Période analysée : les 7 derniers jours (Fediverse/Bluesky) (2025-12-22 → 2025-12-29).
Données collectées via Vulnerability-Lookup (https://vulnerability.circl.lu) et enrichies avec EPSS (FIRST) / VLAI (CIRCL).
📌 Légende :
- CVSS — Score de sévérité officiel,
- EPSS — Probabilité d’exploitation (FIRST),
- VLAI — Estimation IA de sévérité (label + confiance si dispo),
- CISA KEV — Vulnérabilité connue comme exploitée (catalogue CISA),
- Sightings — Citations/observations (vu, PoC public, exploité, corrigé…).
CVE-2025-14847
CVSS: 7.5
EPSS: 0.04%
VLAI: High (confidence: 0.9800)
CISA: KEV
Produit
MongoDB Inc. MongoDB Server
Publié
2025-12-19 11:00:22
💬 Une vulnérabilité a été identifiée dans les en-têtes du protocole compressé Zlib, qui pourrait permettre à un client non authentifié de lire de la mémoire non initialisée sur le tas (heap). Cela signifie qu'un attaquant pourrait potentiellement accéder à des données sensibles qui n'ont pas été correctement sécurisées.
Cette vulnérabilité concerne toutes les versions de MongoDB Server 7.0 antérieures à la version 7.0.28, ainsi que les versions 8.0 avant 8.0.17, 8.2 avant 8.2.3, 6.0 avant 6.0.27, 5.0 avant 5.0.32, 4.4 avant 4.4.30, et les versions 4.2, 4.0 et 3.6 à partir de leurs premières versions respectives (4.2.0, 4.0.0 et 3.6.0).
Il est donc recommandé de mettre à jour vers les versions corrigées pour éviter cette faille de sécurité.
Description originale (EN)
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.
seen: 118 confirmed: 1
Posts / Sources (119)
🗨️ automation — 2025-12-29T14:30:10.214887+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/edwardk/statuses/115803331612697262
🗨️ automation — 2025-12-29T14:30:06.392954+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/techit.bsky.social/post/3mb52e4epx52d
🗨️ automation — 2025-12-29T14:27:47.308206+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/rapid7.com/post/3mb527tnldk2k
🗨️ automation — 2025-12-29T13:30:04.617281+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/deccanfounders.com/post/3mb4wyspumw2j
🗨️ automation — 2025-12-29T13:11:41.389327+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/undercodenews.bsky.social/post/3mb4vxxixhf2i
🗨️ automation — 2025-12-29T12:53:44.293650+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/termsofsurrender.bsky.social/post/3mb4uxu5cwj25
🗨️ automation — 2025-12-29T12:48:44.176731+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/technadu.com/post/3mb4uoub7ps2e
🗨️ automation — 2025-12-29T12:48:43.655005+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/technadu.com/post/3mb4uokqkp22e
🗨️ automation — 2025-12-29T12:44:49.536864+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/technadu/statuses/115802917326976771
🗨️ automation — 2025-12-29T12:32:04.561241+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/concisecyber.bsky.social/post/3mb4tr553nn2u
🗨️ automation — 2025-12-29T12:31:53.013309+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/tomcat/statuses/115802866493307388
🗨️ automation — 2025-12-29T12:30:04.164076+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/concisecyber.bsky.social/post/3mb4tnk4z6z2a
🗨️ automation — 2025-12-29T12:29:09.633205+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/concisecyber.bsky.social/post/3mb4tlrjnaz2t
🗨️ automation — 2025-12-29T12:23:34.769214+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/undercode.bsky.social/post/3mb4tbwj2622a
🗨️ automation — 2025-12-29T12:10:23.387284+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/it-connect.bsky.social/post/3mb4skcvi3v27
🗨️ automation — 2025-12-29T11:50:36.888014+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/MongoDB.activitypub.awakari.com.ap.brid.gy/post/3mb4rgjninlx2
🗨️ automation — 2025-12-29T11:08:47.762469+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/basefortify.bsky.social/post/3mb4p2vfsf22f
🗨️ automation — 2025-12-29T11:08:47.214373+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/basefortify.bsky.social/post/3mb4p2vfrfs2f
🗨️ automation — 2025-12-29T11:08:46.671643+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/basefortify.bsky.social/post/3mb4p2uefzk2f
🗨️ automation — 2025-12-29T11:00:57.386128+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/calimegai.bsky.social/post/3mb4oo6avdh2k
🗨️ automation — 2025-12-29T10:48:39.759053+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/technijian.bsky.social/post/3mb4ny5gs522u
🗨️ automation — 2025-12-29T10:44:15.125452+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/bluesky.awakari.com/post/3mb4nqar6kw2x
🗨️ automation — 2025-12-29T10:13:08.265943+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/newsnexttech.bsky.social/post/3mb4lyhnf6o2j
🗨️ automation — 2025-12-29T10:10:11.938863+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/MongoDB.activitypub.awakari.com.ap.brid.gy/post/3mb4lnyuy2622
🗨️ automation — 2025-12-29T09:41:15.072632+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/undercodenews.bsky.social/post/3mb4k7obwo72z
🗨️ automation — 2025-12-29T09:25:15.634353+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/it4intserver.bsky.social/post/3mb4jd2cbu62f
🗨️ automation — 2025-12-29T09:13:03.177895+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/rcinghio.bsky.social/post/3mb4innd6ks2d
🗨️ automation — 2025-12-29T09:07:47.169832+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/technology-news.bsky.social/post/3mb4idswpsx2a
🗨️ automation — 2025-12-29T08:54:46.207022+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mb4hfvzbrnf2
🗨️ automation — 2025-12-29T08:48:00.391188+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/montxt.bsky.social/post/3mb4hahj4r22j
🗨️ automation — 2025-12-29T08:29:20.659459+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/infosec.skyfleet.blue/post/3mb4g73c6zc2u
🗨️ automation — 2025-12-29T08:14:04.098283+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/bluesky.awakari.com/post/3mb4fdqvzmq2z
🗨️ automation — 2025-12-29T08:12:40.722565+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3mb4fbbx4ia22
🗨️ automation — 2025-12-29T08:10:24.762291+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/infosecbriefly.bsky.social/post/3mb4f5afgld2o
🗨️ automation — 2025-12-29T08:10:19.096847+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/infosec.skyfleet.blue/post/3mb4f52tfri2z
🗨️ automation — 2025-12-29T08:06:08.260278+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/MongoDB.activitypub.awakari.com.ap.brid.gy/post/3mb4eve7mfbk2
🗨️ automation — 2025-12-29T08:05:16.797079+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mb4esxwdjdq2
🗨️ automation — 2025-12-29T07:58:05.640706+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3mb4eh7qb4y22
🗨️ automation — 2025-12-29T07:57:30.579279+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cybersentinel404.bsky.social/post/3mb4eg6bfph23
🗨️ automation — 2025-12-29T07:57:23.456818+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3mb4efx25ty2m
🗨️ automation — 2025-12-29T07:34:40.415078+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3mb4d5cuban2u
🗨️ automation — 2025-12-29T07:29:42.599310+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/bluesky.awakari.com/post/3mb4cuhjgap25
🗨️ automation — 2025-12-29T07:28:32.357783+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/bluesky.awakari.com/post/3mb4cseecpy24
🗨️ automation — 2025-12-29T07:16:38.892563+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mb4c4xn252j2
🗨️ automation — 2025-12-29T07:02:54.607608+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/earlybirdsinvest.bsky.social/post/3mb4bejwhwj2o
🗨️ automation — 2025-12-29T06:49:00+00:00 · 🌐 thehackernews.com · thehackernews.com
https://thehackernews.com/2025/12/mongodb-vulnerability-cve-2025-14847.html
🗨️ automation — 2025-12-29T05:47:46.935131+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3mb4566z6fk2l
🗨️ automation — 2025-12-29T05:20:11.932734+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cyberhub.blog/post/3mb43mtnt532p
🗨️ automation — 2025-12-29T04:38:58.738658+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3mb3zd66rs62l
🗨️ automation — 2025-12-29T04:17:53.202936+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/undercode.bsky.social/post/3mb3y5glqyu2g
🗨️ automation — 2025-12-29T04:14:43.222822+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pigondrugs.bsky.social/post/3mb3xxrtymk2t
🗨️ automation — 2025-12-29T04:12:59.724656+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/mdsiaofficial.bsky.social/post/3mb3xupdepo2b
🗨️ automation — 2025-12-29T03:25:23.983813+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/technology-news.bsky.social/post/3mb3v7lemir2j
🗨️ automation — 2025-12-29T02:27:47.648603+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mb3ryliijd2d
🗨️ automation — 2025-12-28T23:39:57.838491+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/undercodenews.bsky.social/post/3mb3imhs5pb2q
🗨️ automation — 2025-12-28T21:27:18.455323+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/MongoDB.activitypub.awakari.com.ap.brid.gy/post/3mb3b6u4thnx2
🗨️ automation — 2025-12-28T21:03:46.575589+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/allsafeus.bsky.social/post/3mb37v4ez7j2q
🗨️ automation — 2025-12-28T20:47:48.880973+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3mb36yns7xm2b
🗨️ automation — 2025-12-28T20:38:33.582258+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/bleepingcomputer.com/post/3mb36i45mls2o
🗨️ automation — 2025-12-28T19:33:58.847573+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/undercode.bsky.social/post/3mb32umo2u22l
CVE-2025-68613
CVSS: 10.0
EPSS: 3.55%
VLAI: Critical (confidence: 0.9674)
CISA: KEV
Produit
n8n-io n8n
Publié
2025-12-19 22:23:47
💬 n8n est une plateforme d'automatisation des flux de travail open source. Les versions à partir de 0.211.0 et jusqu'aux versions 1.120.4, 1.121.1 et 1.122.0 présentent une vulnérabilité critique de type Exécution de Code à Distance (RCE, pour "Remote Code Execution") dans leur système d'évaluation des expressions de flux de travail. Dans certaines conditions, les expressions fournies par des utilisateurs authentifiés lors de la configuration des flux de travail peuvent être évaluées dans un contexte d'exécution qui n'est pas suffisamment isolé du système sous-jacent. Un attaquant authentifié pourrait exploiter ce comportement pour exécuter du code arbitraire avec les privilèges du processus n8n. Une exploitation réussie pourrait entraîner une compromission totale de l'instance affectée, y compris un accès non autorisé à des données sensibles, la modification de flux de travail et l'exécution d'opérations au niveau du système.
