CVE‑2025‑36630: Local Privilege Escalation in Tenable Nessus on Windows
CVE‑2025‑36630 is a newly identified high-severity vulnerability affecting Tenable Nessus on Windows systems (versions prior to 10.8.5). The flaw allows non-administrative users to overwrite arbitrary system files with data from application logs running as SYSTEM, potentially enabling full privilege escalation. Vulnerability Details < CVE ID CVE‑2025‑36630 Unique ID to track this vulnerability. Affected Software Tenable […]
CVE‑2025‑3461: Unauthenticated Telnet Access in Quantenna Wi‑Fi Chipsets
CVE‑2025‑3461 is a newly assigned critical-severity vulnerability in Quantenna Wi‑Fi chipsets (used in various routers and embedded devices), where a telnet service is enabled by default with no authentication. This can allow remote attackers to gain root-level access and control raising serious security concerns. Vulnerability Details Exploitation Path These chipsets ship with telnet enabled by […]
CVE‑2024‑55585: Unauthenticated Admin API Access in moPS App
CVE‑2024‑55585 is a high to critical severity vulnerability affecting the moPS App through version 1.8.618. The flaw allows unauthenticated users to call administrative API endpoints such as “/api/v1/users/resetpassword” enabling unintended read/write operations on the app. Vulnerability Details Exploitation Path Due to missing authentication checks on administrative endpoints, unauthenticated or low‑privileged users can access and execute […]
CVE-2025-49127: Unauthenticated Remote Code Execution in Kafbat UI
CVE-2025-49127 is a recently disclosed high-severity vulnerability affecting Kafbat UI, a web interface for managing Apache Kafka clusters. The flaw allows unauthenticated attackers to execute arbitrary code on the server via unsafe deserialization in version 1.0.0. This vulnerability has been addressed in version 1.1.0. Vulnerability Details Exploitation Path The vulnerability arises from unsafe deserialization in […]
CVE-2025-5733: Full Path Disclosure Vulnerability in Modern Events Calendar Lite Plugin for WordPress
CVE-2025-5733 is a recently disclosed vulnerability affecting the Modern Events Calendar Lite plugin for WordPress (versions ≤ 7.21.9). The flaw allows unauthenticated attackers to retrieve the full path of the web application, potentially aiding in further attacks. Vulnerability Details Exploitation Path The vulnerability stems from improper validation of the id property when exporting calendars. This […]