2025-12-24
2025-12-24 13:16Z
HIGH

CVE-2025-68519 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-68519

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Blind SQL Injection.This issue affects Brands for WooCommerce: from n/a through <= 3.8.6.3. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-12-24
2025-12-24 13:16Z
HIGH

CVE-2025-68506 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-68506

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache docket-cache allows PHP Local File Inclusion.This issue affects Docket Cache: from n/a through <= 24.07.03. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-12-23
2025-12-23 23:15Z
HIGH

CVE-2025-68696 — Jnunemaker Httparty: In versions 0.23.2 and prior, httparty is vulnerable to SSRF.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-68696

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd. CVSSv3.1 8.2 (HIGH) · EPSS 22th percentile

CWECWE 918VNDJnunemakerVNDApiTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-12-23
2025-12-23 20:04Z
HIGH

SpicyAD — SpicyAD is a C# Active Directory penetration testing tool designed for authorized security assessments. It combines mult

GitHub · AD attack tooling·github.comGITHUB POC

SpicyAD is a new C# Active Directory penetration testing framework that consolidates enumeration, Kerberos attacks (kerberoasting, AS-REP roasting, targeted kerberoasting), ADCS exploitation (ESC1/ESC4), credential theft (shadow credentials, RBCD), and AD object manipulation into a single tool with both interactive and CLI modes. The tool supports domain-joined and non-domain-joined execution, in-memory reflection loading, and automatic attack chains.

SRFOsTACTA0001TACTA0006TACTA0007SRFIdentityTACTA0043VNDMicrosoftTYPResearch
68
Edit Score
2025-12-23
2025-12-23 17:00Z
INFO

Mapping Deception with BloodHound OpenGraph

SpecterOps·specterops.io

SpecterOps published a comprehensive guide on using BloodHound OpenGraph and deception technologies to map and deploy high-fidelity deceptions across Active Directory and third-party systems. The article covers attack path analysis, the F4keH0und tool for identifying deception opportunities in AD, and introduces deceptionClone—a utility for modeling deceptions within OpenGraph graphs to ensure attackers discover and interact with deception artifacts contextually.

SRFApplicationTACTA0001SRFIdentityTACTA0003SRFCloudVNDBloodhoundVNDSpecteropsTYPResearch
72
Edit Score
2025-12-23
2025-12-23 16:16Z
CRIT

CVE-2025-67109 — Eclipse Cyclone_data_distribution_service: Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges. CVSSv3.1 10.0 (CRITICAL) · EPSS 22th percentile

CWECWE 298VNDEclipseTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-12-23
2025-12-23 16:16Z
CRIT

CVE-2025-67108 — Eprosima Fast_dds: Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67108

eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections. CVSSv3.1 10.0 (CRITICAL) · EPSS 22th percentile

CWECWE 298CWECWE 370VNDEprosimaVNDFastTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-12-22
2025-12-22 22:16Z
CRIT

CVE-2025-65856 — Xiongmaitech Xm530v200_x6-weq_8m_firmware: Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenti

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-65856

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 306VNDXiongmaitechTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-12-22
2025-12-22 20:15Z
CRIT

CVE-2025-67418 — Oxygenz Clipbucket: 5.5.2 is affected by an improper access control issue where the product is

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67418

ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative control of the application. CVSSv3.1 9.8 (CRITICAL) · EPSS 43th percentile

CWECWE 798VNDClipbucketVNDOxygenzTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-12-22
2025-12-22 19:15Z
CRIT

CVE-2025-67288 — Umbraco Umbraco_cms: An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67288

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself, a related issue to CVE-2023-49279. CVSSv3.1 10.0 (CRITICAL) · EPSS 39th percentile

CWECWE 434VNDUmbracoTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-12-22
2025-12-22 18:16Z
CRIT

CVE-2025-67289 — Frappe Erpnext: An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67289

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file. CVSSv3.1 9.6 (CRITICAL) · EPSS 35th percentile

CWECWE 434CWECWE 79VNDFrappeTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2025-12-21
2025-12-21 11:52Z
HIGH

deepce — Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)

GitHub · container escape·github.comGITHUB POC

DEEPCE is a pure-shell Docker enumeration and container escape toolkit that performs reconnaissance on containerized environments and exploits common misconfigurations (privileged mode, exposed Docker socket, docker group membership) to escalate privileges and escape to the host. The tool supports multiple payloads including reverse shells, credential extraction, and arbitrary command execution with minimal dependencies.