Ce problème a été corrigé dans les versions 1.120.4, 1.121.1 et 1.122.0. Il est fortement recommandé aux utilisateurs de mettre à jour vers une version corrigée, qui introduit des mesures de sécurité supplémentaires pour restreindre l'évaluation des expressions. Si la mise à jour n'est pas immédiatement possible, les administrateurs devraient envisager les mesures temporaires suivantes : limiter les permissions de création et d'édition des flux de travail aux utilisateurs de confiance uniquement ; et/ou déployer n8n dans un environnement sécurisé avec des privilèges d'accès au système d'exploitation et au réseau restreints pour réduire l'impact d'une éventuelle exploitation. Ces solutions de contournement ne suppriment pas complètement le risque et doivent être considérées comme des mesures à court terme.
Description originale (EN)
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
seen: 28 confirmed: 1
Posts / Sources (29)
🗨️ automation — 2025-12-26T17:35:15.122092+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3mavtc5zkmo2i
🗨️ automation — 2025-12-26T15:33:48.402986+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/opsmatters.com/post/3mavmjbfixx2m
🗨️ automation — 2025-12-26T15:31:34.683499+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/opsmatters.com/post/3mavmfdobxb2r
🗨️ automation — 2025-12-26T14:21:23.688279+00:00 · 🐘 Fediverse · mastodon.social
https://mastodon.social/users/leakix/statuses/115786309583549188
🗨️ automation — 2025-12-25T04:30:16.865045+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/undercode.bsky.social/post/3marwxvrw642y
🗨️ automation — 2025-12-25T03:35:07.068624+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/undercode.bsky.social/post/3martvc3hyi2a
🗨️ automation — 2025-12-24T17:21:24+00:00 · 🌐 github.com · github.com
https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-68613.yaml
🗨️ automation — 2025-12-24T16:38:03.791128+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/thedailytechfeed.com/post/3maqp6er5sx2q
🗨️ automation — 2025-12-24T16:24:31.570810+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/hacker.at.thenote.app/post/3maqog6akpk2o
🗨️ automation — 2025-12-24T13:20:49.542413+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/sctocs.bsky.social/post/3maqe5kvopc2s
🗨️ automation — 2025-12-24T10:47:57.220583+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/decio/statuses/115774146258953973
🗨️ automation — 2025-12-24T10:38:11.934328+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3maq32vows52k
🗨️ automation — 2025-12-24T04:17:52.199046+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/securitylab-jp.bsky.social/post/3mapfsq2gnk2q
🗨️ automation — 2025-12-24T03:42:28.082002+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/undercode.bsky.social/post/3mapdtisjtb2c
🗨️ automation — 2025-12-24T02:22:25.508247+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3map7eeffkz2x
🗨️ automation — 2025-12-24T00:00:35.801206+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3maoxgomqhk27
🗨️ automation — 2025-12-23T23:54:53.706859+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3maox4jwga227
🗨️ automation — 2025-12-23T22:47:55.651242+00:00 · 🌐 poliverso.org · poliverso.org
https://poliverso.org/objects/0477a01e-f6e0ecab-fcccf0728a573587
🗨️ automation — 2025-12-23T22:08:01.759708+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/checkmarxzero.bsky.social/post/3maor5ipxep2h
🗨️ automation — 2025-12-23T12:58:44.573238+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3manshc33wy2n
🗨️ automation — 2025-12-23T11:33:01.716580+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3mannnv5obn2j
🗨️ automation — 2025-12-23T08:11:36.536475+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/infosecbriefly.bsky.social/post/3mancfmliup2q
🗨️ automation — 2025-12-23T06:34:00+00:00 · 🌐 thehackernews.com · thehackernews.com
https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html
🗨️ automation — 2025-12-23T01:46:20.695900+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mammuwaptk2g
🗨️ automation — 2025-12-22T17:17:07+00:00 · 🌐 cyber.gc.ca · cyber.gc.ca
https://cyber.gc.ca/en/alerts-advisories/n8n-security-advisory-av25-857
🗨️ automation — 2025-12-22T11:24:38+00:00 · 🌐 gist.github.com · gist.github.com
https://gist.github.com/Darkcrai86/4fe8b40ef55a6e885cd2c9b89c38de0b
🗨️ automation — 2025-12-22T09:44:34.434064+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/rxerium.com/post/3makx55cuhu2k
🗨️ automation — 2025-12-20T00:05:34.432300+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/offseq.bsky.social/post/3maevthtqni2n
🗨️ automation — 2025-12-20T00:05:16.230631+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/offseq/statuses/115748969807044248
CVE-2025-14733
EPSS: 36.33%
VLAI: Critical (confidence: 0.9545)
CISA: KEV
Produit
WatchGuard Fireware OS
Publié
2025-12-19 00:01:55
💬 Une vulnérabilité de type "écriture hors limites" dans le système d'exploitation Fireware de WatchGuard pourrait permettre à un attaquant distant, non authentifié, d'exécuter du code arbitraire. Cette vulnérabilité concerne à la fois le VPN pour utilisateurs mobiles utilisant le protocole IKEv2 (Internet Key Exchange version 2) et le VPN pour bureaux distants, également configuré avec IKEv2, lorsqu'il est configuré avec un pair de passerelle dynamique. Elle affecte les versions de Fireware OS allant de la 11.10.2 à la 11.12.4_Update1, ainsi que les versions 12.0 à 12.11.5 et 2025.1 à 2025.1.3.
Description originale (EN)
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.5 and 2025.1 up to and including 2025.1.3.
seen: 58 exploited: 1
Posts / Sources (59)
🗨️ automation — 2025-12-29T02:27:47.722927+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mb3ryliijd2d
🗨️ automation — 2025-12-28T02:27:56.606944+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mazbjwq6go2f
🗨️ automation — 2025-12-27T02:21:54.524409+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mawqq7m4sf2g
🗨️ automation — 2025-12-25T10:58:48.488379+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/termsofsurrender.bsky.social/post/3masmo7dtdi2n
🗨️ automation — 2025-12-24T02:22:25.382336+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3map7eeffkz2x
🗨️ automation — 2025-12-23T17:36:41.322278+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3maobyc3zeg2w
🗨️ automation — 2025-12-23T15:56:03.829971+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/thedailytechfeed.com/post/3mao4edgbof2i
🗨️ automation — 2025-12-23T13:19:30.208558+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/edwardk/statuses/115769079875623050
🗨️ automation — 2025-12-23T12:19:44+00:00 · 🌐 threatintel.cc · threatintel.cc
https://threatintel.cc/2025/12/23/critical-rce-flaw-impacts-over.html
🗨️ automation — 2025-12-23T06:12:55.007232+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/shiojiri.com/post/3man3rl265c2r
🗨️ automation — 2025-12-23T02:23:54.075965+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mamoy3lpvm2p
🗨️ automation — 2025-12-23T01:28:51.941844+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mamlvl6kac2g
🗨️ automation — 2025-12-23T00:08:09.772502+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/securitylab-jp.bsky.social/post/3mamhfclnks2h
🗨️ automation — 2025-12-23T00:03:10.691668+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mamh4fgbts2g
🗨️ automation — 2025-12-22T23:55:37.776261+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mamgojuhp22g
🗨️ automation — 2025-12-22T23:49:05.854813+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mamgdapekc2g
🗨️ automation — 2025-12-22T21:39:04.143749+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/kitafox.bsky.social/post/3mam72rpdip2z
🗨️ automation — 2025-12-22T18:37:15+00:00 · 🌐 cyber.gc.ca · cyber.gc.ca
https://cyber.gc.ca/en/alerts-advisories/al25-020-vulnerability-impacting-watchguard-fireware-os-cve-2025-14733
🗨️ automation — 2025-12-22T17:35:06.187897+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/alexlevberg.bsky.social/post/3malrgeceak2t
🗨️ automation — 2025-12-22T17:35:05.674781+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/alexlevberg.bsky.social/post/3malrgecdbc2t
🗨️ automation — 2025-12-22T17:35:05.147086+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/alexlevberg.bsky.social/post/3malrgec4gk2t
🗨️ automation — 2025-12-22T13:32:42.281232+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/infosec.skyfleet.blue/post/3maldv3vd7w2x
🗨️ automation — 2025-12-22T11:52:18+00:00 · 🌐 gist.github.com · gist.github.com
https://gist.github.com/Darkcrai86/76ab396fec8f6cf19343f849f10a89c5
🗨️ automation — 2025-12-22T09:40:35.852846+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/osanpo.bsky.social/post/3makwvjw44z2x
🗨️ automation — 2025-12-22T09:14:05.949418+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/defendopsdiaries/statuses/115762452599169243
🗨️ automation — 2025-12-22T02:26:25.632374+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mak6noxd4f2u
🗨️ automation — 2025-12-21T21:23:41.049302+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/kitafox.bsky.social/post/3majnqe5zsb23
🗨️ automation — 2025-12-21T19:20:11.754118+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cyberhub.blog/post/3majgtiydf42y
🗨️ automation — 2025-12-21T18:42:50.229389+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/shadowserver/statuses/115759026528029562
🗨️ automation — 2025-12-21T18:42:41.797137+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/shadowserver.bsky.social/post/3majeqe6q5s2k
🗨️ automation — 2025-12-21T18:42:39.878214+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/shadowserver.bsky.social/post/3majeqbolpc2k
🗨️ automation — 2025-12-21T18:42:38.342286+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/shadowserver.bsky.social/post/3majeq7gru22k
🗨️ automation — 2025-12-20T21:02:59.901782+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/beikokucyber.bsky.social/post/3mah44ekarg2p
🗨️ automation — 2025-12-20T15:08:04.145483+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/thedailytechfeed.com/post/3magibqknwc2w
🗨️ automation — 2025-12-20T10:38:34.469648+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/eyalestrin.bsky.social/post/3mafz7uqops27
🗨️ automation — 2025-12-20T09:35:23.229253+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/offseq.bsky.social/post/3mafvoqcjo22n
🗨️ automation — 2025-12-20T09:35:16.733947+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/offseq/statuses/115751211179012534
🗨️ automation — 2025-12-20T03:26:51.722401+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/infosec.skyfleet.blue/post/3mafb3vvzgy2g
🗨️ automation — 2025-12-19T21:00:52.533539+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/DarkWebInformer/statuses/115748244805470377
🗨️ automation — 2025-12-19T20:01:38.186282+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pigondrugs.bsky.social/post/3maei7rzjj525
🗨️ automation — 2025-12-19T19:15:17.517541+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/sctocs.bsky.social/post/3maefms4tcc2d
🗨️ automation — 2025-12-19T19:15:10.025260+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/guardian360.bsky.social/post/3maefmpejou2u
🗨️ automation — 2025-12-19T18:34:55.985256+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/securityrss.bsky.social/post/3maedep4f7y2a
🗨️ automation — 2025-12-19T16:23:36.195300+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/technology-news.bsky.social/post/3mae3znerwv2q
🗨️ automation — 2025-12-19T15:55:18.960058+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/netsecio.bsky.social/post/3mae2hd7rmn26
🗨️ automation — 2025-12-19T15:55:08.745392+00:00 · 🐘 Fediverse · mastodon.social
https://mastodon.social/ap/users/115426718704364579/statuses/115747042554958784
🗨️ automation — 2025-12-19T14:22:51+00:00 · 🌐 www.acn.gov.it · www.acn.gov.it
https://www.acn.gov.it/portale/w/watchguard-rilevato-sfruttamento-attivo-della-cve-2025-14733
🗨️ automation — 2025-12-19T13:38:48.351171+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/bitnewsbot.bsky.social/post/3madstamtif25
🗨️ automation — 2025-12-19T13:09:55.054388+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cybersecurity.poliverso.org.ap.brid.gy/post/3madr7bj74ou2
🗨️ automation — 2025-12-19T13:04:54.628184+00:00 · 🌐 poliverso.org · poliverso.org
https://poliverso.org/objects/0477a01e-fa93f335-ba75446ce3cfba29
🗨️ automation — 2025-12-19T11:46:33.674284+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3madmk6xi542u
🗨️ automation — 2025-12-19T11:42:11.748574+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cybersentinel404.bsky.social/post/3madmcpsing26
🗨️ automation — 2025-12-19T11:00:11+00:00
MISP/cc375703-8503-52a7-9dda-92743a1fbfe0
Source non cliquable
🗨️ automation — 2025-12-19T10:37:05.453165+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/defendopsdiaries/statuses/115745791976674137
🗨️ automation — 2025-12-19T10:23:00+00:00 · 🌐 thehackernews.com · thehackernews.com
https://thehackernews.com/2025/12/watchguard-warns-of-active-exploitation.html
🗨️ automation — 2025-12-19T10:16:01+00:00 · 🌐 advisories.ncsc.nl · advisories.ncsc.nl
https://advisories.ncsc.nl/advisory?id=NCSC-2025-0400
🗨️ clement-fouque — 2025-12-19T08:02:37.684480+00:00 · 🌐 www.watchguard.com · www.watchguard.com
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027
🗨️ automation — 2025-12-19T01:35:53.659410+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/offseq.bsky.social/post/3mackgko76e2g
🗨️ automation — 2025-12-19T01:35:52.560537+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/offseq/statuses/115743663755552892
CVE-2020-12812
EPSS: 50.29%
VLAI: Critical (confidence: 0.9719)
CISA: KEV
Produit
n/a Fortinet FortiOS
Publié
2020-07-24 22:28:43
💬 Une vulnérabilité d'authentification incorrecte a été identifiée dans le VPN SSL (Réseau Privé Virtuel SSL) de FortiOS, qui est le système d'exploitation utilisé par les appareils de sécurité réseau de Fortinet. Cette vulnérabilité concerne les versions 6.4.0, 6.2.0 à 6.2.3, et 6.0.9 et les versions antérieures.
Elle permet à un utilisateur de se connecter avec succès sans être invité à fournir un second facteur d'authentification, qui est généralement un code généré par un dispositif appelé FortiToken. Ce problème survient si l'utilisateur modifie la casse (majuscule/minuscule) de son nom d'utilisateur lors de la connexion. En d'autres termes, un utilisateur pourrait contourner une étape de sécurité importante simplement en changeant les lettres de son nom d'utilisateur, ce qui pourrait compromettre la sécurité du système.
Description originale (EN)
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
seen: 27
Posts / Sources (27)
🗨️ automation — 2025-12-29T13:57:03.354903+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/infosecbriefly.bsky.social/post/3mb4yj2wzsl2t
🗨️ automation — 2025-12-29T13:17:02.181399+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mb4wb5chunv2
🗨️ automation — 2025-12-29T12:44:02.276197+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/edwardk/statuses/115802914263569845
🗨️ automation — 2025-12-29T11:44:10+00:00 · 🌐 threatintel.cc · threatintel.cc
https://threatintel.cc/2025/12/29/fortinet-warns-of-yearold-fortios.html
🗨️ automation — 2025-12-29T11:27:55.089863+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/defendopsdiaries/statuses/115802614971103138
🗨️ automation — 2025-12-29T03:26:10.556074+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3mb3vayjiba2u
🗨️ automation — 2025-12-28T02:27:57.486874+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mazbjwq6go2f
🗨️ automation — 2025-12-27T20:51:03.795831+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mayop6j2ec2s
🗨️ automation — 2025-12-27T20:48:28.266791+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mayoku4kh22s
🗨️ automation — 2025-12-27T07:22:37.257565+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/technadu.com/post/3maxbjugbik25
🗨️ automation — 2025-12-27T07:22:36.699640+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/technadu.com/post/3maxbjmlxq225
🗨️ automation — 2025-12-27T07:20:52.064610+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/technadu/statuses/115790318846021636
🗨️ automation — 2025-12-26T19:15:25.298616+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/guardian360.bsky.social/post/3mavyv5zowm2f
🗨️ automation — 2025-12-26T18:46:24.103353+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/hacker.at.thenote.app/post/3mavxbkvlkk2o
🗨️ automation — 2025-12-26T18:00:04.967240+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cyberveille-ch.bsky.social/post/3mavuovfy4c2p
🗨️ automation — 2025-12-26T07:20:22.690845+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cyberhub.blog/post/3mauqwryjvp2y
🗨️ automation — 2025-12-25T11:16:43.923675+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cybersecurity.poliverso.org.ap.brid.gy/post/3masnon4vxnd2
🗨️ automation — 2025-12-25T11:16:02.375607+00:00 · 🌐 poliverso.org · poliverso.org
https://poliverso.org/objects/0477a01e-f42b6e9c-166947ba31e8fbfb
🗨️ automation — 2025-12-25T08:44:12.336672+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/infosecbriefly.bsky.social/post/3masf5rf6zu27
🗨️ automation — 2025-12-25T08:44:07.767389+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/undercodenews.bsky.social/post/3masf5l4uf62v
🗨️ automation — 2025-12-25T07:22:00+00:00 · 🌐 thehackernews.com · thehackernews.com
https://thehackernews.com/2025/12/fortinet-warns-of-active-exploitation.html
🗨️ automation — 2025-02-23T02:09:46+00:00
MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123
Source non cliquable
🗨️ automation — 2024-12-24T20:24:00.826421+00:00 · 🌐 feedsin.space · feedsin.space
https://feedsin.space/feed/CISAKevBot/items/2971084
🗨️ automation — 2021-11-20T09:53:52+00:00
MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123
Source non cliquable
🗨️ automation — 2021-11-08T08:58:17+00:00
MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422
Source non cliquable
🗨️ automation — 2021-10-25T22:30:42+00:00
MISP/63ddead6-4b82-414c-ad8e-c516b950b446
Source non cliquable
🗨️ automation — 2021-05-27T19:49:44+00:00
MISP/98c0be2f-eadc-4ce5-9072-82ceacaea9c6
Source non cliquable
CVE-2025-55182
CVSS: 10.0
EPSS: 48.71%
VLAI: Critical (confidence: 0.8786)
CISA: KEV
Produit
Meta react-server-dom-webpack
Publié
2025-12-03 15:40:56
💬 Une vulnérabilité de type exécution de code à distance avant authentification existe dans les versions 19.0.0, 19.1.0, 19.1.1 et 19.2.0 des composants serveur de React. Cette vulnérabilité concerne également certains paquets, à savoir : **react-server-dom-parcel**, **react-server-dom-turbopack** et **react-server-dom-webpack**.
