Reflected Cross-Site Scripting (XSS) on www.nasa.gov/search/search.jsp Reflected Cross-Site Scripting (XSS) on www.nasa.gov/search/search.jsp Researcher: madhu873 Engagement: National Aeronautics and Space Administration...
CVE-2025-8696 HIGHNo exploitation known If an unauthenticated user sends a large amount of data to the Stork UI, it may...
CVE-2025-7718 HIGHNo exploitation known The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to...
CVE-2025-7049 HIGHNo exploitation known The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in...
CVE-2025-10049 HIGHNo exploitation known The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing...
CVE-2025-41714 HIGHNo exploitation known The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated...
CVE-2025-20340 HIGHNo exploitation known A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software could allow...
CVE-2025-10001 HIGHNo exploitation known The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to...
CVE-2025-54259 HIGHNo exploitation known Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability...
CVE-2025-10040 HIGHNo exploitation known The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to...
CVE-2025-54260 HIGHNo exploitation known Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read vulnerability when parsing...
CVE-2025-54258 HIGHNo exploitation known Substance3D - Modeler versions 1.22.2 and earlier are affected by a Use After Free vulnerability that...
CVE-2025-54245 HIGHNo exploitation known Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could...
CVE-2025-54243 HIGHNo exploitation known Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could...
CVE-2025-54257 HIGHNo exploitation known Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability...
CVE-2025-54244 HIGHNo exploitation known Substance3D - Viewer versions 0.25.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that...
CVE-2025-10171 HIGHNo exploitation known A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vulnerability affects the function sub_453DC...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:bigsleepLink to Submitters Profile:https://hackerone.com/bigsleep Report Title:CVE-2025-9086: Out of bounds read for cookie...
Company Name: Khan Academy Company HackerOne URL: https://hackerone.com/khanacademy Submitted By:meowsintLink to Submitters Profile:https://hackerone.com/meowsint Report Title:337k users and 1 employee leaked...
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:cruoccoLink to Submitters Profile:https://hackerone.com/cruocco Report Title:CVE-2025-10148: predictable WebSocket maskReport Link:https://hackerone.com/reports/3330839Date Submitted:10 September...
Palo Alto Networks Security Advisories /CVE-2025-4234CVE-2025-4234 Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of CredentialsUrgencyMODERATE047910Severity0.5 ·LOWExploit MaturityUNREPORTEDResponse EffortMODERATERecoveryUSERValue DensityDIFFUSEAttack...
Palo Alto Networks Security Advisories /CVE-2025-4235CVE-2025-4235 User-ID Credential Agent: Cleartext Exposure of Service Account passwordUrgencyMODERATE047910Severity4.2 ·MEDIUMExploit MaturityUNREPORTEDResponse EffortMODERATERecoveryUSERValue DensityDIFFUSEAttack VectorLOCALAttack...
Palo Alto Networks Security Advisories /PAN-SA-2025-0015PAN-SA-2025-0015 Chromium: Monthly Vulnerability Update (September 2025)UrgencyMODERATE047910Severity6.1 ·MEDIUMExploit MaturityUNREPORTEDResponse EffortMODERATERecoveryUSERValue DensityDIFFUSEAttack VectorNETWORKAttack ComplexityLOWAttack RequirementsNONEAutomatableNOUser InteractionACTIVEProduct...
A friendly walkthrough of a slick binary-exploitation challenge: custom shellcode without syscall, ASLR bypass via GOT, and why stack alignment...