TACTA0004TACTA0007TYPToolTYPExploitSTGDiscoverySTGPrivescEXPPrivilege Escalation
78
Edit Score
2025-12-20
2025-12-20 04:16Z
CRIT

CVE-2025-13329 — File: The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-13329

The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to upload arbitrary files to the Uploadcare service and subsequently download them on the affected site's server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL)

CWECWE 434TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-12-19
2025-12-19 21:15Z
CRIT

CVE-2023-53959 — Filezilla-project Filezilla_client: FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-53959

FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches. CVSSv3.1 9.8 (CRITICAL)

CWECWE 427VNDFilezilla ProjectVNDFilezillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-12-19
2025-12-19 17:15Z
HIGH

CVE-2025-58052 — Galette Galette: Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-58052

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires privileged access initially, exploitation is restricted to malicious insiders or compromised group managers accounts. Version 1.2.0 fixes the issue. CVSSv3.1 8.1 (HIGH) · EPSS 20th percentile

CWECWE 863VNDGaletteTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-12-19
2025-12-19 13:16Z
CRIT

CVE-2025-1928 — Restajet Online_food_delivery_system: Online Food Delivery System allows Password Recovery Exploitation.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-1928

Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation. This issue affects Online Food Delivery System: through 19122025. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 9.1 (CRITICAL) · EPSS 19th percentile

CWECWE 307VNDRestajetTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-12-19
2025-12-19 12:00Z
HIGH

Can chatbots craft correct code?

Trail of Bits·blog.trailofbits.com

Trail of Bits analyzes the fundamental differences between compilers and LLMs in code generation, arguing that while compilers preserve semantic intent deterministically, LLMs are nondeterministic by design and prone to confident misinterpretation of context. The article presents a case study where Claude 'fixed' a non-existent bug in Vendetect by rewriting working recursive code, breaking core functionality, and illustrates why LLMs fail on legacy codebases with implicit constraints and undocumented context.

SRFApplicationTACTA0001TYPResearchTYPTechniqueSTGExecution
78
Edit Score
2025-12-18
2025-12-18 19:16Z
CRIT

CVE-2025-56157 — Langgenius Dify: Default credentials in Dify thru 1.5.1.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-56157

Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL (on TCP port 5432) exposed by default in version 1.0.1 or later. CVSSv3.1 9.8 (CRITICAL) · EPSS 52th percentile

CWECWE 798VNDLanggeniusTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-12-18
2025-12-18 19:13Z
CRIT

HTB-MonitorsFour-Writeup — Detailed writeup for HackTheBox MonitorsFour machine: IDOR to credentials, Cacti 1.2.28 RCE exploitation, and Docker Des

GitHub · container escape·github.comGITHUB POCCVE-2025-24367CVE-2025-9074

Detailed HTB writeup demonstrating a complete attack chain: IDOR vulnerability on the main site leaks MD5 password hashes, Cacti 1.2.28 RCE via CVE-2025-24367 (command injection in graph templates) achieves initial shell in a Docker container, and CVE-2025-9074 (unauthenticated Docker API access on Docker Desktop's internal subnet 192.168.65.7:2375) enables container escape to read the host root flag.

SRFApplicationTACTA0004TACTA0001TACTA0002SRFWebVNDDockerVNDCactiTYPWriteup
78
Edit Score
2025-12-18
2025-12-18 17:15Z
CRIT

CVE-2025-64236 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn tuturn allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-64236

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a through < 3.6. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-12-18
2025-12-18 16:15Z
HIGH

CVE-2025-68278 — Ssw Tinacms: In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-68278

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cli version 2.0.4, and @tinacms/graphql version 2.0.3 contain a fix for the issue. CVSSv3.1 8.8 (HIGH)

CWECWE 94VNDSswVNDTinaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-12-18
2025-12-18 15:15Z
HIGH

CVE-2025-14861 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-14861

Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146.0.1. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDMozillaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-12-18
2025-12-18 15:15Z
CRIT

CVE-2025-14860 — Mozilla Firefox: Use-after-free in the Disability Access APIs component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-14860

Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-12-18
2025-12-18 14:15Z
HIGH

CVE-2025-40898 — Nozominetworks Cmc: A path traversal vulnerability was discovered in the Import Arc data archive functionality due

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-40898

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary paths, altering the device configuration and/or affecting its availability. CVSSv3.1 8.1 (HIGH)

CWECWE 22VNDNozominetworksTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-12-18
2025-12-18 14:15Z
HIGH

CVE-2025-40892 — Nozominetworks Cmc: A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-40892

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, CVSSv3.1 8.9 (HIGH)

CWECWE 79VNDNozominetworksVNDStoredTYPVulnerability
8.9
CVSS v3.1
95
Edit Score