange/tags/Linksys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linksys</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
social.coop is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Fediverse instance for people interested in cooperative and collective projects. If you are interested in joining our community, please apply at https://join.social.coop/registration-form.html.
Administered by:
Server stats:
489active users
social.coop: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#cve
8 posts · 8 participants · 0 posts today
tobozo<p>this 11yo CVE aged well</p><p><a href="https://www.phpsecure.info/CVE-2014-0401.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phpsecure.info/CVE-2014-0401.h</span><span class="invisible">tml</span></a></p><p><a href="https://mastodon.social/tags/PHP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PHP</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/CurrencyVulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CurrencyVulnerability</span></a></p>
Socket<p>Security experts are warning that recent classification changes obscure the true scope of the NVD backlog as <a href="https://fosstodon.org/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> volume hits all-time highs. The NVD has conceded it cannot keep pace with the surge.</p><p><a href="https://socket.dev/blog/nvd-backlog-crisis-deepens-amid-surging-cve-disclosures" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">socket.dev/blog/nvd-backlog-cr</span><span class="invisible">isis-deepens-amid-surging-cve-disclosures</span></a> </p><p><a href="https://fosstodon.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a></p>
Matthias Luft<p>I wrote up some details on exploiting <a href="https://infosec.exchange/tags/IngressNightmare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IngressNightmare</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a>-2025-1974: <br>www.averlon.ai/blog/kuberne...</p><p>Where are we at with releasing a full PoC?</p>
Bill<p>Splunk patched the CSRF bug (and a gazillion others I didn't find)! I guess I get to stop adding it to reports ...</p><p><a href="https://advisory.splunk.com/advisories" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">advisory.splunk.com/advisories</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/splunk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>splunk</span></a> <a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve</span></a></p>
CatSalad🐈🥗 (D.Burch) :blobcatrainbow:<p><strong>Firefox 0-day security vulnerability (CVE-2025-2857) patched</strong></p><p>Mozilla patches a sandbox escape vulnerability that is already being exploited (in Chrome)</p><p>:firefox:<a href="https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">mozilla.org/en-US/security/adv</span><span class="invisible">isories/mfsa2025-19/</span></a></p><p><strong>Announced:</strong> 2025-03-27<br><strong>Impact:</strong> ⚠️ critical<br><strong>Products:</strong> Firefox, Firefox ESR (<em>Firefox on Windows only</em>)<br><strong>Fixed in:</strong><br>• Firefox 136.0.4 :windows:<br>• Firefox ESR 115.21.1 :windows:<br>• Firefox ESR 128.8.1 :windows:</p><p><a href="https://infosec.exchange/tags/Firefox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Firefox</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/CVE_2025_2857" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2025_2857</span></a></p>
Saustrup<p>After a lot of tinkering, we finally made it to the latest release of the <a href="https://mstdn.dk/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nginx</span></a> ingress controller on the <a href="https://mstdn.dk" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">mstdn.dk</span><span class="invisible"></span></a> cluster. The latest release addresses no less than FOUR <a href="https://mstdn.dk/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> records. Critical configuration areas had changed, the GeoIP database had to be cached to avoid rate limiting and the <a href="https://mstdn.dk/tags/LUA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUA</span></a> engine needed some tweaks before it could handle the relative large number of TLS certificates we're using in the cluster, but we finally made it. Sorry about the hick-ups. We're trying to keep expenses from going through the roof, so we've skipped the test setup in favor of gently tweaking things in production. Usually that goes well, but there is the rare exception.</p><p>Somewhat related, the <a href="https://mstdn.dk/tags/KubeCon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KubeCon</span></a> / <a href="https://mstdn.dk/tags/KubeConEU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KubeConEU</span></a> <a href="https://mstdn.dk/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kubernetes</span></a> conference is next week, which means I'll be in <a href="https://mstdn.dk/tags/London" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>London</span></a> for the first time for an entire week. Any suggestions for things worth visiting for a bunch of <a href="https://mstdn.dk/tags/nerds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nerds</span></a>? :D</p>
Morten Linderud<p>I really wish people would stop with the "oooo scary vuln".</p><p>Didn't we learn from the cups fiasco already?</p><p><a href="https://chaos.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://chaos.social/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve</span></a></p>
Pyrzout :vm:<p>Google Chrome Zero-Day Vulnerability Actively Exploited in the Wild <a href="https://gbhackers.com/google-warns-of-chrome-zero-day/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gbhackers.com/google-warns-of-</span><span class="invisible">chrome-zero-day/</span></a> <a href="https://social.skynetcloud.site/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a>/vulnerability <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Chrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Chrome</span></a> <a href="https://social.skynetcloud.site/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a></p>
Darren Meyer :donor:<p>Oh, look, another critical <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> — this time it's Next.js opening the door for any adversary that says "pretty please" via a request header. Fortunately, even though it'll be an effort to upgrade for the fix, mitigation will be simple in most cases. <a href="https://checkmarx.com/zero-post/critical-cve-2025-29927-research-nextjs-middleware-authorization-bypass/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">checkmarx.com/zero-post/critic</span><span class="invisible">al-cve-2025-29927-research-nextjs-middleware-authorization-bypass/</span></a></p>
