| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-24010 | 8.8 | 0.00% | 4 | 0 | 2026-01-22T03:15:48.090000 | Horilla is a free and open source Human Resource Management System (HRMS). A cri | |
| CVE-2026-24006 | 7.5 | 0.00% | 2 | 0 | 2026-01-22T03:15:47.933000 | Seroval facilitates JS value stringification, including complex structures beyon | |
| CVE-2026-24002 | 9.0 | 0.00% | 2 | 0 | 2026-01-22T03:15:47.777000 | Grist is spreadsheet software using Python as its formula language. Grist offers | |
| CVE-2026-23967 | 7.5 | 0.00% | 4 | 0 | 2026-01-22T03:15:47.167000 | sm-crypto provides JavaScript implementations of the Chinese cryptographic algor | |
| CVE-2026-23966 | 9.1 | 0.00% | 4 | 0 | 2026-01-22T03:15:47.007000 | sm-crypto provides JavaScript implementations of the Chinese cryptographic algor | |
| CVE-2026-23962 | 7.5 | 0.00% | 2 | 0 | 2026-01-22T03:15:46.400000 | Mastodon is a free, open-source social network server based on ActivityPub. Mast | |
| CVE-2026-23957 | 7.5 | 0.00% | 2 | 0 | 2026-01-22T02:15:52.470000 | seroval facilitates JS value stringification, including complex structures beyon | |
| CVE-2026-23956 | 7.5 | 0.00% | 2 | 0 | 2026-01-22T02:15:52.310000 | seroval facilitates JS value stringification, including complex structures beyon | |
| CVE-2025-27380 | 7.6 | 0.00% | 2 | 0 | 2026-01-22T02:15:51.310000 | HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all | |
| CVE-2025-27378 | 8.6 | 0.00% | 2 | 0 | 2026-01-22T01:15:51.077000 | AES contains a SQL injection vulnerability due to an inactive configuration that | |
| CVE-2026-20045 | 8.2 | 0.00% | 16 | 0 | 2026-01-21T21:31:31 | A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unif | |
| CVE-2025-59465 | 7.5 | 0.05% | 1 | 0 | 2026-01-21T21:30:30 | A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can caus | |
| CVE-2025-68137 | 8.3 | 0.00% | 2 | 0 | 2026-01-21T20:16:05.840000 | EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer | |
| CVE-2025-13878 | 7.5 | 0.00% | 2 | 0 | 2026-01-21T19:16:02.960000 | Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This is | |
| CVE-2025-66692 | 7.5 | 0.02% | 2 | 0 | 2026-01-21T18:31:36 | A buffer over-read in the PublicKey::verify() method of Binance - Trust Wallet C | |
| CVE-2026-0629 | None | 0.04% | 3 | 0 | 2026-01-21T18:31:35 | Authentication bypass in the password recovery feature of the local web interfac | |
| CVE-2026-20055 | 4.8 | 0.00% | 2 | 0 | 2026-01-21T18:30:38 | Multiple vulnerabilities in the web-based management interface of Cisco Packaged | |
| CVE-2026-20109 | 4.8 | 0.00% | 2 | 0 | 2026-01-21T18:30:38 | Multiple vulnerabilities in the web-based management interface of Cisco Packaged | |
| CVE-2026-20080 | 5.3 | 0.00% | 2 | 0 | 2026-01-21T18:30:38 | A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compu | |
| CVE-2025-70650 | 7.5 | 0.00% | 2 | 0 | 2026-01-21T18:30:37 | Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceL | |
| CVE-2025-70651 | 7.5 | 0.00% | 2 | 0 | 2026-01-21T18:30:30 | Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid pa | |
| CVE-2026-21957 | 7.6 | 0.01% | 2 | 0 | 2026-01-21T18:30:30 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21945 | 7.5 | 0.04% | 4 | 0 | 2026-01-21T18:30:29 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Ente | |
| CVE-2026-21955 | 8.3 | 0.01% | 1 | 0 | 2026-01-21T18:30:29 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-20092 | 6.0 | 0.00% | 2 | 0 | 2026-01-21T17:16:08.570000 | A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual A | |
| CVE-2025-65482 | 9.8 | 0.02% | 2 | 1 | 2026-01-21T16:56:56 | An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2 | |
| CVE-2025-68925 | 5.3 | 0.02% | 1 | 0 | 2026-01-21T16:23:34 | ### Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1 | |
| CVE-2025-68704 | 5.9 | 0.04% | 1 | 0 | 2026-01-21T16:23:23 | ### Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1 | |
| CVE-2025-68702 | 7.5 | 0.02% | 1 | 0 | 2026-01-21T16:21:30 | ### Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1 | |
| CVE-2025-68701 | 7.5 | 0.02% | 1 | 0 | 2026-01-21T16:21:23 | ### Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1 | |
| CVE-2026-22022 | 8.2 | 0.00% | 2 | 0 | 2026-01-21T16:16:10.360000 | Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based | |
| CVE-2026-21962 | 10.0 | 0.03% | 2 | 3 | 2026-01-21T16:16:10.127000 | Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in pr | |
| CVE-2026-21956 | 8.2 | 0.01% | 2 | 0 | 2026-01-21T16:16:09.527000 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2025-70645 | 7.5 | 0.00% | 2 | 0 | 2026-01-21T16:16:07.350000 | Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceL | |
| CVE-2025-14523 | 8.2 | 0.06% | 1 | 0 | 2026-01-21T16:16:05.420000 | A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a requ | |
| CVE-2026-22807 | 8.8 | 0.00% | 2 | 0 | 2026-01-21T16:12:56 | # Summary vLLM loads Hugging Face `auto_map` dynamic modules during model resol | |
| CVE-2026-23737 | 7.5 | 0.00% | 2 | 0 | 2026-01-21T15:41:23 | Improper input handling in the JSON deserialization component can lead to arbitr | |
| CVE-2026-23524 | 9.8 | 0.00% | 2 | 0 | 2026-01-21T15:40:25 | ### Impact This vulnerability affects Laravel Reverb versions prior to v1.7.0 w | |
| CVE-2025-57156 | 7.5 | 0.07% | 2 | 0 | 2026-01-21T15:32:23 | NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/h | |
| CVE-2025-63648 | 7.5 | 0.02% | 2 | 0 | 2026-01-21T15:32:22 | A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/ht | |
| CVE-2025-63647 | 7.5 | 0.02% | 2 | 0 | 2026-01-21T15:32:22 | A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of ownt | |
| CVE-2026-21940 | 7.5 | 0.03% | 2 | 0 | 2026-01-21T15:32:22 | Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: | |
| CVE-2025-56353 | 7.5 | 0.02% | 2 | 0 | 2026-01-21T15:32:18 | In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memo | |
| CVE-2025-55423 | 9.8 | 0.13% | 2 | 0 | 2026-01-21T15:32:18 | ipTIME routers A2003NS-MU 10.00.6 to 12.16.2 , N600 10.00.8 to 12.16.2, A604-V3 | |
| CVE-2025-57155 | 7.5 | 0.07% | 2 | 0 | 2026-01-21T15:32:17 | NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c i | |
| CVE-2026-21984 | 7.6 | 0.01% | 1 | 0 | 2026-01-21T15:31:17 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21983 | 7.6 | 0.01% | 1 | 0 | 2026-01-21T15:31:16 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21982 | 7.5 | 0.02% | 1 | 0 | 2026-01-21T15:16:09.250000 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2025-66902 | 7.5 | 0.05% | 2 | 0 | 2026-01-21T15:16:07.890000 | An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remot | |
| CVE-2025-64087 | 9.8 | 0.02% | 2 | 1 | 2026-01-21T15:16:07.473000 | A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker componen | |
| CVE-2026-22813 | 6.1 | 0.10% | 1 | 0 | 2026-01-21T15:15:35.597000 | OpenCode is an open source AI coding agent. The markdown renderer used for LLM r | |
| CVE-2025-60021 | 9.8 | 0.39% | 1 | 2 | 2026-01-21T13:46:39.423000 | Remote command injection vulnerability in heap profiler builtin service in Apach | |
| CVE-2026-24061 | 9.8 | 0.36% | 4 | 0 | 2026-01-21T09:31:40 | telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a " | |
| CVE-2026-24016 | 7.8 | 0.01% | 2 | 0 | 2026-01-21T09:31:40 | The installer of ServerView Agents for Windows provided by Fsas Technologies Inc | |
| CVE-2025-15521 | 9.8 | 0.07% | 2 | 0 | 2026-01-21T03:30:26 | The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin fo | |
| CVE-2026-22219 | None | 0.04% | 4 | 0 | 2026-01-21T01:07:03 | Chainlit versions prior to 2.9.4 contain a server-side request forgery (SSRF) vu | |
| CVE-2026-21973 | 8.1 | 0.03% | 1 | 0 | 2026-01-21T00:31:51 | Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financ | |
| CVE-2026-21988 | 8.3 | 0.01% | 2 | 0 | 2026-01-21T00:31:51 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21987 | 8.3 | 0.01% | 2 | 0 | 2026-01-21T00:31:51 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21990 | 8.3 | 0.01% | 1 | 0 | 2026-01-21T00:31:51 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21969 | 9.8 | 0.04% | 1 | 0 | 2026-01-21T00:31:50 | Vulnerability in the Oracle Agile Product Lifecycle Management for Process produ | |
| CVE-2026-21926 | 7.5 | 0.04% | 2 | 0 | 2026-01-21T00:31:49 | Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (compone | |
| CVE-2026-21989 | 8.1 | 0.01% | 2 | 0 | 2026-01-20T22:16:02.470000 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21967 | 8.6 | 0.04% | 1 | 0 | 2026-01-20T22:15:59.733000 | Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Ap | |
| CVE-2026-0905 | 9.8 | 0.02% | 2 | 0 | 2026-01-20T22:15:52.923000 | Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559. | |
| CVE-2025-56005 | 9.8 | 0.29% | 1 | 0 | 2026-01-20T21:31:41 | An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 all | |
| CVE-2026-22218 | None | 0.03% | 4 | 0 | 2026-01-20T21:31:35 | Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in | |
| CVE-2026-22851 | 5.9 | 0.05% | 1 | 0 | 2026-01-20T18:43:31.587000 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1 | |
| CVE-2026-22855 | 9.1 | 0.06% | 1 | 0 | 2026-01-20T18:36:35.953000 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1 | |
| CVE-2025-33229 | 7.3 | 0.01% | 1 | 0 | 2026-01-20T18:32:08 | NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monit | |
| CVE-2025-33228 | 7.3 | 0.03% | 1 | 0 | 2026-01-20T18:32:08 | NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where | |
| CVE-2026-0943 | 7.5 | 0.04% | 1 | 0 | 2026-01-20T18:31:56 | HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with | |
| CVE-2026-0915 | 7.5 | 0.04% | 2 | 0 | 2026-01-20T18:31:56 | Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that spec | |
| CVE-2025-64155 | 9.8 | 0.04% | 6 | 4 | 2026-01-20T18:31:55 | An improper neutralization of special elements used in an os command ('os comman | |
| CVE-2025-33233 | 7.8 | 0.02% | 2 | 0 | 2026-01-20T18:16:02.950000 | NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where | |
| CVE-2025-33231 | 6.7 | 0.01% | 1 | 0 | 2026-01-20T18:16:02.790000 | NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s | |
| CVE-2025-33230 | 7.3 | 0.03% | 1 | 0 | 2026-01-20T18:16:02.647000 | NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, | |
| CVE-2025-71023 | 7.5 | 0.05% | 1 | 0 | 2026-01-20T18:04:49.637000 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac | |
| CVE-2025-71020 | 7.5 | 0.04% | 1 | 0 | 2026-01-20T17:15:49.217000 | Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the securit | |
| CVE-2025-68703 | 7.5 | 0.01% | 1 | 0 | 2026-01-20T17:13:31.310000 | Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libra | |
| CVE-2026-0610 | 9.8 | 0.03% | 1 | 0 | 2026-01-20T16:16:06.860000 | SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue | |
| CVE-2026-22844 | 10.0 | 0.29% | 1 | 1 | 2026-01-20T15:33:21 | A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before | |
| CVE-2026-0899 | 8.8 | 0.07% | 1 | 0 | 2026-01-20T15:33:12 | Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowe | |
| CVE-2025-14533 | 9.8 | 0.08% | 3 | 0 | 2026-01-20T12:31:28 | The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privi | |
| CVE-2026-21223 | 5.1 | 0.05% | 1 | 0 | 2026-01-17T00:30:30 | Microsoft Edge Elevation Service exposes a privileged COM interface that inadequ | |
| CVE-2026-23745 | 0 | 0.01% | 2 | 1 | 2026-01-16T22:16:26.830000 | node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize | |
| CVE-2026-20960 | 8.0 | 0.07% | 1 | 0 | 2026-01-16T22:16:25.553000 | Improper authorization in Microsoft Power Apps allows an authorized attacker to | |
| CVE-2026-23744 | 9.8 | 0.49% | 2 | 1 | 2026-01-16T21:57:11 | ### Summary MCPJam inspector is the local-first development platform for MCP ser | |
| CVE-2026-23800 | 10.0 | 0.04% | 2 | 0 | 2026-01-16T21:30:43 | Incorrect Privilege Assignment vulnerability in Modular DS modular-connector all | |
| CVE-2025-70753 | 7.5 | 0.05% | 1 | 0 | 2026-01-16T18:32:29 | Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the securit | |
| CVE-2025-71025 | 7.5 | 0.05% | 1 | 0 | 2026-01-16T18:32:29 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the clo | |
| CVE-2025-71026 | 7.5 | 0.05% | 1 | 0 | 2026-01-16T18:32:29 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wan | |
| CVE-2025-71024 | 7.5 | 0.05% | 1 | 0 | 2026-01-16T18:32:29 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the ser | |
| CVE-2025-71027 | 7.5 | 0.05% | 1 | 0 | 2026-01-16T18:32:29 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wan | |
| CVE-2026-22917 | 4.3 | 0.06% | 1 | 0 | 2026-01-16T15:55:33.063000 | Improper input handling in a system endpoint may allow attackers to overload res | |
| CVE-2026-22914 | 4.3 | 0.03% | 1 | 0 | 2026-01-16T15:55:33.063000 | An attacker with limited permissions may still be able to write files to specifi | |
| CVE-2026-22638 | 8.3 | 0.04% | 1 | 0 | 2026-01-16T15:55:33.063000 | A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining | |
| CVE-2026-22913 | 4.3 | 0.04% | 1 | 0 | 2026-01-16T15:55:33.063000 | Improper handling of a URL parameter may allow attackers to execute code in a us | |
| CVE-2026-22640 | 5.5 | 0.06% | 1 | 0 | 2026-01-16T15:55:33.063000 | An access control vulnerability was discovered in Grafana OSS where an Organizat | |
| CVE-2026-22915 | 4.3 | 0.04% | 1 | 0 | 2026-01-16T15:55:33.063000 | An attacker with low privileges may be able to read files from specific director | |
| CVE-2026-22642 | 4.2 | 0.04% | 1 | 0 | 2026-01-16T15:55:33.063000 | An open redirect vulnerability has been identified in Grafana OSS organization s | |
| CVE-2026-22910 | 7.5 | 0.05% | 1 | 0 | 2026-01-16T15:55:33.063000 | The device is deployed with weak and publicly known default passwords for certai | |
| CVE-2026-22919 | 3.8 | 0.04% | 1 | 0 | 2026-01-16T15:55:33.063000 | An attacker with administrative access may inject malicious content into the log | |
| CVE-2026-22646 | 4.3 | 0.04% | 1 | 0 | 2026-01-16T15:55:33.063000 | Certain error messages returned by the application expose internal system detail | |
| CVE-2026-0227 | 0 | 0.09% | 6 | 2 | 2026-01-16T15:55:12.257000 | A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated | |
| CVE-2025-68707 | 8.8 | 0.04% | 1 | 0 | 2026-01-16T15:15:53.603000 | An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with | |
| CVE-2025-68493 | 8.1 | 0.13% | 1 | 0 | 2026-01-16T14:31:16.030000 | Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issu | |
| CVE-2025-62581 | 9.8 | 0.04% | 1 | 0 | 2026-01-16T03:30:27 | Delta Electronics DIAView has multiple vulnerabilities. | |
| CVE-2025-62582 | 9.8 | 0.04% | 1 | 0 | 2026-01-16T03:30:27 | Delta Electronics DIAView has multiple vulnerabilities. | |
| CVE-2025-66169 | None | 0.14% | 1 | 0 | 2026-01-15T22:33:19 | Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issu | |
| CVE-2025-36911 | 7.1 | 0.00% | 3 | 6 | 2026-01-15T21:31:47 | In key-based pairing, there is a possible ID due to a logic error in the code. T | |
| CVE-2025-9014 | None | 0.11% | 1 | 0 | 2026-01-15T18:31:42 | A Null Pointer Dereference vulnerability exists in the referer header check of t | |
| CVE-2026-22644 | 5.3 | 0.07% | 1 | 0 | 2026-01-15T15:31:35 | Certain requests pass the authentication token in the URL as string query parame | |
| CVE-2026-0712 | 7.6 | 0.05% | 1 | 0 | 2026-01-15T15:31:35 | An open redirect vulnerability has been identified in Grafana OSS that can be ex | |
| CVE-2026-22643 | 8.3 | 0.08% | 1 | 0 | 2026-01-15T15:31:35 | In Grafana, an excessively long dashboard title or panel name will cause Chromiu | |
| CVE-2026-22907 | 10.0 | 0.07% | 1 | 0 | 2026-01-15T15:31:30 | An attacker may gain unauthorized access to the host filesystem, potentially all | |
| CVE-2026-22908 | 9.1 | 0.20% | 1 | 0 | 2026-01-15T15:31:27 | Uploading unvalidated container images may allow remote attackers to gain full a | |
| CVE-2026-22639 | 4.3 | 0.04% | 1 | 0 | 2026-01-15T15:31:27 | Grafana is an open-source platform for monitoring and observability. The Grafana | |
| CVE-2026-22641 | 5.0 | 0.03% | 1 | 0 | 2026-01-15T15:31:27 | This vulnerability in Grafana's datasource proxy API allows authorization checks | |
| CVE-2026-22645 | 5.3 | 0.04% | 1 | 0 | 2026-01-15T15:31:27 | The application discloses all used components, versions and license information | |
| CVE-2026-0713 | 8.3 | 0.04% | 1 | 0 | 2026-01-15T15:31:26 | A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows a | |
| CVE-2026-22920 | 3.7 | 0.05% | 1 | 0 | 2026-01-15T15:31:26 | The device's passwords have not been adequately salted, making them vulnerable t | |
| CVE-2026-22637 | 6.8 | 0.03% | 1 | 0 | 2026-01-15T15:31:25 | The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user wi | |
| CVE-2026-22918 | 4.3 | 0.05% | 1 | 0 | 2026-01-15T15:31:19 | An attacker may exploit missing protection against clickjacking by tricking user | |
| CVE-2026-22912 | 4.3 | 0.08% | 1 | 0 | 2026-01-15T15:31:19 | Improper validation of a login parameter may allow attackers to redirect users t | |
| CVE-2026-22916 | 4.3 | 0.05% | 1 | 0 | 2026-01-15T15:31:19 | An attacker with low privileges may be able to trigger critical system functions | |
| CVE-2026-22911 | 5.3 | 0.06% | 1 | 0 | 2026-01-15T15:31:18 | Firmware update files may expose password hashes for system accounts, which coul | |
| CVE-2026-22909 | 7.5 | 0.07% | 1 | 0 | 2026-01-15T15:31:18 | Certain system functions may be accessed without proper authorization, allowing | |
| CVE-2025-14242 | 6.5 | 0.17% | 1 | 0 | 2026-01-15T00:32:39 | A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) | |
| CVE-2025-13154 | 5.5 | 0.02% | 1 | 0 | 2026-01-15T00:31:44 | An improper link following vulnerability was reported in the SmartPerformanceAdd | |
| CVE-2026-23550 | 10.0 | 6.11% | 3 | 2 | template | 2026-01-14T21:34:10 | Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Esca |
| CVE-2026-21265 | 6.4 | 0.23% | 1 | 0 | 2026-01-14T20:23:43.417000 | Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These | |
| CVE-2025-67399 | 4.6 | 0.02% | 1 | 1 | 2026-01-14T17:16:06.930000 | An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically | |
| CVE-2026-0403 | 0 | 0.06% | 1 | 0 | 2026-01-14T16:26:00.933000 | An insufficient input validation vulnerability in NETGEAR Orbi routers allows a | |
| CVE-2026-0405 | 0 | 0.14% | 1 | 0 | 2026-01-14T16:26:00.933000 | An authentication bypass vulnerability in NETGEAR Orbi devices allows users con | |
| CVE-2025-13447 | 8.4 | 0.26% | 1 | 0 | 2026-01-14T16:26:00.933000 | OS Command Injection Remote Code Execution Vulnerability in API in Progress Load | |
| CVE-2025-37165 | 7.5 | 0.04% | 1 | 0 | 2026-01-14T16:25:40.430000 | A vulnerability in the router mode configuration of HPE Instant On Access Points | |
| CVE-2025-14847 | 7.5 | 51.95% | 3 | 39 | template | 2026-01-13T22:24:20.380000 | Mismatched length fields in Zlib compressed protocol headers may allow a read of |
| CVE-2026-20805 | 5.5 | 5.86% | 7 | 2 | 2026-01-13T21:31:44 | Exposure of sensitive information to an unauthorized actor in Desktop Windows Ma | |
| CVE-2026-22812 | 8.8 | 0.03% | 1 | 7 | 2026-01-13T20:35:09 | *Previously reported via email to support@sst.dev on 2025-11-17 per the security | |
| CVE-2025-66177 | 8.8 | 0.03% | 1 | 0 | 2026-01-13T18:32:08 | There is a Stack overflow Vulnerability in the device Search and Discovery featu | |
| CVE-2026-20965 | 7.6 | 0.03% | 3 | 0 | 2026-01-13T18:31:18 | Improper verification of cryptographic signature in Windows Admin Center allows | |
| CVE-2026-20950 | 7.8 | 0.04% | 1 | 0 | 2026-01-13T18:31:18 | Use after free in Microsoft Office Excel allows an unauthorized attacker to exec | |
| CVE-2026-20944 | 8.4 | 0.04% | 1 | 0 | 2026-01-13T18:31:18 | Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to e | |
| CVE-2026-20953 | 8.4 | 0.04% | 1 | 0 | 2026-01-13T18:31:18 | Use after free in Microsoft Office allows an unauthorized attacker to execute co | |
| CVE-2026-20952 | 8.4 | 0.04% | 1 | 0 | 2026-01-13T18:31:18 | Use after free in Microsoft Office allows an unauthorized attacker to execute co | |
| CVE-2026-0407 | None | 0.05% | 1 | 0 | 2026-01-13T18:31:16 | An insufficient authentication vulnerability in NETGEAR WiFi range extenders al | |
| CVE-2025-59922 | 7.2 | 0.05% | 1 | 0 | 2026-01-13T18:31:14 | An improper neutralization of special elements used in an SQL command ('SQL Inje | |
| CVE-2025-37166 | 7.5 | 0.03% | 1 | 0 | 2026-01-13T18:31:14 | A vulnerability affecting HPE Networking Instant On Access Points has been ident | |
| CVE-2026-0386 | 7.5 | 0.09% | 1 | 0 | 2026-01-13T18:31:13 | Improper access control in Windows Deployment Services allows an unauthorized at | |
| CVE-2026-0406 | None | 0.05% | 1 | 0 | 2026-01-13T18:31:10 | An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows a | |
| CVE-2026-0408 | None | 0.05% | 1 | 0 | 2026-01-13T18:31:09 | A path traversal vulnerability in NETGEAR WiFi range extenders allows an attack | |
| CVE-2026-0404 | None | 0.64% | 1 | 0 | 2026-01-13T18:31:09 | An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 | |
| CVE-2025-66176 | 8.8 | 0.03% | 1 | 0 | 2026-01-13T18:31:03 | There is a Stack overflow Vulnerability in the device Search and Discovery featu | |
| CVE-2025-13444 | 8.5 | 0.26% | 1 | 0 | 2026-01-13T15:37:12 | OS Command Injection Remote Code Execution Vulnerability in API in Progress Load | |
| CVE-2025-40805 | 10.0 | 0.20% | 2 | 0 | 2026-01-13T14:03:18.990000 | Affected devices do not properly enforce user authentication on specific API end | |
| CVE-2026-0500 | 9.7 | 0.09% | 1 | 0 | 2026-01-13T03:32:19 | Due to the usage of vulnerable third party component in SAP Wily Introscope Ente | |
| CVE-2025-12420 | None | 0.04% | 5 | 1 | 2026-01-13T03:32:08 | A vulnerability has been identified in the ServiceNow AI Platform that could ena | |
| CVE-2025-41006 | None | 0.04% | 1 | 0 | 2026-01-12T15:30:50 | Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ par | |
| CVE-2022-33318 | 9.8 | 2.11% | 1 | 1 | 2026-01-09T06:32:08 | Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10 | |
| CVE-2025-52691 | 10.0 | 13.81% | 3 | 10 | template | 2026-01-08T21:31:33 | Successful exploitation of the vulnerability could allow an unauthenticated atta |
| CVE-2025-14631 | None | 0.02% | 1 | 0 | 2026-01-07T12:31:27 | A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modul | |
| CVE-2025-67268 | 9.8 | 0.11% | 1 | 0 | 2026-01-06T18:32:37 | gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerabili | |
| CVE-2025-14346 | 9.8 | 0.11% | 1 | 0 | 2026-01-05T18:30:29 | WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce auth | |
| CVE-2025-13699 | 7.0 | 0.12% | 1 | 0 | 2025-12-24T00:30:22 | MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerabi | |
| CVE-2024-50349 | 4.7 | 0.39% | 1 | 0 | 2025-12-18T16:42:54.610000 | Git is a fast, scalable, distributed revision control system with an unusually r | |
| CVE-2025-43529 | 8.8 | 0.03% | 1 | 4 | 2025-12-17T21:31:01 | A use-after-free issue was addressed with improved memory management. This issue | |
| CVE-2025-20393 | 10.0 | 4.64% | 2 | 7 | 2025-12-17T21:30:47 | Cisco is aware of a potential vulnerability. Cisco is currently investigat | |
| CVE-2025-59718 | 9.8 | 2.27% | 1 | 3 | 2025-12-16T21:30:51 | A improper verification of cryptographic signature vulnerability in Fortinet For | |
| CVE-2025-68285 | None | 0.06% | 1 | 0 | 2025-12-16T18:31:42 | In the Linux kernel, the following vulnerability has been resolved: libceph: fi | |
| CVE-2025-14174 | 8.8 | 0.67% | 1 | 4 | 2025-12-15T15:30:31 | Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499 | |
| CVE-2025-64113 | 0 | 0.02% | 1 | 1 | 2025-12-12T15:19:07.567000 | Emby Server is a user-installable home media server. Versions below 4.9.1.81 all | |
| CVE-2025-64446 | 9.8 | 89.02% | 1 | 12 | template | 2025-11-19T15:32:36 | A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1 |
| CVE-2025-12817 | 3.1 | 0.07% | 1 | 0 | 2025-11-14T16:42:03.187000 | Missing authorization in PostgreSQL CREATE STATISTICS command allows a table own | |
| CVE-2025-12818 | 5.9 | 0.07% | 1 | 0 | 2025-11-13T15:30:37 | Integer wraparound in multiple PostgreSQL libpq client library functions allows | |
| CVE-2025-49844 | 9.9 | 6.88% | 1 | 18 | template | 2025-11-12T11:34:21.060000 | Redis is an open source, in-memory database that persists on disk. Versions 8.2. |
| CVE-2025-8677 | 7.5 | 0.07% | 1 | 0 | 2025-11-04T22:16:44.973000 | Querying for records within a specially crafted zone containing certain malforme | |
| CVE-2025-40778 | 8.6 | 0.01% | 1 | 2 | 2025-11-04T22:16:11.677000 | Under certain circumstances, BIND is too lenient when accepting records from ans | |
| CVE-2025-30693 | 5.5 | 0.09% | 1 | 0 | 2025-11-03T21:33:34 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | |
| CVE-2025-21490 | 4.9 | 0.44% | 1 | 0 | 2025-11-03T21:32:18 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | |
| CVE-2025-30722 | 5.3 | 0.11% | 1 | 0 | 2025-11-03T20:18:15.253000 | Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: my | |
| CVE-2025-21043 | 8.8 | 11.37% | 1 | 0 | 2025-10-30T15:36:12.360000 | Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 al | |
| CVE-2025-39993 | None | 0.07% | 1 | 0 | 2025-10-29T15:31:52 | In the Linux kernel, the following vulnerability has been resolved: media: rc: | |
| CVE-2025-54236 | 9.1 | 57.72% | 1 | 3 | template | 2025-10-27T15:13:10 | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, |
| CVE-2025-10585 | 8.8 | 0.70% | 1 | 1 | 2025-10-22T00:34:26 | Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote a | |
| CVE-2024-43451 | 6.5 | 90.39% | 1 | 1 | 2025-10-22T00:33:11 | NTLM Hash Disclosure Spoofing Vulnerability | |
| CVE-2025-59830 | 7.5 | 0.07% | 1 | 0 | 2025-10-10T16:43:14.337000 | Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::Quer | |
| CVE-2025-25256 | 9.8 | 32.70% | 1 | 1 | template | 2025-08-15T18:31:55 | An improper neutralization of special elements used in an OS command ('OS Comman |
| CVE-2025-53136 | 5.5 | 0.04% | 1 | 1 | 2025-08-12T18:31:31 | Exposure of sensitive information to an unauthorized actor in Windows NT OS Kern | |
| CVE-2025-8286 | 9.8 | 0.58% | 1 | 0 | template | 2025-07-31T21:32:03 | Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-b |
| CVE-2017-20149 | 9.8 | 1.72% | 1 | 0 | 2025-05-14T15:32:35 | The Mikrotik RouterOS web server allows memory corruption in releases before Sta | |
| CVE-2025-2104 | 4.3 | 0.10% | 1 | 1 | 2025-03-13T06:30:39 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress | |
| CVE-2025-1058 | 8.1 | 0.07% | 1 | 1 | 2025-02-13T06:15:21.480000 | CWE-494: Download of Code Without Integrity Check vulnerability exists that coul | |
| CVE-2020-8554 | 6.3 | 24.78% | 1 | 5 | 2024-11-21T05:39:01.370000 | Kubernetes API server in all versions allow an attacker who is able to create a | |
| CVE-2023-38408 | 9.8 | 69.19% | 1 | 8 | 2024-04-19T05:07:56 | The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently t | |
| CVE-2023-31096 | 7.8 | 0.02% | 1 | 0 | 2024-04-04T08:33:05 | An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver thr | |
| CVE-2022-3270 | 9.8 | 0.95% | 1 | 0 | 2023-01-31T05:03:00 | In multiple products by Festo a remote unauthenticated attacker could use functi | |
| CVE-2026-22792 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-22793 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-1220 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-23838 | 0 | 0.11% | 1 | 0 | N/A | ||
| CVE-2025-63261 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-22852 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-22859 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-22854 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-22858 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-22853 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-22857 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-22856 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2026-22264 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-22258 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-22262 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-22263 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-22260 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-22259 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-22261 | 0 | 0.00% | 1 | 0 | N/A |
updated 2026-01-22T03:15:48.090000
4 posts
🟠 CVE-2026-24010 - High (8.8)
Horilla is a free and open source Human Resource Management System (HRMS). A critical File Upload vulnerability in versions prior to 1.5.0, with Social Engineering, allows authenticated users to deploy phishing attacks. By uploading a malicious HT...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24010/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24010 - High (8.8)
Horilla is a free and open source Human Resource Management System (HRMS). A critical File Upload vulnerability in versions prior to 1.5.0, with Social Engineering, allows authenticated users to deploy phishing attacks. By uploading a malicious HT...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24010/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24010 - High (8.8)
Horilla is a free and open source Human Resource Management System (HRMS). A critical File Upload vulnerability in versions prior to 1.5.0, with Social Engineering, allows authenticated users to deploy phishing attacks. By uploading a malicious HT...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24010/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24010 - High (8.8)
Horilla is a free and open source Human Resource Management System (HRMS). A critical File Upload vulnerability in versions prior to 1.5.0, with Social Engineering, allows authenticated users to deploy phishing attacks. By uploading a malicious HT...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24010/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-22T03:15:47.933000
2 posts
🟠 CVE-2026-24006 - High (7.5)
Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0
and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Sero...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24006/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24006 - High (7.5)
Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0
and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Sero...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24006/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-22T03:15:47.777000
2 posts
🔴 CVE-2026-24002 - Critical (9)
Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, bu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24002 - Critical (9)
Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, bu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-22T03:15:47.167000
4 posts
🟠 CVE-2026-23967 - High (7.5)
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An att...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23967 - High (7.5)
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An att...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23967 - High (7.5)
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An att...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23967 - High (7.5)
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An att...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-22T03:15:47.007000
4 posts
🔴 CVE-2026-23966 - Critical (9.1)
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23966/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-23966 - Critical (9.1)
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23966/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-23966 - Critical (9.1)
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23966/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-23966 - Critical (9.1)
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23966/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-22T03:15:46.400000
2 posts
🟠 CVE-2026-23962 - High (7.5)
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23962/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23962 - High (7.5)
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23962/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-22T02:15:52.470000
2 posts
🟠 CVE-2026-23957 - High (7.5)
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0