Le problème réside dans le fait que le code vulnérable désérialise de manière non sécurisée des données (appelées "payloads") provenant de requêtes HTTP vers des points de terminaison de fonctions serveur. La désérialisation est le processus de conversion de données d'un format de stockage (comme JSON) en un objet utilisable dans le code. Si ce processus n'est pas sécurisé, un attaquant pourrait potentiellement injecter du code malveillant, permettant ainsi l'exécution de ce code sur le serveur avant même qu'un utilisateur ne soit authentifié.
Description originale (EN)
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
seen: 811 exploited: 29 confirmed: 1 published-proof-of-concept: 1
Posts / Sources (842)
🗨️ automation — 2025-12-29T12:31:54.187753+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/concisecyber.bsky.social/post/3mb4tqt3ezs2z
🗨️ automation — 2025-12-28T12:15:50.183036+00:00 · 🌐 poliverso.org · poliverso.org
https://poliverso.org/objects/0477a01e-3cf31148-d79cc710e0cfd8f9
🗨️ automation — 2025-12-28T02:40:10.232147+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cyberhub.blog/post/3mazc7qzjul2i
🗨️ automation — 2025-12-28T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-28)
Source non cliquable
🗨️ automation — 2025-12-27T16:59:09+00:00 · 🌐 gist.github.com · gist.github.com
https://gist.github.com/getter-io/fd87b97e77f9185429471a11e77ae2c7
🗨️ automation — 2025-12-27T16:59:07+00:00 · 🌐 gist.github.com · gist.github.com
https://gist.github.com/getter-io/d0c302898ccef414aee90d4d62320552
🗨️ automation — 2025-12-27T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-27)
Source non cliquable
🗨️ automation — 2025-12-26T13:10:04.904829+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/concisecyber.bsky.social/post/3maveicurkb2u
🗨️ automation — 2025-12-26T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-26)
Source non cliquable
🗨️ automation — 2025-12-25T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-25)
Source non cliquable
🗨️ automation — 2025-12-25T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-25)
Source non cliquable
🗨️ automation — 2025-12-24T17:33:40.357821+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/termsofsurrender.bsky.social/post/3maqsbt6mhv25
🗨️ automation — 2025-12-24T08:38:24.467807+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3mapueop7ji2b
🗨️ automation — 2025-12-24T01:50:26.255800+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/opsmatters.com/post/3map5l6uilk2m
🗨️ automation — 2025-12-24T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-24)
Source non cliquable
🗨️ automation — 2025-12-24T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-24)
Source non cliquable
🗨️ automation — 2025-12-23T15:28:40.778204+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/thecascading.bsky.social/post/3mao2tfm46f2f
🗨️ automation — 2025-12-23T14:10:47.297023+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/securitycipher.bsky.social/post/3manwi4jbke2g
🗨️ automation — 2025-12-23T04:55:25.101870+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/opsmatters.com/post/3mamxgz332q2z
🗨️ automation — 2025-12-23T02:23:53.624896+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mamoy3lpvm2p
🗨️ automation — 2025-12-23T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-23)
Source non cliquable
🗨️ automation — 2025-12-22T02:26:25.333242+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mak6noxd4f2u
🗨️ automation — 2025-12-22T02:18:08.417009+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/hrbrmstr.mastodon.social.ap.brid.gy/post/3mak66tttutp2
🗨️ automation — 2025-12-22T02:18:02.060761+00:00 · 🐘 Fediverse · mastodon.social
https://mastodon.social/users/hrbrmstr/statuses/115760816356848126
🗨️ automation — 2025-12-22T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-22)
Source non cliquable
🗨️ automation — 2025-12-21T22:07:22.168889+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pentesterlab.com/post/3majq6ggqqc2y
🗨️ automation — 2025-12-21T22:07:21.703404+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pentesterlab.com/post/3majq6gglu22y
🗨️ automation — 2025-12-21T11:06:44.240827+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cyberresearch.bsky.social/post/3mailawtnfu2y
🗨️ automation — 2025-12-21T08:28:50.501169+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3maicgntwzc2i
🗨️ automation — 2025-12-21T02:26:48.096603+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3maho7h567p2a
🗨️ automation — 2025-12-21T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-21)
Source non cliquable
🗨️ automation — 2025-12-20T22:17:06.615135+00:00 · 🌐 social.circl.lu · social.circl.lu
https://social.circl.lu/users/circl/statuses/115754206905927712
🗨️ automation — 2025-12-20T13:01:30+00:00 · 🌐 gist.github.com · gist.github.com
https://gist.github.com/JSHT/eddcfd61e38c48ab743e665fc27fc23c
🗨️ automation — 2025-12-20T10:42:58.590698+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/alirezagharib.net/post/3mafzhoqtkc2u
🗨️ automation — 2025-12-20T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-20)
Source non cliquable
🗨️ automation — 2025-12-19T23:55:05.851373+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/azureweekly.endj.in/post/3maevb5twg52j
🗨️ automation — 2025-12-19T15:27:11.516192+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/hasamba72.bsky.social/post/3madyukofgr2z
🗨️ automation — 2025-12-19T06:53:36.852024+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/eulanov.m.eula.dev.ap.brid.gy/post/3mad46ni7tvz2
🗨️ automation — 2025-12-19T02:53:45.874458+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/infosecbriefly.bsky.social/post/3macorssdqz2o
🗨️ automation — 2025-12-19T02:22:53.335333+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3macn2mdz322d
🗨️ automation — 2025-12-19T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-19)
Source non cliquable
🗨️ automation — 2025-12-18T21:39:31.181254+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mac57bz7ak2r
🗨️ automation — 2025-12-18T19:00:15.570271+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/lirantal.com/post/3mabud32kbh2z
🗨️ automation — 2025-12-18T17:17:49.176315+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/securitycipher.bsky.social/post/3mabolxevrb2q
🗨️ automation — 2025-12-18T17:11:53.728930+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/geeknik.bsky.social/post/3mabobdmbmu2y
🗨️ automation — 2025-12-18T16:10:01.777625+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/hacker.at.thenote.app/post/3mabkspson22s
🗨️ automation — 2025-12-18T12:57:05.708406+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/securityish.bsky.social/post/3mab7zqkku52v
🗨️ automation — 2025-12-18T11:07:09+00:00 · 🌐 gist.github.com · gist.github.com
https://gist.github.com/ThemeHackers/c6223a6ac26b5ce2c1b070c7118b7f4b
🗨️ automation — 2025-12-18T10:17:40.228236+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/kaldata.bsky.social/post/3maax4nmedh2c
🗨️ automation — 2025-12-18T08:55:24.541655+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3maasjky2p62l
🗨️ automation — 2025-12-18T02:55:44.826280+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/netmarkjp.bsky.social/post/3maa6ggmndn2q
🗨️ automation — 2025-12-18T02:20:51.631670+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3maa4i2wdhv23
🗨️ automation — 2025-12-18T01:05:06.645400+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/azureweekly.endj.in/post/3ma7yam7poq2q
🗨️ automation — 2025-12-18T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-18)
Source non cliquable
🗨️ automation — 2025-12-17T23:30:14.469000+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/lazarusholic.bsky.social/post/3ma7swwpkzj2p
🗨️ automation — 2025-12-17T22:43:55.427467+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/kenithehated.bsky.social/post/3ma7qdyxwos2h
🗨️ automation — 2025-12-17T21:20:09.262732+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cyberhub.blog/post/3ma7lodiomz2o
🗨️ automation — 2025-12-17T20:04:49.436311+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/tech-trending.bsky.social/post/3ma7hhmrt5m2u
🗨️ automation — 2025-12-17T19:05:22.589917+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/skip2networks.bsky.social/post/3ma7e5e3rof26
🗨️ automation — 2025-12-17T17:55:15.736651+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/theitnerd.ca/post/3ma7a7xvtfd2k
CVE-2023-52163
EPSS: 17.01%
VLAI: High (confidence: 0.9477)
CISA: KEV
Produit
n/a n/a
Publié
2025-02-03 00:00:00
💬 Les appareils Digiever DS-2105 Pro, utilisant la version 3.1.0.71-11 de leur logiciel, présentent une vulnérabilité de type "injection de commande" via un fichier nommé "time_tzsetup.cgi". Cela signifie qu'un attaquant pourrait potentiellement exécuter des commandes non autorisées sur l'appareil en exploitant cette faille. Il est important de noter que cette vulnérabilité concerne uniquement les produits qui ne reçoivent plus de support de la part de leur éditeur, ce qui signifie qu'ils ne bénéficient plus de mises à jour de sécurité ou de correctifs.
