2025-12-03
2025-12-03 21:15Z
CRIT

CVE-2025-64055 — Fanvil X210_firmware: file upload, firmware update, reboot...) via a crafted authentication bypass.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-64055

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass. CVSSv3.1 9.8 (CRITICAL) · EPSS 40th percentile

CWECWE 287VNDFanvilTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-12-03
2025-12-03 16:15Z
HIGH

CVE-2025-57201 — Avtech Dgm1104_firmware: SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-57201

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input. CVSSv3.1 8.8 (HIGH)

CWECWE 77VNDAvtechTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-12-03
2025-12-03 16:15Z
HIGH

CVE-2025-57199 — Avtech Dgm1104_firmware: SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-57199

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a crafted input. CVSSv3.1 8.8 (HIGH) · EPSS 86th percentile

CWECWE 77VNDAvtechTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2025-12-03
2025-12-03 16:15Z
HIGH

CVE-2025-57198 — Avtech Dgm1104_firmware: SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-57198

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a crafted input. CVSSv3.1 8.8 (HIGH) · EPSS 82th percentile

CWECWE 77VNDAvtechTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2025-12-03
2025-12-03 13:04Z
CRIT

Nuclei Templates v10.3.4 - Release Notes

Nuclei Templates v10.3.4 release adds 68 new detection templates covering 27 CVEs, including critical RCE, XXE, auth-bypass, and file-upload vulnerabilities across Oracle Identity Manager, GeoServer, Eclipse BIRT, Zoho ManageEngine, and WordPress plugins. The release includes templates for recent 2025 CVEs (Astro XSS, Oracle auth-bypass, GeoServer XXE) alongside older critical flaws, with bug fixes addressing false negatives in log-file detection and false positives in WordPress theme checks.

SRFApplicationTACTA0001TACTA0002SRFWebTACTA0003VNDMicrosoftVNDCiscoVNDAdobe
9.8
CVSS v3.1
78
Edit Score
2025-12-03
2025-12-03 00:00Z
HIGH

PureRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading

Trend Micro Research·trendmicro.comin the wild

Trend Micro disclosed an active PureRAT campaign targeting job seekers via spear-phishing emails containing weaponized archives. The attack chain abuses Foxit PDF Reader through DLL side-loading (msimg32.dll), deploys a hidden Python environment via nested directory obfuscation, and achieves persistence through registry autorun entries. The RAT exfiltrates browser credentials and maintains C&C communication using self-signed certificates with anomalous validity periods.

SRFApplicationSRFOsTACTA0005TACTA0001TACTA0002TACTA0003TACTA0009VNDFoxit
72
Edit Score
2025-12-02
2025-12-02 00:00Z
HIGH

Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp

Trend Micro Research·trendmicro.comin the wild

Water Saci threat actors are deploying a sophisticated multi-stage banking trojan campaign targeting Brazilian users via WhatsApp, leveraging AI-converted Python automation scripts alongside HTA/ZIP/PDF delivery vectors. The infection chain combines obfuscated VB scripts, MSI installers, AutoIt loaders, and encrypted PE payloads with process hollowing into svchost.exe, coupled with aggressive reconnaissance of banking applications, browser history, antivirus software, and cryptocurrency wallets. The malware exhibits behavioral continuity with the Casbaneiro/Metamorfo lineage while introducing enhanced evasion techniques including custom RC4-like encryption, LZNT1 decompression, anti-sandbox VM detection, and persistent window-title monitoring to trigger credential theft during banking sessions.

SRFApplicationTACTA0001TACTA0002TACTA0007SRFWebTACTA0003VNDTrend MicroTYPResearch
78
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-12-01
2025-12-01 20:15Z
CRIT

CVE-2025-51683 — Mjobtime Mjobtime: A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-51683

A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint . CVSSv3.1 9.8 (CRITICAL) · EPSS 33th percentile

CWECWE 89VNDMjobtimeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-12-01
2025-12-01 20:15Z
CRIT

CVE-2025-51682 — Mjobtime Mjobtime: 15.7.2 handles authorization on the client side, which allows an attacker to modify

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-51682

mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly. CVSSv3.1 9.8 (CRITICAL) · EPSS 31th percentile

CWECWE 602VNDMjobtimeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-12-01
2025-12-01 16:15Z
HIGH

CVE-2025-57489 — Shirt-pocket Superduper\!: Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper!

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-57489

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary. CVSSv3.1 8.1 (HIGH) · EPSS 23th percentile

CWECWE 284VNDShirt PocketTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-11-29
2025-11-29 10:41Z
INFO

v10.3.3

Nuclei templates·github.com

Nuclei-templates v10.3.3 released with automated checksum generation. This is a routine maintenance release of the ProjectDiscovery template library used for vulnerability scanning.

VNDProjectdiscoveryTYPTool
15
Edit Score
2025-11-27
2025-11-27 00:00Z
CRIT

Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems

Trend Micro Research·trendmicro.comin the wild

Shai-hulud 2.0 is an active supply-chain worm targeting NPM package maintainers, stealing credentials from AWS/GCP/Azure, GitHub tokens, and NPM authentication, then automatically backdooring all victim-maintained packages with malicious payloads. The malware establishes C&C via GitHub Actions workflows and self-hosted runners, enabling command execution and secret exfiltration at scale across the NPM ecosystem. Hundreds of repositories were compromised in a November 24 incident, with the worm capable of exponential propagation to downstream users.