and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserializati...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23957 - High (7.5)
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0
and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserializati...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-22T02:15:52.310000
2 posts
🟠 CVE-2026-23956 - High (7.5)
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0
and below, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23956 - High (7.5)
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0
and below, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-22T02:15:51.310000
2 posts
🟠 CVE-2025-27380 - High (7.6)
HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-27380/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-27380 - High (7.6)
HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-27380/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-22T01:15:51.077000
2 posts
🟠 CVE-2025-27378 - High (8.6)
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to injec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-27378/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-27378 - High (8.6)
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to injec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-27378/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T21:31:31
16 posts
Cisco Releases Emergency Patch for Actively Exploited CVE-2026-20045 Zero-Day RCE Flaw + Video
Critical Zero-Day Exposure in Cisco Enterprise Communications Stack Cisco has released an urgent security patch addressing a critical zero-day vulnerability actively exploited in real-world attacks. The flaw, tracked as CVE-2026-20045 with a CVSS score of 8.2, allows unauthenticated remote attackers to execute arbitrary commands on affected systems. The exposure sits at the…
##Cisco Confirms Active Exploitation of Critical Unified Communications Zero-Day (CVE-2026-20045)
Introduction: A High-Impact Cisco Flaw Moves From Theory to Reality Cisco has disclosed and patched a critical remote code execution vulnerability affecting its Unified Communications ecosystem, confirming that the flaw has already been exploited in real-world attacks. Tracked as CVE-2026-20045, the vulnerability targets core enterprise communication platforms, including…
##Cisco fixes Unified Communications RCE zero day exploited in attacks
Cisco has fixed a critical Unified Communications and Webex Calling remote code execution vulnerability, tracked as CVE-2026-20045, that has been...
🔗️ [Bleepingcomputer] https://link.is.it/WDsEt3
##One overlooked flaw in Cisco’s communications platform let hackers break in without even logging on, hitting hospitals and banks worldwide. How did it happen so fast, and could it happen again?
##‼️Attackers Actively Probing RCE Vulnerability in Cisco Enterprise Communications Products
CVE-2026-20045: Cisco Unified Communications Products Code Injection Vulnerability
CVSS: 8.2
CISA KEV: Added today; January 21st, 2026
CVE Published: January 21st, 2026
Advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-20045
Description: A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.
##CVE ID: CVE-2026-20045
Vendor: Cisco
Product: Unified Communications Manager
Date Added: 2026-01-21
Notes: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b ; https://nvd.nist.gov/vuln/detail/CVE-2026-20045
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20045
🚨 [CISA-2026:0121] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0121)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-20045 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20045)
- Name: Cisco Unified Communications Products Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Unified Communications Manager
- Notes: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b ; https://nvd.nist.gov/vuln/detail/CVE-2026-20045
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260121 #cisa20260121 #cve_2026_20045 #cve202620045
##New Cisco zero-day, CVE-2026-20045
##🟠 CVE-2026-20045 - High (8.2)
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Uni...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Four advisories from Cisco today, one of them critical. Too bad some crows no longer follow these things. 😇
- Critical: CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
- Medium severity: CVE-2026-20055 and CVE-2026-20109: Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
- Medium severity: CVE-2026-20092: Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
- Medium severity: CVE-2026-20080: Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v @TalosSecurity #Cisco #infosec #vulnerability
##Cisco fixes Unified Communications RCE zero day exploited in attacks
Cisco has fixed a critical Unified Communications and Webex Calling remote code execution vulnerability, tracked as CVE-2026-20045, that has been...
🔗️ [Bleepingcomputer] https://link.is.it/WDsEt3
##‼️Attackers Actively Probing RCE Vulnerability in Cisco Enterprise Communications Products
CVE-2026-20045: Cisco Unified Communications Products Code Injection Vulnerability
CVSS: 8.2
CISA KEV: Added today; January 21st, 2026
CVE Published: January 21st, 2026
Advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-20045
Description: A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.
##CVE ID: CVE-2026-20045
Vendor: Cisco
Product: Unified Communications Manager
Date Added: 2026-01-21
Notes: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b ; https://nvd.nist.gov/vuln/detail/CVE-2026-20045
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20045
New Cisco zero-day, CVE-2026-20045
##🟠 CVE-2026-20045 - High (8.2)
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Uni...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Four advisories from Cisco today, one of them critical. Too bad some crows no longer follow these things. 😇
- Critical: CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
- Medium severity: CVE-2026-20055 and CVE-2026-20109: Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
- Medium severity: CVE-2026-20092: Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
- Medium severity: CVE-2026-20080: Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-01-21T21:30:30
1 posts
🟠 CVE-2025-59465 - High (7.5)
A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59465/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T20:16:05.840000
2 posts
🟠 CVE-2025-68137 - High (8.3)
EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining lengt...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68137/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-68137 - High (8.3)
EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining lengt...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68137/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T19:16:02.960000
2 posts
🟠 CVE-2025-13878 - High (7.5)
Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.
This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13878/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-13878 - High (7.5)
Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.
This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13878/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T18:31:36
2 posts
🟠 CVE-2025-66692 - High (7.5)
A buffer over-read in the PublicKey::verify() method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service (DoS) via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66692/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-66692 - High (7.5)
A buffer over-read in the PublicKey::verify() method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service (DoS) via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66692/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T18:31:35
3 posts
TP-Link Patches Authentication Bypass Flaw in VIGI Cameras
TP-Link fixed a high-severity authentication bypass vulnerability (CVE-2026-0629) in its VIGI camera series that allowed local attackers to reset administrative passwords. The flaw enables full device takeover and potential lateral movement within corporate networks.
**Make sure all CCTV devices are isolated from the internet and accessible from trusted networks only. Segment your surveillance cameras into a dedicated VLAN and if possible disable the password recovery feature on the local web interface. Then plan a patch cycle.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/tp-link-patches-authentication-bypass-flaw-in-vigi-cameras-6-s-b-i-e/gD2P6Ple2L
TP-Link Patches Authentication Bypass Flaw in VIGI Cameras
TP-Link fixed a high-severity authentication bypass vulnerability (CVE-2026-0629) in its VIGI camera series that allowed local attackers to reset administrative passwords. The flaw enables full device takeover and potential lateral movement within corporate networks.
**Make sure all CCTV devices are isolated from the internet and accessible from trusted networks only. Segment your surveillance cameras into a dedicated VLAN and if possible disable the password recovery feature on the local web interface. Then plan a patch cycle.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/tp-link-patches-authentication-bypass-flaw-in-vigi-cameras-6-s-b-i-e/gD2P6Ple2L
Eine kritische Sicherheitslücke CVE-2026-0629 erlaubt es Angreifern, Admin-Zugriff auf zahlreiche #TPLink Vigi-Überwachungskameras per Fernzugriff zu erlangen. https://www.golem.de/specials/tp-link/
##updated 2026-01-21T18:30:38
2 posts
Four advisories from Cisco today, one of them critical. Too bad some crows no longer follow these things. 😇
- Critical: CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
- Medium severity: CVE-2026-20055 and CVE-2026-20109: Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
- Medium severity: CVE-2026-20092: Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
- Medium severity: CVE-2026-20080: Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v @TalosSecurity #Cisco #infosec #vulnerability
##Four advisories from Cisco today, one of them critical. Too bad some crows no longer follow these things. 😇
- Critical: CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
- Medium severity: CVE-2026-20055 and CVE-2026-20109: Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
- Medium severity: CVE-2026-20092: Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
- Medium severity: CVE-2026-20080: Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-01-21T18:30:38
2 posts
Four advisories from Cisco today, one of them critical. Too bad some crows no longer follow these things. 😇
- Critical: CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
- Medium severity: CVE-2026-20055 and CVE-2026-20109: Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
- Medium severity: CVE-2026-20092: Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
- Medium severity: CVE-2026-20080: Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v @TalosSecurity #Cisco #infosec #vulnerability
##Four advisories from Cisco today, one of them critical. Too bad some crows no longer follow these things. 😇
- Critical: CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
- Medium severity: CVE-2026-20055 and CVE-2026-20109: Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
- Medium severity: CVE-2026-20092: Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
- Medium severity: CVE-2026-20080: Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-01-21T18:30:38
2 posts
Four advisories from Cisco today, one of them critical. Too bad some crows no longer follow these things. 😇
- Critical: CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
- Medium severity: CVE-2026-20055 and CVE-2026-20109: Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
- Medium severity: CVE-2026-20092: Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
- Medium severity: CVE-2026-20080: Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v @TalosSecurity #Cisco #infosec #vulnerability
##Four advisories from Cisco today, one of them critical. Too bad some crows no longer follow these things. 😇
- Critical: CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
- Medium severity: CVE-2026-20055 and CVE-2026-20109: Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
- Medium severity: CVE-2026-20092: Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
- Medium severity: CVE-2026-20080: Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-01-21T18:30:37
2 posts
🟠 CVE-2025-70650 - High (7.5)
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70650 - High (7.5)
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T18:30:30
2 posts
🟠 CVE-2025-70651 - High (7.5)
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70651/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70651 - High (7.5)
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70651/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T18:30:30
2 posts
🟠 CVE-2026-21957 - High (7.5)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrast...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21957 - High (7.5)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrast...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T18:30:29
4 posts
From yesterday, relating to CVE-2026-21945. Oracle has listed this vulnerability in its latest advisory: https://www.oracle.com/security-alerts/cpujan2026.html
Tenable: SSRF Vulnerability in Java TLS Handshakes Creates DoS Risk https://www.tenable.com/blog/tenable-discovers-ssrf-vulnerability-in-java-tls-handshakes-that-creates-dos-risk @tenable #infosec #threatresearch #JavaScript #vulnerability #DDoS #Oracle
##🟠 CVE-2026-21945 - High (7.5)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.1...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21945/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##From yesterday, relating to CVE-2026-21945. Oracle has listed this vulnerability in its latest advisory: https://www.oracle.com/security-alerts/cpujan2026.html
Tenable: SSRF Vulnerability in Java TLS Handshakes Creates DoS Risk https://www.tenable.com/blog/tenable-discovers-ssrf-vulnerability-in-java-tls-handshakes-that-creates-dos-risk @tenable #infosec #threatresearch #JavaScript #vulnerability #DDoS #Oracle
##🟠 CVE-2026-21945 - High (7.5)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.1...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21945/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T18:30:29
1 posts
🟠 CVE-2026-21955 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21955/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T17:16:08.570000
2 posts
Four advisories from Cisco today, one of them critical. Too bad some crows no longer follow these things. 😇
- Critical: CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
- Medium severity: CVE-2026-20055 and CVE-2026-20109: Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
- Medium severity: CVE-2026-20092: Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
- Medium severity: CVE-2026-20080: Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v @TalosSecurity #Cisco #infosec #vulnerability
##Four advisories from Cisco today, one of them critical. Too bad some crows no longer follow these things. 😇
- Critical: CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
- Medium severity: CVE-2026-20055 and CVE-2026-20109: Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
- Medium severity: CVE-2026-20092: Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
- Medium severity: CVE-2026-20080: Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-01-21T16:56:56
2 posts
1 repos
🔴 CVE-2025-65482 - Critical (9.8)
An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-65482/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-65482 - Critical (9.8)
An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-65482/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T16:23:34
1 posts
I don't know this project ( Jervis ) but the fact that there are five crypto-related vulns at once seems like a legitimate opportunity for people to learn from someone else's mistakes. I don't understand many crypto vulns so they always fascinate me.