Description originale (EN)
Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
seen: 124 exploited: 1
Posts / Sources (125)
🗨️ automation — 2025-12-27T20:41:12.906958+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mayo5vlb6s2s
🗨️ automation — 2025-12-27T02:21:54.854856+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mawqq7m4sf2g
🗨️ automation — 2025-12-26T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-26)
Source non cliquable
🗨️ automation — 2025-12-25T14:51:35.422919+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/edwardk/statuses/115780766601502294
🗨️ automation — 2025-12-25T13:51:41+00:00 · 🌐 threatintel.cc · threatintel.cc
https://threatintel.cc/2025/12/25/cisa-flags-actively-exploited-digiever.html
🗨️ automation — 2025-12-25T10:34:54.708219+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/offseq/statuses/115779757191312073
🗨️ automation — 2025-12-25T08:43:57.625794+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/infosecbriefly.bsky.social/post/3masf5fwd3g2y
🗨️ automation — 2025-12-25T07:07:00+00:00 · 🌐 thehackernews.com · thehackernews.com
https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.html
🗨️ automation — 2025-12-25T00:40:15.177405+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cyberhub.blog/post/3mark4lvbto2o
🗨️ automation — 2025-12-24T15:30:09.738183+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/thedailytechfeed.com/post/3maqlexh2q72y
🗨️ automation — 2025-12-24T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-24)
Source non cliquable
🗨️ automation — 2025-12-23T23:50:49.761347+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3maowvaqotk27
🗨️ automation — 2025-12-23T21:02:59.296969+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/beikokucyber.bsky.social/post/3maonj3nrcp2p
🗨️ automation — 2025-12-23T01:47:16.532188+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mammwlml7c2g
🗨️ automation — 2025-12-23T00:54:19.141792+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/DarkWebInformer/statuses/115766149685381984
🗨️ automation — 2025-12-23T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-23)
Source non cliquable
🗨️ automation — 2025-12-22T20:01:47.152656+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pigondrugs.bsky.social/post/3malzm4cn6b24
🗨️ automation — 2025-12-17T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-17)
Source non cliquable
🗨️ automation — 2025-12-16T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-16)
Source non cliquable
🗨️ automation — 2025-12-14T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-14)
Source non cliquable
🗨️ automation — 2025-12-06T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-06)
Source non cliquable
🗨️ automation — 2025-12-05T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-05)
Source non cliquable
🗨️ automation — 2025-12-04T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-04)
Source non cliquable
🗨️ automation — 2025-12-03T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-03)
Source non cliquable
🗨️ automation — 2025-11-28T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-28)
Source non cliquable
🗨️ automation — 2025-11-27T15:20:21+00:00
MISP/d776572a-20aa-5bd6-8c28-05f8506eaf72
Source non cliquable
🗨️ automation — 2025-11-27T12:52:31.195913+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/edwardk/statuses/115621753678740046
🗨️ automation — 2025-11-27T11:52:43+00:00 · 🌐 threatintel.cc · threatintel.cc
https://threatintel.cc/2025/11/27/botnet-takes-advantage-of-aws.html
🗨️ automation — 2025-11-26T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-26)
Source non cliquable
🗨️ automation — 2025-11-25T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-25)
Source non cliquable
🗨️ automation — 2025-11-24T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-24)
Source non cliquable
🗨️ automation — 2025-11-23T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-23)
Source non cliquable
🗨️ automation — 2025-11-22T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-22)
Source non cliquable
🗨️ automation — 2025-11-20T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-20)
Source non cliquable
🗨️ automation — 2025-11-19T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-19)
Source non cliquable
🗨️ automation — 2025-11-18T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-18)
Source non cliquable
🗨️ automation — 2025-11-17T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-17)
Source non cliquable
🗨️ automation — 2025-11-13T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-13)
Source non cliquable
🗨️ automation — 2025-11-12T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-12)
Source non cliquable
🗨️ automation — 2025-11-09T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-09)
Source non cliquable
🗨️ automation — 2025-11-08T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-08)
Source non cliquable
🗨️ automation — 2025-11-07T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-07)
Source non cliquable
🗨️ automation — 2025-11-06T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-06)
Source non cliquable
🗨️ automation — 2025-11-05T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-05)
Source non cliquable
🗨️ automation — 2025-11-04T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-04)
Source non cliquable
🗨️ automation — 2025-11-03T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-03)
Source non cliquable
🗨️ automation — 2025-11-02T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-02)
Source non cliquable
🗨️ automation — 2025-11-01T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-01)
Source non cliquable
🗨️ automation — 2025-10-31T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-31)
Source non cliquable
🗨️ automation — 2025-10-30T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-30)
Source non cliquable
🗨️ automation — 2025-10-29T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-29)
Source non cliquable
🗨️ automation — 2025-10-28T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-28)
Source non cliquable
🗨️ automation — 2025-10-27T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-27)
Source non cliquable
🗨️ automation — 2025-10-26T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-26)
Source non cliquable
🗨️ automation — 2025-10-25T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-25)
Source non cliquable
🗨️ automation — 2025-10-24T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-24)
Source non cliquable
🗨️ automation — 2025-10-23T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-23)
Source non cliquable
🗨️ automation — 2025-10-21T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-21)
Source non cliquable
🗨️ automation — 2025-10-20T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-20)
Source non cliquable
🗨️ automation — 2025-10-19T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-19)
Source non cliquable
CVE-2025-68664
CVSS: 9.3
EPSS: 0.07%
VLAI: Critical (confidence: 0.8712)
CISA: KEV
Produit
langchain-ai langchain
Publié
2025-12-23 22:47:44
💬 LangChain est un cadre de développement pour créer des agents et des applications alimentées par des modèles de langage (LLM, pour "Large Language Model"). Avant les versions 0.3.81 et 1.2.5, une vulnérabilité de type injection de sérialisation était présente dans les fonctions dumps() et dumpd() de LangChain.
Cette vulnérabilité se manifeste lorsque ces fonctions ne protègent pas correctement les dictionnaires contenant des clés 'lc' lors de la sérialisation de dictionnaires libres. La clé 'lc' est utilisée en interne par LangChain pour identifier les objets sérialisés. Si des données contrôlées par l'utilisateur contiennent cette structure de clé, elles sont considérées comme un objet LangChain légitime lors de la désérialisation, au lieu d'être traitées comme de simples données utilisateur.
Ce problème a été corrigé dans les versions 0.3.81 et 1.2.5.
Description originale (EN)
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.
seen: 17
Posts / Sources (17)
🗨️ automation — 2025-12-29T11:20:43.517775+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/velstadtcompany.bsky.social/post/3mb4prg65xc2j
🗨️ automation — 2025-12-29T10:39:24.445772+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/TheDoctor512.mastodon.social.ap.brid.gy/post/3mb4neu7aq452
🗨️ automation — 2025-12-28T18:29:11.913464+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/undercode.bsky.social/post/3mb2xarjtux2g
🗨️ automation — 2025-12-28T00:32:48.163579+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/edwardk/statuses/115794376639650176
🗨️ automation — 2025-12-27T23:32:55+00:00 · 🌐 threatintel.cc · threatintel.cc
https://threatintel.cc/2025/12/27/langchain-core-vulnerability-allows-prompt.html
🗨️ automation — 2025-12-27T02:21:54.770123+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mawqq7m4sf2g
🗨️ automation — 2025-12-26T18:48:06.575632+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/newsanalysis.com/post/3mavxenzs242y
🗨️ automation — 2025-12-26T10:14:01.111852+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/infosecbriefly.bsky.social/post/3mav2ni6hhy2z
🗨️ automation — 2025-12-26T04:50:27.279637+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/aisparkup.bsky.social/post/3mauikiiaox2j
🗨️ automation — 2025-12-25T20:04:06.299118+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/viralpique.bsky.social/post/3matl5jzcxo2k
🗨️ automation — 2025-12-25T19:20:05.619329+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/hackernewsbot.bsky.social/post/3matiozh7bc2p
🗨️ automation — 2025-12-25T19:20:00.722781+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/hnws.bsky.social/post/3matiov7vwe2c
🗨️ automation — 2025-12-24T23:22:16.464939+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3marfr5s7zc26
🗨️ automation — 2025-12-24T01:49:16.809933+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cve.skyfleet.blue/post/3map5j4n7kj2y
🗨️ automation — 2025-12-24T01:35:01.706716+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/offseq.bsky.social/post/3map4pmnwpe2m
🗨️ automation — 2025-12-24T01:35:00.691135+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/offseq/statuses/115771971926680769
🗨️ automation — 2025-12-23T23:44:27.195961+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/thehackerwire.bsky.social/post/3maowjvnaam2p
CVE-2025-59374
EPSS: 35.96%
VLAI: Critical (confidence: 0.9928)
CISA: KEV
Produit
ASUS live update
Publié
2025-12-17 04:27:06
💬 **"NON SOUTENU LORSQU'IL EST ATTRIBUÉ"**
Certaines versions du client ASUS Live Update ont été distribuées avec des modifications non autorisées, résultant d'une compromission de la chaîne d'approvisionnement. Ces versions modifiées pouvaient amener des appareils, répondant à des conditions spécifiques, à effectuer des actions non intentionnelles. Seuls les appareils ayant installé ces versions compromises et remplissant les conditions ciblées étaient concernés.
Le client Live Update a atteint sa fin de support (End-of-Support, EOS) en octobre 2021, ce qui signifie qu'aucun appareil ou produit actuellement pris en charge n'est affecté par ce problème.
Description originale (EN)
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.
seen: 38
Posts / Sources (38)
🗨️ automation — 2025-12-29T02:27:47.805831+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mb3ryliijd2d
🗨️ automation — 2025-12-28T02:27:56.803929+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mazbjwq6go2f
🗨️ automation — 2025-12-24T06:38:24.389957+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/ahmandonk.bsky.social/post/3mapno4lpgp2y
🗨️ automation — 2025-12-23T13:20:08.587734+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cyberhub.blog/post/3mantnkektq27
🗨️ automation — 2025-12-23T06:58:04.686368+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/hacker.at.thenote.app/post/3man6cdguyk2o
🗨️ automation — 2025-12-23T02:23:53.850675+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mamoy3lpvm2p
🗨️ automation — 2025-12-23T01:38:40.064210+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mammh44fqk2g
🗨️ automation — 2025-12-23T01:31:00.049541+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mamlzenrtk2g
🗨️ automation — 2025-12-22T22:07:38.785450+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mamanqvyuc2g
🗨️ automation — 2025-12-22T19:46:52.286018+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/undercodenews.bsky.social/post/3malys5ftuf2z
🗨️ automation — 2025-12-22T14:20:12.127214+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cyberhub.blog/post/3malgjw4n4w2y
🗨️ automation — 2025-12-22T11:23:24.392817+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cyber-news-fi.bsky.social/post/3mal4no7pzs2b
🗨️ automation — 2025-12-22T11:21:40.131622+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/defendopsdiaries/statuses/115762954159419837
🗨️ automation — 2025-12-22T11:18:26.120907+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3mal4ez45oo23
🗨️ automation — 2025-12-22T11:09:38.554245+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/bleepingcomputer.com/post/3mal3vaqg2k27
🗨️ automation — 2025-12-22T04:30:06.193931+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cyberveille-ch.bsky.social/post/3makfktsozr2i
🗨️ automation — 2025-12-21T08:32:35.458807+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3maicnfyyps2i
🗨️ automation — 2025-12-21T04:05:07.614355+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/edwardk/statuses/115755575363524377
🗨️ automation — 2025-12-21T03:05:21+00:00 · 🌐 threatintel.cc · threatintel.cc
https://threatintel.cc/2025/12/20/cisa-warns-asus-live-update.html
🗨️ automation — 2025-12-20T16:34:01.621518+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/alirezagharib.net/post/3magn3cw44k23
🗨️ automation — 2025-12-20T16:34:00.898941+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/alirezagharib.net/post/3magn3cw35c23
🗨️ automation — 2025-12-20T16:34:00.320087+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/alirezagharib.net/post/3magn3cw26223
🗨️ automation — 2025-12-20T16:33:59.747523+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/alirezagharib.net/post/3magn3cvz6s23
🗨️ automation — 2025-12-20T16:33:59.162191+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/alirezagharib.net/post/3magn3cvy7k23
🗨️ automation — 2025-12-20T16:33:58.557632+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/alirezagharib.net/post/3magn3cv6t223
🗨️ automation — 2025-12-19T18:04:06.954238+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/thedailytechfeed.com/post/3maebnj2f7t2m
🗨️ automation — 2025-12-18T21:03:05.133537+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/beikokucyber.bsky.social/post/3mac36lw27h2f
🗨️ automation — 2025-12-18T18:57:18.964048+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/sctocs.bsky.social/post/3mabu5qj76c2a
🗨️ automation — 2025-12-18T08:50:35.832004+00:00 · 🌐 poliverso.org · poliverso.org
https://poliverso.org/objects/0477a01e-51e3a85f-8592fbe159860167
🗨️ automation — 2025-12-18T06:02:25.171952+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/infosecbriefly.bsky.social/post/3maaiu753we27
🗨️ automation — 2025-12-18T05:57:57.510833+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3maaimbgke62r
🗨️ automation — 2025-12-18T05:49:10.428039+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cybersentinel404.bsky.social/post/3maai4kktzx2g
🗨️ automation — 2025-12-18T04:01:27.356630+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pigondrugs.bsky.social/post/3maac3wsdd52a
🗨️ automation — 2025-12-18T04:01:00+00:00 · 🌐 thehackernews.com · thehackernews.com
https://thehackernews.com/2025/12/cisa-flags-critical-asus-live-update.html
🗨️ automation — 2025-12-18T02:57:36.661589+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/DarkWebInformer/statuses/115738322934985655
🗨️ automation — 2025-12-18T00:39:43.858097+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/kitafox.bsky.social/post/3ma7wt7twj627
🗨️ automation — 2025-12-17T20:43:22.183456+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/cR0w/statuses/115736851351799576
🗨️ automation — 2025-12-17T05:05:14.798594+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/offseq/statuses/115733162386998883
CVE-2025-20393
CVSS: 10.0
EPSS: 6.77%
VLAI: Medium (confidence: 0.8688)
CISA: KEV
Produit
Cisco Cisco Secure Email
Publié
2025-12-17 16:47:13
💬 Cisco a identifié une vulnérabilité potentielle. L'entreprise est en train d'examiner cette situation et mettra à jour les informations fournies dès que de nouveaux éléments seront disponibles.
Description originale (EN)
Cisco is aware of a potential vulnerability. Cisco is currently investigating and will update these details as appropriate as more information becomes available.
seen: 88 exploited: 1
Posts / Sources (89)
🗨️ automation — 2025-12-27T13:30:15.340349+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/kpwn.infosec.exchange.ap.brid.gy/post/3maxw33krrao2
🗨️ automation — 2025-12-27T02:21:54.437016+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mawqq7m4sf2g
🗨️ automation — 2025-12-26T05:02:37.078715+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/securitylab-jp.bsky.social/post/3mauja34whs2w
🗨️ automation — 2025-12-25T22:47:55+00:00
MISP/ed7e8b58-93ec-41c5-b15a-81e92c823798
Source non cliquable
🗨️ automation — 2025-12-25T02:23:45.337192+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3marpvokz3j2w
🗨️ automation — 2025-12-24T10:01:01.930449+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/guardian360.bsky.social/post/3mapyygsv6x22
🗨️ automation — 2025-12-24T09:12:37.815495+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/nilab.mstdn.jp.ap.brid.gy/post/3mapwbk4xdos2
🗨️ automation — 2025-12-24T02:22:25.077138+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3map7eeffkz2x
🗨️ automation — 2025-12-23T13:32:02.727397+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/concisecyber.bsky.social/post/3manuctiwip2u
🗨️ automation — 2025-12-23T05:25:10.568248+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/opsmatters.com/post/3mamz3zkhdz2z
🗨️ automation — 2025-12-23T02:23:53.501790+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mamoy3lpvm2p
🗨️ automation — 2025-12-22T20:40:23.583814+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cyberhub.blog/post/3mam3rfumr52o
🗨️ automation — 2025-12-22T18:46:03.811208+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/thedailytechfeed.com/post/3malvffum7r2w
🗨️ automation — 2025-12-22T04:44:10.565781+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3makgdzb62u2w
🗨️ automation — 2025-12-22T02:26:25.203127+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mak6noxd4f2u
🗨️ automation — 2025-12-21T21:00:05.327093+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cyberveille-ch.bsky.social/post/3majmg645nh2p
🗨️ automation — 2025-12-21T18:43:03.173878+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/thedailytechfeed.com/post/3majer4b2542o
🗨️ automation — 2025-12-21T11:37:38.997696+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/eyalestrin.bsky.social/post/3maimygvzqp2a
🗨️ automation — 2025-12-21T10:42:41.982804+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cybersecurity.poliverso.org.ap.brid.gy/post/3maijw2gpteg2
🗨️ automation — 2025-12-21T10:04:34.894322+00:00 · 🌐 poliverso.org · poliverso.org
https://poliverso.org/objects/0477a01e-2f900a84-73ab83706da1f16b
🗨️ automation — 2025-12-21T08:37:12.191481+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/redhotcyber.bsky.social/post/3maicvqz77y2o
🗨️ automation — 2025-12-21T08:32:35.302794+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3maicnfyyps2i
🗨️ automation — 2025-12-21T06:45:10.211195+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mai4ngucos2i
🗨️ automation — 2025-12-21T06:33:32.543056+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mai3ybvnmc2i
🗨️ automation — 2025-12-21T04:07:30.002247+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/edwardk/statuses/115755584693851031
🗨️ automation — 2025-12-21T03:33:36.059475+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/LLMs.activitypub.awakari.com.ap.brid.gy/post/3mahrwulp2ov2
🗨️ automation — 2025-12-21T03:33:33.497706+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/bluesky.awakari.com/post/3mahrwsqp5b26
🗨️ automation — 2025-12-21T03:07:41+00:00 · 🌐 threatintel.cc · threatintel.cc
https://threatintel.cc/2025/12/20/chinese-hackers-targeting-cisco-email.html
🗨️ automation — 2025-12-21T02:26:48.221017+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3maho7h567p2a
🗨️ automation — 2025-12-20T18:31:48.215595+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/shadowserver.bsky.social/post/3magtnpwepc2e
🗨️ automation — 2025-12-20T18:31:46.871343+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/shadowserver.bsky.social/post/3magtnpwdq22e
🗨️ automation — 2025-12-20T18:31:45.563653+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/shadowserver.bsky.social/post/3magtnm4jc22e
🗨️ automation — 2025-12-20T18:31:44.698386+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/shadowserver/statuses/115753320652221549
🗨️ automation — 2025-12-20T15:28:05.382472+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/thedailytechfeed.com/post/3magjfiwore2i
🗨️ automation — 2025-12-20T12:33:16.156500+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/opsmatters.com/post/3mag7mg2kh626
🗨️ automation — 2025-12-20T10:43:10.005674+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/alirezagharib.net/post/3mafzi2rcbs2u
🗨️ automation — 2025-12-20T07:59:27.943160+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/hacker.at.thenote.app/post/3mafqdexmas2f
🗨️ automation — 2025-12-20T03:28:14.056104+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/undercode.bsky.social/post/3mafb6ezlz32j
🗨️ automation — 2025-12-19T18:20:25.401435+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cyberhub.blog/post/3maeckdjzzr22
🗨️ automation — 2025-12-19T15:55:12.643258+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/netsecio.bsky.social/post/3mae2h57ncl2p
🗨️ automation — 2025-12-19T15:55:07.215402+00:00 · 🐘 Fediverse · mastodon.social
https://mastodon.social/ap/users/115426718704364579/statuses/115747042299071028
🗨️ automation — 2025-12-19T15:23:24.025084+00:00 · 🐘 Fediverse · mastodon.social
https://mastodon.social/ap/users/115426718704364579/statuses/115746917786219073
🗨️ automation — 2025-12-19T11:09:11.231147+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/securitycipher.bsky.social/post/3madkhpgvcr2e
🗨️ automation — 2025-12-19T10:03:16.570377+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3madgrdrmj2x2
🗨️ automation — 2025-12-19T02:22:53.515432+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3macn2mdz322d
🗨️ automation — 2025-12-18T21:02:59.203530+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/beikokucyber.bsky.social/post/3mac36l6dvn24
🗨️ automation — 2025-12-18T20:07:54.309041+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/DarkWebInformer/statuses/115742374127010949
🗨️ automation — 2025-12-18T18:35:08.169507+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/etguenni.bsky.social/post/3mabswbgti22z
🗨️ automation — 2025-12-18T18:34:43.152312+00:00 · 🌐 social.tchncs.de · social.tchncs.de
https://social.tchncs.de/users/gborn/statuses/115742007788067850
🗨️ automation — 2025-12-18T15:10:18.411948+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/o2cloud.bsky.social/post/3mabhhx3ku32z
🗨️ automation — 2025-12-18T15:08:31.240141+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/thedailytechfeed.com/post/3mabheqhzxk2y
🗨️ automation — 2025-12-18T14:34:47+00:00
MISP/ed7e8b58-93ec-41c5-b15a-81e92c823798
Source non cliquable
🗨️ automation — 2025-12-18T14:02:39.689845+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/jasongarbis.bsky.social/post/3mabdoxnmg226
🗨️ automation — 2025-12-18T13:31:13+00:00 · 🌐 www.acn.gov.it · www.acn.gov.it
https://www.acn.gov.it/portale/w/rilevato-sfruttamento-attivo-di-vulnerabilita-in-prodotti-cisco
🗨️ automation — 2025-12-18T13:14:48.146085+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/decio/statuses/115740749828282191
🗨️ automation — 2025-12-18T12:34:18.683736+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/basefortify.bsky.social/post/3mab6qtae5s24
🗨️ automation — 2025-12-18T12:34:17.387082+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/basefortify.bsky.social/post/3mab6qrecbs24
🗨️ automation — 2025-12-18T12:34:16.348946+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/basefortify.bsky.social/post/3mab6qn6b7s24
🗨️ automation — 2025-12-18T09:03:56.037281+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/allsafeus.bsky.social/post/3maasys2oka2w
🗨️ automation — 2025-12-18T08:50:35.602007+00:00 · 🌐 poliverso.org · poliverso.org
https://poliverso.org/objects/0477a01e-51e3a85f-8592fbe159860167
CVE-2025-59718
CVSS: 9.1
EPSS: 5.95%
VLAI: Critical (confidence: 0.9675)
CISA: KEV
Produit
Fortinet FortiSwitchManager
Publié
2025-12-09 17:20:11
💬 Une vulnérabilité liée à une vérification incorrecte des signatures cryptographiques a été identifiée dans plusieurs versions de Fortinet FortiOS, FortiProxy et FortiSwitchManager. Cette vulnérabilité concerne les versions suivantes :
- FortiOS : 7.6.0 à 7.6.3, 7.4.0 à 7.4.8, 7.2.0 à 7.2.11, 7.0.0 à 7.0.17
- FortiProxy : 7.6.0 à 7.6.3, 7.4.0 à 7.4.10, 7.2.0 à 7.2.14, 7.0.0 à 7.0.21
- FortiSwitchManager : 7.2.0 à 7.2.6, 7.0.0 à 7.0.5
Cette vulnérabilité permet à un attaquant non authentifié de contourner l'authentification de connexion unique (SSO) de FortiCloud en utilisant un message de réponse SAML (Security Assertion Markup Language) malveillant.
Le SSO est un mécanisme qui permet aux utilisateurs de se connecter à plusieurs applications avec une seule authentification, tandis que SAML est un standard ouvert qui permet l'échange d'informations d'authentification et d'autorisation entre un fournisseur d'identité et un fournisseur de services. En exploitant cette vulnérabilité, un attaquant pourrait accéder à des ressources protégées sans avoir à fournir les informations d'identification appropriées.
Description originale (EN)
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
seen: 53
Posts / Sources (53)
🗨️ automation — 2025-12-29T08:45:54.083368+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pterlisten.bsky.social/post/3mb4h4o652g2q
🗨️ automation — 2025-12-29T08:42:54.949095+00:00 · 🌐 social.cologne · social.cologne
https://social.cologne/users/pterlisten/statuses/115801966138060567
🗨️ automation — 2025-12-27T07:01:45.886851+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pvynckier.bsky.social/post/3maxaehrxy22f
🗨️ automation — 2025-12-25T02:23:45.422619+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3marpvokz3j2w
🗨️ automation — 2025-12-24T02:22:25.202671+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3map7eeffkz2x
🗨️ automation — 2025-12-23T02:23:53.738103+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mamoy3lpvm2p
🗨️ automation — 2025-12-22T21:46:55.304309+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/giovanni-popolizio.bsky.social/post/3mam7irr23c2s
🗨️ automation — 2025-12-22T21:45:19.311215+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/giovanni-popolizio.bsky.social/post/3mam7fscd422y
🗨️ automation — 2025-12-22T02:26:25.433002+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3mak6noxd4f2u
🗨️ automation — 2025-12-21T06:18:01.727298+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mai34ogksk2i
🗨️ automation — 2025-12-21T02:26:48.321756+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3maho7h567p2a
🗨️ automation — 2025-12-21T01:34:25.067216+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mahlbjd4ec2l
🗨️ automation — 2025-12-21T01:09:00.817157+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mahjubc6522b
🗨️ automation — 2025-12-21T01:02:55.943886+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/getpokemon7.bsky.social/post/3mahjjepd2k2b
🗨️ automation — 2025-12-19T15:45:27+00:00 · 🌐 www.cert.at · www.cert.at
https://www.cert.at/de/warnungen/2025/12/kritische-sicherheitslucken-in-mehreren-fortinet-produkten-forticloud-sso-aktiv-ausgenutzt-updates-verfugbar
🗨️ automation — 2025-12-19T15:09:31.593034+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3madxvhmbri2u
🗨️ automation — 2025-12-19T12:10:37.747332+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/shadowserver/statuses/115746159732778871
🗨️ automation — 2025-12-19T12:00:45.109505+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/giovanni-popolizio.bsky.social/post/3madndtv3qs2z
🗨️ automation — 2025-12-19T00:10:20.076234+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3macfn6iobpv2
🗨️ automation — 2025-12-18T15:28:06.464750+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/catc0n/statuses/115741274012787863
🗨️ automation — 2025-12-18T11:35:55.334405+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/hacker.at.thenote.app/post/3mab3ilh2kc2s
🗨️ automation — 2025-12-18T02:39:54.973294+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/securitylab-jp.bsky.social/post/3maa5jyt34k2j
🗨️ automation — 2025-12-18T02:20:52.024948+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3maa4i2wdhv23
🗨️ automation — 2025-12-18T00:40:12.670086+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/kitafox.bsky.social/post/3ma7wu3ujm32w
🗨️ automation — 2025-12-17T21:34:11.243516+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/concisecyber.bsky.social/post/3ma7mhhh32i2u
🗨️ automation — 2025-12-17T21:08:12.949740+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/rapid7.com/post/3ma7kywj34s2w
🗨️ automation — 2025-12-17T21:03:04.432494+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/beikokucyber.bsky.social/post/3ma7kpo465h2l
🗨️ automation — 2025-12-17T19:53:25.316938+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/infosec.skyfleet.blue/post/3ma7gtb5y6h2d
🗨️ automation — 2025-12-17T14:42:20.839886+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/helpnetsecurity.com/post/3ma6vgships2g
🗨️ automation — 2025-12-17T13:54:48.308903+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/hacker.at.thenote.app/post/3ma6srynt4s2s
🗨️ automation — 2025-12-17T12:06:21.276058+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/vexaplus.bsky.social/post/3ma6mq2ew6p2c
🗨️ automation — 2025-12-17T09:27:22.388385+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ma6dqdhkloi2
🗨️ automation — 2025-12-17T02:24:45.822952+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/DarkWebInformer/statuses/115732531461473691
🗨️ automation — 2025-12-16T16:00:33.245157+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/cR0w/statuses/115730076962531791
🗨️ automation — 2025-12-16T16:00:06.063661+00:00 · 🐘 Fediverse · mastodon.social
https://mastodon.social/ap/users/115426718704364579/statuses/115730074940635795
🗨️ automation — 2025-12-16T11:33:51.254157+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/edwardk/statuses/115729028277462597
🗨️ automation — 2025-12-16T10:33:57+00:00 · 🌐 threatintel.cc · threatintel.cc
https://threatintel.cc/2025/12/16/fortinet-fortigate-under-active-attack.html
🗨️ automation — 2025-12-16T09:58:00+00:00 · 🌐 thehackernews.com · thehackernews.com
https://thehackernews.com/2025/12/fortinet-fortigate-under-active-attack.html
🗨️ automation — 2025-12-16T09:33:05+00:00 · 🌐 advisories.ncsc.nl · advisories.ncsc.nl
https://advisories.ncsc.nl/advisory?id=NCSC-2025-0386
🗨️ automation — 2025-12-16T06:29:11.580384+00:00 · 🌐 poliverso.org · poliverso.org
https://poliverso.org/objects/0477a01e-9bece338-f8e39c4a2473fc7a
🗨️ automation — 2025-12-15T12:58:40+00:00 · 🌐 cyber.gc.ca · cyber.gc.ca
https://cyber.gc.ca/en/alerts-advisories/al25-019-vulnerabilities-impacting-fortinet-products-forticloud-sso-login-authentication-bypass-cve-2025-59718-cve-2025-59719
🗨️ automation — 2025-12-11T05:06:35.825826+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/opsmatters.com/post/3m7oshy5ccf2q
🗨️ automation — 2025-12-11T01:26:44.832335+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cybersentinel404.bsky.social/post/3m7og6tzmgj24
🗨️ automation — 2025-12-10T09:38:20.565182+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/ahmandonk.bsky.social/post/3m7mr6xssqc2o
🗨️ automation — 2025-12-10T08:25:56+00:00 · 🌐 gist.github.com · gist.github.com
https://gist.github.com/Darkcrai86/de18a38407f796f037dea71f5c69e2ac
🗨️ automation — 2025-12-10T08:12:30+00:00 · 🌐 www.acn.gov.it · www.acn.gov.it
https://www.acn.gov.it/portale/w/vulnerabilita-in-prodotti-fortinet-aggiornamento
🗨️ automation — 2025-12-10T06:03:01.036778+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/offseq/statuses/115693753438790202
🗨️ automation — 2025-12-10T05:58:56.856248+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/eyalestrin.bsky.social/post/3m7mewnrc6o2i
🗨️ automation — 2025-12-10T05:01:37.248965+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/blackhatnews.tokyo/post/3m7mbq5ji6w2o
🗨️ automation — 2025-12-10T04:54:15.897524+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/shiojiri.com/post/3m7mbbsynsk2r
🗨️ automation — 2025-12-10T03:50:00+00:00 · 🌐 thehackernews.com · thehackernews.com
https://thehackernews.com/2025/12/fortinet-ivanti-and-sap-issue-urgent.html
🗨️ automation — 2025-12-09T19:53:36+00:00 · 🌐 cyber.gc.ca · cyber.gc.ca
https://cyber.gc.ca/en/alerts-advisories/fortinet-security-advisory-av25-821
🗨️ automation — 2025-12-09T19:07:26+00:00 · 🌐 gist.github.com · gist.github.com
https://gist.github.com/Darkcrai86/cd58ed73f757c427974879efacd2bbdf
CVE-2025-68615
CVSS: 9.8
EPSS: 0.03%
VLAI: High (confidence: 0.9370)
CISA: KEV
Produit
net-snmp net-snmp
Publié
2025-12-22 23:55:30
💬 Net-SNMP est une bibliothèque d'applications, des outils et un démon (service en arrière-plan) utilisés pour le protocole SNMP (Simple Network Management Protocol), qui est un protocole de gestion de réseau. Avant les versions 5.9.5 et 5.10.pre2, un paquet spécialement conçu envoyé à un démon snmptrapd de Net-SNMP pouvait provoquer un débordement de tampon, entraînant le plantage du démon. Ce problème a été corrigé dans les versions 5.9.5 et 5.10.pre2.
