Recent searches

No recent searches

Search options

Not available on photog.social.
photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto Please refer to the site rules before posting.

Administered by:

Server stats:

242
active users

photog.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.2

#cve

6 posts5 participants0 posts today
Prof. Dr. Dennis-Kenji Kipker<p>Seit 8 Jahren bin ich als Advisor im <a href="https://chaos.social/tags/CERT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CERT</span></a>@<a href="https://chaos.social/tags/VDE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VDE</span></a> tätig – und freue mich deshalb umso mehr darüber, dass es jetzt Deutschlands erste Root-<a href="https://chaos.social/tags/CNA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CNA</span></a> geworden ist – herzliche Glückwünsche!</p><p>Mit dem <a href="https://chaos.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-System werden seit über 25 Jahren Schwachstellen erfasst und mit einer eindeutigen Kennung versehen, um sie zur Mitigation zuordnen zu können. Root-CNAs haben die Aufgabe, die CVE Numbering Authorities (CNAs) zu koordinieren - eine verantwortungsvolle Position in der Cybersecurity:<br><a href="https://www.heise.de/news/Security-CERT-VDE-wird-erste-deutsche-Schaltzentrale-fuer-Sicherheitsluecken-10502241.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Security-CERT-VD</span><span class="invisible">E-wird-erste-deutsche-Schaltzentrale-fuer-Sicherheitsluecken-10502241.html</span></a></p>
Bill<p>Didn't we have a small howl on here about this Cisco ISE RCE vuln and how patches were slow?</p><p>Welp, POC is out. Pretty neat too.</p><p><a href="https://www.thezdi.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">thezdi.com/blog/2025/7/24/cve-</span><span class="invisible">2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability</span></a></p><p><a href="https://infosec.exchange/tags/cisco" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cisco</span></a> <a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a></p>
Bill<p>Another WordPress plugin injection vuln. The original supply chain vulnerability. (Well, no, but you can smell what I'm cooking right?)</p><p>Critical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable</p><p><a href="https://www.infosecurity-magazine.com/news/flaws-wordpress-plugin-expose/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">infosecurity-magazine.com/news</span><span class="invisible">/flaws-wordpress-plugin-expose/</span></a></p><p><a href="https://infosec.exchange/tags/wordpress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wordpress</span></a> <a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a></p>
Stats on Stats Podcast<p>⚡ Microsoft Copilot Rooted to Gain Unauthorized Root Access to its Backend System</p><p>📰 Source: Cyber Security News</p><p>🔗 Full article: <a href="https://cybersecuritynews.com/microsoft-copilot-rooted/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cybersecuritynews.com/microsof</span><span class="invisible">t-copilot-rooted/</span></a></p><p><a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/DataBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreach</span></a> <a href="https://mastodon.social/tags/CyberThreat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberThreat</span></a> <a href="https://mastodon.social/tags/SecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityNews</span></a> <a href="https://mastodon.social/tags/CyberAlert" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAlert</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/AISecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AISecurity</span></a> <a href="https://mastodon.social/tags/MachineLearning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MachineLearning</span></a> <a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://mastodon.social/tags/MSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MSecurity</span></a></p>
Alexandre Dulaunoy<p>I love the <span class="h-card" translate="no"><a href="https://infosec.exchange/@github" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>github</span></a></span> Security Advisory Database because they actually preserve the data from rejected advisories including the original information and the reason for rejection.</p><p>It’s clearly much more insightful than just having a bare ID marked as "rejected."</p><p>You can easily spot this in vulnerability-lookup: <a href="https://vulnerability.circl.lu/vuln/cve-2025-54371#related" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vulnerability.circl.lu/vuln/cv</span><span class="invisible">e-2025-54371#related</span></a></p><p>Yet another great example of why having diverse sources for vulnerability data matters.</p><p><a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
KrebsOnSecurity RSS<p>Microsoft Fix Targets Attacks on SharePoint Zero-Day</p><p><a href="https://krebsonsecurity.com/2025/07/microsoft-fix-targets-attacks-on-sharepoint-zero-day/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2025/07/mi</span><span class="invisible">crosoft-fix-targets-attacks-on-sharepoint-zero-day/</span></a></p><p> <a href="https://burn.capital/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a>&amp;InfrastructureSecurityAgency <a href="https://burn.capital/tags/SharePointServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePointServer</span></a> <a href="https://burn.capital/tags/LatestWarnings" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LatestWarnings</span></a> <a href="https://burn.capital/tags/TheComingStorm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheComingStorm</span></a> <a href="https://burn.capital/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2025-49704 <a href="https://burn.capital/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2025-49706 <a href="https://burn.capital/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2025-53770 <a href="https://burn.capital/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2025-53771 <a href="https://burn.capital/tags/MicrosoftCorp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MicrosoftCorp</span></a>. <a href="https://burn.capital/tags/TimetoPatch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TimetoPatch</span></a> <a href="https://burn.capital/tags/EyeSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EyeSecurity</span></a> <a href="https://burn.capital/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISA</span></a></p>
Pyrzout :vm:<p>PHP PDO Flaw Allows Attackers to Inject Malicious SQL Commands <a href="https://gbhackers.com/php-pdo-flaw/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gbhackers.com/php-pdo-flaw/</span><span class="invisible"></span></a> <a href="https://social.skynetcloud.site/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>/vulnerability <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/PHP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PHP</span></a></p>
Mœllus