https://www.cve.org/CVERecord?id=CVE-2025-68701
https://www.cve.org/CVERecord?id=CVE-2025-68702
https://www.cve.org/CVERecord?id=CVE-2025-68703
##updated 2026-01-21T16:23:23
1 posts
I don't know this project ( Jervis ) but the fact that there are five crypto-related vulns at once seems like a legitimate opportunity for people to learn from someone else's mistakes. I don't understand many crypto vulns so they always fascinate me.
https://www.cve.org/CVERecord?id=CVE-2025-68701
https://www.cve.org/CVERecord?id=CVE-2025-68702
https://www.cve.org/CVERecord?id=CVE-2025-68703
##updated 2026-01-21T16:21:30
1 posts
I don't know this project ( Jervis ) but the fact that there are five crypto-related vulns at once seems like a legitimate opportunity for people to learn from someone else's mistakes. I don't understand many crypto vulns so they always fascinate me.
https://www.cve.org/CVERecord?id=CVE-2025-68701
https://www.cve.org/CVERecord?id=CVE-2025-68702
https://www.cve.org/CVERecord?id=CVE-2025-68703
##updated 2026-01-21T16:21:23
1 posts
I don't know this project ( Jervis ) but the fact that there are five crypto-related vulns at once seems like a legitimate opportunity for people to learn from someone else's mistakes. I don't understand many crypto vulns so they always fascinate me.
https://www.cve.org/CVERecord?id=CVE-2025-68701
https://www.cve.org/CVERecord?id=CVE-2025-68702
https://www.cve.org/CVERecord?id=CVE-2025-68703
##updated 2026-01-21T16:16:10.360000
2 posts
🟠 CVE-2026-22022 - High (8.2)
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only de...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22022/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22022 - High (8.2)
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only de...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22022/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T16:16:10.127000
2 posts
3 repos
https://github.com/gglessner/cve_2026_21962_scanner
📰 Oracle Issues Critical Patch for CVSS 10.0 Auth Bypass in WebLogic Server
🚨 CRITICAL PATCH: Oracle's January 2026 update fixes 337 flaws, including a CVSS 10.0 auth bypass (CVE-2026-21962) in WebLogic Server. This is remotely exploitable with no user interaction. Patch immediately! ⚠️ #Oracle #PatchTuesday #CVE
##🔴 CVE-2026-21962 - Critical (10)
Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that ar...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21962/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T16:16:09.527000
2 posts
🟠 CVE-2026-21956 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21956 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T16:16:07.350000
2 posts
🟠 CVE-2025-70645 - High (7.5)
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70645/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70645 - High (7.5)
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70645/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T16:16:05.420000
1 posts
updated 2026-01-21T16:12:56
2 posts
🟠 CVE-2026-22807 - High (8.8)
vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face `auto_map` dynamic modules during model resolution without gating on `trust_remote_code`, all...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22807/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22807 - High (8.8)
vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face `auto_map` dynamic modules during model resolution without gating on `trust_remote_code`, all...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22807/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T15:41:23
2 posts
🟠 CVE-2026-23737 - High (7.5)
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code executi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23737/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23737 - High (7.5)
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code executi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23737/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T15:40:25
2 posts
🔴 CVE-2026-23524 - Critical (9.8)
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize() function without restricting which classes can...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23524/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-23524 - Critical (9.8)
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize() function without restricting which classes can...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23524/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T15:32:23
2 posts
🟠 CVE-2025-57156 - High (7.5)
NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-57156/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-57156 - High (7.5)
NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-57156/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T15:32:22
2 posts
🟠 CVE-2025-63648 - High (7.5)
A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-63648/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-63648 - High (7.5)
A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-63648/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T15:32:22
2 posts
🟠 CVE-2025-63647 - High (7.5)
A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-63647/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-63647 - High (7.5)
A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-63647/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T15:32:22
2 posts
🟠 CVE-2026-21940 - High (7.5)
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: User and User Group). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21940 - High (7.5)
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: User and User Group). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T15:32:18
2 posts
🟠 CVE-2025-56353 - High (7.5)
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscriptio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-56353/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-56353 - High (7.5)
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscriptio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-56353/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T15:32:18
2 posts
🔴 CVE-2025-55423 - Critical (9.8)
A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system() without proper validation or sani...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-55423/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-55423 - Critical (9.8)
A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system() without proper validation or sani...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-55423/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T15:32:17
2 posts
🟠 CVE-2025-57155 - High (7.5)
NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-57155/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-57155 - High (7.5)
NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-57155/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T15:31:17
1 posts
🟠 CVE-2026-21984 - High (7.5)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrast...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21984/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T15:31:16
1 posts
🟠 CVE-2026-21983 - High (7.5)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrast...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21983/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T15:16:09.250000
1 posts
🟠 CVE-2026-21982 - High (7.5)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physic...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21982/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T15:16:07.890000
2 posts
🟠 CVE-2025-66902 - High (7.5)
An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocket_server/websocket_server.py, WebSocketServer._message_received components.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66902/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-66902 - High (7.5)
An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocket_server/websocket_server.py, WebSocketServer._message_received components.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66902/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T15:16:07.473000
2 posts
1 repos
🔴 CVE-2025-64087 - Critical (9.8)
A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64087/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-64087 - Critical (9.8)
A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64087/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T15:15:35.597000
1 posts
OpenCode patches critical RCE flaw in Web UI
OpenCode patched a critical XSS vulnerability (CVE-2026-22813) that allowed malicious websites to execute arbitrary commands on a user's local system by abusing the tool's internal API.
**If you are using OpenCode, update to version 1.1.10 ASAP to disable the vulnerable web UI and API. Avoid clicking untrusted links, check underling URLs and don't click on any links that you haven't crafted but point to your local machine's ports .**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/opencode-patches-critical-rce-flaw-in-web-ui-c-7-g-n-7/gD2P6Ple2L
updated 2026-01-21T13:46:39.423000
1 posts
2 repos
https://github.com/Ashwesker/Ashwesker-CVE-2025-60021
https://github.com/ninjazan420/CVE-2025-60021-PoC-Apache-bRPC-Heap-Profiler-Command-Injection
Apache bRPC Critical Remote Command Injection Vulnerability
Apache bRPC versions prior to 1.15.0 contain a critical remote command injection vulnerability (CVE-2025-60021) in the heap profiler service. Attackers can exploit unvalidated input in the extra_options parameter to execute arbitrary commands and gain full system control.
**If you are using Apache bRPC, make sure all bRPC instances are isolated from the internet and accessible from trusted networks only. Disable the heap profiler service to prevent attackers from running remote commands on your servers and plan a quick upgrade to version 1.15.0.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apache-brpc-critical-remote-command-injection-vulnerability-d-8-0-d-6/gD2P6Ple2L
updated 2026-01-21T09:31:40
4 posts
La vulnérabilité CVE-2026-24061 permet à un attaquant de se connecter en root en contournant l'authentification d'un service telnetd. Un code d'exploitation est disponible et son exploitation est triviale.
https://www.cert.ssi.gouv.fr/actualite/CERTFR-2026-ACT-003/
🔴 CVE-2026-24061 - Critical (9.8)
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24061/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##La vulnérabilité CVE-2026-24061 permet à un attaquant de se connecter en root en contournant l'authentification d'un service telnetd. Un code d'exploitation est disponible et son exploitation est triviale.
https://www.cert.ssi.gouv.fr/actualite/CERTFR-2026-ACT-003/
🔴 CVE-2026-24061 - Critical (9.8)
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24061/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T09:31:40
2 posts
🟠 CVE-2026-24016 - High (7.8)
The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24016/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24016 - High (7.8)
The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24016/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T03:30:26
2 posts
🔴 CVE-2025-15521 - Critical (9.8)
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15521/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-15521 - Critical (9.8)
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15521/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T01:07:03
4 posts
Critical Chainlit AI Vulnerabilities Put Servers and Sensitive Data at Risk
In a troubling development for the AI and cybersecurity communities, two critical vulnerabilities—CVE-2026-22218 and CVE-2026-22219—have been discovered in the Chainlit AI framework. These flaws allow attackers to access sensitive environment variables and perform server-side request forgery (SSRF) attacks, which could potentially lead to full system takeovers. As AI frameworks become…
##Vulnerabilities in Chainlit AI Framework Expose Data and Cloud Environments
Chainlit patched two vulnerabilities, CVE-2026-22218 and CVE-2026-22219, which allow attackers to steal sensitive files, leak private user conversations, and gain unauthorized access to cloud environments.
**Ensure all AI application frameworks are isolated from the internet and accessible only through trusted networks. If you are using Chainlit, plan an update to version 2.9.4 or later. In the meantime, isolate and control PUT requests to the /project/element endpoint.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/vulnerabilities-in-chainlit-ai-framework-expose-data-and-cloud-environments-j-0-n-7-y/gD2P6Ple2L
Vulnerabilities in Chainlit AI Framework Expose Data and Cloud Environments
Chainlit patched two vulnerabilities, CVE-2026-22218 and CVE-2026-22219, which allow attackers to steal sensitive files, leak private user conversations, and gain unauthorized access to cloud environments.
**Ensure all AI application frameworks are isolated from the internet and accessible only through trusted networks. If you are using Chainlit, plan an update to version 2.9.4 or later. In the meantime, isolate and control PUT requests to the /project/element endpoint.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/vulnerabilities-in-chainlit-ai-framework-expose-data-and-cloud-environments-j-0-n-7-y/gD2P6Ple2L
New. Tracked as CVE-2026-22218 and CVE-2026-22219.
Zafran Research: ChainLeak: Critical AI framework vulnerabilities expose data, enable cloud takeover https://www.zafran.io/resources/chainleak-critical-ai-framework-vulnerabilities-expose-data-enable-cloud-takeover
More:
Infosecurity-Magazine: Chainlit Security Flaws Highlight Infrastructure Risks in AI Apps https://www.infosecurity-magazine.com/news/chainlit-security-flaws-ai-apps/ #infosec #opensource #Python #vulnerability
##updated 2026-01-21T00:31:51
1 posts
🟠 CVE-2026-21973 - High (8.1)
Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Security Management System). Supported versions that are affected are 14.5.0.15.0, 14.7.0.8.0 and 14.8.0.1.0. Easily exploitabl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21973/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T00:31:51
2 posts
🟠 CVE-2026-21988 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21988 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T00:31:51
2 posts
🟠 CVE-2026-21987 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21987/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21987 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21987/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T00:31:51
1 posts
🟠 CVE-2026-21990 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21990/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T00:31:50
1 posts
🔴 CVE-2026-21969 - Critical (9.8)
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Supplier Portal). The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows unauthenticated atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T00:31:49
2 posts
🟠 CVE-2026-21926 - High (7.5)
Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Server Infrastructure). Supported versions that are affected are 17.0-25.2. Easily exploitable vulnerability allows unauthenticated attacker with network access v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21926 - High (7.5)
Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Server Infrastructure). Supported versions that are affected are 17.0-25.2. Easily exploitable vulnerability allows unauthenticated attacker with network access v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T22:16:02.470000
2 posts
🟠 CVE-2026-21989 - High (8.1)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21989/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21989 - High (8.1)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21989/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T22:15:59.733000
1 posts
🟠 CVE-2026-21967 - High (8.6)
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.23, 5.6.25.17, 5.6.26.10 and 5.6.27.4. Easily exploitable vulnerability allows...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T22:15:52.923000
2 posts
🔴 CVE-2026-0905 - Critical (9.8)
Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0905/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-0905 - Critical (9.8)
Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0905/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T21:31:41
1 posts
🔴 CVE-2025-56005 - Critical (9.8)
An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()`...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-56005/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T21:31:35
4 posts
Critical Chainlit AI Vulnerabilities Put Servers and Sensitive Data at Risk
In a troubling development for the AI and cybersecurity communities, two critical vulnerabilities—CVE-2026-22218 and CVE-2026-22219—have been discovered in the Chainlit AI framework. These flaws allow attackers to access sensitive environment variables and perform server-side request forgery (SSRF) attacks, which could potentially lead to full system takeovers. As AI frameworks become…
##Vulnerabilities in Chainlit AI Framework Expose Data and Cloud Environments
Chainlit patched two vulnerabilities, CVE-2026-22218 and CVE-2026-22219, which allow attackers to steal sensitive files, leak private user conversations, and gain unauthorized access to cloud environments.
**Ensure all AI application frameworks are isolated from the internet and accessible only through trusted networks. If you are using Chainlit, plan an update to version 2.9.4 or later. In the meantime, isolate and control PUT requests to the /project/element endpoint.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/vulnerabilities-in-chainlit-ai-framework-expose-data-and-cloud-environments-j-0-n-7-y/gD2P6Ple2L
Vulnerabilities in Chainlit AI Framework Expose Data and Cloud Environments
Chainlit patched two vulnerabilities, CVE-2026-22218 and CVE-2026-22219, which allow attackers to steal sensitive files, leak private user conversations, and gain unauthorized access to cloud environments.
