Cobalt Strike Beacon Detected – 121[.]43[.]37[.]134:4434
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Strike Beacon Detected – 154[.]201[.]91[.]224:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Strike Beacon Detected – 47[.]122[.]30[.]177:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
BugCrowd Bug Bounty Disclosure: P5 – Reflected Cross-Site Scripting (XSS) on www.nasa.gov/search/search.jsp – madhu873
Reflected Cross-Site Scripting (XSS) on www.nasa.gov/search/search.jsp Reflected Cross-Site Scripting (XSS) on www.nasa.gov/search/search.jsp Researcher: madhu873 Engagement: National Aeronautics and Space Administration...
CVE Alert: CVE-2025-8696 – ISC – Stork
CVE-2025-8696 HIGHNo exploitation known If an unauthenticated user sends a large amount of data to the Stork UI, it may...
CVE Alert: CVE-2025-7718 – pixel_prime – Resideo Plugin for Resideo – Real Estate WordPress Theme
CVE-2025-7718 HIGHNo exploitation known The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to...
CVE Alert: CVE-2025-7049 – dasinfomedia – WPGYM – WordPress Gym Management System
CVE-2025-7049 HIGHNo exploitation known The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in...
CVE Alert: CVE-2025-10049 – nik00726 – Responsive Filterable Portfolio
CVE-2025-10049 HIGHNo exploitation known The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing...
CVE Alert: CVE-2025-41714 – Welotec – SmartEMS Web Application
CVE-2025-41714 HIGHNo exploitation known The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated...
CVE Alert: CVE-2025-20340 – Cisco – Cisco IOS XR Software
CVE-2025-20340 HIGHNo exploitation known A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software could allow...
CVE Alert: CVE-2025-10001 – wpallimport – Import any XML, CSV or Excel File to WordPress
CVE-2025-10001 HIGHNo exploitation known The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to...
CVE Alert: CVE-2025-54259 – Adobe – Substance3D – Modeler
CVE-2025-54259 HIGHNo exploitation known Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability...
CVE Alert: CVE-2025-10040 – smackcoders – WP Import – Ultimate CSV XML Importer for WordPress
CVE-2025-10040 HIGHNo exploitation known The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to...
CVE Alert: CVE-2025-54260 – Adobe – Substance3D – Modeler
CVE-2025-54260 HIGHNo exploitation known Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read vulnerability when parsing...
CVE Alert: CVE-2025-54258 – Adobe – Substance3D – Modeler
CVE-2025-54258 HIGHNo exploitation known Substance3D - Modeler versions 1.22.2 and earlier are affected by a Use After Free vulnerability that...
CVE Alert: CVE-2025-54245 – Adobe – Substance3D – Viewer
CVE-2025-54245 HIGHNo exploitation known Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could...
CVE Alert: CVE-2025-54243 – Adobe – Substance3D – Viewer
CVE-2025-54243 HIGHNo exploitation known Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could...
CVE Alert: CVE-2025-54257 – Adobe – Acrobat Reader
CVE-2025-54257 HIGHNo exploitation known Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability...
CVE Alert: CVE-2025-54244 – Adobe – Substance3D – Viewer
CVE-2025-54244 HIGHNo exploitation known Substance3D - Viewer versions 0.25.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that...
CVE Alert: CVE-2025-10171 – UTT – 1250GW
CVE-2025-10171 HIGHNo exploitation known A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vulnerability affects the function sub_453DC...
HackerOne Bug Bounty Disclosure: cve-out-of-bounds-read-for-cookie-path-bigsleep
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:bigsleepLink to Submitters Profile:https://hackerone.com/bigsleep Report Title:CVE-2025-9086: Out of bounds read for cookie...
HackerOne Bug Bounty Disclosure: -k-users-and-employee-leaked-credentials-meowsint
Company Name: Khan Academy Company HackerOne URL: https://hackerone.com/khanacademy Submitted By:meowsintLink to Submitters Profile:https://hackerone.com/meowsint Report Title:337k users and 1 employee leaked...
HackerOne Bug Bounty Disclosure: cve-predictable-websocket-mask-cruocco
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:cruoccoLink to Submitters Profile:https://hackerone.com/cruocco Report Title:CVE-2025-10148: predictable WebSocket maskReport Link:https://hackerone.com/reports/3330839Date Submitted:10 September...
[Palo Alto Networks Security Advisories] CVE-2025-4234 Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure ofCredentials
Palo Alto Networks Security Advisories /CVE-2025-4234CVE-2025-4234 Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of CredentialsUrgencyMODERATE047910Severity0.5 ·LOWExploit MaturityUNREPORTEDResponse EffortMODERATERecoveryUSERValue DensityDIFFUSEAttack...