„Einem Scan der Shadowserver Foundation zufolge sind weltweit rund 9.300 Sharepoint-Server über das Internet erreichbar. Mehr als 85 dieser Instanzen, die insgesamt 54 Organisationen zugeordnet wurden, sollen bereits kompromittiert sein.“ golem.de/news/zero-day-luecke- /via #golem #microsoft #sharepoint #cve

Golem.de · Zero-Day-Lücke: Hacker attackieren massenhaft Microsoft-Sharepoint-Instanzen - Golem.deBy Marc Stöckel
Ján Trenčanský

If you're hunting for #CVE-2025-53770 then I'd recommend also looking for connections to *.ngrok-free.app as it's used to distribute PowerShell reverse shell.

ESET Inspect rule Potential SharePoint Post-Exploitation (Cmd/PowerShell) [E0474] is triggered on all exploitation attempts seen so far.

#CVE202553770
TYPO3 CMS

As of 15 July 2025, the TYPO3 Association is approved as a CVE Numbering Authority (CNA) by the CVE Program.

The TYPO3 Security Team can now assign CVE Identifiers for vulnerabilities in TYPO3 CMS and its ecosystem. This ensures TYPO3 security issues are disclosed in a coordinated and consistent way.

Learn more: t3.ms/cve-bm

#TYPO3#CVE#Security
NLnet Labs

Unbound 1.23.1 in now available. This security release fixes the Rebirthday Attack CVE-2025-5994.

The vulnerability re-opens up #DNS resolvers to a birthday paradox, for EDNS client subnet servers that respond with non-ECS answers. The #CVE is described here:
nlnetlabs.nl/downloads/unbound

We would like to thank Xiang Li (AOSP Lab, Nankai University) for discovering and responsibly disclosing the vulnerability.
github.com/NLnetLabs/unbound/r

*
morgen

Just published a proof-of-concept exploit for CVE-2025-32463, a new Linux privilege escalation vulnerability affecting sudo discovered and disclosed by Stratascale about 2 weeks ago.

The PoC is available on GitHub. A full technical writeup will be published on my blog soon.

GitHub: github.com/morgenm/sudo-chroot

Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc) - morgenm/sudo-chroot-CVE-2025-32463
GitHubGitHub - morgenm/sudo-chroot-CVE-2025-32463: Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc)Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc) - morgenm/sudo-chroot-CVE-2025-32463
#CyberSecurity#ExploitDev#Linux
*
Nightfighter 🛡️

EU startet eigene #Vulnerability Database um sich von eigenständiger aufzustellen. Ein guter Schritt in die richtige Richtung, um sich unabhängig von manipulierten Datenbanken anderer Länder wie USA und China zu machen. Denn dort findet man u.U. nicht alles. So werden möglicherweise Schwachstellen - die Geheimdienste nutzen könnten - nicht veröffentlicht.

#enisa #cve #vulnerabilitymanagement #vulnerabilitylookup #eu #sicherheit #sicherheitslucke #cybersecurity

security-insider.de/eu-startet

Security-Insider · Neue EU-Datenbank für Sicherheitslücken geht an den StartBy Melanie Staudacher
Live feeds
About