**Ensure all AI application frameworks are isolated from the internet and accessible only through trusted networks. If you are using Chainlit, plan an update to version 2.9.4 or later. In the meantime, isolate and control PUT requests to the /project/element endpoint.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/vulnerabilities-in-chainlit-ai-framework-expose-data-and-cloud-environments-j-0-n-7-y/gD2P6Ple2L
New. Tracked as CVE-2026-22218 and CVE-2026-22219.
Zafran Research: ChainLeak: Critical AI framework vulnerabilities expose data, enable cloud takeover https://www.zafran.io/resources/chainleak-critical-ai-framework-vulnerabilities-expose-data-enable-cloud-takeover
More:
Infosecurity-Magazine: Chainlit Security Flaws Highlight Infrastructure Risks in AI Apps https://www.infosecurity-magazine.com/news/chainlit-security-flaws-ai-apps/ #infosec #opensource #Python #vulnerability
##updated 2026-01-20T18:43:31.587000
1 posts
FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##updated 2026-01-20T18:36:35.953000
1 posts
FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##updated 2026-01-20T18:32:08
1 posts
Nvidia has posted two high-severity advisories:
Update: NVIDIA CUDA Toolkit - January 2026, relating to CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, and CVE-2025-33231 https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Update: NVIDIA Merlin - January 2026, relating to CVE-2025-33233 https://nvidia.custhelp.com/app/answers/detail/a_id/5761 #infosec #Nvidia #vulnerability
##updated 2026-01-20T18:32:08
1 posts
Nvidia has posted two high-severity advisories:
Update: NVIDIA CUDA Toolkit - January 2026, relating to CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, and CVE-2025-33231 https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Update: NVIDIA Merlin - January 2026, relating to CVE-2025-33233 https://nvidia.custhelp.com/app/answers/detail/a_id/5761 #infosec #Nvidia #vulnerability
##updated 2026-01-20T18:31:56
1 posts
🟠 CVE-2026-0943 - High (7.5)
HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.
Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0943/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T18:31:56
2 posts
GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)
https://sourceware.org/pipermail/libc-announce/2026/000050.html
##updated 2026-01-20T18:31:55
6 posts
4 repos
https://github.com/horizon3ai/CVE-2025-64155
https://github.com/cyberdudebivash/CYBERDUDEBIVASH-FortiSIEM-CVE-2025-64155-Scanner
CVE-2025-64155: Three Years of Remotely Rooting the #Fortinet #FortiSIEM
##Un exploit est disponible pour cette nouvelle faille critique dans Fortinet FortiSIEM : CVE-2025-64155 https://www.it-connect.fr/fortinet-fortisiem-cve-2025-64155/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Fortinet
##‼️CVE-2025-64155: Fortinet FortiSIEM Argument Injection to Remote Code Execution
Exploit/PoC: https://github.com/horizon3ai/CVE-2025-64155
CVSS: 9.4
Published: Jan 13, 2026
Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-25-772
##CVE-2025-64155: 3 Years of Remotely Rooting the Fortinet FortiSIEM https://horizon3.ai/attack-research/disclosures/cve-2025-64155-three-years-of-remotely-rooting-the-fortinet-fortisiem/
##RE: https://infosec.exchange/@cR0w/115888888335126115
Well would you look at that. Write-up now available. Go fuck up some FortiShit.
##updated 2026-01-20T18:16:02.950000
2 posts
🟠 CVE-2025-33233 - High (7.8)
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33233/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Nvidia has posted two high-severity advisories:
Update: NVIDIA CUDA Toolkit - January 2026, relating to CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, and CVE-2025-33231 https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Update: NVIDIA Merlin - January 2026, relating to CVE-2025-33233 https://nvidia.custhelp.com/app/answers/detail/a_id/5761 #infosec #Nvidia #vulnerability
##updated 2026-01-20T18:16:02.790000
1 posts
Nvidia has posted two high-severity advisories:
Update: NVIDIA CUDA Toolkit - January 2026, relating to CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, and CVE-2025-33231 https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Update: NVIDIA Merlin - January 2026, relating to CVE-2025-33233 https://nvidia.custhelp.com/app/answers/detail/a_id/5761 #infosec #Nvidia #vulnerability
##updated 2026-01-20T18:16:02.647000
1 posts
Nvidia has posted two high-severity advisories:
Update: NVIDIA CUDA Toolkit - January 2026, relating to CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, and CVE-2025-33231 https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Update: NVIDIA Merlin - January 2026, relating to CVE-2025-33233 https://nvidia.custhelp.com/app/answers/detail/a_id/5761 #infosec #Nvidia #vulnerability
##updated 2026-01-20T18:04:49.637000
1 posts
One more Tenda for old time's sake.
https://www.cve.org/CVERecord?id=CVE-2025-71023
https://www.cve.org/CVERecord?id=CVE-2025-71024
https://www.cve.org/CVERecord?id=CVE-2025-71025
https://www.cve.org/CVERecord?id=CVE-2025-71026
##updated 2026-01-20T17:15:49.217000
1 posts
🟠 CVE-2025-71020 - High (7.5)
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71020/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T17:13:31.310000
1 posts
I don't know this project ( Jervis ) but the fact that there are five crypto-related vulns at once seems like a legitimate opportunity for people to learn from someone else's mistakes. I don't understand many crypto vulns so they always fascinate me.
https://www.cve.org/CVERecord?id=CVE-2025-68701
https://www.cve.org/CVERecord?id=CVE-2025-68702
https://www.cve.org/CVERecord?id=CVE-2025-68703
##updated 2026-01-20T16:16:06.860000
1 posts
🔴 CVE-2026-0610 - Critical (9.8)
SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0610/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T15:33:21
1 posts
1 repos
Critical Zoom Vulnerability Exposes Enterprises to Remote Code Execution Threat
Zoom has revealed a critical security flaw in its Node Multimedia Routers (MMRs), allowing attackers to execute remote code with minimal effort. Tracked as CVE-2026-22844, this vulnerability carries a CVSS severity score of 9.9, signaling an urgent risk for organizations using Zoom Node Hybrid or Meeting Connector deployments. Experts warn that failure to address this flaw could lead to…
##updated 2026-01-20T15:33:12
1 posts
🟠 CVE-2026-0899 - High (8.8)
Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0899/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T12:31:28
3 posts
Your friendly reminder to minimize the WordPress plugins you deploy to what you actually need. BleepingComputer has an article:
A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions.
ACF Extended, currently active on 100,000 websites, is a specialized plugin that extends the capabilities of the Advanced Custom Fields (ACF) plugin with features for developers and advanced site builders.
Unauthenticated privilege escalation to get admin is about as bad as it gets. Though, it does appear the WordPress blog has to have mapped “role” as a custom field. It’s impossible for anyone other than the blog owner to know if that’s the case. Well, probably spammers and scammers seeking sites to compromise and turn into platforms to exploit might given which ones they successfully turn.
It’s tracked as CVE-2025-14533:
#tenable #vulnerability #Wordpress #wordpressPlugins ##‼️CVE-2025-14533: The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1, exposing 100,000 sites.
CVSS: 9.8
CVE Published: January 20th, 2026
Bounty: $975.00
Advisory: https://github.com/advisories/GHSA-jm76-5g2j-p4hp
Description: The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can only be exploited if 'role' is mapped to the custom field.
##🔴 CVE-2025-14533 - Critical (9.8)
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14533/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-17T00:30:30
1 posts
If you missed this, Microsoft posted three advisories to its security guide yesterday.
- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability, CVE-2026-21223 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21223
- Microsoft Power Apps Remote Code Execution Vulnerability, CVE-2026-20960 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20960
- Microsoft Excel Remote Code Execution Vulnerability, CVE-2026-20950 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20950 #infosec #Microsoft #Office #Chromium #Edge #vulnerability
##updated 2026-01-16T22:16:26.830000
2 posts
1 repos
Node.js – CVE-2026-23745 : cette faille de sécurité dans la bibliothèque node-tar est à prendre au sérieux https://www.it-connect.fr/node-js-cve-2026-23745-node-tar-vulnerabilite/ #ActuCybersécurité #Cybersécurité #Vulnérabilité
##Node.js – CVE-2026-23745 : cette faille de sécurité dans la bibliothèque node-tar est à prendre au sérieux https://www.it-connect.fr/node-js-cve-2026-23745-node-tar-vulnerabilite/ #ActuCybersécurité #Cybersécurité #Vulnérabilité
##updated 2026-01-16T22:16:25.553000
1 posts
If you missed this, Microsoft posted three advisories to its security guide yesterday.
- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability, CVE-2026-21223 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21223
- Microsoft Power Apps Remote Code Execution Vulnerability, CVE-2026-20960 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20960
- Microsoft Excel Remote Code Execution Vulnerability, CVE-2026-20950 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20950 #infosec #Microsoft #Office #Chromium #Edge #vulnerability
##updated 2026-01-16T21:57:11
2 posts
1 repos
‼️CVE-2026-23744: Versions 1.4.2 and earlier of MCPJam inspector are vulnerable to remote code execution (RCE)
CVSS: 9.8
CVE Published: January 16th, 2026
PoC/Exploit Published: January 20th, 2026
GitHub PoC: https://github.com/boroeurnprach/CVE-2026-23744-PoC/
Advisory: https://github.com/advisories/GHSA-232v-j27c-5pp6
MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.
##‼️CVE-2026-23744: Versions 1.4.2 and earlier of MCPJam inspector are vulnerable to remote code execution (RCE)
CVSS: 9.8
CVE Published: January 16th, 2026
PoC/Exploit Published: January 20th, 2026
GitHub PoC: https://github.com/boroeurnprach/CVE-2026-23744-PoC/
Advisory: https://github.com/advisories/GHSA-232v-j27c-5pp6
MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.
##updated 2026-01-16T21:30:43
2 posts
Critical Privilege Escalation in Modular DS WordPress Plugin Actively Exploited
Attackers are actively exploiting a critical privilege escalation vulnerability (CVE-2026-23800) in the Modular DS WordPress plugin to gain full administrative control.
**If you are using Modular DS plugin for Wordpress, this is urgent. Your sites are being attacked. Immediately update Modular DS to version 2.6.0 and scan your user list for unauthorized accounts like 'PoC Admin'.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-privilege-escalation-in-modular-ds-wordpress-plugin-actively-exploited-a-v-g-r-3/gD2P6Ple2L
Critical Privilege Escalation in Modular DS WordPress Plugin Actively Exploited
Attackers are actively exploiting a critical privilege escalation vulnerability (CVE-2026-23800) in the Modular DS WordPress plugin to gain full administrative control.
**If you are using Modular DS plugin for Wordpress, this is urgent. Your sites are being attacked. Immediately update Modular DS to version 2.6.0 and scan your user list for unauthorized accounts like 'PoC Admin'.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-privilege-escalation-in-modular-ds-wordpress-plugin-actively-exploited-a-v-g-r-3/gD2P6Ple2L
updated 2026-01-16T18:32:29
1 posts
updated 2026-01-16T18:32:29
1 posts
One more Tenda for old time's sake.
https://www.cve.org/CVERecord?id=CVE-2025-71023
https://www.cve.org/CVERecord?id=CVE-2025-71024
https://www.cve.org/CVERecord?id=CVE-2025-71025
https://www.cve.org/CVERecord?id=CVE-2025-71026
##updated 2026-01-16T18:32:29
1 posts
One more Tenda for old time's sake.
https://www.cve.org/CVERecord?id=CVE-2025-71023
https://www.cve.org/CVERecord?id=CVE-2025-71024
https://www.cve.org/CVERecord?id=CVE-2025-71025
https://www.cve.org/CVERecord?id=CVE-2025-71026
##updated 2026-01-16T18:32:29
1 posts
One more Tenda for old time's sake.
https://www.cve.org/CVERecord?id=CVE-2025-71023
https://www.cve.org/CVERecord?id=CVE-2025-71024
https://www.cve.org/CVERecord?id=CVE-2025-71025
https://www.cve.org/CVERecord?id=CVE-2025-71026
##updated 2026-01-16T18:32:29
1 posts
One more Tenda for old time's sake.
https://www.cve.org/CVERecord?id=CVE-2025-71023
https://www.cve.org/CVERecord?id=CVE-2025-71024
https://www.cve.org/CVERecord?id=CVE-2025-71025
https://www.cve.org/CVERecord?id=CVE-2025-71026
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:12.257000
6 posts
2 repos
Here's a summary of the most important global, technology, and cybersecurity news from the last 24 hours:
Cyber incidents remain the top global business risk for the fifth consecutive year, with AI surging to second place, according to the Allianz Risk Barometer 2026. New EvilAI malware is masquerading as AI tools to infiltrate organizations. Microsoft has disrupted the RedVDS cybercrime infrastructure. Palo Alto Networks patched a critical denial-of-service bug (CVE-2026-0227) affecting firewalls. In technology, the US imposed AI chip tariffs on Nvidia, causing global supply chain friction. OpenAI will begin testing advertisements in ChatGPT. California is investigating xAI over sexualized deepfakes. Globally, geopolitical tensions continue, with Trump threatening tariffs amidst disputes over Greenland.
##Anyone hear of a PoC for CVE-2026-0227 yet?
##PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal
Palo Alto Networks – CVE-2026-0227 : cette nouvelle faille permet de désactiver le firewall à distance https://www.it-connect.fr/palo-alto-networks-cve-2026-0227-firewalls/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #PaloAlto
##Tracked as CVE-2026-0227, this security flaw affects next-generation firewalls (running PAN-OS 10.1 or later) and Palo Alto Networks' Prisma Access configurations when the GlobalProtect gateway or portal is enabled. https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-dos-bug-letting-hackers-disable-firewalls/
##There's the DoS.
CVSS-BT: 7.7 / CVSS-B: 8.7 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:U/V:D/RE:M/U:Amber)
@cR0w cve-2026-0227 seems spicy
##updated 2026-01-16T15:15:53.603000
1 posts
updated 2026-01-16T14:31:16.030000
1 posts
📢⚠️ Years-old vulnerable Apache Struts 2 versions were downloaded 387K+ times in one week, despite a high-severity CVE-2025-68493 flaw - Patch to 6.1.1 now!
Read: https://hackread.com/years-old-vulnerable-apache-struts-2-downloads/
#Cybersecurity #ApacheStruts #Vulnerability #InfoSec #DevSecOps
##updated 2026-01-16T03:30:27
1 posts
Tenable has updated its threat research advisories, adding one new entry (including mitigation):
Critical: CVE-2025-62581 and CVE-2025-62582: Delta Electronics DIAView Multiple Vulnerabilities https://www.tenable.com/security/research/tra-2026-02 #infosec #vulnerability
##updated 2026-01-16T03:30:27
1 posts
Tenable has updated its threat research advisories, adding one new entry (including mitigation):
Critical: CVE-2025-62581 and CVE-2025-62582: Delta Electronics DIAView Multiple Vulnerabilities https://www.tenable.com/security/research/tra-2026-02 #infosec #vulnerability
##updated 2026-01-15T22:33:19
1 posts
Haven't seen a cypher injection for a while. This one is in Apache Camel-Neo4j.
##updated 2026-01-15T21:31:47
3 posts
6 repos
https://github.com/Cedric-Martz/CVE-2025-36911_scan
https://github.com/zalexdev/wpair-app
https://github.com/SteamPunk424/CVE-2025-36911-Wisper_Pair_Target_Finder-
https://github.com/PivotChip/FrostedFastPair
‼️WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol.
https://github.com/zalexdev/wpair-app
Features:
▪️BLE Scanner - Discovers Fast Pair devices broadcasting the 0xFE2C service UUID
▪️Vulnerability Tester - Non-invasive check if device is patched against CVE-2025-36911
▪️Exploit Demonstration - Full proof-of-concept for authorized security testing
▪️HFP Audio Access - Demonstrates microphone access post-exploitation
▪️Live Listening - Real-time audio streaming to phone speaker
▪️Recording - Save captured audio as M4A files
##Google „Fast Pair“ ist Sicherheitsrisiko
Hier kann man wieder sehen, dass "Komfort" (oder was auch immer die Amerikaner dafür halten) ein natürlicher Feind der Sicherheit ist. Google hatte ein Verfahren namens Fast Pair ersonnen, das die Kopplung von Bluetooth (BT) Zubehörgeräten mit Android vereinfachen soll. Gut gedacht, schlecht gemacht. Forschende der Uni Leuven (Belgien) haben schon im vorigen Jahr eine Schwachstelle in dem System gefunden und vertraulich an Google gemeldet. Wann genau das war, ist nirgends dokumentiert. Die zugeordnete Fehlernummer CVE-2025-36911 muss (aus der Zahl zu schließen) ungefähr um die Jahresmitte vergeben worden sein.
Die Schwachstelle
https://www.pc-fluesterer.info/wordpress/2026/01/20/google-fast-pair-ist-sicherheitsrisiko/
#Empfehlung #Mobilfunk #Warnung #android #bluetooth #google #hersteller #sicherheit #vorbeugen
##The vulnerability for this was updated yesterday: https://www.cve.org/CVERecord?id=CVE-2025-36911
Malwarebytes: WhisperPair exposes Bluetooth earbuds and headphones to tracking and eavesdropping https://www.malwarebytes.com/blog/news/2026/01/whisperpair-exposes-bluetooth-earbuds-and-headphones-to-tracking-and-eavesdropping
More about Bluetooth hijacking: https://whisperpair.eu/ #infosec #bluetooth #vulnerability
##updated 2026-01-15T18:31:42
1 posts
updated 2026-01-15T15:31:35
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:35
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:35
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:30
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:27
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:27
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:27
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:27
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:26
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:26
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:25
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:19
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:19
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:19
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:18
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:18
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T00:32:39
1 posts
I noticed a vulnerability was fixed in vsftpd a few days ago (CVE-2025-14242). It’s a very interesting project, and Chris Evans' work has taught me several important lessons.
I searched for more details about the issue but couldn't find much initially. Today, I saw that the issue seems to have been introduced by a Red Hat patch. That makes sense!
Bug 2419826 (CVE-2025-14242) - CVE-2025-14242 vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing[NEEDINFO]
https://bugzilla.redhat.com/show_bug.cgi?id=2419826
2ed5ba6 Resolve CVE-2025-14242
https://src.fedoraproject.org/rpms/vsftpd/c/2ed5ba6e77f1c3e365fb4b0028945f762c456131
updated 2026-01-15T00:31:44
1 posts
Read about CVE-2025-13154, a privilege escalation vulnerability in a Lenovo Vantage addin called SmartPerformance
##updated 2026-01-14T21:34:10
3 posts
2 repos
https://github.com/cyberdudebivash/CYBERDUDEBIVASH-Modular-DS-CVE-2026-23550-Detector
origin-mo: il trucco pigro che ha aperto 40.000 siti WordPress agli hacker
I ricercatori hanno scoperto una vulnerabilità critica nel plugin Modular DS per WordPress che ha permesso a hacker di compromettere oltre 40.000 siti con un metodo sorprendentemente semplice. La vulnerabilità CVE-2026-23550 Il plugin Modular DS, installato su decine di migliaia di siti WordPress, presentava una falla di privilege escalation classificata con un punteggio CVSS di 10.0, il massimo livello di severità. Questa debolezza, identificata come CVE-2026-23550 e catalogata nel […] ##‼️ 40,000 WordPress Sites Exposed to Risk Due to Modular DS Admin Bypass Vulnerability
CVE-2026-23550: Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access
CVSS: 10
CVE Published: January 14th, 2026
Attacking IP Addresses:
45[.]11[.]89[.]19
185[.]196[.]0[.]11
Reference: https://help.modulards.com/en/article/modular-ds-security-release-modular-connector-252-dm3mv0/
##Critical Privilege Escalation in Modular DS WordPress Plugin Actively Exploited
Attackers are exploiting a CVSS 10.0 vulnerability in the Modular DS WordPress plugin to gain unauthenticated administrative access and full site control. The flaw, tracked as CVE-2026-23550, allows hackers to bypass authentication by manipulating URL parameters.
**If you are using Modular DS plugin, this is urgent! Updat to version 2.5.2 immediately, because your site is being hacked. If you can't update, disable the plugin. After patching, check your WordPress user list for any unauthorized administrator accounts created recently.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-privilege-escalation-in-modular-ds-wordpress-plugin-actively-exploited-k-y-l-e-j/gD2P6Ple2L
updated 2026-01-14T20:23:43.417000
1 posts
The publicly disclosed ones are expiring Secure Boot cert:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21265
and an old one that was published in 2023 but is apparently now applicable to all Windows systems with the Agere Soft Modem installed, even if it isn't in use.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-31096
##updated 2026-01-14T17:16:06.930000
1 posts
1 repos
I'm not concerned about this as a security concern, but I know people around here like their AQI monitors so this might be handy for folks trying to hack theirs for other functionality.
##updated 2026-01-14T16:26:00.933000
1 posts
Netgear
https://www.cve.org/CVERecord?id=CVE-2026-0403
https://www.cve.org/CVERecord?id=CVE-2026-0404
https://www.cve.org/CVERecord?id=CVE-2026-0405
https://www.cve.org/CVERecord?id=CVE-2026-0406
https://www.cve.org/CVERecord?id=CVE-2026-0407
##updated 2026-01-14T16:26:00.933000
1 posts
Netgear
https://www.cve.org/CVERecord?id=CVE-2026-0403
https://www.cve.org/CVERecord?id=CVE-2026-0404
https://www.cve.org/CVERecord?id=CVE-2026-0405
https://www.cve.org/CVERecord?id=CVE-2026-0406
https://www.cve.org/CVERecord?id=CVE-2026-0407
##updated 2026-01-14T16:26:00.933000
1 posts
updated 2026-01-14T16:25:40.430000
1 posts
updated 2026-01-13T22:24:20.380000
3 posts
39 repos
https://github.com/cybertechajju/CVE-2025-14847_Expolit
https://github.com/Security-Phoenix-demo/mongobleed-exploit-CVE-2025-14847
https://github.com/amnnrth/CVE-2025-14847
https://github.com/alexcyberx/CVE-2025-14847_Expolit
https://github.com/14mb1v45h/CYBERDUDEBIVASH-MONGODB-DETECTOR-v2026
https://github.com/sakthivel10q/sakthivel10q.github.io
https://github.com/JemHadar/MongoBleed-DFIR-Triage-Script-CVE-2025-14847
https://github.com/Rishi-kaul/CVE-2025-14847-MongoBleed
https://github.com/sahar042/CVE-2025-14847
https://github.com/joshuavanderpoll/CVE-2025-14847
https://github.com/ProbiusOfficial/CVE-2025-14847
https://github.com/tunahantekeoglu/MongoDeepDive
https://github.com/Ashwesker/Ashwesker-CVE-2025-14847
https://github.com/Black1hp/mongobleed-scanner
https://github.com/j0lt-github/mongobleedburp
https://github.com/sakthivel10q/CVE-2025-14847
https://github.com/KingHacker353/CVE-2025-14847_Expolit
https://github.com/lincemorado97/CVE-2025-14847
https://github.com/demetriusford/mongobleed
https://github.com/FurkanKAYAPINAR/CVE-2025-14847-MongoBleed-Exploit
https://github.com/kuyrathdaro/cve-2025-14847
https://github.com/nma-io/mongobleed
https://github.com/vfa-tuannt/CVE-2025-14847
https://github.com/Systemhaus-Schulz/MongoBleed-CVE-2025-14847
https://github.com/onewinner/CVE-2025-14847
https://github.com/NoNameError/MongoBLEED---CVE-2025-14847-POC-
https://github.com/pedrocruz2202/pedrocruz2202.github.io
https://github.com/keraattin/Mongobleed-Detector-CVE-2025-14847
https://github.com/ElJoamy/MongoBleed-exploit
https://github.com/waheeb71/CVE-2025-14847
https://github.com/AdolfBharath/mongobleed
https://github.com/franksec42/mongobleed-exploit-CVE-2025-14847
https://github.com/chinaxploiter/CVE-2025-14847-PoC
https://github.com/pedrocruz2202/mongobleed-scanner
https://github.com/InfoSecAntara/CVE-2025-14847-MongoDB
https://github.com/CadGoose/MongoBleed-CVE-2025-14847-Fully-Automated-scanner
https://github.com/saereya/CVE-2025-14847---MongoBleed
Did PANW just take a couple months off? They're just now publishing a threat brief on MongoBleed? Maybe that's why we haven't seen any advisories from them. Can't wait to see what's been sitting EITW in their queues.
https://unit42.paloaltonetworks.com/mongobleed-cve-2025-14847/
##updated 2026-01-13T21:31:44
7 posts
2 repos
Here's a summary of the latest important news in technology and cybersecurity from the last 24 hours:
**Cybersecurity:** Microsoft issued an emergency patch for a critical Windows zero-day vulnerability (CVE-2026-20805) actively being exploited as of January 19, 2026. The World Economic Forum's 2026 Outlook highlights accelerating cyber risks due to AI advancements and geopolitical fragmentation.
**Technology:** NASA is preparing its Artemis II mission with a wet dress rehearsal for its Orion spacecraft (January 19, 2026). Nvidia solidified its AI hardware dominance by acquiring Groq's AI inference IP for $20 billion (early January 2026).
**Global:** A strong G3/G4 geomagnetic storm is expected, potentially making the Northern Lights visible across 24 US states on January 19-20, 2026.
##Here's a digest of the latest in technology and cybersecurity:
**Cybersecurity:** Microsoft issued an emergency patch on January 19, 2026, for a critical Windows zero-day vulnerability (CVE-2026-20805) that is currently being actively exploited by attackers.
**Technology:** Elon Musk is seeking up to $134 billion in damages from OpenAI and Microsoft in an escalating AI courtroom dispute, as of January 19, 2026. NASA also began rolling out its Artemis 2 space launch system and Orion spacecraft on January 19, 2026. Additionally, NVIDIA's $20 billion acquisition of Groq's AI inference intellectual property is consolidating power in AI hardware.
##CERT-In issues high-severity alert for Windows 10, Windows 11 and Microsoft Office over CVE-2026-20805 vulnerability. Microsoft confirms exploit in the wild, urges urgent updates. https://english.mathrubhumi.com/technology/is-your-windows-pc-at-risk-indian-govt-issues-urgent-security-alert-vkdh7w9u?utm_source=dlvr.it&utm_medium=mastodon #WindowsSecurity #MicrosoftAlert #CERTIn #CyberSecurity
##Here's a summary of the most important world, technology, and cybersecurity news from the last 24-48 hours:
World: A train crash in Thailand killed at least 22 people (Jan 14). US President Trump warned Iran amid protests and reaffirmed his desire to acquire Greenland (Jan 14).
Technology: Big Tech companies are heavily investing in energy infrastructure to power their AI ambitions amidst growing backlash over resource usage (Jan 14). Apple's status as a tech visionary is being questioned amidst the rapid AI advancements (Jan 14).
Cybersecurity: CISA and Microsoft patched an actively exploited Windows information disclosure vulnerability (CVE-2026-20805) (Jan 13-14). The World Economic Forum's 2026 outlook highlights enterprise security facing a "three-front war" from cybercrime, AI misuse, and supply chain attacks (Jan 13).
##‼️ CVE-2026-20805: Microsoft Windows Information Disclosure Vulnerability has been added to the CISA KEV Catalog
https://darkwebinformer.com/cisa-kev-catalog/
0-day: Yes
CVSS: 5.5
This vulnerability was patched during January 13th, 2026 Patch Tuesday.
##CVE ID: CVE-2026-20805
Vendor: Microsoft
Product: Windows
Date Added: 2026-01-13
Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20805 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20805
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20805
The EITW one is in the Desktop Window Manager.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805
##updated 2026-01-13T20:35:09
1 posts
7 repos
https://github.com/Udyz/CVE-2026-22812-Exp
https://github.com/mad12wader/CVE-2026-22812
https://github.com/0xgh057r3c0n/CVE-2026-22812
https://github.com/CayberMods/CVE-2026-22812-POC
https://github.com/Ashwesker/Ashwesker-CVE-2026-22812
‼️CVE-2026-22812: OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
PoC/Exploit: https://github.com/rohmatariow/CVE-2026-22812-exploit
CVSS: 8.8
CVE Published: January 12th, 2026
Exploit Published: January 16th, 2026
Advisory: https://github.com/anomalyco/opencode/security/advisories/GHSA-vxw4-wv6m-9hhh
OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.
##updated 2026-01-13T18:32:08
1 posts
updated 2026-01-13T18:31:18
3 posts
‼️CVE-2026-20965: Windows Admin Center Azure SSO Flaw Risks Tenant-Wide Compromise
Details: Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVSS: 7.5
CVE Published: January 13th, 2026
Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20965
Writeup: https://cymulate.com/blog/cve-2026-20965-azure-windows-admin-center-tenant-wide-rce/
##Stupid cloud anyway.
https://cymulate.com/blog/cve-2026-20965-azure-windows-admin-center-tenant-wide-rce/
##CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center https://cymulate.com/blog/cve-2026-20965-azure-windows-admin-center-tenant-wide-rce/
##updated 2026-01-13T18:31:18
1 posts
If you missed this, Microsoft posted three advisories to its security guide yesterday.
- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability, CVE-2026-21223 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21223
- Microsoft Power Apps Remote Code Execution Vulnerability, CVE-2026-20960 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20960
- Microsoft Excel Remote Code Execution Vulnerability, CVE-2026-20950 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20950 #infosec #Microsoft #Office #Chromium #Edge #vulnerability
##updated 2026-01-13T18:31:18
1 posts
Three of the sev:CRIT RCEs list the Preview Pane as an attack vector.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20952
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20953
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20944
##updated 2026-01-13T18:31:18
1 posts
Three of the sev:CRIT RCEs list the Preview Pane as an attack vector.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20952
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20953
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20944
##updated 2026-01-13T18:31:18
1 posts
Three of the sev:CRIT RCEs list the Preview Pane as an attack vector.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20952
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20953
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20944
##updated 2026-01-13T18:31:16
1 posts
Netgear
https://www.cve.org/CVERecord?id=CVE-2026-0403
https://www.cve.org/CVERecord?id=CVE-2026-0404
https://www.cve.org/CVERecord?id=CVE-2026-0405
https://www.cve.org/CVERecord?id=CVE-2026-0406
https://www.cve.org/CVERecord?id=CVE-2026-0407
##updated 2026-01-13T18:31:14
1 posts
Fortinet Forticlient EMS RCE CVE-2025-59922 and one IMG tag to rule them all https://baldur.dk/blog/fortinet-ems-rce.html
##updated 2026-01-13T18:31:14
1 posts
updated 2026-01-13T18:31:13
1 posts
Serveur WDS – CVE-2026-0386 : le correctif va impacter les fichiers de réponse https://www.it-connect.fr/serveur-wds-cve-2026-0386-le-correctif-va-impacter-les-fichiers-de-reponse/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft #WDS
##updated 2026-01-13T18:31:10
1 posts
Netgear
https://www.cve.org/CVERecord?id=CVE-2026-0403
https://www.cve.org/CVERecord?id=CVE-2026-0404
https://www.cve.org/CVERecord?id=CVE-2026-0405
https://www.cve.org/CVERecord?id=CVE-2026-0406
https://www.cve.org/CVERecord?id=CVE-2026-0407
##updated 2026-01-13T18:31:09
1 posts
Netgear
https://www.cve.org/CVERecord?id=CVE-2026-0403
https://www.cve.org/CVERecord?id=CVE-2026-0404
https://www.cve.org/CVERecord?id=CVE-2026-0405
https://www.cve.org/CVERecord?id=CVE-2026-0406
https://www.cve.org/CVERecord?id=CVE-2026-0407
##updated 2026-01-13T18:31:09
1 posts
Netgear
https://www.cve.org/CVERecord?id=CVE-2026-0403
https://www.cve.org/CVERecord?id=CVE-2026-0404
https://www.cve.org/CVERecord?id=CVE-2026-0405
https://www.cve.org/CVERecord?id=CVE-2026-0406
https://www.cve.org/CVERecord?id=CVE-2026-0407
##updated 2026-01-13T18:31:03
1 posts
updated 2026-01-13T15:37:12
1 posts
updated 2026-01-13T14:03:18.990000
2 posts
Siemens Patches Critical Authentication Bypass in Industrial Edge Device Kit
Siemens reports a maximum severity critical authentication bypass vulnerability (CVE-2025-40805) in its Industrial Edge Device Kit that allows remote attackers to impersonate users and gain unauthorized access to industrial systems.
**If you are using Siemens Industrial Edge Device Kit, this is urgent and important. Make sure all Industrial Edge Device Kit systems are isolated from the internet and accessible from trusted networks only. Then plan a very quick update, this is a perfect 10 score vulnerability. Even with all the isolation, there may be a way in, so better patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/siemens-patches-critical-authentication-bypass-in-industrial-edge-device-kit-7-3-0-2-c/gD2P6Ple2L
Siemens Issues Fix for Maximum Severit flaw in Industrial Edge Devices
Siemens disclosed a max severity (10) critical vulnerability (CVE-2025-40805) in its Industrial Edge Devices that allows unauthenticated remote attackers to bypass authentication and impersonate users.
**This is maximum severity, so don't ignore it. Review the advisory to check if you use any of these product lines. Ofcourse, make sure all industrial devices are isolated from the internet and accessible from trusted networks only. Then plan a quick update cycle.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/siemens-issues-fix-for-maximum-severit-flaw-in-industrial-edge-devices-z-5-e-m-b/gD2P6Ple2L
updated 2026-01-13T03:32:19
1 posts
CVE-2026-0500 in SAP Wily Introscope Enterprise Manager (CVSS 9.6) enables near‑frictionless remote code execution against monitoring infrastructure with minimal user interaction.
##updated 2026-01-13T03:32:08
5 posts
1 repos
https://github.com/cyberdudebivash/CYBERDUDEBIVASH-ServiceNow-AI-Agent-Audit-Script
Fascinating 🛡️ BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow 🛡️
Key Takeaways
AI agents significantly amplify the impact of traditional security flaws.
A Virtual Agent integration flaw (CVE-2025-12420) allowed unauthenticated attackers to impersonate any ServiceNow user using only an email address, bypassing MFA and SSO.
Virtual Agent APIs can become unintended execution paths for privileged AI workflows.
Internal topics such as AIA-Agent Invoker AutoChat enable AI agents to be executed outside expected deployment constraints.
Point-in-time fixes do not eliminate systemic risk from insecure provider and agent configurations.
Preventing abuse of agentic AI in conversational channels requires:
Strong provider configuration controls, including enforced MFA for account linking
Establishing an agent approval-process
Implementing lifecycle management policies to de-provision unused or stagnant agents.
https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow/ #InfoSec
ServiceNow patches critical AI Platform flaw enabling user impersonation
ServiceNow patched a critical privilege escalation vulnerability (CVE-2025-12420) in its AI platform that allowed unauthenticated attackers to impersonate users and execute unauthorized actions.
**If yoy are using self hosted ServiceNow, this is very important. Make sure the API is isolated from the internet if possible and accessible from trusted networks only. Then patch. If your ServiceNow must be exposed to the internet, this is urgent. Start patching now.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/servicenow-patches-critical-ai-platform-flaw-enabling-user-impersonation-8-5-w-h-p/gD2P6Ple2L
Here's a digest of the most important news from the last 24 hours:
**World:**
US President Donald Trump ordered 25% tariffs on all countries doing business with Iran (Jan 13). The UN warned of alarming child malnutrition in Gaza, with nearly 95,000 cases in 2025.
**Technology:**
Google is set to integrate product purchases within its Gemini AI platform (Jan 13). Meta is reportedly laying off hundreds of employees in its metaverse division (Jan 13).
**Cybersecurity:**
The World Economic Forum's Global Cybersecurity Outlook 2026 highlights cybercrime, AI misuse, and supply chain risks as major threats. ServiceNow patched a critical AI platform flaw (CVE-2025-12420) on January 13, which could allow unauthenticated user impersonation.
ServiceNow patches critical AI platform flaw that could allow user impersonation https://cyberscoop.com/servicenow-fixes-critical-ai-vulnerability-cve-2025-12420/
##The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0. https://thehackernews.com/2026/01/servicenow-patches-critical-ai-platform.html
##updated 2026-01-12T15:30:50
1 posts
Critical SQL Injection and XSS flaws reported in Imaster business software
Imaster's business management systems suffer from four vulnerabilities, including a critical SQL injection (CVE-2025-41006) that allows unauthenticated database access. These flaws enable attackers to steal sensitive patient data and execute malicious scripts in administrative sessions.
**If you are using Imaster MEMS Events CRM and the Patient Records Management System, make sure they are isolated from the internet and accessible from trusted networks only. Reach out to the vendor for patches, and in the meantime use a Web Application Firewall to filter malicious SQL and XSS traffic.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sql-injection-and-xss-vulnerabilities-discovered-in-imaster-business-software-v-f-v-d-t/gD2P6Ple2L
updated 2026-01-09T06:32:08
1 posts
1 repos
Mitsubishi Electric and ICONICS Patch Critical Industrial Software Flaws
Mitsubishi Electric and ICONICS patched multiple vulnerabilities in industrial software, including a critical remote code execution flaw (CVE-2022-33318). These bugs allow attackers to take over systems, steal data, or disrupt manufacturing operations across several product lines.
**Review the advisory to check if you are using the affected product lines. As usual, make sure all industrial devices are isolated from the internet and accessible from trusted networks only. Then plan a patch cycle. For older products like MC Works64 and GENESIS32 plan a replacement path, they won't be getting a patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/mitsubishi-electric-and-iconics-patch-critical-industrial-software-flaws-4-h-b-q-o/gD2P6Ple2L
updated 2026-01-08T21:31:33
3 posts
10 repos
https://github.com/rxerium/CVE-2025-52691
https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691
https://github.com/rimbadirgantara/CVE-2025-52691-poc
https://github.com/Ashwesker/Ashwesker-CVE-2025-52691
https://github.com/you-ssef9/CVE-2025-52691
https://github.com/DeathShotXD/CVE-2025-52691-APT-PoC
https://github.com/SuJing-cy/CVE-2025-2025-52691-SmarterMail-Exp
https://github.com/yt2w/CVE-2025-52691
@ljrk I see your ../../../../../ and raise you one ../../../../../../../../../../../../../../../
https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
Timeline of vulnerability (soon to be exploited...) (SmartMail):
2025-12-28: NVD CVE published. [1]
2026-01-08: Vulnerability deepdive and PoC published. [2]
2026-01-12: Reconnaissance for instances detected. [3]
2026-01-xx: Exploitation? ...
[1]: https://nvd.nist.gov/vuln/detail/CVE-2025-52691
[2]: https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
[3]: https://www.labs.greynoise.io/grimoire/2026-01-13-smartermail-version-enumeration/
We've been working on a new AI-driven + human-in-the-loop threat signals detector and this morning it flagged this path that we have not seen before in the grid in the past 90d `/api/v1/licensing/about`. It turns out it's an unauth’d version check for SmarterTools SmarterMail.
If that name sounds familiar its b/c of CVE-2025-52691 (https://nvd.nist.gov/vuln/detail/CVE-2025-52691). (1/3)
##updated 2026-01-07T12:31:27
1 posts
CyRC Discovers Critical WLAN Vulnerabilities in ASUS and TP-Link Routers (CVE-2025-14631) | Black Duck Blog #devopsish https://www.blackduck.com/blog/cyrc-discovers-asus-tplink-wlan-vulnerabilities.html
##updated 2026-01-06T18:32:37
1 posts
updated 2026-01-05T18:30:29
1 posts
CVE-2025-14346: WHILL electric wheelchairs models C2 and F are vulnerable to takeover over bluetooth.
Reminds me of how PGDrives Rnet systems can be controlled remotely but in that case it requires a device be plugged in to the control bus.
##updated 2025-12-24T00:30:22
1 posts
updated 2025-12-18T16:42:54.610000
1 posts
updated 2025-12-17T21:31:01
1 posts
4 repos
https://github.com/zeroxjf/WebKit-UAF-ANGLE-OOB-Analysis
https://github.com/SgtBattenHA/Analysis
Analysis of CVE-2025-43529 (WebKit UAF) + CVE-2025-14174 (ANGLE OOB) exploit chain - iOS Safari
https://github.com/zeroxjf/WebKit-UAF-ANGLE-OOB-Analysis
updated 2025-12-17T21:30:47
2 posts
7 repos
https://github.com/StasonJatham/cisco-sa-sma-attack-N9bf4
https://github.com/MRH701/cisco-sa-sma-attack-N9bf4
https://github.com/cyberdudebivash/CYBERDUDEBIVASH-Cisco-AsyncOS-CVE-2025-20393-Scanner
https://github.com/Ashwesker/Ashwesker-CVE-2025-20393
https://github.com/cyberleelawat/CVE-2025-20393
Here's a brief on the latest global, tech, and cybersecurity news from the last 24 hours:
Global: Uganda's Yoweri Museveni was declared winner of the presidential election. Over 100 people have died in torrential rains and floods across Southern Africa.
Tech: OpenAI is reportedly considering introducing ads to ChatGPT. Google filed to appeal a decision in its search monopoly case, and new generative AI features are rolling out for Gmail.
Cybersecurity: Cisco patched a zero-day vulnerability (CVE-2025-20393) exploited by a China-linked APT (Jan 16). A new PayPal phishing scam uses verified invoices with fake support numbers, and the GhostPoster browser malware, active for five years, was exposed.
##Updated Cisco advisory. "Rudolph, the red-nosed reindeer ...." 🎵 🎶 🎧
"There are no workarounds identified that directly mitigate the risk concerning this attack campaign, but administrators can view and follow the guidance provided in the Recommendations section of this advisory."
Cisco: CVE-2025-20393, critical: Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4
There are three other entries for today:
- Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-9TDh2kx
- Cisco Identity Services Engine Cross-Site Scripting Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-964cdxW5
- Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-stored-xss-GEkX8yWK @TalosSecurity #infosec #Cisco #vulnerability
##updated 2025-12-16T21:30:51
1 posts
3 repos
https://github.com/exfil0/CVE-2025-59718-PoC
📢 FortiGate : contournement de correctif sur l’authentification FortiCloud SSO (CVE-2025-59718) activement exploité
📝 BleepingComputer rappor...
📖 cyberveille : https://cyberveille.ch/posts/2026-01-21-fortigate-contournement-de-correctif-sur-lauthentification-forticloud-sso-cve-2025-59718-activement-exploite/
🌐 source : https://www.bleepingcomputer.com/news/security/fortinet-admins-report-patched-fortigate-firewalls-getting-hacked/
#CVE_2025_59718 #FortiCloud_SSO #Cyberveille
updated 2025-12-16T18:31:42
1 posts
Heads up for my fellow Red Hat Enterprise Linux (RHEL) 10 users:
Important: kernel security update
kernel: libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285)
So do your `dnf update` ASAP :)
More details: https://access.redhat.com/errata/RHSA-2026:0786
##updated 2025-12-15T15:30:31
1 posts
4 repos
https://github.com/zeroxjf/WebKit-UAF-ANGLE-OOB-Analysis
https://github.com/SgtBattenHA/Analysis
Analysis of CVE-2025-43529 (WebKit UAF) + CVE-2025-14174 (ANGLE OOB) exploit chain - iOS Safari
https://github.com/zeroxjf/WebKit-UAF-ANGLE-OOB-Analysis
updated 2025-12-12T15:19:07.567000
1 posts
1 repos
Here's my analysis of the recent-ish 9.3 Critical in #Emby (CVE-2025-64113).
Sadly, the vulnerability turned out to be pretty boring, but I've tried to make the best of it.
##updated 2025-11-19T15:32:36
1 posts
12 repos
https://github.com/lequoca/fortinet-fortiweb-cve-2025-64446-58034
https://github.com/lincemorado97/CVE-2025-64446_CVE-2025-58034
https://github.com/AN5I/cve-2025-64446-fortiweb-exploit
https://github.com/soltanali0/CVE-2025-64446-Exploit
https://github.com/sensepost/CVE-2025-64446
https://github.com/sxyrxyy/CVE-2025-64446-FortiWeb-CGI-Bypass-PoC
https://github.com/mrk336/Silent-WebStorm-Fortinet-s-Hidden-Exploits
https://github.com/Death112233/CVE-2025-64446-
https://github.com/Ashwesker/Ashwesker-CVE-2025-64446
https://github.com/D3crypT0r/CVE-2025-64446
https://github.com/fevar54/CVE-2025-64446-PoC---FortiWeb-Path-Traversal
Sicarii RaaS uses Israeli/Jewish iconography — but researchers say it’s likely deceptive branding.
• Geo-fencing to avoid Israeli systems
• CVE-2025-64446 exploitation
• Data theft + destructive ransomware
What’s your assessment of attribution through branding?
##updated 2025-11-14T16:42:03.187000
1 posts
updated 2025-11-13T15:30:37
1 posts
updated 2025-11-12T11:34:21.060000
1 posts
18 repos
https://github.com/raminfp/redis_exploit
https://github.com/hzhsec/redis-cve_2025_49844
https://github.com/pedrorichil/CVE-2025-49844
https://github.com/Yuri08loveElaina/CVE-2025-49844
https://github.com/lastvocher/redis-CVE-2025-49844
https://github.com/angelusrivera/CVE-2025-49844
https://github.com/Network-Sec/CVE-2025-49844-RediShell-AI-made-Revshell
https://github.com/dwisiswant0/CVE-2025-49844
https://github.com/elyasbassir/CVE-2025-49844
https://github.com/srozb/reditrap
https://github.com/Mufti22/CVE-2025-49844-RediShell-Vulnerability-Scanner
https://github.com/Ashwesker/Ashwesker-CVE-2025-49844
https://github.com/Zain3311/CVE-2025-49844
https://github.com/ksnnd32/redis_exploit
https://github.com/gopinaath/CVE-2025-49844-discovery
https://github.com/saneki/cve-2025-49844
https://github.com/imbas007/CVE-2025-49844-Vulnerability-Scanner
Redis Lua vuln impacts BIG-IP Next and no patches are available.
##updated 2025-11-04T22:16:44.973000
1 posts
Still no fix in BIG-IP DNS for CVE-2025-8677.
##updated 2025-11-04T22:16:11.677000
1 posts
2 repos
https://github.com/sirbuvladste/BIND-9-Cache-Poisoning-PoC---CVE-2025-40778
updated 2025-11-03T21:33:34
1 posts
updated 2025-11-03T21:32:18
1 posts
updated 2025-11-03T20:18:15.253000
1 posts
updated 2025-10-30T15:36:12.360000
1 posts
⚪ Samsung patches a 0‑day exploited in attacks against Android users
🗨️ Samsung has patched a zero-day RCE vulnerability that was already being exploited in attacks against devices running Android.
##updated 2025-10-29T15:31:52
1 posts
updated 2025-10-27T15:13:10
1 posts
3 repos
https://github.com/Baba01hacker666/cve-2025-54236
⚪ Adobe Commerce and Magento Vulnerability Enables Account Takeover
🗨️ Adobe has disclosed a critical bug (CVE-2025-54236) that affects the Commerce and Magento platforms. Researchers have dubbed this vulnerability SessionReaper and describe it as one of the most serious in…
##updated 2025-10-22T00:34:26
1 posts
1 repos
https://github.com/AdityaBhatt3010/CVE-2025-10585-The-Chrome-V8-Zero-Day
⚪ Google patches a Chrome zero-day; the vulnerability is already being exploited in attacks
🗨️ Google has released updates for Chrome to address four vulnerabilities. According to the company, one of them (CVE-2025-10585) has already been exploited by attackers.
##updated 2025-10-22T00:33:11
1 posts
1 repos
German Manufacturing Under Phishing Attacks: Tracking a Stealthy AsyncRATCampaign
Learn about a new phishing campaign targeting German manufacturing companies using CVE-2024-43451.
🔗️ [Any] https://link.is.it/F0JDjf
##updated 2025-10-10T16:43:14.337000
1 posts
updated 2025-08-15T18:31:55
1 posts
1 repos
https://github.com/watchtowrlabs/watchTowr-vs-FortiSIEM-CVE-2025-25256
The vulnerability is tracked as CVE-2025-25256, and is a combination of two issues that permit arbitrary write with admin permissions and privilege escalation to root access. https://www.bleepingcomputer.com/news/security/exploit-code-public-for-critical-fortisiem-command-injection-flaw/
##updated 2025-08-12T18:31:31
1 posts
1 repos
❗️CVE-2025-53136: Windows Kernel Information Disclosure through Race condition
PoC/Exploit: https://github.com/nu1lptr0/CVE-2025-53136
CVSS: 5.5
CVE Published: Aug 12th, 2025
updated 2025-07-31T21:32:03
1 posts
Critical authentication bypass in Güralp Systems seismic monitoring devices
Güralp Systems reported a critical authentication bypass vulnerability (CVE-2025-8286) in its FMUS and MIN series seismic devices, allowing unauthenticated attackers to modify configurations or factory reset hardware.
**Make sure all Güralp devices are isolated from the internet and accessible from trusted networks only. Review the patch, and consult with the vendor since it's still experimental. At minimum, isolate all systems from the internet, then wait for the final patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-guralp-systems-seismic-monitoring-devices-n-i-c-w-x/gD2P6Ple2L
updated 2025-05-14T15:32:35
1 posts
This looks to be Hajime only going after Mikrotik routers in some scanner's inventory. Highly targeted (only hitting our Mikrotiks), low and slow over time.
Definitely coming from a wide array of other compromised edge devices.
https://viz.greynoise.io/tags/mikrotik-routeros-rce-cve-2017-20149-attempt?days=90
##updated 2025-03-13T06:30:39
1 posts
1 repos
⚪ Samsung patches a 0‑day exploited in attacks against Android users
🗨️ Samsung has patched a zero-day RCE vulnerability that was already being exploited in attacks against devices running Android.
##updated 2025-02-13T06:15:21.480000
1 posts
1 repos
https://github.com/AdityaBhatt3010/CVE-2025-10585-The-Chrome-V8-Zero-Day
⚪ Google patches a Chrome zero-day; the vulnerability is already being exploited in attacks
🗨️ Google has released updates for Chrome to address four vulnerabilities. According to the company, one of them (CVE-2025-10585) has already been exploited by attackers.
##updated 2024-11-21T05:39:01.370000
1 posts
5 repos
https://github.com/alebedev87/gatekeeper-cve-2020-8554
https://github.com/rancher/externalip-webhook
https://github.com/jrmurray000/CVE-2020-8554
For anyone who's been to one of my #Kubernetes #Security talks over the last couple of years, you may have seen me mention "the unpatchable 4", which is a set of Kubernetes CVEs for which there are no patches, you need to mitigate them with configuration or architecture choices.
I've been meaning to write more about them, and finally got a chance so here's the first in a mini-series of posts looking at the CVEs and the underlying reasons they occur. This time it's CVE-2020-8554.
https://securitylabs.datadoghq.com/articles/unpatchable-kubernetes-vulnerabilities-cve-2020-8554/
##updated 2024-04-19T05:07:56
1 posts
8 repos
https://github.com/Adel2411/cve-2023-38408
https://github.com/kali-mx/CVE-2023-38408
https://github.com/fazilbaig1/cve_2023_38408_scanner
https://github.com/TX-One/CVE-2023-38408
https://github.com/mrtacojr/CVE-2023-38408
https://github.com/wxrdnx/CVE-2023-38408
Critical OpenSSH flaw exposes Moxa industrial switches to remote takeover
Moxa issued a critical advisory for a remote code execution vulnerability (CVE-2023-38408) affecting several industrial Ethernet switch series. The flaw allows unauthenticated attackers to take full control of devices if a user forwards an ssh-agent to a compromised system.
**Make sure all Moza devices are isolated from the internet and accessible from trusted networks only. Contact Moxa support to get the latest firmware for your EDS and RKS switches.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-openssh-flaw-exposes-moxa-industrial-switches-to-remote-takeover-f-u-h-q-u/gD2P6Ple2L
updated 2024-04-04T08:33:05
1 posts
The publicly disclosed ones are expiring Secure Boot cert:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21265
and an old one that was published in 2023 but is apparently now applicable to all Windows systems with the Agere Soft Modem installed, even if it isn't in use.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-31096
##updated 2023-01-31T05:03:00
1 posts
Critical Unsecured Protocol Vulnerability Reported in Festo Industrial Firmware
Festo reports a critical exposure (CVE-2022-3270) in numerous industrial controllers and bus modules caused by undocumented and unsecured protocols that allow unauthenticated remote takeover.
**This is a weird report - there will be no patch, the unsecured ports will remain unsecured. Your only option is to isolate the systems from the internet and make them accessible from trusted networks only.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unsecured-protocol-vulnerability-reported-in-festo-industrial-firmware-r-a-c-h-v/gD2P6Ple2L
🔴 CVE-2026-22792 - Critical (9.6)
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML (including on* event attributes) to execute in the renderer context. An ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22792/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-22792 - Critical (9.6)
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML (including on* event attributes) to execute in the renderer context. An ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22792/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-22793 - Critical (9.6)
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22793/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-22793 - Critical (9.6)
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22793/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Google Chrome Emergency Update Fixes Critical V8 Race Condition Vulnerability (CVE-2026-1220)
A High-Risk Browser Flaw With Global Impact Google has pushed an urgent security update for its Chrome browser after confirming a high-severity vulnerability in the V8 JavaScript engine, one of the most critical components of modern web browsing. The flaw, tracked as CVE-2026-1220, affects Chrome across Windows, macOS, and Linux and could allow attackers to execute arbitrary…
##Security Advisory: SQLite database externally accessible with the default settings of Tandoor Recipes module (CVE-2026-23838)
##Ever named your own CVE? We sure did. 😏
Meet PTT-2025-021 (aka CVE-2025-63261).
A vulnerability in AWStats hiding inside cPanel.
One misplaced "|" flips log analysis into command execution.
No magic. Just unsafe open() and legacy code trusting input.
On our blog, we walk through how we traced it, proved it, and why this vulnerability class still bites.
Special thanks to Matei Badanoiu for the research. 👏
See the full attack path in Part 1: https://pentest-tools.com/blog/cpanel-cve-ptt-2025-021-part-1
##FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##Suricata
https://www.cve.org/CVERecord?id=CVE-2026-22258
https://www.cve.org/CVERecord?id=CVE-2026-22259
https://www.cve.org/CVERecord?id=CVE-2026-22260
https://www.cve.org/CVERecord?id=CVE-2026-22261
https://www.cve.org/CVERecord?id=CVE-2026-22262
https://www.cve.org/CVERecord?id=CVE-2026-22263
##Suricata
https://www.cve.org/CVERecord?id=CVE-2026-22258
https://www.cve.org/CVERecord?id=CVE-2026-22259
https://www.cve.org/CVERecord?id=CVE-2026-22260
https://www.cve.org/CVERecord?id=CVE-2026-22261
https://www.cve.org/CVERecord?id=CVE-2026-22262
https://www.cve.org/CVERecord?id=CVE-2026-22263
##Suricata
https://www.cve.org/CVERecord?id=CVE-2026-22258
https://www.cve.org/CVERecord?id=CVE-2026-22259
https://www.cve.org/CVERecord?id=CVE-2026-22260
https://www.cve.org/CVERecord?id=CVE-2026-22261
https://www.cve.org/CVERecord?id=CVE-2026-22262
https://www.cve.org/CVERecord?id=CVE-2026-22263
##Suricata
https://www.cve.org/CVERecord?id=CVE-2026-22258
https://www.cve.org/CVERecord?id=CVE-2026-22259
https://www.cve.org/CVERecord?id=CVE-2026-22260
https://www.cve.org/CVERecord?id=CVE-2026-22261
https://www.cve.org/CVERecord?id=CVE-2026-22262
https://www.cve.org/CVERecord?id=CVE-2026-22263
##Suricata
https://www.cve.org/CVERecord?id=CVE-2026-22258
https://www.cve.org/CVERecord?id=CVE-2026-22259
https://www.cve.org/CVERecord?id=CVE-2026-22260
https://www.cve.org/CVERecord?id=CVE-2026-22261
https://www.cve.org/CVERecord?id=CVE-2026-22262
https://www.cve.org/CVERecord?id=CVE-2026-22263
##Suricata
https://www.cve.org/CVERecord?id=CVE-2026-22258
https://www.cve.org/CVERecord?id=CVE-2026-22259
https://www.cve.org/CVERecord?id=CVE-2026-22260
https://www.cve.org/CVERecord?id=CVE-2026-22261
https://www.cve.org/CVERecord?id=CVE-2026-22262
https://www.cve.org/CVERecord?id=CVE-2026-22263
##Suricata
https://www.cve.org/CVERecord?id=CVE-2026-22258
https://www.cve.org/CVERecord?id=CVE-2026-22259
https://www.cve.org/CVERecord?id=CVE-2026-22260
https://www.cve.org/CVERecord?id=CVE-2026-22261
https://www.cve.org/CVERecord?id=CVE-2026-22262
https://www.cve.org/CVERecord?id=CVE-2026-22263
##