ScriptFanix ❤️ ⏚ ⸫<p><a href="https://maly.io/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> block <a href="https://maly.io/tags/Next" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Next</span></a>.js CVE-2025-29927 exploits with <a href="https://maly.io/tags/HAProxy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HAProxy</span></a> <br><a href="https://www.haproxy.com/blog/protecting-against-nextjs-middleware-vulnerability-cve-2025-29927-with-haproxy" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">haproxy.com/blog/protecting-ag</span><span class="invisible">ainst-nextjs-middleware-vulnerability-cve-2025-29927-with-haproxy</span></a></p>
circl<p>A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller.</p><p>CVE-2025-1974 but also CVE-2025-1097 CVE-2025-1098 CVE-2025-24513 CVE-2025-24514</p><p>🔗 For more details about Ingress NGINX Controller for Kubernetes release <a href="https://vulnerability.circl.lu/bundle/84edafcd-42a7-4c30-96f8-87de8e73e1ab" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vulnerability.circl.lu/bundle/</span><span class="invisible">84edafcd-42a7-4c30-96f8-87de8e73e1ab</span></a></p><p><a href="https://social.circl.lu/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kubernetes</span></a> <a href="https://social.circl.lu/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://social.circl.lu/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.circl.lu/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve</span></a></p>
CHATONS<p><a href="https://forum.chatons.org/t/critical-ingress-nginx-vulnerability-for-kubernetes/7171/1" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">forum.chatons.org/t/critical-i</span><span class="invisible">ngress-nginx-vulnerability-for-kubernetes/7171/1</span></a></p><p><a href="https://framapiaf.org/tags/IngressNightmare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IngressNightmare</span></a> <a href="https://framapiaf.org/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kubernetes</span></a> <a href="https://framapiaf.org/tags/ingress_nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ingress_nginx</span></a> <a href="https://framapiaf.org/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a>-2025-24514 <a href="https://framapiaf.org/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a>-2025-1097 <a href="https://framapiaf.org/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a>-2025-1098 CVE-2025-1974 <a href="https://framapiaf.org/tags/cvss9" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cvss9</span></a>.8</p>
Rob Pomeroy<p>DrayTek routers in the UK (and to a lesser extent elsewhere) are having A Bad Weekend. Lots of "spontaneous" reboots.</p><p>Also, DrayTek's UK website is unreachable. So this looks like a concerted attack.</p><p>Details are patchy, but ISP Review is tracking the problem: <a href="https://www.ispreview.co.uk/index.php/2025/03/broadband-isps-report-uk-connectivity-problems-with-vulnerable-draytek-routers.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">ispreview.co.uk/index.php/2025</span><span class="invisible">/03/broadband-isps-report-uk-connectivity-problems-with-vulnerable-draytek-routers.html</span></a></p><p>Applying firmware upgrades and disabling VPN services will help. Search your networks for indicators of compromise.</p><p><a href="https://infosec.exchange/tags/DrayTek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DrayTek</span></a> <a href="https://infosec.exchange/tags/Outage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Outage</span></a> <a href="https://infosec.exchange/tags/DDoS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DDoS</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a></p>
Red-Team News<p>The NCSC warns of Cl0p ransomware targeting Cleo file transfer systems via zero-day vulnerabilities. Patch now, monitor traffic, and restrict internet access to critical systems. Stay vigilant! <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Cl0p" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cl0p</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a>-2024-XXXX <a href="https://redteamnews.com/exploit/ncsc-warns-of-cl0p-ransomware-campaigns-targeting-file-transfer-systems" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">redteamnews.com/exploit/ncsc-w</span><span class="invisible">arns-of-cl0p-ransomware-campaigns-targeting-file-transfer-systems</span></a></p>
Konstantin :C_H:<p>With <a href="https://infosec.exchange/tags/CVE_2025_29927" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2025_29927</span></a>, Next.js has now suffered its second major vulnerability in just three months, following <a href="https://infosec.exchange/tags/CVE_2024_51479" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2024_51479</span></a>.</p><p>I originally built CVE Crowd with <a href="https://infosec.exchange/tags/NextJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NextJS</span></a>.</p><p>However, as the application became more complex (especially with authentication), I decided to switch to a framework I was more familiar with.</p><p>Honestly, I’m feeling a bit relieved about that right now...</p><p><a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/CVECrowd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVECrowd</span></a></p>
Helma<p>In January, there was a lot of attention on FortiOS vulnerabilities CVE-2024-55591 CVE-2025-24472.<br>By then, it was clear that if you had not patched quickly enough, you were at great risk, if your management interface hung on the internet. It has since become even clearer that systems that were not patched until after 27 January 2025 (even if they are now up to date) are at high risk of being misused for ransomware attacks. </p><p><a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/Patch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Patch</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a><br>From cert.at: </p><p><a href="https://infosec.exchange/@dfncert/114196958656449758" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@dfncert/1141</span><span class="invisible">96958656449758</span></a></p>
After quite some trying, I finally was able to get Spring-boot to be vulnerable to CVE-2025-24813, see https://github.com/n0n-zer0/Spring-Boot-Tomcat-CVE-2025-24813
Prerequisites are:
File-based session persistence using PersistentManager and FileStore
Re-enable the defaultServlet(server.servlet.register-default-servlet=true)
Read-only mode disabled for the default servlet (readonly=false)
Unlikely, Probably :) Possible definitely!
#CVE-2025-24813
This week in #FDroid (TWIF) is live:
- Client 1.22.0 is now suggested for all
- #Element fixes a #CVE
- #SessionMessenger enables Groups v2
- #SimpleX improves group management
- 10 new apps
- 110 updates
all right here https://f-droid.org/2025/03/20/twif.html
f-droid.orgGroup improvements | F-Droid - Free and Open Source Android App RepositoryThis Week in F-DroidTWIF curated on Thursday, 20 Mar 2025, Week 12F-Droid coreF-Droid and F-Droid Basic version 1.22.0 were promoted to suggested so everybod...
CVE-2025-1232 - "WordPress Site Reviews Stored XSS Vulnerability" March 19, 2025 at 06:15AM https://ift.tt/JFaxqWB #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
cvefeed.io · CVE-2025-1232 - "WordPress Site Reviews Stored XSS Vulnerability"The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload