CVE-2023-53975

creationtimestamp| type| source ---|---|--- 2025-12-23 07:55:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3manbjtprgz2v...

Evasion-Resilient Detection of DNS-Over-HTTPS Data Exfiltration: A Practical Evaluation and Toolkit

The purpose of this project is to assess how well defenders can detect DNS-over-HTTPS DoH file exfiltration, and which evasion strategies can be used by attackers. While providing a reproducible toolkit to generate, intercept and analyze DoH exfiltration, and comparing Machine Learning vs...

CVE-2025-14299

The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and...

CVE-2025-14300

The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service DoS...

CVE-2025-14299

The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and...

CVE-2025-14299 Improper Content-Length Validation in HTTPS Requests on Tapo C200

The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and...

CVE-2025-14299

CVE-2025-14299 affects TP-LINK Tapo C200 V3’s HTTPS server. The flaw is improper validation of the Content-Length header, which can trigger an integer overflow and cause excessive memory allocation, leading to a denial of service. An unauthenticated attacker on the same local network can craft HT...

CVE-2025-14299 Improper Content-Length Validation in HTTPS Requests on Tapo C200

The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and...

PT-2025-52531

Name of the Vulnerable Software and Affected Versions Tapo C200 V3 affected versions not specified Description The device’s HTTPS server does not correctly validate the Content-Length header, leading to an integer overflow. An attacker on the same local network can send specially crafted HTTPS...

CVE-2025-34179

NetSupport Manager 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI...

How to Configure HTTP Proxy for Linux-based Veeam Components

Purpose This article documents how to configure HTTP and HTTPS Proxy settings for Linux-based components, including the Veeam Software Appliance and JeOS-deployed Veeam Infrastructure Appliances, in environments where a proxy must be used to access the internet. Note: For proxy configuration...

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...

CVE-2025-26487

Server-Side Request Forgery SSRF vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge...

CVE-2025-66491

Traefik (HTTP reverse proxy/load balancer) versions 3.5.0–3.6.2 expose a vulnerability in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation: the TLS verification logic is inverted, so setting the annotation to "on" intended to enable verification actually disables it, enabling possible ...

CVE-2025-26487 Server Side Request Forgery (SSRF) in the web server of Infinera MTC-9

Server-Side Request Forgery SSRF vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge...

CVE-2025-14199

creationtimestamp| type| source ---|---|--- 2025-12-07 19:20:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7gacdcndb2w...

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China PRC to maintain long-term persistence on compromised systems. "BRICKSTORM is a...

PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems

The Cybersecurity and Infrastructure Security Agency CISA is aware of ongoing intrusions by People’s Republic of China PRC state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSphere1,2 and Windows...

CVE-2025-59703

creationtimestamp| type| source ---|---|--- 2025-12-02 18:42:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m6zlup577q2s...

Exploit for OS Command Injection in Xstream

CVE-2020-26217 XStream RCE Exploit XStream remote code execut...