FediSecfeeds

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70307/

##

CVE-2025-69222
(9.1 CRITICAL)

EPSS: 0.09%

updated 2026-01-15T21:36:03.330000

1 posts

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actions that can interact with remote services via OpenAPI specifications, supporting various HTTP methods

LLMs@activitypub.awakari.com at 2026-01-07T22:54:23.000Z ## CVE-2025-69222 - LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions CVE ID : CVE-2025-69222 Published : Jan. 7, 2026, 9:17 p.m. | 1 hour, 10 minutes ago Descriptio...

Origin | Interest | Match ##

CVE-2025-70307
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-15T21:32:50

1 posts

A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

thehackerwire@mastodon.social at 2026-01-15T20:00:33.000Z ##

🟠 CVE-2025-70307 - High (7.5)

A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-0227(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-01-15T21:31:54

10 posts

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.

cR0w at 2026-01-15T18:55:32.049Z ##

Anyone hear of a PoC for CVE-2026-0227 yet?

PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal

https://security.paloaltonetworks.com/CVE-2026-0227

##

benzogaga33@mamot.fr at 2026-01-15T16:40:03.000Z ##

Palo Alto Networks – CVE-2026-0227 : cette nouvelle faille permet de désactiver le firewall à distance https://www.it-connect.fr/palo-alto-networks-cve-2026-0227-firewalls/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #PaloAlto

##

jbhall56 at 2026-01-15T13:33:39.430Z ##

Tracked as CVE-2026-0227, this security flaw affects next-generation firewalls (running PAN-OS 10.1 or later) and Palo Alto Networks' Prisma Access configurations when the GlobalProtect gateway or portal is enabled. https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-dos-bug-letting-hackers-disable-firewalls/

##

allaboutsecurity@mastodon.social at 2026-01-15T07:55:57.000Z ##

DoS-Schwachstelle in PAN-OS bedroht GlobalProtect-Infrastruktur

Palo Alto Networks hat eine kritische Sicherheitslücke in seiner Firewall-Software PAN-OS behoben. Die als CVE-2026-0227 klassifizierte Schwachstelle erlaubt es Angreifern ohne Authentifizierung, Denial-of-Service-Attacken gegen GlobalProtect-Komponenten durchzuführen und betroffene Systeme in den Wartungsmodus zu zwingen.

https://www.all-about-security.de/dos-schwachstelle-in-pan-os-bedroht-globalprotect-infrastruktur/

#PaloAltoNetworks #DoS #PANOS #firewall

##

cR0w@infosec.exchange at 2026-01-15T18:55:32.000Z ##

Anyone hear of a PoC for CVE-2026-0227 yet?

PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal

https://security.paloaltonetworks.com/CVE-2026-0227

##

benzogaga33@mamot.fr at 2026-01-15T16:40:03.000Z ##

Palo Alto Networks – CVE-2026-0227 : cette nouvelle faille permet de désactiver le firewall à distance https://www.it-connect.fr/palo-alto-networks-cve-2026-0227-firewalls/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #PaloAlto

##

jbhall56@infosec.exchange at 2026-01-15T13:33:39.000Z ##

Tracked as CVE-2026-0227, this security flaw affects next-generation firewalls (running PAN-OS 10.1 or later) and Palo Alto Networks' Prisma Access configurations when the GlobalProtect gateway or portal is enabled. https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-dos-bug-letting-hackers-disable-firewalls/

##

cR0w@infosec.exchange at 2026-01-14T17:33:23.000Z ##

There's the DoS.

updated 2026-01-15T21:16:03.590000

1 posts

A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise

thehackerwire@mastodon.social at 2026-01-15T22:14:23.000Z ##

🟠 CVE-2025-60003 - High (7.5)

A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

When an affected device receives a BGP u...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60003/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-54957
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-01-15T21:16:02.860000

2 posts

updated 2026-01-15T19:11:14.113000

1 posts

A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.

DarkWebInformer@infosec.exchange at 2026-01-12T19:06:17.000Z ##

‼️Trend Micro Apex Central Multiple Vulnerabilities

CVE:

CVE-2025-69258 (CVSS: 9.8)
CVE-2025-69259 (CVSS: 7.5)
CVE-2025-69260 (CVSS: 7.5)

CWE: CWE-1285, CWE-306, CWE-641

PoC/Writeup: https://www.tenable.com/security/research/tra-2026-01

Disclosure Date: January 7. 2026

Disclosure: https://success.trendmicro.com/en-US/solution/KA-0022071

##

CVE-2025-9014(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-01-15T18:31:42

2 posts

A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N v14: before 250908.

cR0w at 2026-01-15T18:30:41.962Z ##

TP-Link

https://www.cve.org/CVERecord?id=CVE-2025-9014

https://github.com/lem0naids/CVE-2025-64516-POC

updated 2026-01-15T16:16:11.487000

2 posts

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed in 10.0.21 and 11.0.3.

1 repos

thehackerwire@mastodon.social at 2026-01-15T16:56:36.000Z ##

🟠 CVE-2025-64516 - High (7.5)

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64516/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-01-15T16:50:36.000Z ##

🟠 CVE-2025-64516 - High (7.5)

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64516/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22643
(8.3 HIGH)

EPSS: 0.00%

updated 2026-01-15T15:31:35

3 posts

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22643/

##

thehackerwire@mastodon.social at 2026-01-15T14:43:08.000Z ##

🟠 CVE-2026-22643 - High (8.3)

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22644
(5.3 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T15:31:35

2 posts

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22638
(8.3 HIGH)

EPSS: 0.00%

updated 2026-01-15T15:31:33

3 posts

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is inst

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22638/

##

thehackerwire@mastodon.social at 2026-01-15T14:43:18.000Z ##

🟠 CVE-2026-22638 - High (8.3)

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. T...

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22907
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-01-15T15:31:30

3 posts

An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22907/

##

thehackerwire@mastodon.social at 2026-01-15T13:48:11.000Z ##

🔴 CVE-2026-22907 - Critical (9.9)

An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22639
(4.3 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T15:31:27

2 posts

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22642
(4.2 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T15:31:27

2 posts

An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22646
(4.3 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T15:31:27

2 posts

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths, database errors, or software versions) that can be used to map the application's internal structure and discover other, more critical vulnerabilities.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22919
(3.8 LOW)

EPSS: 0.00%

updated 2026-01-15T15:31:26

2 posts

An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22920
(3.7 LOW)

EPSS: 0.00%

updated 2026-01-15T15:31:26

2 posts

The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22637
(6.8 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T15:31:25

2 posts

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70744/

##

CVE-2025-70744
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-15T15:31:21

1 posts

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

thehackerwire@mastodon.social at 2026-01-15T15:37:43.000Z ##

🟠 CVE-2025-70744 - High (7.5)

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22917
(4.3 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T15:31:19

2 posts

Improper input handling in a system endpoint may allow attackers to overload resources, causing a denial of service.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22912
(4.3 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T15:31:19

2 posts

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22916
(4.3 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T15:31:19

2 posts

An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22915
(4.3 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T15:31:19

2 posts

An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13062/

##

CVE-2025-13062
(8.8 HIGH)

EPSS: 0.00%

updated 2026-01-15T15:31:19

1 posts

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitization while being accepted as a valid JSON file. This makes it possible for authenticated attackers, with author-level access and above, to upload ar

thehackerwire@mastodon.social at 2026-01-15T14:43:28.000Z ##

🟠 CVE-2025-13062 - High (8.8)

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass san...

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22913
(4.3 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T15:31:18

2 posts

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22911
(5.3 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T15:31:18

2 posts

Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71019/

##

CVE-2025-71019
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-15T15:15:51.720000

1 posts

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

thehackerwire@mastodon.social at 2026-01-15T15:37:53.000Z ##

🟠 CVE-2025-71019 - High (7.5)

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22645
(5.3 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T14:16:28.290000

2 posts

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22641
(5.0 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T14:16:27.743000

2 posts

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily affects datasources that implement route-specific permissions, including Alertmanager and certain Promet

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22640
(5.5 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T14:16:27.607000

2 posts

An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator exists 2. The Server administrator is either: - Not part of any organization, or - Part of the same org

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22918
(4.3 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T13:16:06.790000

2 posts

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22914
(4.3 MEDIUM)

EPSS: 0.00%

updated 2026-01-15T13:16:06.250000

2 posts

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22910
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-15T13:16:05.673000

3 posts

The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22910/

##

thehackerwire@mastodon.social at 2026-01-15T13:51:50.000Z ##

🟠 CVE-2026-22910 - High (7.5)

The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22909
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-15T13:16:05.537000

3 posts

Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22909/

##

thehackerwire@mastodon.social at 2026-01-15T13:48:29.000Z ##

🟠 CVE-2026-22909 - High (7.5)

Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-22908
(9.1 CRITICAL)

EPSS: 0.00%

updated 2026-01-15T13:16:05.400000

3 posts

Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22908/

##

thehackerwire@mastodon.social at 2026-01-15T13:48:21.000Z ##

🔴 CVE-2026-22908 - Critical (9.1)

Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-0713
(8.3 HIGH)

EPSS: 0.00%

updated 2026-01-15T13:16:04.707000

3 posts

A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers can view all dashboards/folders regardless of permissions - Editors can view/edit/delete all dashboards/folders regardless of permissions - Editors can create dashb

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0713/

##

thehackerwire@mastodon.social at 2026-01-15T13:52:09.000Z ##

🟠 CVE-2026-0713 - High (8.3)

A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers can view al...

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

##

CVE-2026-0712
(7.6 HIGH)

EPSS: 0.00%

updated 2026-01-15T13:16:04.490000

3 posts

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

cR0w at 2026-01-15T15:12:33.115Z ##

SICK vulns, bro.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0712/

##

thehackerwire@mastodon.social at 2026-01-15T13:51:59.000Z ##

🟠 CVE-2026-0712 - High (7.6)

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XS...

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

cR0w@infosec.exchange at 2026-01-15T15:12:33.000Z ##

SICK vulns, bro.

https://github.com/cyberdudebivash/CYBERDUDEBIVASH-FortiSIEM-CVE-2025-64155-Scanner

##

CVE-2025-64155
(9.8 CRITICAL)

EPSS: 0.09%

updated 2026-01-14T21:37:40.197000

5 posts

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

3 repos

https://github.com/purehate/CVE-2025-64155-hunter

https://github.com/horizon3ai/CVE-2025-64155

benzogaga33@mamot.fr at 2026-01-15T10:40:03.000Z ##

Un exploit est disponible pour cette nouvelle faille critique dans Fortinet FortiSIEM : CVE-2025-64155 https://www.it-connect.fr/fortinet-fortisiem-cve-2025-64155/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Fortinet

##

benzogaga33@mamot.fr at 2026-01-15T10:40:03.000Z ##

Un exploit est disponible pour cette nouvelle faille critique dans Fortinet FortiSIEM : CVE-2025-64155 https://www.it-connect.fr/fortinet-fortisiem-cve-2025-64155/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Fortinet

##

DarkWebInformer@infosec.exchange at 2026-01-14T19:20:59.000Z ##

‼️CVE-2025-64155: Fortinet FortiSIEM Argument Injection to Remote Code Execution

Exploit/PoC: https://github.com/horizon3ai/CVE-2025-64155

CVSS: 9.4
Published: Jan 13, 2026

Writeup: https://horizon3.ai/attack-research/disclosures/cve-2025-64155-three-years-of-remotely-rooting-the-fortinet-fortisiem/

Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-25-772

##

_r_netsec@infosec.exchange at 2026-01-13T18:43:06.000Z ##

CVE-2025-64155: 3 Years of Remotely Rooting the Fortinet FortiSIEM https://horizon3.ai/attack-research/disclosures/cve-2025-64155-three-years-of-remotely-rooting-the-fortinet-fortisiem/

##

cR0w@infosec.exchange at 2026-01-13T18:20:20.000Z ##

RE: https://infosec.exchange/@cR0w/115888888335126115

Well would you look at that. Write-up now available. Go fuck up some FortiShit.

https://horizon3.ai/attack-research/disclosures/cve-2025-64155-three-years-of-remotely-rooting-the-fortinet-fortisiem/

##

CVE-2026-22184
(9.8 CRITICAL)

EPSS: 0.16%

updated 2026-01-14T21:35:08

2 posts

zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption

veit@mastodon.social at 2026-01-08T08:32:49.000Z ##

There is a critical security vulnerability in zlib that allows code smuggling. Currently, there does not appear to be an update available.
• https://seclists.org/fulldisclosure/2026/Jan/3
• https://nvd.nist.gov/vuln/detail/CVE-2026-22184
#Security #zlib #Vulnerability

##

cR0w@infosec.exchange at 2026-01-07T20:45:14.000Z ##

sev:CRIT BoF in zlib.

zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption, denial of service, and potentially code execution depending on compiler, build flags, architecture, and memory layout. The overflow occurs prior to any archive parsing or validation.

https://www.cve.org/CVERecord?id=CVE-2026-22184

##

CVE-2026-0732
(6.3 MEDIUM)

EPSS: 0.25%

updated 2026-01-14T21:34:06

1 posts

A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

https://github.com/cyberdudebivash/CYBERDUDEBIVASH-Modular-DS-CVE-2026-23550-Detector

##

CVE-2026-23550
(10.0 CRITICAL)

EPSS: 0.04%

updated 2026-01-14T21:15:54.193000

2 posts

Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1.

1 repos

beyondmachines1 at 2026-01-15T20:01:43.116Z ##

Critical Privilege Escalation in Modular DS WordPress Plugin Actively Exploited

Attackers are exploiting a CVSS 10.0 vulnerability in the Modular DS WordPress plugin to gain unauthenticated administrative access and full site control. The flaw, tracked as CVE-2026-23550, allows hackers to bypass authentication by manipulating URL parameters.

**If you are using Modular DS plugin, this is urgent! Updat to version 2.5.2 immediately, because your site is being hacked. If you can't update, disable the plugin. After patching, check your WordPress user list for any unauthorized administrator accounts created recently.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-privilege-escalation-in-modular-ds-wordpress-plugin-actively-exploited-k-y-l-e-j/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2026-01-15T20:01:43.000Z ##

Critical Privilege Escalation in Modular DS WordPress Plugin Actively Exploited

Attackers are exploiting a CVSS 10.0 vulnerability in the Modular DS WordPress plugin to gain unauthenticated administrative access and full site control. The flaw, tracked as CVE-2026-23550, allows hackers to bypass authentication by manipulating URL parameters.

**If you are using Modular DS plugin, this is urgent! Updat to version 2.5.2 immediately, because your site is being hacked. If you can't update, disable the plugin. After patching, check your WordPress user list for any unauthorized administrator accounts created recently.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-privilege-escalation-in-modular-ds-wordpress-plugin-actively-exploited-k-y-l-e-j/gD2P6Ple2L

##

CVE-2025-59468
(9.0 CRITICAL)

EPSS: 0.30%

updated 2026-01-14T20:58:35.693000

1 posts

EPSS: 0.04%

updated 2026-01-14T18:16:43.520000

1 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypa

cR0w@infosec.exchange at 2026-01-14T18:38:50.000Z ##

FreeRDP

Edit to add more.

##

CVE-2026-22857
(0 None)

EPSS: 0.04%

updated 2026-01-14T18:16:43.373000

1 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1.

cR0w@infosec.exchange at 2026-01-14T18:38:50.000Z ##

FreeRDP

Edit to add more.

##

CVE-2026-22856
(0 None)

EPSS: 0.04%

updated 2026-01-14T18:16:43.230000

1 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1.

cR0w@infosec.exchange at 2026-01-14T18:38:50.000Z ##

FreeRDP

Edit to add more.

##

CVE-2026-22855
(0 None)

EPSS: 0.04%

updated 2026-01-14T18:16:43.080000

1 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.

cR0w@infosec.exchange at 2026-01-14T18:38:50.000Z ##

FreeRDP

Edit to add more.

##

CVE-2026-22854
(0 None)

EPSS: 0.04%

updated 2026-01-14T18:16:42.933000

1 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1.

cR0w@infosec.exchange at 2026-01-14T18:38:50.000Z ##

FreeRDP

Edit to add more.

##

CVE-2026-22852
(0 None)

EPSS: 0.04%

updated 2026-01-14T18:16:42.643000

1 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across multiple MSG_SNDIN_FORMATS PDUs and writes past the newly allocated formats array, causing memory corruption and a crash.

cR0w@infosec.exchange at 2026-01-14T18:38:50.000Z ##

FreeRDP

Edit to add more.

##

CVE-2026-22851
(0 None)

EPSS: 0.04%

updated 2026-01-14T18:16:42.490000

1 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accessed after it has been freed during RDPGFX ResetGraphics handling. This vulnerability is fixed in 3.20.1.

cR0w@infosec.exchange at 2026-01-14T18:38:50.000Z ##

FreeRDP

Edit to add more.

##

CVE-2026-0404
(0 None)

EPSS: 0.51%

updated 2026-01-14T16:26:00.933000

1 posts

An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.

cR0w@infosec.exchange at 2026-01-13T17:04:19.000Z ##

Netgear

##

CVE-2025-71026
(0 None)

EPSS: 0.02%

updated 2026-01-14T16:26:00.933000

1 posts

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

cR0w@infosec.exchange at 2026-01-13T16:00:18.000Z ##

One more Tenda for old time's sake.

https://www.cve.org/CVERecord?id=CVE-2025-37165

##

CVE-2025-71027
(0 None)

EPSS: 0.02%

updated 2026-01-14T16:26:00.933000

1 posts

updated 2026-01-14T16:25:40.430000

1 posts

A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this vulnerability to conduct a Denial-of-Service attack on a target network.

cR0w@infosec.exchange at 2026-01-13T18:09:05.000Z ##

HPE

https://www.cve.org/CVERecord?id=CVE-2025-37166

cc: @Dio9sys @da_667 @kajer

##

CVE-2026-0408
(0 None)

EPSS: 0.04%

updated 2026-01-14T16:25:40.430000

1 posts

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI.

cR0w@infosec.exchange at 2026-01-13T17:04:19.000Z ##

Netgear

updated 2026-01-14T00:31:25

1 posts

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.

https://github.com/m4sh-wacker/CVE-2025-60188-Atarim-Plugin-Exploit

1 repos

DarkWebInformer@infosec.exchange at 2026-01-10T23:46:48.000Z ##

❗️CVE-2025-60188: Atarim Plugin PoC Exploit

GitHub: https://github.com/m4sh-wacker/CVE-2025-60188-Atarim-Plugin-Exploit

##

CVE-2025-14847
(7.5 HIGH)

EPSS: 57.25%

updated 2026-01-13T22:24:20.380000

8 posts

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Ser

https://github.com/demetriusford/mongobleed

37 repos

https://github.com/AmadoBatista/mongobleed

https://github.com/sakthivel10q/sakthivel10q.github.io

https://github.com/Ashwesker/Ashwesker-CVE-2025-14847

https://github.com/tunahantekeoglu/MongoDeepDive

https://github.com/chinaxploiter/CVE-2025-14847-PoC

https://github.com/Systemhaus-Schulz/MongoBleed-CVE-2025-14847

https://github.com/JemHadar/MongoBleed-DFIR-Triage-Script-CVE-2025-14847

https://github.com/keraattin/Mongobleed-Detector-CVE-2025-14847

https://github.com/Rishi-kaul/CVE-2025-14847-MongoBleed

https://github.com/alexcyberx/CVE-2025-14847_Expolit

https://github.com/FurkanKAYAPINAR/CVE-2025-14847-MongoBleed-Exploit

https://github.com/14mb1v45h/CYBERDUDEBIVASH-MONGODB-DETECTOR-v2026

https://github.com/lincemorado97/CVE-2025-14847

https://github.com/pedrocruz2202/pedrocruz2202.github.io

https://github.com/franksec42/mongobleed-exploit-CVE-2025-14847

https://github.com/joshuavanderpoll/CVE-2025-14847

https://github.com/ElJoamy/MongoBleed-exploit

https://github.com/saereya/CVE-2025-14847---MongoBleed

https://github.com/pedrocruz2202/mongobleed-scanner

https://github.com/NoNameError/MongoBLEED---CVE-2025-14847-POC-

https://github.com/onewinner/CVE-2025-14847

https://github.com/kuyrathdaro/cve-2025-14847

https://github.com/cybertechajju/CVE-2025-14847_Expolit

https://github.com/KingHacker353/CVE-2025-14847_Expolit

https://github.com/AdolfBharath/mongobleed

https://github.com/peakcyber-security/CVE-2025-14847

https://github.com/vfa-tuannt/CVE-2025-14847

https://github.com/j0lt-github/mongobleedburp

https://github.com/ProbiusOfficial/CVE-2025-14847

https://github.com/CadGoose/MongoBleed-CVE-2025-14847-Fully-Automated-scanner

https://github.com/Security-Phoenix-demo/mongobleed-exploit-CVE-2025-14847

https://github.com/Black1hp/mongobleed-scanner

https://github.com/waheeb71/CVE-2025-14847

https://github.com/sahar042/CVE-2025-14847

https://github.com/nma-io/mongobleed

https://github.com/sakthivel10q/CVE-2025-14847

MongoDB@activitypub.awakari.com at 2026-01-10T07:36:00.000Z ## MongoBleed Vulnerability Allows Attackers to Read Data from MongoDB's Heap Memory MongoDB recently patched CVE-2025-14847, a vulnerability affecting multiple supported and legacy MongoDB Server...

