CVE-2025-24030 Envoy Admin Interface exposed with a user having access to K8s can use path traversal attack to execute commands on proxies, terminate the process and extract the configuration. Version < 1.2.6 CVSS3 base 7.1, Impact 4.2, Adjacent vector github.com/envoyproxy/gat…

CVE-2025-23953 Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files allows Upload a Web Shell to a Web Server, user files Plugin <= 2.4.2 CVSS3 base 10.0, Impact 6.2, Network vector patchstack.com/database/wordp…

CVE-2025-22275 iTerm2 3.5.6 < 3.5.10 allows remote attackers to obtain sensitive info from terminal by reading /tmp/framer.txt. Can occur for certain SSH configs, remote logins to hosts with common Python. CVSS3 base 9.3, Impact 4.7, Network vector iterm2.com/downloads/stab…

Oops, massive open security risks for AI applications due to poorly built infrastructure and tools wiz.io/blog/wiz-resea… #DeepSeek Wiz

CVE-2025-20156 Cisco Meeting Management allow a remote attacker with low privileges to elevate due to proper authz not enforced on REST API. Exploit could gain admin control over edge nodes managed by Meeting Management CVSS3 base 9.9, Impact 6.0 sec.cloudapps.cisco.com/security/cente…

vFeed Newsletter January 2025 In this Vulnerability Threat Intel Newsletter, we explore critical vulnerability trends, impacted platforms, EPSS tracker, Kubernetes Kubernetes, MITRE EMB3D, and zero-day vulnerabilities using LLMs. vfeed.io/vfeed-newslett…

CVE-2025-24016 Wazuh OSS threat detection and prevention servers. Unsafe deserialization vulnerability allows for remote code execution, triggered with API access, versions 4.4.0 CVSS3 base 9.9, Impact 6.0, Network vector, CWE-502 github.com/wazuh/wazuh/se…

CVE-2025-0108 Authn bypass in PAN-OS enables an unauthenticated attacker to use web interface to bypass the authentication. security.paloaltonetworks.com/CVE-2025-0108 CVSS3 base 8.8, Impact 5.2, Network vector, CWE-306

CVE-2025-26465 OpenSSH VerifyHostKeyDNS option causes MiTM by malicious user impersonating. Occurs due to how error code mishandling in specific conditions when verifying host key CVSS3 6.8, Impact 5.2, Network, CWE-390, EPSS percentile 0.11721 seclists.org/oss-sec/2025/q…

vFeed Newsletter February 2025 We analyze vulnerability trends, feature monthly Curiosity questionnaire, EPSS Tracker, K8s vulnerabilities, MITRE CALDERA, AI impact on cyber, threat tools Read the full newsletter here: vfeed.io/vfeed-newslett… #cybersecurity #vulnerability #ai

WordPress plugin critical CVEs with high EPSS percentile of 42% in March. SetSail (CVE-2025-1564) Alloggio (CVE-2025-1638) Academist (CVE-2025-1671) Could lead to unauthorized access, privilege escalation, or data exposure wordfence.com/threat-intel/v… #vulnerability #wordpress

CVE-2025-22867 On Darwin, building a Go module with CGO can trigger arbitrary code execution when using Apple version of ld, due to usage of special values in a cgo LDFLAGS . Affected go1.24rc2 Base 7.5, Impact 3.6, Explot 3.9, EPSS % 0.18 go.dev/issue/71476

CVE-2025-0912 Donations Widget plugin for WordPress vulnerable to PHP Object Injection, allowing unauthenticated attackers to inject a PHP object, could allows attackers RCE, versions <= 3.19.4 CVSS3 9.8, Impact 5.9, EPSS 43.11% wordfence.com/threat-intel/v…

CVE-2024-12799 Insufficiently Protected Credentials in OpenText Identity Manager (IDM) allows Privilege Abuse via crafted payloads. Windows/Linux 64-bit, 4.8.0.0 to 4.8.7.0102, 4.9.0.0 CVSS4 10.0, High CIA Impact, Fully automatable, High exploitability portal.microfocus.com/s/article/KM00…

CVE-2025-24983 Microsoft Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally, Affected Windows 10/2000/2008/2012 CVSS3 7.0, Impact 5.9, Local, EPSS 34.56% msrc.microsoft.com/update-guide/v…

CVE-2025-24201 Apple iOS < 17.2 Zero-day in Apple WebKit iOS, Safari. Maliciously crafted web content may be able to break out of Web Content sandbox. Fixed in iOS 18.3.2, iPadOS 18.3.2, Sequoia 15.3.2, Safari 18.3.1 CVSS3 8.8, Impact 5.9, EPSS 30.24% support.apple.com/en-us/122281

vFeed Integrates Next-Generation CVSS 4.0 Risk Scoring Exciting news for threat intelligence users! vFeed is thrilled to announce the integration of CVSS version 4.0 (CVSS4) risk scoring metrics into our threat intel feed. For more details, see vfeed.io/vfeed-integrat…

Did you know recent Envoy vulnerabilities reveal serious risks: command injection via admin (CVE-2025-24030, EPSS 39.6%), log poison (CVE-2025-25294, EPSS 32.1%), bypass 2FA (CVE-2025-30236, EPSS 24.5%). Patch them now — EPSS scores show real-world exploit potential. #envoyproxy