CVE Alert: CVE-2025-10001 – wpallimport – Import any XML, CSV or Excel File to WordPress
CVE-2025-10001 HIGHNo exploitation known The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to...
Year: 2025
CVE Alert: CVE-2025-54259 – Adobe – Substance3D – Modeler
CVE-2025-54259 HIGHNo exploitation known Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability...
CVE Alert: CVE-2025-10040 – smackcoders – WP Import – Ultimate CSV XML Importer for WordPress
CVE-2025-10040 HIGHNo exploitation known The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to...
CVE Alert: CVE-2025-54260 – Adobe – Substance3D – Modeler
CVE-2025-54260 HIGHNo exploitation known Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read vulnerability when parsing...
CVE Alert: CVE-2025-54258 – Adobe – Substance3D – Modeler
CVE-2025-54258 HIGHNo exploitation known Substance3D - Modeler versions 1.22.2 and earlier are affected by a Use After Free vulnerability that...
CVE Alert: CVE-2025-54245 – Adobe – Substance3D – Viewer
CVE-2025-54245 HIGHNo exploitation known Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could...
CVE Alert: CVE-2025-54243 – Adobe – Substance3D – Viewer
CVE-2025-54243 HIGHNo exploitation known Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could...
CVE Alert: CVE-2025-54257 – Adobe – Acrobat Reader
CVE-2025-54257 HIGHNo exploitation known Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability...
CVE Alert: CVE-2025-54244 – Adobe – Substance3D – Viewer
CVE-2025-54244 HIGHNo exploitation known Substance3D - Viewer versions 0.25.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that...
CVE Alert: CVE-2025-10171 – UTT – 1250GW
CVE-2025-10171 HIGHNo exploitation known A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vulnerability affects the function sub_453DC...
HackerOne Bug Bounty Disclosure: cve-out-of-bounds-read-for-cookie-path-bigsleep
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:bigsleepLink to Submitters Profile:https://hackerone.com/bigsleep Report Title:CVE-2025-9086: Out of bounds read for cookie...
HackerOne Bug Bounty Disclosure: -k-users-and-employee-leaked-credentials-meowsint
Company Name: Khan Academy Company HackerOne URL: https://hackerone.com/khanacademy Submitted By:meowsintLink to Submitters Profile:https://hackerone.com/meowsint Report Title:337k users and 1 employee leaked...
HackerOne Bug Bounty Disclosure: cve-predictable-websocket-mask-cruocco
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:cruoccoLink to Submitters Profile:https://hackerone.com/cruocco Report Title:CVE-2025-10148: predictable WebSocket maskReport Link:https://hackerone.com/reports/3330839Date Submitted:10 September...
[Palo Alto Networks Security Advisories] CVE-2025-4234 Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure ofCredentials
Palo Alto Networks Security Advisories /CVE-2025-4234CVE-2025-4234 Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of CredentialsUrgencyMODERATE047910Severity0.5 ·LOWExploit MaturityUNREPORTEDResponse EffortMODERATERecoveryUSERValue DensityDIFFUSEAttack...
[Palo Alto Networks Security Advisories] CVE-2025-4235 User-ID Credential Agent: Cleartext Exposure of Service Accountpassword
Palo Alto Networks Security Advisories /CVE-2025-4235CVE-2025-4235 User-ID Credential Agent: Cleartext Exposure of Service Account passwordUrgencyMODERATE047910Severity4.2 ·MEDIUMExploit MaturityUNREPORTEDResponse EffortMODERATERecoveryUSERValue DensityDIFFUSEAttack VectorLOCALAttack...
[Palo Alto Networks Security Advisories] PAN-SA-2025-0015 Chromium: Monthly Vulnerability Update (September 2025)
Palo Alto Networks Security Advisories /PAN-SA-2025-0015PAN-SA-2025-0015 Chromium: Monthly Vulnerability Update (September 2025)UrgencyMODERATE047910Severity6.1 ·MEDIUMExploit MaturityUNREPORTEDResponse EffortMODERATERecoveryUSERValue DensityDIFFUSEAttack VectorNETWORKAttack ComplexityLOWAttack RequirementsNONEAutomatableNOUser InteractionACTIVEProduct...
[TRYHACKME] – Void Execution Challenge
A friendly walkthrough of a slick binary-exploitation challenge: custom shellcode without syscall, ASLR bypass via GOT, and why stack alignment...
[TRYHACKME] – LondonBridge Full Walkthrough.
Introduction In this room we compromise a small Flask app behind Gunicorn, pivot from a clever SSRF to local file...
CVE Alert: CVE-2025-54111 – Microsoft – Windows 10 Version 1809
CVE-2025-54111 HIGHNo exploitation known Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges...
CVE Alert: CVE-2025-54106 – Microsoft – Windows Server 2019
CVE-2025-54106 HIGHNo exploitation known Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker...
CVE Alert: CVE-2025-54110 – Microsoft – Windows 10 Version 1809
CVE-2025-54110 HIGHNo exploitation known Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. CVSS...
CVE Alert: CVE-2025-54112 – Microsoft – Windows 10 Version 1809
CVE-2025-54112 HIGHNo exploitation known Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally....
CVE Alert: CVE-2025-54108 – Microsoft – Windows Server 2025 (Server Core installation)
CVE-2025-54108 HIGHNo exploitation known Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc)...
CVE Alert: CVE-2025-54103 – Microsoft – Windows 10 Version 21H2
CVE-2025-54103 HIGHNo exploitation known Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally. CVSS...