#Common #Vulnerabilities #and #Exposures #MongoDB #Compression #Cloud #Security #AI, #ML #&

Origin | Interest | Match ##

MongoDB@activitypub.awakari.com at 2026-01-10T07:36:00.000Z ## MongoBleed Vulnerability Allows Attackers to Read Data from MongoDB's Heap Memory MongoDB recently patched CVE-2025-14847, a vulnerability affecting multiple supported and legacy MongoDB Server...

#Compression #Common #Vulnerabilities #and #Exposures #Cloud #Security #MongoDB #AI, #ML #&

Origin | Interest | Match ##

cR0w@infosec.exchange at 2026-01-13T20:52:25.000Z ##

Did PANW just take a couple months off? They're just now publishing a threat brief on MongoBleed? Maybe that's why we haven't seen any advisories from them. Can't wait to see what's been sitting EITW in their queues.

https://unit42.paloaltonetworks.com/mongobleed-cve-2025-14847/

##

MongoDB@activitypub.awakari.com at 2026-01-06T19:36:57.000Z ## Urgent Security Update: Patching “Mongobleed” (CVE-2025-14847) in Percona Server for MongoDB At Percona, our mission has always been to provide the community with truly open-source, enterprise-...

#MongoDB #Percona #Software #mongobleed #percona #server #for #MongoDB

Origin | Interest | Match ##

MongoDB@activitypub.awakari.com at 2026-01-10T07:36:00.000Z ## MongoBleed Vulnerability Allows Attackers to Read Data from MongoDB's Heap Memory MongoDB recently patched CVE-2025-14847, a vulnerability affecting multiple supported and legacy MongoDB Server...

#Compression #MongoDB #Cloud #Security #Common #Vulnerabilities #and #Exposures #AI, #ML #&

Origin | Interest | Match ##

MongoDB@activitypub.awakari.com at 2026-01-10T07:36:00.000Z ## MongoBleed Vulnerability Allows Attackers to Read Data from MongoDB's Heap Memory MongoDB recently patched CVE-2025-14847, a vulnerability affecting multiple supported and legacy MongoDB Server...

#MongoDB #Cloud #Security #Compression #Common #Vulnerabilities #and #Exposures #AI, #ML #&

Origin | Interest | Match ##

MongoDB@activitypub.awakari.com at 2026-01-10T07:36:00.000Z ## MongoBleed Vulnerability Allows Attackers to Read Data From MongoDB's Heap Memory MongoDB recently patched CVE-2025-14847, a vulnerability affecting multiple supported and legacy MongoDB Server...

#Compression #MongoDB #Cloud #Security #Common #Vulnerabilities #and #Exposures #AI, #ML #&

Origin | Interest | Match ##

MongoDB@activitypub.awakari.com at 2026-01-10T07:36:00.000Z ## MongoBleed Vulnerability Allows Attackers to Read Data From MongoDB's Heap Memory MongoDB recently patched CVE-2025-14847, a vulnerability affecting multiple supported and legacy MongoDB Server...

#MongoDB #Cloud #Security #Compression #Common #Vulnerabilities #and #Exposures #AI, #ML #&

Origin | Interest | Match ##

CVE-2026-22697
(7.5 HIGH)

EPSS: 0.07%

updated 2026-01-13T22:16:07.690000

1 posts

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields retur

cR0w@infosec.exchange at 2026-01-12T14:39:00.000Z ##

Space Hacking ( NASA Cryptolib ) 🚀

##

CVE-2026-0838
(8.8 HIGH)

EPSS: 0.07%

updated 2026-01-13T22:02:34.320000

1 posts

A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did no

cR0w@infosec.exchange at 2026-01-12T14:44:36.000Z ##

UTT

Luxul

##

CVE-2026-0841
(8.8 HIGH)

EPSS: 0.07%

updated 2026-01-13T21:55:32.140000

1 posts

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

cR0w@infosec.exchange at 2026-01-12T14:44:36.000Z ##

UTT

Luxul

##

CVE-2025-68493
(8.1 HIGH)

EPSS: 0.06%

updated 2026-01-13T21:49:04

2 posts

updated 2026-01-13T21:32:48

1 posts

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

cR0w@infosec.exchange at 2026-01-13T16:00:18.000Z ##

One more Tenda for old time's sake.

https://github.com/fevar54/CVE-2026-20805-POC

##

CVE-2026-20805
(5.5 MEDIUM)

EPSS: 5.16%

updated 2026-01-13T21:31:44

5 posts

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

1 repos

thehackerwire@mastodon.social at 2026-01-15T00:45:54.000Z ##

Microsoft patched an actively exploited Windows DWM flaw (CVE-2026-20805) in January Patch Tuesday.

CISA added it to the KEV list within hours, warning of real-world attacks.
Patch now. Medium severity, high impact when chained.

#Windows #PatchTuesday #CyberSecurity #CVE

##

youranonnewsirc@nerdculture.de at 2026-01-14T15:22:47.000Z ##

Here's a summary of the most important world, technology, and cybersecurity news from the last 24-48 hours:

World: A train crash in Thailand killed at least 22 people (Jan 14). US President Trump warned Iran amid protests and reaffirmed his desire to acquire Greenland (Jan 14).

Technology: Big Tech companies are heavily investing in energy infrastructure to power their AI ambitions amidst growing backlash over resource usage (Jan 14). Apple's status as a tech visionary is being questioned amidst the rapid AI advancements (Jan 14).

Cybersecurity: CISA and Microsoft patched an actively exploited Windows information disclosure vulnerability (CVE-2026-20805) (Jan 13-14). The World Economic Forum's 2026 outlook highlights enterprise security facing a "three-front war" from cybercrime, AI misuse, and supply chain attacks (Jan 13).

##

DarkWebInformer@infosec.exchange at 2026-01-14T00:56:14.000Z ##

‼️ CVE-2026-20805: Microsoft Windows Information Disclosure Vulnerability has been added to the CISA KEV Catalog

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805

0-day: Yes
CVSS: 5.5

This vulnerability was patched during January 13th, 2026 Patch Tuesday.

##

cisakevtracker@mastodon.social at 2026-01-13T20:00:59.000Z ##

CVE ID: CVE-2026-20805
Vendor: Microsoft
Product: Windows
Date Added: 2026-01-13
Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20805 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20805
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20805

##

cR0w@infosec.exchange at 2026-01-13T18:01:19.000Z ##

The EITW one is in the Desktop Window Manager.

##

CVE-2026-22813(CVSS UNKNOWN)

4 posts

Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.

cR0w at 2026-01-15T15:48:00.807Z ##

Stupid cloud anyway.

https://cymulate.com/blog/cve-2026-20965-azure-windows-admin-center-tenant-wide-rce/

##

_r_netsec at 2026-01-15T15:43:06.677Z ##

updated 2026-01-13T18:31:16

1 posts

An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel.

cR0w@infosec.exchange at 2026-01-13T17:04:19.000Z ##

Netgear

https://www.cve.org/CVERecord?id=CVE-2025-37165

##

CVE-2025-59922
(7.2 HIGH)

EPSS: 0.03%

updated 2026-01-13T18:31:14

1 posts

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands

_r_netsec@infosec.exchange at 2026-01-14T09:43:06.000Z ##

Fortinet Forticlient EMS RCE CVE-2025-59922 and one IMG tag to rule them all https://baldur.dk/blog/fortinet-ems-rce.html

##

CVE-2025-37165
(7.5 HIGH)

EPSS: 0.03%

updated 2026-01-13T18:31:14

1 posts

A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets.

cR0w@infosec.exchange at 2026-01-13T18:09:05.000Z ##

HPE

https://www.cve.org/CVERecord?id=CVE-2025-37166

cc: @Dio9sys @da_667 @kajer

##

CVE-2026-0405(CVSS UNKNOWN)

EPSS: 0.09%

updated 2026-01-13T18:31:14

1 posts

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

cR0w@infosec.exchange at 2026-01-13T17:04:19.000Z ##

Netgear

https://www.cve.org/CVERecord?id=CVE-2025-70753

##

CVE-2026-0386
(7.5 HIGH)

EPSS: 0.08%

updated 2026-01-13T18:31:13

1 posts

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.

benzogaga33@mamot.fr at 2026-01-14T16:40:02.000Z ##

Serveur WDS – CVE-2026-0386 : le correctif va impacter les fichiers de réponse https://www.it-connect.fr/serveur-wds-cve-2026-0386-le-correctif-va-impacter-les-fichiers-de-reponse/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft #WDS

##

CVE-2025-70753(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-01-13T18:31:12

1 posts

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

cR0w@infosec.exchange at 2026-01-13T17:05:57.000Z ##

Another Tenda

##

CVE-2025-71025(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-01-13T18:31:12

1 posts

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

cR0w@infosec.exchange at 2026-01-13T16:00:18.000Z ##

One more Tenda for old time's sake.

##

CVE-2025-71024(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-01-13T18:31:12

1 posts

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

cR0w@infosec.exchange at 2026-01-13T16:00:18.000Z ##

One more Tenda for old time's sake.

##

CVE-2026-0403(CVSS UNKNOWN)

EPSS: 0.05%

updated 2026-01-13T18:31:10

1 posts

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.

cR0w@infosec.exchange at 2026-01-13T17:04:19.000Z ##

Netgear

##

CVE-2026-0406(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-01-13T18:31:10

1 posts

An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.

cR0w@infosec.exchange at 2026-01-13T17:04:19.000Z ##

Netgear

https://www.cve.org/CVERecord?id=CVE-2025-68707

##

CVE-2025-68707(CVSS UNKNOWN)

EPSS: 0.05%

updated 2026-01-13T18:31:09

1 posts

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise of the device (i.e., via unauthenticated access to /boaform/formSaveConfig and /boaform/admin endpoint

cR0w@infosec.exchange at 2026-01-13T17:02:46.000Z ##

Tongyu

##

CVE-2026-21900
(0 None)

EPSS: 0.05%

updated 2026-01-13T18:16:25.223000

1 posts

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in cryptography_encrypt() occurs when parsing JSON metadata from KMC server responses. The flawed strtok

cR0w@infosec.exchange at 2026-01-12T14:39:00.000Z ##

Space Hacking ( NASA Cryptolib ) 🚀

https://www.cve.org/CVERecord?id=CVE-2025-66176

##

CVE-2025-66176
(8.8 HIGH)

EPSS: 0.02%

updated 2026-01-13T18:16:06.060000

1 posts

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

cR0w@infosec.exchange at 2026-01-13T14:31:20.000Z ##

Hikvision

https://www.cve.org/CVERecord?id=CVE-2025-66177

https://github.com/111ddea/goga-cve-2025-8110

##

CVE-2025-8110
(8.8 HIGH)

EPSS: 0.77%

updated 2026-01-13T15:50:02.180000

5 posts

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

6 repos

https://github.com/zAbuQasem/gogs-CVE-2025-8110

https://github.com/rxerium/CVE-2025-8110

https://github.com/tovd-go/CVE-2025-8110

https://github.com/Ashwesker/Ashwesker-CVE-2025-8110

https://github.com/freiwi/CVE-2025-8110

youranonnewsirc@nerdculture.de at 2026-01-13T03:22:47.000Z ##

Latest global tech and cybersecurity news (Jan 12-13, 2026):

The World Economic Forum's 'Global Cybersecurity Outlook 2026' highlights AI, geopolitics, and cyber-fraud as key shapers of risk, with fraud now surpassing ransomware as a top concern. CISA added a Gogs Path Traversal vulnerability (CVE-2025-8110) to its Known Exploited Vulnerabilities Catalog due to active exploitation. A critical vulnerability (CVE-2026-21858) was found in the n8n workflow automation platform, affecting thousands of systems. In technology, Google removed some medical AI Overviews following "alarming" results.

