CVE-2025-62722

creationtimestamp| type| source ---|---|--- 2025-11-05 01:11:05+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m4tuitibxte2 2025-11-05 02:15:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4ty5j3gi22s...

CVE-2025-54965

creationtimestamp| type| source ---|---|--- 2025-10-27 18:51:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m473mhdwiw2g...

CVE-2025-12277

creationtimestamp| type| source ---|---|--- 2025-10-27 15:54:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m46rpnabp22x...

curl: Integer Overflow to Heap Overflow in DoH Response Handling

Summary: An integer overflow vulnerability exists in the dohprobewritecb function in lib/doh.c. This function is used as a write callback for DNS-over-HTTPS DoH responses. When a malicious DoH server sends a response with a crafted size, the multiplication of size and nmemb can overflow. This lea...

CVE-2025-10641

creationtimestamp| type| source ---|---|--- 2025-10-21 12:58:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m3pf3f73bo2e 2025-10-21 19:23:05+00:00| seen| https://schleuss.online/users/vulnbot/statuses/115413783991365690 2025-10-21 22:00:55+00:00| seen|...

CVE-2025-56223

creationtimestamp| type| source ---|---|--- 2025-10-20 15:15:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m3n47zm7aj2i 2025-10-22 21:02:34+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m3sqldbxdh2p...

ABB Terra AC

SUMMARY ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the pollution of heap memory which potentially takes remote control of the product and performs a write operation to the flash...

CVE-2025-11492

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...

CVE-2025-6950

creationtimestamp| type| source ---|---|--- 2025-10-17 07:34:26+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m3er3p3vh72k 2025-10-17 13:34:59+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115389765944283292 2025-10-20 03:30:59+00:00| seen|...

EUVD-2025-34826

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...

CVE-2025-11492

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...

CVE-2025-11493

The CVE-2025-11493 entry concerns the ConnectWise Automate Agent. The connected sources describe that the agent does not fully verify the authenticity of files downloaded from the server (updates, dependencies, and integrations), creating a risk of a man-in-the-middle substitution of legitimate f...

CVE-2025-11492 HTTP Configuration and Encryption in Transit

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...

Debian dla-4331 : webext-https-everywhere - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4331 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4331-1 [email protected] https://www.debian.org/lts/security/...

CVE-2025-55699

creationtimestamp| type| source ---|---|--- 2025-10-14 16:03:45+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0310 2025-10-14 16:38:44+00:00| seen| https://www.thezdi.com/blog/2025/10/14/the-october-2025-security-update-review 2025-10-24 06:24:42+00:00| seen|...

[SECURITY] [DLA 4331-1] https-everywhere security update

Debian LTS Advisory DLA-4331-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 14, 2025 https://wiki.debian.org/LTS Package : https-everywhere Version : 2025.10.14-0+deb11u1 Debian Bug : 1118030 1118045 The Firefox extension HTTPS Everywhere used to enforc...

Debian: Security Advisory (DLA-4331-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-4331-1 https-everywhere - security update

Bulletin has no description...

JLSEC-2025-27 curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MI...

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...

EUVD-2025-33278

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...