nicdex @nicdex

Recent searches

Search options

Only available when logged in.

111 posts7 participants1 post today

**Daily-CVE** @CyberSignaler@mastodon.social · 42m

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-3328 - Tenda AC1206 Buffer Overflow Vulnerability in form_fast_setting_wifi_set April 07, 2025 at 01:15AM https://ift.tt/NLJnaTb #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 3hCVE-2025-3328 - Tenda AC1206 Buffer Overflow Vulnerability in form_fast_setting_wifi_setA vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and …

**Daily-CVE** @CyberSignaler@mastodon.social · 1d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-2941 - WooCommerce Drag and Drop Multiple File Upload Remote File Moving Vulnerability April 05, 2025 at 07:15AM https://ift.tt/ljJIpvu #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 1dCVE-2025-2941 - WooCommerce Drag and Drop Multiple File Upload Remote File Moving VulnerabilityThe Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file[] parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move arbitrary files on the server, …

**Daily-CVE** @CyberSignaler@mastodon.social · 1d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2024-13776 - "ZoomSounds WordPress Wave Audio Player with Playlist Unauthorized Data Modification Vulnerability" April 05, 2025 at 06:15AM https://ift.tt/Vqi47gb #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 1dCVE-2024-13776 - "ZoomSounds WordPress Wave Audio Player with Playlist Unauthorized Data Modification Vulnerability"The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'dzsap_delete_notice' AJAX action in all versions up to, and including, 6.91. This makes it possible …

**Daily-CVE** @CyberSignaler@mastodon.social · 1d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2021-47667 - ZendTo OS Command Injection Vulnerability April 05, 2025 at 05:15AM https://ift.tt/NbVIKqQ #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 1dCVE-2021-47667 - ZendTo OS Command Injection VulnerabilityAn OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp_name parameter when dropping off a file via a POST /dropoff request.

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-2933 - "WordPress Email Notifications for Updates Unauthenticated Privilege Escalation" April 05, 2025 at 02:15AM https://ift.tt/kq49R63 #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 2dCVE-2025-2933 - "WordPress Email Notifications for Updates Unauthenticated Privilege Escalation"The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and …

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-3259 - Tenda RX3 Stack-Based Buffer Overflow Vulnerability April 04, 2025 at 06:15PM https://ift.tt/Y9Sk5qy #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 2dCVE-2025-3259 - Tenda RX3 Stack-Based Buffer Overflow VulnerabilityA vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and …

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-32149 - Winkm89 TeachPress SQL Injection April 04, 2025 at 04:15PM https://ift.tt/Xw4KMEp #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 2dCVE-2025-32149 - Winkm89 TeachPress SQL InjectionImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in winkm89 teachPress allows SQL Injection. This issue affects teachPress: from n/a through 9.0.11.

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-32147 - Coothemes Easy WP Optimizer Missing Authorization Vulnerability April 04, 2025 at 04:15PM https://ift.tt/R5dO6iW #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 2dCVE-2025-32147 - Coothemes Easy WP Optimizer Missing Authorization VulnerabilityMissing Authorization vulnerability in coothemes Easy WP Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy WP Optimizer: from n/a through 1.1.0.

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-32148 - Daisycon SQL Injection April 04, 2025 at 04:15PM https://ift.tt/dfZMBgS #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 2dCVE-2025-32148 - Daisycon SQL InjectionImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daisycon Daisycon prijsvergelijkers allows SQL Injection. This issue affects Daisycon prijsvergelijkers: from n/a through 4.8.4.

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-32146 - JoomSky JS Job Manager PHP Remote File Inclusion Vulnerability April 04, 2025 at 04:15PM https://ift.tt/PwdtMl3 #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 2dCVE-2025-32146 - JoomSky JS Job Manager PHP Remote File Inclusion VulnerabilityImproper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager allows PHP Local File Inclusion. This issue affects JS Job Manager: from n/a through 2.0.2.

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-32142 - Stylemix Motors PHP Remote File Inclusion Vulnerability April 04, 2025 at 04:15PM https://ift.tt/uSACt0s #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 2dCVE-2025-32142 - Stylemix Motors PHP Remote File Inclusion VulnerabilityImproper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.65.

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-32141 - Stylemix MasterStudy LMS PHP Remote File Inclusion Vulnerability April 04, 2025 at 04:15PM https://ift.tt/uOE1XK2 #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 2dCVE-2025-32141 - Stylemix MasterStudy LMS PHP Remote File Inclusion VulnerabilityImproper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix MasterStudy LMS allows PHP Local File Inclusion. This issue affects MasterStudy LMS: from n/a through 3.5.23.

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-32118 - NiteoThemes CMP Unrestricted File Upload Vulnerability April 04, 2025 at 04:15PM https://ift.tt/V5Oa4Ci #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 2dCVE-2025-32118 - NiteoThemes CMP Unrestricted File Upload VulnerabilityUnrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance allows Using Malicious Files. This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.13.

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-31480 - Aiven-Extras PostgreSQL Format Function Privilege Escalation April 04, 2025 at 03:15PM https://ift.tt/0JlD4qE #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 2dCVE-2025-31480 - Aiven-Extras PostgreSQL Format Function Privilege Escalationaiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and ensure they run the latest version issuing ALTER EXTENSION aiven_extras UPDATE TO …

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-27520 - BentoML Remote Code Execution (RCE) via Insecure Deserialization April 04, 2025 at 03:15PM https://ift.tt/StPJCZx #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 2dCVE-2025-27520 - BentoML Remote Code Execution (RCE) via Insecure DeserializationBentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. It …

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2024-45199 - Hive JDBC JNDI Injection Remote Code Execution April 03, 2025 at 09:15PM https://ift.tt/gGiZ0of #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 3dCVE-2024-45199 - Hive JDBC JNDI Injection Remote Code Executioninsightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution.

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-26818 - Netwrix Password Secure Command Injection Vulnerability April 03, 2025 at 08:15PM https://ift.tt/EwaWehA #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 3dCVE-2025-26818 - Netwrix Password Secure Command Injection VulnerabilityNetwrix Password Secure through 9.2 allows command injection.

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-2798 - Woffice CRM for WordPress Authentication Bypass Vulnerability April 04, 2025 at 02:15PM https://ift.tt/4BLzaGy #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 2dCVE-2025-2798 - Woffice CRM for WordPress Authentication Bypass VulnerabilityThe Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being …

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2025-31403 - Shiptrack SQL Injection Vulnerability April 04, 2025 at 02:15PM https://ift.tt/IgcMATk #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 2dCVE-2025-31403 - Shiptrack SQL Injection VulnerabilityImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.

**Daily-CVE** @CyberSignaler@mastodon.social · 2d

Daily-CVE @CyberSignaler@mastodon.social

CVE-2024-51800 - Favethemes Homey Privilege Escalation Vulnerability April 04, 2025 at 02:15PM https://ift.tt/Pmdy3LU #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon

cvefeed.io · 2dCVE-2024-51800 - Favethemes Homey Privilege Escalation VulnerabilityIncorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.

Drag & drop to upload

Recent searches

Search options

Administered by:

Server stats:

#recon