##

DarkWebInformer@infosec.exchange at 2026-01-12T20:16:14.000Z ##

❗️CISA has added 1 vulnerability to the KEV Catalog:

CVE-2025-8110: Gogs Path Traversal Vulnerability

https://www.cve.org/CVERecord?id=CVE-2025-70974

##

AAKL@infosec.exchange at 2026-01-12T19:06:20.000Z ##

CISA has updated the KEV catalogue:

CVE-2025-8110: Gogs Path Traversal Vulnerability https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=&field_date_added_wrapper=all&sort_by=field_date_added&items_per_page=20 #CISA #infosec

##

cisakevtracker@mastodon.social at 2026-01-12T19:00:56.000Z ##

updated 2026-01-13T14:03:46.203000

1 posts

Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload located elsewhere in that JSON document. This was exploited in the wild in 2023 throug

cR0w@infosec.exchange at 2026-01-09T19:46:49.000Z ##

Perfect 10 in Fastjson. 🥳

It's funny that it appears to be a challenging enough bug that it bypassed at least two previous fixes.

Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload located elsewhere in that JSON document. This was exploited in the wild in 2023 through 2025. NOTE: this issue exists because of an incomplete fix for CVE-2017-18349. Also, a later bypass is covered by CVE-2022-25845.

##

CVE-2025-15035
(0 None)

EPSS: 0.03%

updated 2026-01-13T14:03:46.203000

1 posts

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107.

cR0w@infosec.exchange at 2026-01-09T17:25:56.000Z ##

TP-Link

https://www.cve.org/CVERecord?id=CVE-2025-15035

https://www.cve.org/CVERecord?id=CVE-2025-67004

##

CVE-2025-67004
(6.5 MEDIUM)

EPSS: 0.04%

updated 2026-01-13T14:03:46.203000

1 posts

An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly.

cR0w@infosec.exchange at 2026-01-09T16:58:47.000Z ##

../ in CouchCMS.

##

CVE-2025-64090
(10.0 CRITICAL)

EPSS: 0.08%

updated 2026-01-13T14:03:46.203000

1 posts

This vulnerability allows authenticated attackers to execute commands via the hostname of the device.

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2026-0731
(5.3 MEDIUM)

EPSS: 0.18%

updated 2026-01-13T14:03:46.203000

1 posts

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2026-22079
(0 None)

EPSS: 0.02%

updated 2026-01-13T14:03:46.203000

1 posts

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the credentials transmitt

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

updated 2026-01-13T03:32:08

5 posts

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update to hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hos

beyondmachines1@infosec.exchange at 2026-01-14T10:01:43.000Z ##

ServiceNow patches critical AI Platform flaw enabling user impersonation

ServiceNow patched a critical privilege escalation vulnerability (CVE-2025-12420) in its AI platform that allowed unauthenticated attackers to impersonate users and execute unauthorized actions.

**If yoy are using self hosted ServiceNow, this is very important. Make sure the API is isolated from the internet if possible and accessible from trusted networks only. Then patch. If your ServiceNow must be exposed to the internet, this is urgent. Start patching now.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/servicenow-patches-critical-ai-platform-flaw-enabling-user-impersonation-8-5-w-h-p/gD2P6Ple2L

##

youranonnewsirc@nerdculture.de at 2026-01-14T03:22:44.000Z ##

Here's a digest of the most important news from the last 24 hours:

**World:**
US President Donald Trump ordered 25% tariffs on all countries doing business with Iran (Jan 13). The UN warned of alarming child malnutrition in Gaza, with nearly 95,000 cases in 2025.

**Technology:**
Google is set to integrate product purchases within its Gemini AI platform (Jan 13). Meta is reportedly laying off hundreds of employees in its metaverse division (Jan 13).

**Cybersecurity:**
The World Economic Forum's Global Cybersecurity Outlook 2026 highlights cybercrime, AI misuse, and supply chain risks as major threats. ServiceNow patched a critical AI platform flaw (CVE-2025-12420) on January 13, which could allow unauthenticated user impersonation.

https://www.cve.org/CVERecord?id=CVE-2025-12420

##

patrickcmiller@infosec.exchange at 2026-01-13T18:12:00.000Z ##

ServiceNow patches critical AI platform flaw that could allow user impersonation https://cyberscoop.com/servicenow-fixes-critical-ai-vulnerability-cve-2025-12420/

##

jbhall56@infosec.exchange at 2026-01-13T12:54:25.000Z ##

The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0. https://thehackernews.com/2026/01/servicenow-patches-critical-ai-platform.html

##

cR0w@infosec.exchange at 2026-01-12T21:59:35.000Z ##

sev:CRIT auth bypass in SNOW.

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update to hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Additionally, the vulnerability is addressed in the listed Store App versions. We recommend that customers promptly apply an appropriate security update or upgrade if they have not already done so.

##

CVE-2025-66689
(6.5 MEDIUM)

EPSS: 0.04%

updated 2026-01-12T21:31:38

1 posts

A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. The vulnerability is caused by flawed logic in the is_dangerous_path() validation function that uses exact string matching against a blacklist of system directories. Attackers can bypass these restrictions by accessing subdirectories of blacklisted paths.

cR0w@infosec.exchange at 2026-01-12T17:06:54.000Z ##

Go ../ more MCP shit. 🤘

https://github.com/Team-Off-course/MCP-Server-Vuln-Analysis/blob/main/CVE-2025-66689.md

##

CVE-2026-21858
(10.0 CRITICAL)

EPSS: 2.96%

updated 2026-01-12T19:16:02.603000

9 posts

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise dependi

https://github.com/cropnet/ni8mare-scanner

4 repos

https://github.com/Ashwesker/Ashwesker-CVE-2026-21858

https://github.com/Chocapikk/CVE-2026-21858

https://github.com/eduardorossi84/CVE-2026-21858-POC

youranonnewsirc@nerdculture.de at 2026-01-13T03:22:47.000Z ##

Latest global tech and cybersecurity news (Jan 12-13, 2026):

The World Economic Forum's 'Global Cybersecurity Outlook 2026' highlights AI, geopolitics, and cyber-fraud as key shapers of risk, with fraud now surpassing ransomware as a top concern. CISA added a Gogs Path Traversal vulnerability (CVE-2025-8110) to its Known Exploited Vulnerabilities Catalog due to active exploitation. A critical vulnerability (CVE-2026-21858) was found in the n8n workflow automation platform, affecting thousands of systems. In technology, Google removed some medical AI Overviews following "alarming" results.

https://www.60-sekunden-cyber.de/kw2-2026/

##

sbeyer at 2026-01-13T00:12:55.324Z ##

Die erste Ausgabe von 60 Sekunden Cyber beschäftigt sich mit dem aktuellen ESA-Hack, der Situation Taiwans, CVE-2026-21858 und dem Schlag gegen Black Axe.

#cyber #cybersicherheit #itsicherheit #news

##

zeldman@front-end.social at 2026-01-09T17:16:01.000Z ##

Tell your friends.

The vulnerability, tracked as CVE-2026-21858 (CVSS score: 10.0), has been codenamed Ni8mare by Cyera Research Labs. Security researcher Dor Attias discovered and reported it on November 9, 2025.

https://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.html

##

hrbrmstr@mastodon.social at 2026-01-09T12:31:34.000Z ##

this was some great and necessary debunking of the ridiculous attempt at a "look how cool we are” CVE assignment.

between this and the "it's actually not a real vuln from an internet-perspective" for the recent daft D-Link CVE assignment, the cyber part of 2026 is off to a really horrible start.

https://horizon3.ai/attack-research/attack-blogs/the-ni8mare-test-n8n-rce-under-the-microscope-cve-2026-21858/

##

jbhall56@infosec.exchange at 2026-01-08T13:41:46.000Z ##

Tracked as CVE-2026-21858 (CVSS score 10), the bug enables remote code execution without authentication. https://www.securityweek.com/critical-vulnerability-exposes-n8n-instances-to-takeover-attacks/

##

benzogaga33@mamot.fr at 2026-01-08T10:40:02.000Z ##

Ni8mare – CVE-2026-21858 : cette faille critique permet de pirater les serveurs n8n https://www.it-connect.fr/ni8mare-cve-2026-21858-faille-critique-n8n/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #n8n

##

Dam_ned@mamot.fr at 2026-01-08T09:08:16.000Z ##

qui c'est qui se servait de #n8n ici ? on a un petit #CVE à niveau 10 là https://github.com/Chocapikk/CVE-2026-21858 #iagenIsHell

##

beyondmachines1@infosec.exchange at 2026-01-08T08:01:43.000Z ##

Critical Ni8mare flaw in n8n allows unauthenticated remote takeover

n8n patched a critical vulnerability (CVE-2026-21858) that allows unauthenticated attackers to steal server files and gain full remote code execution. The flaw exploits a logic error in webhook and file upload handling to bypass authentication and compromise sensitive automation credentials.

**If you are using n8n, this is urgent. If possible, try to isolate all n8n instances from the internet and accessible from trusted networks only. Then update to version 1.121.0 ASAP. If you can't patch, block webhooks and file uploads from any access from untrusted networks and the internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-ni8mare-flaw-in-n8n-allows-unauthenticated-remote-takeover-4-x-4-z-8/gD2P6Ple2L

##

r3pek@r3pek.org at 2026-01-07T21:33:12.000Z ##

Say hello to #Ni8mare, the first named vulnerability of 2026.

https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858

#cve-2026-21858

##

CVE-2025-50334
(7.5 HIGH)

EPSS: 0.28%

updated 2026-01-12T18:39:30.937000

1 posts

An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component

cR0w@infosec.exchange at 2026-01-08T16:42:05.000Z ##

DoS in Technitium DNS server.

https://github.com/FPokerFace/Security-Advisory/tree/main/CVE-2025-50334

##

CVE-2025-70161
(9.8 CRITICAL)

EPSS: 0.34%

updated 2026-01-12T18:31:31

1 posts

EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution.

cR0w@infosec.exchange at 2026-01-09T16:52:52.000Z ##

RUCKUS

https://www.cve.org/CVERecord?id=CVE-2025-69425

https://www.cve.org/CVERecord?id=CVE-2025-69426

EDIMAX

https://www.cve.org/CVERecord?id=CVE-2025-70161

https://www.cve.org/CVERecord?id=CVE-2026-0854

##

CVE-2025-41006(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-01-12T15:30:50

1 posts

Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’.

beyondmachines1@infosec.exchange at 2026-01-13T11:01:43.000Z ##

Critical SQL Injection and XSS flaws reported in Imaster business software

Imaster's business management systems suffer from four vulnerabilities, including a critical SQL injection (CVE-2025-41006) that allows unauthenticated database access. These flaws enable attackers to steal sensitive patient data and execute malicious scripts in administrative sessions.

**If you are using Imaster MEMS Events CRM and the Patient Records Management System, make sure they are isolated from the internet and accessible from trusted networks only. Reach out to the vendor for patches, and in the meantime use a Web Application Firewall to filter malicious SQL and XSS traffic.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sql-injection-and-xss-vulnerabilities-discovered-in-imaster-business-software-v-f-v-d-t/gD2P6Ple2L

##

CVE-2026-0854
(8.8 HIGH)

EPSS: 0.29%

updated 2026-01-12T06:30:20

1 posts

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

cR0w@infosec.exchange at 2026-01-12T14:31:57.000Z ##

Merit

https://www.cve.org/CVERecord?id=CVE-2026-0855

##

CVE-2025-14523
(8.2 HIGH)

EPSS: 0.04%

updated 2026-01-12T03:32:09

1 posts

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style a

linux@activitypub.awakari.com at 2026-01-12T22:15:49.000Z ## Oracle Linux 8 ELSA-2026-0421 libsoup Important CVE-2025-14523 Update The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

#Oracle #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2026-0840
(8.8 HIGH)

EPSS: 0.07%

updated 2026-01-11T09:30:25

1 posts

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but

cR0w@infosec.exchange at 2026-01-12T14:44:36.000Z ##

UTT

Luxul

##

CVE-2026-0837
(8.8 HIGH)

EPSS: 0.07%

updated 2026-01-11T06:30:19

1 posts

A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

cR0w@infosec.exchange at 2026-01-12T14:44:36.000Z ##

UTT

Luxul

##

CVE-2026-0836
(8.8 HIGH)

EPSS: 0.07%

updated 2026-01-11T06:30:19

1 posts

A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW. This manipulation of the argument ssid causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any

cR0w@infosec.exchange at 2026-01-12T14:44:36.000Z ##

UTT

Luxul

##

CVE-2026-0839
(8.8 HIGH)

EPSS: 0.07%

updated 2026-01-11T06:30:19

1 posts

A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in

cR0w@infosec.exchange at 2026-01-12T14:44:36.000Z ##

UTT

Luxul

https://www.cve.org/CVERecord?id=CVE-2025-69425

##

CVE-2025-15505
(2.4 LOW)

EPSS: 0.03%

updated 2026-01-11T03:30:13

1 posts

A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did n

cR0w@infosec.exchange at 2026-01-12T14:44:36.000Z ##

UTT

EPSS: 0.11%

updated 2026-01-09T18:31:43

1 posts

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication

cR0w@infosec.exchange at 2026-01-09T16:52:52.000Z ##

RUCKUS

https://www.cve.org/CVERecord?id=CVE-2025-69426

EDIMAX

https://www.cve.org/CVERecord?id=CVE-2025-70161

https://github.com/Afnaan-Ahmed/CVE-2025-14598

##

CVE-2025-14598
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-01-09T18:31:36

1 posts

BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend database.

1 repos

FunctionalProgramming@activitypub.awakari.com at 2026-01-09T12:14:06.000Z ## CVE-2025-14598BeeS Software Solutions BET Portal contains an SQL injection vu... BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected si...

Origin | Interest | Match ##

CVE-2025-64091
(8.6 HIGH)

EPSS: 0.05%

updated 2026-01-09T18:31:35

1 posts

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2025-64092
(7.5 HIGH)

EPSS: 0.08%

updated 2026-01-09T18:31:35

1 posts

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database.

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2025-64093
(10.0 CRITICAL)

EPSS: 0.29%

updated 2026-01-09T18:31:35

1 posts

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2026-22081(CVSS UNKNOWN)

EPSS: 0.05%

updated 2026-01-09T12:32:33

1 posts

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies transmitted over an insecure HTTP connection. Successful exploitation of this vulnerability could all

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2026-22082(CVSS UNKNOWN)

EPSS: 0.17%

updated 2026-01-09T12:32:33

1 posts

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and capturing the session ID during insecure transmission. Successful exploitation of this vulnerability

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2026-22080(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-01-09T12:32:32

1 posts

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the Base64-encoded credentials. Successful exploitat

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2025-69194
(8.8 HIGH)

EPSS: 0.04%

updated 2026-01-09T09:31:24

1 posts

updated 2026-01-08T21:31:33

7 posts

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

https://github.com/hilwa24/CVE-2025-52691

10 repos

https://github.com/SuJing-cy/CVE-2025-2025-52691-SmarterMail-Exp

https://github.com/you-ssef9/CVE-2025-52691

https://github.com/DeathShotXD/CVE-2025-52691-APT-PoC

https://github.com/nxgn-kd01/smartermail-cve-scanner

https://github.com/yt2w/CVE-2025-52691

https://github.com/rxerium/CVE-2025-52691

https://github.com/sajjadsiam/CVE-2025-52691-poc

https://github.com/Ashwesker/Ashwesker-CVE-2025-52691

https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691

christopherkunz@chaos.social at 2026-01-15T06:49:23.000Z ##

@ljrk I see your ../../../../../ and raise you one ../../../../../../../../../../../../../../../
https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/

##

christopherkunz@chaos.social at 2026-01-15T06:49:23.000Z ##

@ljrk I see your ../../../../../ and raise you one ../../../../../../../../../../../../../../../
https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/

##

nopatience@swecyb.com at 2026-01-13T12:46:33.000Z ##

Timeline of vulnerability (soon to be exploited...) (SmartMail):

2025-12-28: NVD CVE published. [1]
2026-01-08: Vulnerability deepdive and PoC published. [2]
2026-01-12: Reconnaissance for instances detected. [3]
2026-01-xx: Exploitation? ...

[1]: https://nvd.nist.gov/vuln/detail/CVE-2025-52691
[2]: https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
[3]: https://www.labs.greynoise.io/grimoire/2026-01-13-smartermail-version-enumeration/

##

hrbrmstr@mastodon.social at 2026-01-13T11:49:19.000Z ##

We've been working on a new AI-driven + human-in-the-loop threat signals detector and this morning it flagged this path that we have not seen before in the grid in the past 90d `/api/v1/licensing/about`. It turns out it's an unauth’d version check for SmarterTools SmarterMail.

If that name sounds familiar its b/c of CVE-2025-52691 (https://nvd.nist.gov/vuln/detail/CVE-2025-52691). (1/3)

##

campuscodi@mastodon.social at 2026-01-11T14:44:17.000Z ##

watchTowr has published a technical analysis of a CVSS 10 pre-auth RCE vulnerability in SmartTool's SmarterMail business email platform.

The vulnerability (CVE-2025-52691) was silently patched in Oct and publicly disclosed only a few months later in Dec

https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/

##

_r_netsec@infosec.exchange at 2026-01-08T18:43:06.000Z ##

Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691) - watchTowr Labs https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/

##

cR0w@infosec.exchange at 2026-01-08T18:37:45.000Z ##

Get your popcorn, it's time for another watchTowr Labs post. This one is a pre-auth RCE in SmarterMail. :blobcatpopcorn:

https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/

##

CVE-2025-65518
(7.5 HIGH)

EPSS: 0.03%

updated 2026-01-08T21:30:40

1 posts

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service unavailable to legitimate users. An attacker can exploit this issue remotely without authentication, r

1 repos

https://github.com/Jainil-89/CVE-2025-65518

cR0w@infosec.exchange at 2026-01-08T18:58:46.000Z ##

DoS in Plesk.

https://github.com/Jainil-89/CVE-2025-65518/blob/main/cve.md

##

CVE-2025-13151
(7.5 HIGH)

EPSS: 0.05%

updated 2026-01-08T21:30:33

1 posts

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

cR0w@infosec.exchange at 2026-01-07T21:34:43.000Z ##

Reset the "Days since ASN1 vuln" sign to 0.

https://www.cve.org/CVERecord?id=CVE-2025-13151

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

##

CVE-2026-21441(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-01-08T20:05:42

1 posts

### Impact urllib3's [streaming API](https://urllib3.readthedocs.io/en/2.6.2/advanced-usage.html#streaming-and-i-o) is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br

linux@activitypub.awakari.com at 2026-01-12T15:56:28.000Z ## Ubuntu: urllib3 Important Denial of Service CVE-2026-21441 urllib3 could be made to use excessive resources if it received specially crafted network traffic.

#Ubuntu #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2017-20214
(7.5 HIGH)

EPSS: 0.04%

updated 2026-01-08T19:15:54.560000

1 posts

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.

cR0w@infosec.exchange at 2026-01-07T23:26:02.000Z ##

Old FLIR CVEs just published.

##

CVE-2017-20213
(7.5 HIGH)

EPSS: 0.12%

updated 2026-01-08T19:15:54.443000

1 posts

FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.

cR0w@infosec.exchange at 2026-01-07T23:26:02.000Z ##

Old FLIR CVEs just published.

https://www.cve.org/CVERecord?id=CVE-2025-55125

##

CVE-2025-59469
(9.0 None)

EPSS: 0.05%

updated 2026-01-08T18:30:56

1 posts

This vulnerability allows a Backup or Tape Operator to write files as root.

cR0w@infosec.exchange at 2026-01-08T16:43:57.000Z ##

CVEs are now published for this.

https://www.cve.org/CVERecord?id=CVE-2025-59468

https://www.cve.org/CVERecord?id=CVE-2025-59469

https://www.cve.org/CVERecord?id=CVE-2025-59470

##

CVE-2025-59470
(9.0 None)

EPSS: 0.30%

updated 2026-01-08T18:30:56

2 posts

This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.

cR0w@infosec.exchange at 2026-01-08T16:43:57.000Z ##

CVEs are now published for this.

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.

