EUVD-2025-203824

Server-Side Request Forgery SSRF vulnerability in Ctera Portal 8.1.x 8.1.1417.24 allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe...

EUVD-2025-203409

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...

EUVD-2025-203414

Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service...

EUVD-2025-203372

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer Do...

Cisco Integrated AI Security and Safety Framework Report

Artificial intelligence AI systems are being readily and rapidly adopted, increasingly permeating critical domains: from consumer platforms and enterprise software to networked systems with embedded agents. While this has unlocked potential for human productivity gains, the attack surface has...

EUVD-2025-203192

Not used...

CVE-2025-14535

creationtimestamp| type| source ---|---|--- 2025-12-11 19:50:17+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115702668769020088 2025-12-12 01:35:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/115704026118128056 2025-12-12 01:35:30+00:00| seen|...

CVE-2025-64553

creationtimestamp| type| source ---|---|--- 2025-12-10 19:36:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7nslxj6nf2o...

MINI-67X4-7CF8-43F3

Bulletin has no description...

EUVD-2021-34728

IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information...

CVE-2022-50672

A vulnerability was found in the Xilinx ZynqMP IPI mailbox driver in the Linux kernel. When deviceregister fails, two issues occur: the name allocated by devsetname is leaked, and a subsequent call to deviceunregister in zynqmpipifreemboxes causes a kernel crash when attempting to remove a device...

CVE-2023-53841

In the Linux kernel, the following vulnerability has been resolved: devlink: report devlinkporttypewarn source device devlinkporttypewarn is scheduled for port devlink and warning when the port type is not set. But from this warning it is not easy found out which device driver has no devlink port...

PT-2025-49653

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The perf tool within the Linux kernel contains a memory leak in the x86 CPUID detection mechanism. The leak occurs when using the perf env read cpuid function, triggered during CPUID...

CGA-7HR7-33RG-X5H2

Bulletin has no description...

CVE-2025-14189

creationtimestamp| type| source ---|---|--- 2025-12-07 13:20:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7fm7cfu5a2k...

Smart Surveillance: Identifying IoT Device Behaviours Using ML-Powered Traffic Analysis

The proliferation of Internet of Things IoT devices has grown exponentially in recent years, introducing significant security challenges. Accurate identification of the types of IoT devices and their associated actions through network traffic analysis is essential to mitigate potential threats. B...

CVE-2025-66270

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49...

EUVD-2025-200987

A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system, which may allow a local user to execute arbitrary commands wi...

EUVD-2025-201003

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine...

CVE-2024-36914

creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...