Published: 2025-11-21 Overview A high-severity vulnerability, identified as CVE-2025-30201, has been discovered in the Wazuh Agent. This vulnerability allows authenticated attackers to potentially trigger NTLM relay attacks, potentially leading to privilege escalation and remote code execution. It arises from the agent’s handling of malicious UNC (Universal Naming Convention) paths within configuration settings. Technical Details The vulnerability stems from the Wazuh Agent’s processing of configuration parameters. An authenticated attacker can inject malicious UNC paths into various agent configuration settings. When the agent attempts to access these malicious paths, it initiates an NTLM authentication handshake with a server controlled by the attacker.…

Overview CVE-2025-29934 is a medium-severity vulnerability affecting certain AMD CPUs. This bug could allow a local attacker with administrative privileges to potentially compromise the integrity of data within a Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) guest. Specifically, the attacker might be able to run the guest using stale Translation Lookaside Buffer (TLB) entries. Technical Details The vulnerability stems from improper handling of TLB entries within the affected AMD CPU microcode. TLBs are caches used to speed up virtual-to-physical address translation. When a TLB entry becomes stale (outdated), it can point to an incorrect physical memory location. In the context of…

Overview CVE-2025-64483 describes a security vulnerability found in the Wazuh API, a security detection, visibility, and compliance open-source project. Specifically, versions 4.9.0 up to (but not including) 4.13.0 are affected. This vulnerability allows authenticated users with read-only API roles to retrieve agent enrollment credentials. These credentials can then be exploited to register new agents within the same Wazuh tenant without proper authorization, potentially bypassing security controls. Technical Details The vulnerability resides in the /utils/configuration endpoint of the Wazuh API. While intended for configuration retrieval, this endpoint inadvertently exposed agent enrollment credentials to users with read-only permissions. The exposure allowed a…

Overview CVE-2025-13132 is a high-severity security vulnerability affecting DiaBrowser. This vulnerability allows a malicious website to programmatically enter fullscreen mode after a user click event, but crucially, without displaying the standard fullscreen notification (toast). This missing notification can deceive users into believing they are interacting with a legitimate website when, in reality, they are on a fake or malicious site designed to steal credentials or perform other harmful actions. The vulnerability was published on 2025-11-21T18:15:48.813. Technical Details The vulnerability stems from an improper handling of the fullscreen API within DiaBrowser. The browser fails to consistently enforce the display of a…

Overview A critical vulnerability, identified as CVE-2025-13470, has been discovered in RNP version 0.18.0. This flaw affects public-key encryption (PKESK packets) due to a regression that results in an all-zero session key being used. This means any data encrypted using public-key encryption in this version can be trivially decrypted, leading to a complete breach of confidentiality. Technical Details The vulnerability stems from a refactoring regression in RNP version 0.18.0. During the creation of Public-Key Encrypted Session Key (PKESK) packets, the symmetric session key is left uninitialized, effectively creating an all-zero byte array. This all-zero key is then used to encrypt…

Overview A critical security vulnerability, identified as CVE-2025-12973, has been discovered in the S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress. This vulnerability allows authenticated attackers with Editor-level access and above to upload arbitrary files to the affected server. This can potentially lead to remote code execution (RCE) and complete compromise of the WordPress website. The vulnerability affects all versions of the plugin up to and including version 1.7.8. A patch has been released to address this issue. It is crucial to update to the latest version of the plugin immediately. Technical Details The…

Overview CVE-2025-12747 is a medium-severity security vulnerability affecting the Tainacan plugin for WordPress. This vulnerability allows unauthenticated attackers to access files marked as private that are stored within the wp-content directory due to inadequate protection. Versions of the Tainacan plugin up to and including 1.0.0 are affected. Technical Details The vulnerability arises from how the Tainacan plugin handles access control for uploaded files designated as “private.” Instead of properly restricting access through WordPress’s built-in mechanisms or custom access control, the files are placed in the wp-content directory without sufficient security measures. As a result, an attacker can directly access these…

Overview A critical security vulnerability, identified as CVE-2025-41115, has been discovered in Grafana Enterprise and Grafana Cloud related to SCIM (System for Cross-domain Identity Management) provisioning. This vulnerability, introduced in April to streamline user and team management through automated user lifecycle management, could allow a malicious or compromised SCIM client to provision a user with a specific numeric externalId. This can then lead to internal user ID override, ultimately resulting in user impersonation and privilege escalation. Technical Details The vulnerability resides in how Grafana versions 12.x handle user identities when SCIM provisioning is enabled and configured. Specifically, if a SCIM…

Overview CVE-2025-13432 is a medium severity vulnerability affecting Terraform Enterprise. It allows a user with specific, but insufficient, permissions to create Terraform state versions within a workspace. This unauthorized state version creation can lead to the alteration of infrastructure if a subsequent plan operation based on the tampered state is approved (either manually or auto-applied). Technical Details The vulnerability stems from inadequate permission checks during the state version creation process. A user, who should not possess the ability to modify state directly, can leverage a specific combination of permissions to create a new state version. This newly created state version…

Overview A high-severity security vulnerability, identified as CVE-2025-13357, has been discovered in HashiCorp Vault’s Terraform Provider. This flaw resides within the LDAP auth method configuration and could potentially allow attackers to bypass authentication under specific circumstances. It is highly recommended to upgrade to Vault Terraform Provider v5.5.0 as soon as possible to remediate this issue. Technical Details The vulnerability stems from an incorrect default setting for the deny_null_bind parameter in the LDAP auth method configuration within the Vault Terraform Provider. The provider incorrectly defaulted this parameter to false. If the underlying LDAP server permits anonymous or unauthenticated binds (null binds),…