##

CVE-2025-68428
(0 None)

EPSS: 0.08%

updated 2026-01-08T18:09:23.230000

2 posts

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents

2 repos

https://github.com/12nio/CVE-2025-68428_PoC

https://github.com/Nurjaman2004/jsPDF-Bulk-Detector-CVE-2025-68428-

DarkWebInformer@infosec.exchange at 2026-01-11T02:00:20.000Z ##

❗️CVE-2025-68428: Critical Path Traversal in jsPDF

GitHub: https://github.com/12nio/CVE-2025-68428_PoC

CVSS: 9.2
CVE Published: January 5th, 2026
Exploit Published: January 8th, 2026

News source: https://www.bleepingcomputer.com/news/security/critical-jspdf-flaw-lets-hackers-steal-secrets-via-generated-pdfs/

##

benzogaga33@mamot.fr at 2026-01-09T10:40:03.000Z ##

Cette faille critique dans jsPDF (CVE-2025-68428) peut exposer les données de votre serveur https://www.it-connect.fr/faille-critique-jspdf-cve-2025-68428/ #ActuCybersécurité #Cybersécurité #Vulnérabilité

##

CVE-2025-15471
(9.8 CRITICAL)

EPSS: 0.22%

updated 2026-01-08T18:09:23.230000

1 posts

A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

beyondmachines1@infosec.exchange at 2026-01-08T10:01:43.000Z ##

Unpatched command Injection flaw reported in Trendnet TEW-713RE extenders

Trendnet TEW-713RE range extenders are reportd to have a critical command injection flaw (CVE-2025-15471) that allows unauthenticated attackers to gain root access. The flaw is not patched and the company has not responded to disclosure attempts.

**If you are using TEW-713RE range extenders, make sure they are isolated from the internet and accessible from trusted networks only. Since Trendnet has not released a fix, plan a replacement with supported hardware.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/unpatched-command-injection-flaw-reported-in-trendnet-tew-713re-extenders-i-2-q-8-w/gD2P6Ple2L

##

CVE-2026-21876
(9.3 CRITICAL)

EPSS: 0.04%

updated 2026-01-08T18:08:18.457000

4 posts

The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with

1 repos

https://github.com/daytriftnewgen/CVE-2026-21876

beyondmachines1@infosec.exchange at 2026-01-10T09:01:07.000Z ##

OWASP CRS Patches Critical Multipart Charset Validation Bypass

OWASP CRS released patches for a critical vulnerability (CVE-2026-21876) that allows attackers to bypass charset validation in multipart requests. By placing malicious payloads in early request parts, attackers can slip UTF-7/16/32 encoded XSS attacks past the WAF.

**If you are using WAF OWASP Core Rule Set to version 4.22.0 or 3.3.8 this is important. Update the Core rule 922110 ASAP. Don't not rely on default settings for rule 922110 until you have applied these patches. Attackers can easily hide malicious scripts in multi-part uploads.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/owasp-crs-patches-critical-multipart-charset-validation-bypass-6-n-o-8-z/gD2P6Ple2L

##

_r_netsec@infosec.exchange at 2026-01-08T20:28:06.000Z ##

CVE-2026-21876: OWASP Modsecurity CRS WAF bypass blogpost is out! https://coreruleset.org/20260106/cve-2026-21876-critical-multipart-charset-bypass-fixed-in-crs-4.22.0-and-3.3.8/

##

_r_netsec@infosec.exchange at 2026-01-08T19:58:06.000Z ##

Critical (9.3 CVSS) OWASP ModSecurity CRS WAF bypass advisory and walkthrough is out! https://coreruleset.org/20260106/cve-2026-21876-critical-multipart-charset-bypass-fixed-in-crs-4.22.0-and-3.3.8/

##

cR0w@infosec.exchange at 2026-01-07T21:09:45.000Z ##

Docker WAF doesn't filter on username, apparently. Seems weird. The CVE isn't published yet but they are claiming a number for it in the repo. Either way, if you have Docker WAF logs, maybe look for interesting payloads in the username parameter. Or don't.

https://github.com/daytriftnewgen/CVE-2026-21876

##

CVE-2026-21877
(9.9 CRITICAL)

EPSS: 0.05%

updated 2026-01-08T18:08:18.457000

4 posts

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted u

1 repos

https://github.com/Ashwesker/Ashwesker-CVE-2026-21877

beyondmachines1@infosec.exchange at 2026-01-09T16:01:43.000Z ##

Another critical RCE flaw reported in n8n automation platform

n8n patched another critical remote code execution vulnerability, CVE-2026-21877, which allows authenticated users to bypass sandboxes and take full control of automation servers. Over 100,000 instances are potentially exposed.

**Make sure all automation servers are isolated from the internet and accessible from trusted networks only. Update n8n to version 1.121.3 immediately and restrict workflow creation rights to a small group of trusted administrators to prevent unauthorized code execution.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/another-critical-rce-flaw-reported-in-n8n-automation-platform-m-8-g-u-s/gD2P6Ple2L

##

christopherkunz@chaos.social at 2026-01-09T12:00:20.000Z ##

Uh... how is https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263 (CVE-2026-21877) a 10.0 with PR:L? That is not possible, either it's a 9.9 or it has PR:N.

##

Hackread@mstdn.social at 2026-01-08T20:09:35.000Z ##

n8n users need to update immediately after a CVSS 10.0 (CVE-2026-21877) authenticated remote code execution flaw was found that could let an attacker take over the system. Update to version 1.121.3 or higher and restrict privileges now.

Read: https://hackread.com/n8n-users-patch-full-system-takeover-vulnerability/

#n8n #Cybersecurity #Vulnerability #Infosec

##

decio@infosec.exchange at 2026-01-08T11:29:24.000Z ##

"Une seconde faille critique RCE affecte n8n – CVE-2026-21877 : comment se protéger ?"
👇
https://www.it-connect.fr/n8n-cve-2026-21877-faille-critique-rce/

Pas mal d'instances pas à jour et exposées aussi sur les réseaux EU et CH selon Onyphe
👇
https://bsky.app/profile/onyphe.io/post/3mbvqc665zc2w

Infos
👇
https://cve.circl.lu/vuln/CVE-2026-21877

💬
⬇️
https://infosec.pub/post/40204482

#CyberVeille #n8n

##

CVE-2025-15346
(0 None)

EPSS: 0.07%

updated 2026-01-08T18:08:18.457000

1 posts

A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced. Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client

cR0w@infosec.exchange at 2026-01-08T15:31:23.000Z ##

No awoo for you.

https://www.cve.org/CVERecord?id=CVE-2025-15346

A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced. Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client certificate was provided. This results in improper authentication, allowing attackers to bypass mutual TLS (mTLS) client authentication by omitting a client certificate during the TLS handshake. The issue affects versions up to and including 5.8.2.

##

technadu@infosec.exchange at 2026-01-09T10:10:46.000Z ##

PoC exploits are now public for CVE-2025-69258 in Trend Micro Apex Central (on-premise), a vulnerability that could allow unauthenticated RCE on affected systems.

A patch is available, and there are no confirmed exploitation reports so far. Public PoCs, however, tend to accelerate attacker interest.

Follow @technadu for objective and technically grounded infosec updates.

Source: https://www.helpnetsecurity.com/2026/01/08/trend-micro-apex-central-cve-2025-69258-rce-poc/

#Infosec #VulnerabilityDisclosure #PatchManagement #RCE #EnterpriseSecurity #ThreatLandscape

##

beyondmachines1@infosec.exchange at 2026-01-09T08:01:42.000Z ##

Critical flaws and public exploits released for Trend Micro Apex Central on-premise management

Trend Micro patched a critical remote code execution vulnerability (CVE-2025-69258) in Apex Central that allows attackers to gain SYSTEM privileges. Public exploit code is now available, making immediate patching of on-premise installations vital.

**Make sure all Apex Central servers are isolated from the internet and accessible from trusted networks only. Install Critical Patch Build 7190 as soon as possible.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-flaws-and-public-exploits-released-for-trend-micro-apex-central-on-premise-management-g-t-o-p-0/gD2P6Ple2L

##

CVE-2025-14017(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-01-08T12:30:38

1 posts

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

cR0w@infosec.exchange at 2026-01-08T15:22:45.000Z ##

ZOMG curl CVEs.

https://curl.se/docs/CVE-2025-14017.html

https://curl.se/docs/CVE-2025-14524.html

https://curl.se/docs/CVE-2025-14819.html

https://curl.se/docs/CVE-2025-15079.html

https://curl.se/docs/CVE-2025-15224.html

https://curl.se/docs/CVE-2025-13034.html

##

CVE-2025-37164
(10.0 CRITICAL)

EPSS: 81.31%

updated 2026-01-08T00:32:16

2 posts

A remote code execution issue exists in HPE OneView.

https://github.com/g0vguy/CVE-2025-37164-PoC

3 repos

https://github.com/rxerium/CVE-2025-37164

https://github.com/LACHHAB-Anas/Exploit_CVE-2025-37164

Hackread@mstdn.social at 2026-01-10T14:02:18.000Z ##

CISA urges emergency patching after a critical HPE OneView vulnerability (CVE-2025-37164) with active exploitation - Check your versions and update to OneView v11.00 or later now.

Read: https://hackread.com/cisa-emergency-patching-exploit-hpe-oneview-flaw/

#Cybersecurity #HPE #OneView #CISA #Vulnerability

##

DarkWebInformer@infosec.exchange at 2026-01-08T15:33:41.000Z ##

🚨 CISA adds two vulnerabilities to the KEV Catalog

CVE-2009-0556: Microsoft Office PowerPoint Code Injection Vulnerability

CVSS: 9.3

CVE-2025-37164: Hewlett Packard Enterprise OneView Code Injection Vulnerability

CVSS: 10

##

CVE-2025-62224
(5.5 MEDIUM)

EPSS: 0.05%

updated 2026-01-08T00:31:21

1 posts

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.

Android@activitypub.awakari.com at 2026-01-07T08:00:00.000Z ## CVE-2025-62224 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized at...

#CVE

Origin | Interest | Match ##

CVE-2017-20216
(9.8 CRITICAL)

EPSS: 0.44%

updated 2026-01-08T00:31:21

1 posts

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell_exec() calls. Exploitation evidence was observed by the Shadowserver Foundation on 2

cR0w@infosec.exchange at 2026-01-07T23:26:02.000Z ##

Old FLIR CVEs just published.

##

CVE-2017-20215
(8.8 HIGH)

EPSS: 0.35%

updated 2026-01-08T00:31:21

1 posts

FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system.

cR0w@infosec.exchange at 2026-01-07T23:26:02.000Z ##

Old FLIR CVEs just published.

##

CVE-2017-20212
(6.2 MEDIUM)

EPSS: 0.23%

updated 2026-01-08T00:31:21

1 posts

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.

cR0w@infosec.exchange at 2026-01-07T23:26:02.000Z ##

Old FLIR CVEs just published.

##

CVE-2009-0556
(8.8 HIGH)

EPSS: 78.49%

updated 2026-01-07T21:32:42

4 posts

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."

beyondmachines1@infosec.exchange at 2026-01-09T12:01:43.000Z ##

CISA warns of active attacks legacy PowerPoint flaw

CISA is warning about active exploitation of CVE-2009-0556, a critical memory corruption vulnerability in legacy Microsoft PowerPoint (2000-2003 versions) that allows attackers to execute malware and move laterally through networks via malicious .ppt files.

**If you're still running legacy Microsoft Office (2000-2003 or 2004 for Mac), remove it and upgrade immediately to a supported version. This 15-year-old PowerPoint flaw is being actively exploited to install malware. If upgrading isn't possible right away, remove PowerPoint from these old systems and avoid opening any .ppt files.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-warns-of-active-attacks-legacy-powerpoint-flaw-c-b-1-9-i/gD2P6Ple2L

##

DarkWebInformer@infosec.exchange at 2026-01-08T15:33:41.000Z ##

🚨 CISA adds two vulnerabilities to the KEV Catalog

https://github.com/fevar54/CVE-2026-0628-POC

CVE-2009-0556: Microsoft Office PowerPoint Code Injection Vulnerability

CVSS: 9.3

CVE-2025-37164: Hewlett Packard Enterprise OneView Code Injection Vulnerability

CVSS: 10

##

hexmasteen@chaos.social at 2026-01-08T08:55:01.000Z ##

Yesterday (2026-01-07) CISA added a new entry to it's catalog of known exploited vulnerabilities. It's about CVE-2009-0556, a vulnerability in PowerPoint 2003 which is EOL since 2014.

updated 2026-01-07T15:31:20

2 posts

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

1 repos

AAKL@infosec.exchange at 2026-01-13T16:21:11.000Z ##

Microsoft's Security Guide has added one new entry:

January 2026 Release Notes: Chromium: CVE-2026-0628 Insufficient policy enforcement in WebView tag https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0628 #Microsoft #infosec #Chromium #Chrome #Edge

##

beyondmachines1@infosec.exchange at 2026-01-08T12:01:43.000Z ##

Google patches high-risk WebView flaw in first 2026 Chrome update

Google released Chrome 143.0.7499.192/193 to fix a high-risk vulnerability (CVE-2026-0628) in the WebView component that could allow malicious extensions to inject scripts into privileged pages.

**If you are using Google Chrome or other Chromium-based browsers (Edge, Brave, Vivaldi, Opera...) patch your browser ASAP. No critical flaws in this update, but don't wait for the flaw to become actively exploited. Update now, it's trivial and all your tabs reopen after the update.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-patches-high-risk-webview-flaw-in-first-2026-chrome-update-8-y-o-a-0/gD2P6Ple2L

##

https://github.com/Dlanang/homelab-CVE-2025-68613

https://github.com/LingerANR/n8n-CVE-2025-68613

https://github.com/nehkark/CVE-2025-68613

https://github.com/GnuTLam/POC-CVE-2025-68613

https://github.com/r4j3sh-com/CVE-2025-68613-n8n-lab

https://github.com/ali-py3/Exploit-CVE-2025-68613

https://github.com/gagaltotal/n8n-cve-2025-68613

https://github.com/reem-012/poc_CVE-2025-68613

https://github.com/wioui/n8n-CVE-2025-68613-exploit

https://github.com/ahmedshamsddin/n8n-RCE-CVE-2025-68613

https://github.com/manyaigdtuw/CVE-2025-68613_Scanner

https://github.com/AbdulRKB/n8n-RCE

https://github.com/Khin-96/n8n-cve-2025-68613-thm

https://github.com/rxerium/CVE-2025-68613

https://github.com/Ak-cybe/CVE-2025-68613-n8n-rce-analysis

https://github.com/secjoker/CVE-2025-68613

https://github.com/cv-sai-kamesh/n8n-CVE-2025-68613

https://github.com/releaseown/analysis-and-poc-n8n-CVE-2025-68613

https://github.com/J4ck3LSyN-Gen2/n8n-CVE-2025-68613-TryHackMe

https://github.com/TheInterception/n8n_CVE-2025-68613_exploit_payloads

DarkWebInformer@infosec.exchange at 2026-01-07T19:28:09.000Z ##

Another video showing how incredibly easy the n8n RCE vulnerability (CVE-2025-68613) is.

Credit: http://youtube.com/@0xmrsecurity

##

CVE-2025-13836
(9.1 CRITICAL)

EPSS: 0.09%

updated 2025-12-30T15:30:26

1 posts

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

linux@activitypub.awakari.com at 2026-01-12T11:47:18.000Z ## Ubuntu: Python Important Denial Of Service Issue USN-7951-1 CVE-2025-13836 Python could be made to crash if it received specially crafted network traffic.

#Ubuntu #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2025-64113(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-12-29T19:43:28

1 posts

### Withdrawn Advisory This advisory has been withdrawn because it incorrectly listed [MediaBrowser.Server.Core](https://www.nuget.org/packages/MediaBrowser.Server.Core) as vulnerable. CVE-2025-64113 affects Emby Server versions 4.9.1.80 and prior, and Emby Server Beta versions 4.9.2.6 and prior. ### Original Description ### Impact This vulnerability affects all Emby Server versions - beta and s

1 repos

https://github.com/Ashwesker/Ashwesker-CVE-2025-64113

GEBIRGE@infosec.exchange at 2026-01-13T20:20:19.000Z ##

Here's my analysis of the recent-ish 9.3 Critical in #Emby (CVE-2025-64113).

Sadly, the vulnerability turned out to be pretty boring, but I've tried to make the best of it.

https://gebir.ge/blog/its-not-mine-cve-2025-64113/

##

CVE-2025-13699
(7.0 HIGH)

EPSS: 0.12%

updated 2025-12-29T15:58:56.260000

1 posts

MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of view names. T

cR0w@infosec.exchange at 2026-01-13T17:00:58.000Z ##

https://www.youtube.com/watch?v=nPLV7lGbmT4

https://www.cve.org/CVERecord?id=CVE-2025-13699

https://www.cve.org/CVERecord?id=CVE-2025-21490

https://www.cve.org/CVERecord?id=CVE-2025-30693

https://www.cve.org/CVERecord?id=CVE-2025-30722

##

CVE-2025-67724
(5.4 MEDIUM)

EPSS: 0.04%

updated 2025-12-22T18:49:24.303000

1 posts

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers (where it could be used for header injection) or in HTML in the default error page (where it could be used for XSS) and can be exploited by passing untrusted or malicious data into the reason argument. Used by both RequestHandler.set_statu

Ubuntu@activitypub.awakari.com at 2026-01-08T20:43:44.000Z ## Ubuntu 25.10: Tornado Critical XSS DoS Flaws USN-7950-1 CVE-2025-67724 Several security issues were fixed in Tornado.

#Ubuntu #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2025-20393
(10.0 CRITICAL)

EPSS: 7.28%

updated 2025-12-17T21:30:47

2 posts

Cisco is aware of a potential vulnerability.  Cisco is currently investigating and will update these details as appropriate as more information becomes available.

6 repos

https://github.com/Ashwesker/Ashwesker-CVE-2025-20393

https://github.com/MRH701/mrh701.github.io

https://github.com/KingHacker353/CVE-2025-20393

https://github.com/StasonJatham/cisco-sa-sma-attack-N9bf4

https://github.com/cyberleelawat/CVE-2025-20393

https://github.com/MRH701/cisco-sa-sma-attack-N9bf4

AAKL at 2026-01-15T16:25:01.723Z ##

Updated Cisco advisory. "Rudolph, the red-nosed reindeer ...." 🎵 🎶 🎧

"There are no workarounds identified that directly mitigate the risk concerning this attack campaign, but administrators can view and follow the guidance provided in the Recommendations section of this advisory."

Cisco: CVE-2025-20393, critical: Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4

There are three other entries for today:

- Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-9TDh2kx

- Cisco Identity Services Engine Cross-Site Scripting Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-964cdxW5

- Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-stored-xss-GEkX8yWK @TalosSecurity #infosec #Cisco #vulnerability

@cR0w

##

AAKL@infosec.exchange at 2026-01-15T16:25:01.000Z ##

Updated Cisco advisory. "Rudolph, the red-nosed reindeer ...." 🎵 🎶 🎧

"There are no workarounds identified that directly mitigate the risk concerning this attack campaign, but administrators can view and follow the guidance provided in the Recommendations section of this advisory."

Cisco: CVE-2025-20393, critical: Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4

There are three other entries for today:

- Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-9TDh2kx

- Cisco Identity Services Engine Cross-Site Scripting Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-964cdxW5

- Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-stored-xss-GEkX8yWK @TalosSecurity #infosec #Cisco #vulnerability

@cR0w

##

CVE-2025-66039
(0 None)

EPSS: 0.05%

updated 2025-12-12T15:19:07.567000

1 posts

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.

5 repos

https://github.com/jhow019/jhow019.github.io

https://github.com/cyberleelawat/FreePBX-Multiple-CVEs-2025

https://github.com/BimBoxH4/CVE-2025-66039_CVE-2025-61675_CVE-2025-61678_reePBX

https://github.com/rxerium/FreePBX-Vulns-December-25

https://github.com/jhow019/FreePBX-Vulns-December-25

AAKL@infosec.exchange at 2026-01-13T16:42:31.000Z ##

New.

