Skip to main content
CVE-2025-68475 HIGH POC PATCH This Week

A Regular Expression Denial of Service (ReDoS) vulnerability exists in Fedify, a TypeScript library for building ActivityPub federated servers, where maliciously crafted HTML responses can cause catastrophic backtracking in the document loader's HTML parsing regex. The vulnerability affects versions prior to 1.6.13, 1.7.14, 1.8.15, and 1.9.2, allowing remote attackers to cause denial of service without authentication. A public proof-of-concept exploit is available, though the EPSS score of 0.13% indicates relatively low exploitation likelihood in the wild.

Denial Of Service Fedify
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-65857 HIGH POC This Week

GetStreamUri ONVIF endpoint in Xiongmai XM530 IP cameras exposes RTSP video streams with hardcoded credentials, allowing remote unauthenticated attackers to view live camera feeds without authentication. Affects firmware version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. Publicly available exploit code exists demonstrating credential extraction and direct stream access. EPSS data not available, but the combination of network-accessible attack vector (AV:N), no authentication requirement (PR:N), and public POC creates immediate risk for exposed internet-facing cameras.

Authentication Bypass Xm530V200 X6 Weq 8M Firmware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-14018 HIGH POC This Week

Local privilege escalation in NetBT Consulting Services e-Fatura versions prior to 1.2.15 allows authenticated low-privileged users to leverage an unquoted Windows service path to execute arbitrary code with elevated privileges. Publicly available exploit code exists (Exploit-DB 52509), though EPSS scoring (0.20%, 42nd percentile) suggests limited widespread exploitation, and the issue is not currently listed in CISA KEV.

Information Disclosure
NVD Exploit-DB VulDB
CVSS 3.1
7.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy