CVE-2025-26487

Server-Side Request Forgery SSRF vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge...

CVE-2025-66491

Traefik (HTTP reverse proxy/load balancer) versions 3.5.0–3.6.2 expose a vulnerability in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation: the TLS verification logic is inverted, so setting the annotation to "on" intended to enable verification actually disables it, enabling possible ...

CVE-2025-26487 Server Side Request Forgery (SSRF) in the web server of Infinera MTC-9

Server-Side Request Forgery SSRF vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge...

CVE-2025-14199

creationtimestamp| type| source ---|---|--- 2025-12-07 19:20:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7gacdcndb2w...

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China PRC to maintain long-term persistence on compromised systems. "BRICKSTORM is a...

PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems

The Cybersecurity and Infrastructure Security Agency CISA is aware of ongoing intrusions by People’s Republic of China PRC state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSphere1,2 and Windows...

CVE-2025-59703

creationtimestamp| type| source ---|---|--- 2025-12-02 18:42:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m6zlup577q2s...

Exploit for OS Command Injection in Xstream

CVE-2020-26217 XStream RCE Exploit XStream remote code execut...

CVE-2024-32384

Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device...

Socomec DIRIS Digiware M-70 WEBVIEW-M cleartext transmission vulnerability

Talos Vulnerability Report TALOS-2024-2115 Socomec DIRIS Digiware M-70 WEBVIEW-M cleartext transmission vulnerability December 1, 2025 CVE Number CVE-2024-48894 SUMMARY A cleartext transmission vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially...

TencentOS Server 4: bind (TSSA-2025:0564)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0564 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: curl (TSSA-2024:0874)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0874 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-13249

creationtimestamp| type| source ---|---|--- 2025-11-16 15:19:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5qz33ck7b2s...

CVE-2025-64446

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

CVE-2025-64446

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

HP Integrated Lights-Out Denial of Service (CVE-2014-2601)

The server in HP Integrated Lights-Out 2 aka iLO 2 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Authentication Bypass by Spoofing (CVE-2021-22890)

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...

Updated perl-CPAN & perl-HTTP-Tiny packages fix security vulnerabilities

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

CLSA-2025-1762957887 perl-App-cpanminus: Fix of CVE-2024-45321

CVE-2024-45321: patch the code to use https instead of http...

CVE-2025-33150

creationtimestamp| type| source ---|---|--- 2025-11-10 22:23:39+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5cnskkyvmz2...