Amazon Web Services Research and Engineering Studio 安全漏洞

Amazon Web Services Research and Engineering Studio is a cloud-based research and engineering environment of Amazon, Inc. There is a security vulnerability in the version of Amazon Web Services Research and Engineering Studio from March 2025 to December 1, 2025. This vulnerability stems from the...

CVE-2025-35033 Medical Informatics Engineering Enterprise Health CSV injection

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...

The Signalgate Case Is Waiving a Red Flag to All Organizational and Behavioral Cybersecurity Leaders, Practitioners, and Researchers: Are We Receiving the Signal Amidst the Noise?

The Signalgate incident of March 2025, wherein senior US national security officials inadvertently disclosed sensitive military operational details via the encrypted messaging platform Signal, highlights critical vulnerabilities in organizational security arising from human error, governance gaps...

CVE-2025-32094: HTTP Request Smuggling Via OPTIONS + Obsolete Line Folding

In March 2025, Akamai received a bug bounty report identifying an HTTP Request Smuggling vulnerability that was quickly resolved for all customers...

Description of the security update for SharePoint Server 2019: May 13, 2025 (KB5002708)

Description of the security update for SharePoint Server 2019: May 13, 2025 KB5002708 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server elevation of privilege vulnerability. To learn more about the...

Fedora 40 : dotnet9.0 (2025-78dcffbaa1)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-78dcffbaa1 advisory. This is the monthly update for .NET 9 for March 2025. Release Notes: - SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.104.md -...

CVE-2025-29915

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AFPACKET defrag option is enabled by default and allows AFPACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is bas...

CVE-2025-29916

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the hashsize to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can...

WordPress Anant Addons for Elementor plugin <= 1.1.8 - CSRF to Arbitrary Plugin Installation vulnerability

CSRF to Arbitrary Plugin Installation vulnerability discovered by stealthcopter in WordPress Plugin Anant Addons for Elementor versions = 1.1.8...

Exploit for Classic Buffer Overflow in Qualcomm Qca9367_Firmware

CVE-2024-53027-WIP Work in Progress for POC CVE-2024-53027:...

CVE-2025-30406

Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...

The Bug Report - March 2025 Edition

The Bug Report - March 2025 Edition By Jonathan Omakun · April 3, 2025 Why am I here? Welcome to the March 2025 edition of The Bug Report—where the bracket-breaking isn’t just happening on the court. While US college basketball fans are busy filling out brackets and chasing Cinderella stories,...

WordPress Import Export Suite for CSV and XML Datafeed plugin <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by mikemyers in WordPress Plugin WP Ultimate CSV Importer versions = 7.19...

CVE-2025-31526

creationtimestamp| type| source ---|---|--- 2025-03-31 15:48:45+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114257829734076514 2025-03-31 15:48:45+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114257829734076514 2025-03-31 16:33:21+00:00|...

CVE-2025-31625

creationtimestamp| type| source ---|---|--- 2025-03-31 13:31:26+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9648 2025-03-31 14:31:21+00:00| seen| https://bsky.app/profile/potato.software/post/3llol53hw752a 2025-03-31 17:31:43+00:00| seen| https://t.me/cvedetector/21600...

Packet Storm New Exploits for March, 2025

This archive contains all of the 223 exploits added to Packet Storm in March, 2025...

CVE-2025-2781

creationtimestamp| type| source ---|---|--- 2025-03-29 00:59:33+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114243008731382161 2025-03-29 00:59:33+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114243008731382161 2025-03-29 02:07:17+00:00| seen|...

CVE-2023-4450

creationtimestamp| type| source ---|---|--- 2025-03-29 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-03-29 2025-07-07 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-07-07 2025-07-29 00:00:00+00:00| exploited| The...

CVE-2025-28089

creationtimestamp| type| source ---|---|--- 2025-03-28 21:28:55+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9466 2025-03-29 00:26:56+00:00| seen| https://t.me/cvedetector/21478 2025-03-31 23:48:48+00:00| seen|...

CVE-2025-2926

A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...