En résumé, une vulnérabilité permettait à un attaquant d'envoyer un paquet malveillant qui pouvait faire planter le service de gestion SNMP, mais cela a été résolu dans les mises à jour récentes.
Description originale (EN)
net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.
seen: 8
Posts / Sources (8)
🗨️ automation — 2025-12-29T12:30:38.630084+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/concisecyber.bsky.social/post/3mb4tokmqhk2f
🗨️ automation — 2025-12-29T11:16:56.376833+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mb4pkltqv7n2
🗨️ automation — 2025-12-25T02:23:45.666733+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/pmloik.bsky.social/post/3marpvokz3j2w
🗨️ automation — 2025-12-24T08:05:48.186214+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cybersecurity.poliverso.org.ap.brid.gy/post/3mapshoaglq22
🗨️ automation — 2025-12-24T08:03:28.453730+00:00 · 🌐 poliverso.org · poliverso.org
https://poliverso.org/objects/0477a01e-3e10999c-c8007be6f326122e
🗨️ automation — 2025-12-23T08:12:33.791570+00:00 · 🌐 infosec.exchange · infosec.exchange
https://infosec.exchange/users/vuldb/statuses/115767872939763118
🗨️ automation — 2025-12-23T05:00:00+00:00 · 🌐 www.zerodayinitiative.com · www.zerodayinitiative.com
http://www.zerodayinitiative.com/advisories/ZDI-25-1181/
🗨️ automation — 2025-12-23T01:42:13.045528+00:00 · 🔵 Bluesky · bsky.app
https://bsky.app/profile/cve.skyfleet.blue/post/3mammnkw4mn2y
CVE-2017-18368
EPSS: 93.75%
VLAI: Critical (confidence: 0.9896)
CISA: KEV
Produit
n/a n/a
Publié
2019-05-02 16:14:16
💬 Le routeur ZyXEL P660HN-T1A v1, utilisant le système d'exploitation TCLinux et la version de firmware (logiciel embarqué) $7.3.15.0 v001 / 3.40(ULM.0)b31, distribué par TrueOnline, présente une vulnérabilité d'injection de commandes dans la fonction de transfert des journaux système à distance. Cette vulnérabilité peut être exploitée par un utilisateur non authentifié, c'est-à-dire sans avoir besoin de se connecter au routeur.
Le problème se situe sur la page ViewLog.asp, qui est utilisée pour afficher les journaux. Un attaquant peut tirer parti de cette vulnérabilité en manipulant le paramètre "remote_host", ce qui lui permettrait d'exécuter des commandes non autorisées sur le système.
Description originale (EN)
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.
exploited: 410 seen: 394
Posts / Sources (804)
🗨️ automation — 2025-12-28T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-28)
Source non cliquable
🗨️ automation — 2025-12-28T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-28)
Source non cliquable
🗨️ automation — 2025-12-27T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-27)
Source non cliquable
🗨️ automation — 2025-12-27T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-27)
Source non cliquable
🗨️ automation — 2025-12-26T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-26)
Source non cliquable
🗨️ automation — 2025-12-26T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-26)
Source non cliquable
🗨️ automation — 2025-12-25T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-25)
Source non cliquable
🗨️ automation — 2025-12-25T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-25)
Source non cliquable
🗨️ automation — 2025-12-24T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-24)
Source non cliquable
🗨️ automation — 2025-12-24T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-24)
Source non cliquable
🗨️ automation — 2025-12-23T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-23)
Source non cliquable
🗨️ automation — 2025-12-23T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-23)
Source non cliquable
🗨️ automation — 2025-12-22T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-22)
Source non cliquable
🗨️ automation — 2025-12-22T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-22)
Source non cliquable
🗨️ automation — 2025-12-21T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-21)
Source non cliquable
🗨️ automation — 2025-12-21T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-21)
Source non cliquable
🗨️ automation — 2025-12-20T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-20)
Source non cliquable
🗨️ automation — 2025-12-20T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-20)
Source non cliquable
🗨️ automation — 2025-12-19T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-19)
Source non cliquable
🗨️ automation — 2025-12-19T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-19)
Source non cliquable
🗨️ automation — 2025-12-18T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-18)
Source non cliquable
🗨️ automation — 2025-12-18T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-18)
Source non cliquable
🗨️ automation — 2025-12-17T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-17)
Source non cliquable
🗨️ automation — 2025-12-17T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-17)
Source non cliquable
🗨️ automation — 2025-12-16T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-16)
Source non cliquable
🗨️ automation — 2025-12-16T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-16)
Source non cliquable
🗨️ automation — 2025-12-15T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-15)
Source non cliquable
🗨️ automation — 2025-12-15T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-15)
Source non cliquable
🗨️ automation — 2025-12-14T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-14)
Source non cliquable
🗨️ automation — 2025-12-14T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-14)
Source non cliquable
🗨️ automation — 2025-12-13T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-13)
Source non cliquable
🗨️ automation — 2025-12-13T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-13)
Source non cliquable
🗨️ automation — 2025-12-12T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-12)
Source non cliquable
🗨️ automation — 2025-12-12T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-12)
Source non cliquable
🗨️ automation — 2025-12-11T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-11)
Source non cliquable
🗨️ automation — 2025-12-11T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-11)
Source non cliquable
🗨️ automation — 2025-12-10T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-10)
Source non cliquable
🗨️ automation — 2025-12-10T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-10)
Source non cliquable
🗨️ automation — 2025-12-09T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-09)
Source non cliquable
🗨️ automation — 2025-12-09T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-09)
Source non cliquable
🗨️ automation — 2025-12-08T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-08)
Source non cliquable
🗨️ automation — 2025-12-08T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-08)
Source non cliquable
🗨️ automation — 2025-12-07T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-07)
Source non cliquable
🗨️ automation — 2025-12-07T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-07)
Source non cliquable
🗨️ automation — 2025-12-06T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-06)
Source non cliquable
🗨️ automation — 2025-12-06T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-06)
Source non cliquable
🗨️ automation — 2025-12-05T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-05)
Source non cliquable
🗨️ automation — 2025-12-05T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-05)
Source non cliquable
🗨️ automation — 2025-12-04T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-04)
Source non cliquable
🗨️ automation — 2025-12-04T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-04)
Source non cliquable
🗨️ automation — 2025-12-03T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-03)
Source non cliquable
🗨️ automation — 2025-12-03T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-03)
Source non cliquable
🗨️ automation — 2025-12-02T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-02)
Source non cliquable
🗨️ automation — 2025-12-02T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-02)
Source non cliquable
🗨️ automation — 2025-12-01T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-01)
Source non cliquable
🗨️ automation — 2025-12-01T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-01)
Source non cliquable
🗨️ automation — 2025-11-30T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-30)
Source non cliquable
🗨️ automation — 2025-11-30T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-30)
Source non cliquable
🗨️ automation — 2025-11-29T00:00:00+00:00
The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-29)
Source non cliquable
🗨️ automation — 2025-11-29T00:00:00+00:00
The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-29)
Source non cliquable