TACTA0004TACTA0005TACTA0001TACTA0006TACTA0007TACTA0003SRFCloudTACTA0008
92
Edit Score
2025-11-26
2025-11-26 20:15Z
CRIT

CVE-2025-50433 — Monnit Imonnit: An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-50433

An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary user accounts. CVSSv3.1 9.8 (CRITICAL) · EPSS 35th percentile

CWECWE 640VNDMonnitTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-11-26
2025-11-26 19:15Z
CRIT

CVE-2025-65669 — Classroomio Classroomio: An issue was discovered in classroomio 0.1.13.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-65669

An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction. CVSSv3.1 9.1 (CRITICAL) · EPSS 40th percentile

CWECWE 862VNDClassroomioTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-11-25
2025-11-25 19:15Z
CRIT

CVE-2025-61168 — Sigb Pmb: An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-61168

An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file. CVSSv3.1 9.8 (CRITICAL) · EPSS 38th percentile

CWECWE 502VNDSigbTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-11-25
2025-11-25 18:15Z
CRIT

CVE-2025-65085 — Ashlar Argon: A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-65085

A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code. CVSSv3.1 9.8 (CRITICAL) · EPSS 31th percentile

CWECWE 122VNDHeapVNDAshlarTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-11-25
2025-11-25 18:15Z
CRIT

CVE-2025-65084 — Ashlar Argon: An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-65084

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code. CVSSv3.1 9.8 (CRITICAL) · EPSS 37th percentile

CWECWE 787VNDAshlarTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-11-25
2025-11-25 17:00Z
HIGH

Less Praying More Relaying – Enumerating EPA Enforcement for MSSQL and HTTPS

SpecterOps·specterops.io

SpecterOps released RelayInformer, a Python tool and Cobalt Strike BOF suite that enumerates Extended Protection for Authentication (EPA) enforcement across MSSQL, HTTP/S, and LDAPS services. The research demonstrates methodologies for detecting all three EPA enforcement levels (Disabled, Allowed/When Supported, Required) by manipulating NTLM AV pairs and analyzing server responses, enabling attackers to determine relay feasibility before investing in coercion and tunneling infrastructure.

SRFApplicationSRFNetworkTACTA0006TACTA0008VNDMicrosoftVNDIisTYPResearchTYPTechnique
82
Edit Score
2025-11-25
2025-11-25 11:01Z
CRIT

Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)

watchTowr Labs·labs.watchtowr.com

watchTowr researchers discovered 80,000+ saved JSON/code snippets on public formatter websites (JSONFormatter.org, CodeBeautify.org) containing thousands of exposed secrets including Active Directory credentials, API keys, cloud environment keys, private keys, and sensitive PII from critical infrastructure, government, finance, banking, and cybersecurity organizations. The researchers exploited trivial enumeration of sequential IDs and public "Recent Links" pages to systematically extract credentials, database passwords, CI/CD pipeline tokens, and full KYC banking data across a 5-year historical window.

TACTA0007SRFWebSRFCloudTYPResearchTYPThreat IntelSTGDiscoverySTGCred AccessTECT1552
92
Edit Score
2025-11-24
2025-11-24 20:15Z
HIGH

CVE-2025-56400 — Tuya Smartlife: Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-56400

Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa account to a victim's Tuya account. The applications fail to validate the OAuth state parameter during the account linking flow, enabling a cross-site request forgery (CSRF)-like attack. CVSSv3.1 8.8 (HIGH) · EPSS 3th percentile

CWECWE 352CWECWE 384VNDTuyaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-11-24
2025-11-24 18:15Z
HIGH

CVE-2025-13609 — This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-13609

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls. CVSSv3.1 8.2 (HIGH) · EPSS 30th percentile

CWECWE 694TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-11-21
2025-11-21 14:19Z
HIGH

An Evening with Claude (Code)

SpecterOps·specterops.ioCVE-2025-64755

Adam Chester (SpecterOps) discovered CVE-2025-64755, a remote code execution vulnerability in Claude Code v2.0.25 via sed expression injection. The vulnerability allowed attackers to write arbitrary files (including shell initialization files) through prompt injection, bypassing regex-based command filtering. Anthropic patched the issue in v2.0.31 within 7 days of disclosure.

SRFApplicationTACTA0002VNDAnthropicTYPResearchTYPWriteupTYPVulnerabilitySTGExecutionSTGInitial Access
78
Edit Score
2025-11-21
2025-11-21 13:15Z
HIGH

CVE-2025-66095 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-66095

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.13. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-11-19
2025-11-19 19:15Z
HIGH

CVE-2025-64759 — Homarr Homarr: Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-64759

Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user's browser, with minimal or no user interaction required, due to the rendering of a malicious uploaded SVG file. This could be abused to add an attacker's account to the "credentials-admin" group, giving them full administrative access, if a user logged in as an administrator was to view the page which renders or redirects to th CVSSv3.1 8.1 (HIGH)

CWECWE 434CWECWE 20VNDHomarrTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-11-19
2025-11-19 17:00Z
CRIT

SCCM Hierarchy Takeover via Entra Integration…Because of the Implication

SpecterOps·specterops.ioCVE-2025-21735

SpecterOps disclosed a critical authentication bypass in Microsoft SCCM's Entra ID integration (prior to KB5360093) that allows unauthenticated attackers to impersonate privileged accounts and achieve full hierarchy takeover. The vulnerability stems from insufficient authorization checks in the AdminService REST API—the service validates Entra tokens but trusts UPN claims without verifying the token's associated AD account exists or has appropriate permissions, enabling attackers to craft tokens with spoofed UPNs of site server machine accounts or privileged admins. The attack requires AD domain verification in Entra and ability to manipulate UPNs, but once achieved, grants complete administrative control over the SCCM infrastructure.

SRFApplicationTACTA0004TACTA0001SRFIdentitySRFCloudTACTA0008VNDMicrosoftTYPResearch
92
Edit Score