Recent searches

No recent searches

Search options

Not available on photog.social.
photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto Please refer to the site rules before posting.

Administered by:

Server stats:

246
active users

photog.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.3

#cve

2 posts2 participants0 posts today
Tod Beardsley<p>W/R/T <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a></p><p>1) This is still a thing: <a href="https://resist.bot/petitions/PWDDUS" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">resist.bot/petitions/PWDDUS</span><span class="invisible"></span></a></p><p>Makes it easy to pester Congress about the CVE program. </p><p>2) I was reminded of this bit of Internet history: <a href="https://www.pigdog.org/auto/digital_gar_gar_gar/shortfeature/605.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pigdog.org/auto/digital_gar_ga</span><span class="invisible">r_gar/shortfeature/605.html</span></a></p><p>It was written in 1999, about 3 months before CVE came on this scene. It’s snarky. But there was no DNS Fairy, either.</p>
Pierre-Yves Beaudouin<p>rhoo ils ont renommé la "contribution volontaire obligatoire" </p><p><a href="https://mamot.fr/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mamot.fr/tags/CVO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVO</span></a> <a href="https://mamot.fr/tags/1jour1taxe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>1jour1taxe</span></a></p>
Konstantin :C_H:<p>Two criticals. Two known exploited. One a zero-day.<br>July saw a spike in high-severity vulnerabilities.</p><p>Here are CVE Crowd's Top 3 from the 624 CVEs discussed across the Fediverse last month.<br>For each CVE, I've included a standout post from the community.<br>Enjoy exploring! 👇</p><p><a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/CveCrowd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CveCrowd</span></a></p>
gcve.eu<p>In the scope of GCVE and <span class="h-card" translate="no"><a href="https://social.circl.lu/@circl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>circl</span></a></span> we couldn't find a practical, publicly available, and accessible document that outlines best practices for vulnerability handling and disclosure.</p><p>So we created a new one, released under an open-source license, to which everyone can freely contribute.</p><p>PDF: <a href="https://gcve.eu/files/bcp/gcve-bcp-02.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gcve.eu/files/bcp/gcve-bcp-02.</span><span class="invisible">pdf</span></a><br>HTML: <a href="https://gcve.eu/bcp/gcve-bcp-02/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gcve.eu/bcp/gcve-bcp-02/</span><span class="invisible"></span></a><br>Contributing: <a href="https://github.com/gcve-eu/gcve.eu/blob/main/content/bcp/gcve-bcp-02.md" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/gcve-eu/gcve.eu/blo</span><span class="invisible">b/main/content/bcp/gcve-bcp-02.md</span></a></p><p><a href="https://social.circl.lu/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a> <a href="https://social.circl.lu/tags/gcve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gcve</span></a> <a href="https://social.circl.lu/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://social.circl.lu/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.circl.lu/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://social.circl.lu/tags/cvd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cvd</span></a></p>
Prof. Dr. Dennis-Kenji Kipker<p>Seit 8 Jahren bin ich als Advisor im <a href="https://chaos.social/tags/CERT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CERT</span></a>@<a href="https://chaos.social/tags/VDE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VDE</span></a> tätig – und freue mich deshalb umso mehr darüber, dass es jetzt Deutschlands erste Root-<a href="https://chaos.social/tags/CNA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CNA</span></a> geworden ist – herzliche Glückwünsche!</p><p>Mit dem <a href="https://chaos.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-System werden seit über 25 Jahren Schwachstellen erfasst und mit einer eindeutigen Kennung versehen, um sie zur Mitigation zuordnen zu können. Root-CNAs haben die Aufgabe, die CVE Numbering Authorities (CNAs) zu koordinieren - eine verantwortungsvolle Position in der Cybersecurity:<br><a href="https://www.heise.de/news/Security-CERT-VDE-wird-erste-deutsche-Schaltzentrale-fuer-Sicherheitsluecken-10502241.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Security-CERT-VD</span><span class="invisible">E-wird-erste-deutsche-Schaltzentrale-fuer-Sicherheitsluecken-10502241.html</span></a></p>
Bill<p>Didn't we have a small howl on here about this Cisco ISE RCE vuln and how patches were slow?</p><p>Welp, POC is out. Pretty neat too.</p><p><a href="https://www.thezdi.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">thezdi.com/blog/2025/7/24/cve-</span><span class="invisible">2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability</span></a></p><p><a href="https://infosec.exchange/tags/cisco" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cisco</span></a> <a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a></p>
Bill<p>Another WordPress plugin injection vuln. The original supply chain vulnerability. (Well, no, but you can smell what I'm cooking right?)</p><p>Critical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable</p><p><a href="https://www.infosecurity-magazine.com/news/flaws-wordpress-plugin-expose/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">infosecurity-magazine.com/news</span><span class="invisible">/flaws-wordpress-plugin-expose/</span></a></p><p><a href="https://infosec.exchange/tags/wordpress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wordpress</span></a> <a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a></p>
Alexandre Dulaunoy<p>I love the <span class="h-card" translate="no"><a href="https://infosec.exchange/@github" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>github</span></a></span> Security Advisory Database because they actually preserve the data from rejected advisories including the original information and the reason for rejection.</p><p>It’s clearly much more insightful than just having a bare ID marked as "rejected."</p><p>You can easily spot this in vulnerability-lookup: <a href="https://vulnerability.circl.lu/vuln/cve-2025-54371#related" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vulnerability.circl.lu/vuln/cv</span><span class="invisible">e-2025-54371#related</span></a></p><p>Yet another great example of why having diverse sources for vulnerability data matters.</p><p><a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
KrebsOnSecurity RSS<p>Microsoft Fix Targets Attacks on SharePoint Zero-Day</p><p><a href="https://krebsonsecurity.com/2025/07/microsoft-fix-targets-attacks-on-sharepoint-zero-day/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2025/07/mi</span><span class="invisible">crosoft-fix-targets-attacks-on-sharepoint-zero-day/</span></a></p><p> <a href="https://burn.capital/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a>&amp;InfrastructureSecurityAgency <a href="https://burn.capital/tags/SharePointServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePointServer</span></a> <a href="https://burn.capital/tags/LatestWarnings" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LatestWarnings</span></a> <a href="https://burn.capital/tags/TheComingStorm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheComingStorm</span></a> <a href="https://burn.capital/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2025-49704 <a href="https://burn.capital/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2025-49706 <a href="https://burn.capital/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2025-53770 <a href="https://burn.capital/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2025-53771 <a href="https://burn.capital/tags/MicrosoftCorp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MicrosoftCorp</span></a>. <a href="https://burn.capital/tags/TimetoPatch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TimetoPatch</span></a> <a href="https://burn.capital/tags/EyeSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EyeSecurity</span></a> <a href="https://burn.capital/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISA</span></a></p>
Pyrzout :vm:<p>PHP PDO Flaw Allows Attackers to Inject Malicious SQL Commands <a href="https://gbhackers.com/php-pdo-flaw/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gbhackers.com/php-pdo-flaw/</span><span class="invisible"></span></a> <a href="https://social.skynetcloud.site/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>/vulnerability <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/PHP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PHP</span></a></p>
Siege lieben Stille<p>„Einem Scan der Shadowserver Foundation zufolge sind weltweit rund 9.300 Sharepoint-Server über das Internet erreichbar. Mehr als 85 dieser Instanzen, die insgesamt 54 Organisationen zugeordnet wurden, sollen bereits kompromittiert sein.“ <a href="https://www.golem.de/news/zero-day-luecke-hacker-attackieren-massenhaft-microsoft-sharepoint-instanzen-2507-198299.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">golem.de/news/zero-day-luecke-</span><span class="invisible">hacker-attackieren-massenhaft-microsoft-sharepoint-instanzen-2507-198299.html</span></a> /via <a href="https://wandzeitung.xyz/tags/golem" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>golem</span></a> <a href="https://wandzeitung.xyz/tags/microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microsoft</span></a> <a href="https://wandzeitung.xyz/tags/sharepoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sharepoint</span></a> <a href="https://wandzeitung.xyz/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a></p>
gcve.eu<p>GCVE.eu initiative - introduction and how to become a GNA. Video published.</p><p><a href="https://social.circl.lu/tags/gcve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gcve</span></a> <a href="https://social.circl.lu/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://social.circl.lu/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://social.circl.lu/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a> <a href="https://social.circl.lu/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> </p><p>📽️ <a href="https://www.youtube.com/watch?v=Va3almPab1M" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=Va3almPab1</span><span class="invisible">M</span></a></p>
Ján Trenčanský<p>If you're hunting for <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2025-53770 then I'd recommend also looking for connections to *.ngrok-free.app as it's used to distribute PowerShell reverse shell.</p><p>ESET Inspect rule Potential SharePoint Post-Exploitation (Cmd/PowerShell) [E0474] is triggered on all exploitation attempts seen so far.</p><p><a href="https://infosec.exchange/tags/CVE202553770" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE202553770</span></a></p>
Paul Chambers🚧<p><span class="h-card" translate="no"><a href="https://ioc.exchange/@bluetea" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bluetea</span></a></span> Also, here is the release: </p><p>🔗 Customer guidance for SharePoint vulnerability CVE-2025-53770<br><a href="https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">msrc.microsoft.com/blog/2025/0</span><span class="invisible">7/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/</span></a></p><p><a href="https://archive.ph/Dlhra" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">archive.ph/Dlhra</span><span class="invisible"></span></a> <a href="https://oldfriends.live/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://oldfriends.live/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://oldfriends.live/tags/Hack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hack</span></a> <a href="https://oldfriends.live/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://oldfriends.live/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> </p><p><span class="h-card" translate="no"><a href="https://freeradical.zone/@funnymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>funnymonkey</span></a></span></p>
gcve.eu<p>Don't forget to join us today online at 14:00 (Luxembourg local time) for "GCVE.eu initiative - introduction and how to become a GNA" part of the <span class="h-card" translate="no"><a href="https://social.circl.lu/@circl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>circl</span></a></span> Virtual Summer School (VSS) 2025 <br>Details available at: <a href="https://circl.lu/pub/vss-2025/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">circl.lu/pub/vss-2025/</span><span class="invisible"></span></a></p><p><a href="https://social.circl.lu/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a> <a href="https://social.circl.lu/tags/gcve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gcve</span></a> <a href="https://social.circl.lu/tags/gna" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gna</span></a> <a href="https://social.circl.lu/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://social.circl.lu/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a></p>
TYPO3 CMS

As of 15 July 2025, the TYPO3 Association is approved as a CVE Numbering Authority (CNA) by the CVE Program.

The TYPO3 Security Team can now assign CVE Identifiers for vulnerabilities in TYPO3 CMS and its ecosystem. This ensures TYPO3 security issues are disclosed in a coordinated and consistent way.

Learn more: t3.ms/cve-bm

#TYPO3#CVE#Security
NLnet Labs

Unbound 1.23.1 in now available. This security release fixes the Rebirthday Attack CVE-2025-5994.

The vulnerability re-opens up #DNS resolvers to a birthday paradox, for EDNS client subnet servers that respond with non-ECS answers. The #CVE is described here:
nlnetlabs.nl/downloads/unbound

We would like to thank Xiang Li (AOSP Lab, Nankai University) for discovering and responsibly disclosing the vulnerability.
github.com/NLnetLabs/unbound/r

*
morgen

Just published a proof-of-concept exploit for CVE-2025-32463, a new Linux privilege escalation vulnerability affecting sudo discovered and disclosed by Stratascale about 2 weeks ago.

The PoC is available on GitHub. A full technical writeup will be published on my blog soon.

GitHub: github.com/morgenm/sudo-chroot

GitHubGitHub - morgenm/sudo-chroot-CVE-2025-32463: Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc)Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc) - morgenm/sudo-chroot-CVE-2025-32463
#CyberSecurity#ExploitDev#Linux
*
Nightfighter 🛡️

EU startet eigene #Vulnerability Database um sich von eigenständiger aufzustellen. Ein guter Schritt in die richtige Richtung, um sich unabhängig von manipulierten Datenbanken anderer Länder wie USA und China zu machen. Denn dort findet man u.U. nicht alles. So werden möglicherweise Schwachstellen - die Geheimdienste nutzen könnten - nicht veröffentlicht.

#enisa #cve #vulnerabilitymanagement #vulnerabilitylookup #eu #sicherheit #sicherheitslucke #cybersecurity

security-insider.de/eu-startet

Security-Insider · Neue EU-Datenbank für Sicherheitslücken geht an den StartBy Melanie Staudacher
Live feeds
About