Picus: Critical FreePBX Vulnerabilities: CVE-2025-66039, CVE-2025-61675, CVE-2025-61675 https://www.picussecurity.com/resource/blog/critical-freepbx-vulnerabilities-cve-2025-66039-cve-2025-61675-cve-2025-61675 #infosec #vilnerability #threatresearch #opensource

##

CVE-2025-55182
(10.0 CRITICAL)

EPSS: 55.12%

updated 2025-12-09T16:53:25

1 posts

### Impact There is an unauthenticated remote code execution vulnerability in React Server Components. We recommend upgrading immediately. The vulnerability is present in versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 of: * [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack) * [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel) * [react-s

https://github.com/Updatelap/CVE-2025-55182

100 repos

https://github.com/Dh4v4l8/CVE-2025-55182-poc-tool

https://github.com/xkillbit/cve-2025-55182-scanner

https://github.com/VeilVulp/RscScan-cve-2025-55182

https://github.com/RuoJi6/CVE-2025-55182-RCE-shell

https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc

https://github.com/gensecaihq/react2shell-scanner

https://github.com/subhdotsol/CVE-2025-55182

https://github.com/im-ezboy/CVE-2025-55182-zoomeye

https://github.com/Chocapikk/CVE-2025-55182

https://github.com/MrR0b0t19/CVE-2025-55182-shellinteractive

https://github.com/zr0n/react2shell

https://github.com/xalgord/React2Shell

https://github.com/EynaExp/CVE-2025-55182-POC

https://github.com/acheong08/CVE-2025-55182-poc

https://github.com/kondukto-io/vulnerable-next-js-poc

https://github.com/yz9yt/React2Shell-CTF

https://github.com/mrknow001/RSC_Detector

https://github.com/ynsmroztas/NextRce

https://github.com/surajhacx/react2shellpoc

https://github.com/alfazhossain/CVE-2025-55182-Exploiter

https://github.com/BeichenDream/CVE-2025-55182-GodzillaMemoryShell

https://github.com/fatguru/CVE-2025-55182-scanner

https://github.com/dwisiswant0/CVE-2025-55182

https://github.com/hackersatyamrastogi/react2shell-ultimate

https://github.com/freeqaz/react2shell

https://github.com/anuththara2007-W/CVE-2025-55182-Exploit-extension

https://github.com/theman001/CVE-2025-55182

https://github.com/msanft/CVE-2025-55182

https://github.com/hualy13/CVE-2025-55182

https://github.com/c0rydoras/CVE-2025-55182

https://github.com/Faithtiannn/CVE-2025-55182

https://github.com/AdityaBhatt3010/React2Shell-CVE-2025-55182-The-Deserialization-Bug-That-Broke-the-Web

https://github.com/kavienanj/CVE-2025-55182

https://github.com/zack0x01/CVE-2025-55182-advanced-scanner-

https://github.com/chrahman/react2shell-CVE-2025-55182-full-rce-script

https://github.com/hidden-investigations/react2shell-scanner

https://github.com/techgaun/cve-2025-55182-scanner

https://github.com/aliclub0x00/CVE-2025-55182-POC-NEXTJS

https://github.com/zack0x01/vuln-app-CVE-2025-55182

https://github.com/pyroxenites/Nextjs_RCE_Exploit_Tool

https://github.com/Cr4at0r/Next.js-RCE-Scanner-BurpSuite-Extension-

https://github.com/zzhorc/CVE-2025-55182

https://github.com/jf0x3a/CVE-2025-55182-exploit

https://github.com/fullhunt/react2shell-test-server

https://github.com/GelukCrab/React-Server-Components-RCE

https://github.com/shamo0/react2shell-PoC

https://github.com/SainiONHacks/CVE-2025-55182-Scanner

https://github.com/MoLeft/React2Shell-Toolbox

https://github.com/songsanggggg/CVE-2025-55182

https://github.com/Rsatan/Next.js-Exploit-Tool

https://github.com/CirqueiraDev/MassExploit-CVE-2025-55182

https://github.com/xcanwin/CVE-2025-55182-React-RCE

https://github.com/timsonner/React2Shell-CVE-2025-55182

https://github.com/websecuritylabs/React2Shell-Library

https://github.com/CymulateResearch/React2Shell-Scanner

https://github.com/alsaut1/react2shell-lab

https://github.com/pax-k/react2shell-CVE-2025-55182-full-rce-script

https://github.com/l4rm4nd/CVE-2025-55182

https://github.com/sickwell/CVE-2025-55182

https://github.com/AliHzSec/CVE-2025-55182

https://github.com/TrixSec/CVE-2025-55182-Scanner

https://github.com/whiteov3rflow/CVE-2025-55182-poc

https://github.com/LemonTeatw1/CVE-2025-55182-exploit

https://github.com/Security-Phoenix-demo/react2shell-scanner-rce-react-next-CVE-2025-55182-CVE-2025-66478

https://github.com/momika233/CVE-2025-55182-bypass

https://github.com/ZihxS/check-react-rce-cve-2025-55182

https://github.com/heiheishushu/rsc_detect_CVE-2025-55182

https://github.com/sumanrox/rschunter

https://github.com/hoosin/CVE-2025-55182

https://github.com/assetnote/react2shell-scanner

https://github.com/cybertechajju/R2C-CVE-2025-55182-66478

https://github.com/theori-io/reactguard

https://github.com/XiaomingX/CVE-2025-55182-poc

https://github.com/tobiasGuta/Next.js-RSC-RCE-Scanner-Burp-Suite-Extension

https://github.com/emredavut/CVE-2025-55182

https://github.com/santihabib/CVE-2025-55182-analysis

https://github.com/C00LN3T/React2Shell

https://github.com/sho-luv/React2Shell

https://github.com/kOaDT/poc-cve-2025-55182

https://github.com/onlylovetx/CVE-2025-55182-CVE-2025-66478-Exploit-GUI

https://github.com/sudo-Yangziran/CVE-2025-55182POC

https://github.com/BankkRoll/Quickcheck-CVE-2025-55182-React-and-CVE-2025-66478-Next.js

https://github.com/logesh-GIT001/CVE-2025-55182

https://github.com/Ashwesker/Ashwesker-CVE-2025-55182

https://github.com/shyambhanushali/React2Shell

https://github.com/yanoshercohen/React2Shell_CVE-2025-55182

https://github.com/vijay-shirhatti/RSC-Detect-CVE-2025-55182

https://github.com/nehkark/CVE-2025-55182

https://github.com/Spritualkb/CVE-2025-55182-exp

https://github.com/Pizz33/CVE-2025-55182-burpscanner

https://github.com/M4xSec/CVE-2025-55182-React2Shell-RCE-Shell

https://github.com/Cillian-Collins/CVE-2025-55182

https://github.com/ThemeHackers/CVE-2025-55182

https://github.com/Saturate/CVE-2025-55182-Scanner

https://github.com/StealthMoud/CVE-2025-55182-Scanner

https://github.com/BlackTechX011/React2Shell

https://github.com/ejpir/CVE-2025-55182-bypass

https://github.com/keklick1337/CVE-2025-55182-golang-PoC

https://github.com/ejpir/CVE-2025-55182-research

threatresearch@infosec.exchange at 2026-01-12T22:27:57.000Z ##

I had a chance last week to chat with Benjamin Read of #Wiz. Last month, Read and other members of his team published a deep dive into the #React2Shell
(CVE-2025-55182) vulnerability, and I was curious to see what has been hitting my honeypot, so I took a closer look.

This is doing some weird stuff, friends.

As is normally the case with exploits targeting internet-facing devices, once the exploit becomes known, it ends up in the automated scanners used by threat actors and security researchers. What I've seen over the past week is a combination of both.

In just a few hours of operation, I identified a small number of source IP addresses exploiting React2Shell by pointing the vulnerable system at URLs hosting BASH scripts. These scripts are really familiar to anyone who routinely looks at honeypot data - they contain a series of commands that pull down and execute malicious payloads.

And as I've seen in the past, some of these payloads use racially inflammatory language in their malware. It's weird and gross, but unfortunately, really common.

But while most of these payloads were "the usual suspects" - remote shells, cryptocurrency miners - there was one payload that stuck out.

It's an exploit file, based on this proof-of-concept [https://github.com/iotwar/FIVEM-POC/blob/main/fivem-poc.py] designed to DDoS a modded server running "FiveM," a popular version of the game Grand Theft Auto V.

Let that one sink in: among the earliest adopters of a brand new exploit are...people trying to mess with other people's online game servers.

I've long said that exploits like these are the canaries in the datacenter coal mine. After all, if an attacker can force your server to run a cryptominer (or a game DDoS tool), they can force it to run far more malicious code.

I guess someone, or a group of someones, just want to ruin everyone's good time, no matter how or what form that takes. And they'll do it in the most offensive way possible.

Anyway, patch your servers, please, if only to stick it to these people who want to be the reason we can't have nice things.

#PoC #exploit #CVE_2025_55182 #DDoS #FiveM #REACT #Bash #cryptominer #malware

##

CVE-2025-66471(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-12-05T18:33:09

1 posts

### Impact urllib3's [streaming API](https://urllib3.readthedocs.io/en/2.5.0/advanced-usage.html#streaming-and-i-o) is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding

Ubuntu@activitypub.awakari.com at 2026-01-12T23:08:08.000Z ## Ubuntu: urllib3 Critical DoS Regression USN-7927-2 CVE-2025-66471 USN-7927-1 introduced a regression in urllib3

#Ubuntu #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2025-66516(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-12-05T02:26:57

1 posts

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. First, while the entrypoi

4 repos

https://github.com/sid6224/CVE-2025-66516-POC

https://github.com/intSheep/Tika-CVE-2025-66516-Lab

https://github.com/chasingimpact/CVE-2025-66516-Writeup-POC

https://github.com/Ashwesker/Ashwesker-CVE-2025-66516

AAKL@infosec.exchange at 2026-01-09T18:12:09.000Z ##

New.

Picus: Apache Tika XXE Vulnerability CVE-2025-66516 Explained https://www.picussecurity.com/resource/blog/apache-tika-xxe-vulnerability-cve-2025-66516-explained #infosec #vulnerability #Apache #threatresearch #opensource

##

CVE-2025-64126
(10.0 CRITICAL)

EPSS: 5.60%

updated 2025-12-01T15:39:53.100000

1 posts

An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary commands.

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2025-64127
(10.0 CRITICAL)

EPSS: 5.60%

updated 2025-11-26T18:31:15

1 posts

An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely.

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2025-64130
(9.8 CRITICAL)

EPSS: 0.15%

updated 2025-11-26T18:31:15

1 posts

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser.

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2025-64129
(7.6 HIGH)

EPSS: 0.17%

updated 2025-11-26T18:31:15

1 posts

Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device.

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2025-64128
(10.0 CRITICAL)

EPSS: 5.60%

updated 2025-11-26T18:31:15

1 posts

An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands.

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2025-64446
(9.8 CRITICAL)

EPSS: 89.81%

updated 2025-11-21T18:27:33.730000

2 posts

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

https://github.com/Death112233/CVE-2025-64446-

12 repos

https://github.com/lequoca/fortinet-fortiweb-cve-2025-64446-58034

https://github.com/soltanali0/CVE-2025-64446-Exploit

https://github.com/lincemorado97/CVE-2025-64446_CVE-2025-58034

https://github.com/verylazytech/CVE-2025-64446

https://github.com/Ashwesker/Ashwesker-CVE-2025-64446

https://github.com/D3crypT0r/CVE-2025-64446

https://github.com/AN5I/cve-2025-64446-fortiweb-exploit

https://github.com/sensepost/CVE-2025-64446

https://github.com/fevar54/CVE-2025-64446-PoC---FortiWeb-Path-Traversal

https://github.com/mrk336/Silent-WebStorm-Fortinet-s-Hidden-Exploits

https://github.com/sxyrxyy/CVE-2025-64446-FortiWeb-CGI-Bypass-PoC

technadu at 2026-01-15T13:03:28.636Z ##

Sicarii RaaS uses Israeli/Jewish iconography — but researchers say it’s likely deceptive branding.

• Geo-fencing to avoid Israeli systems
• CVE-2025-64446 exploitation
• Data theft + destructive ransomware

https://www.technadu.com/sicarii-ransomware-a-deceptive-new-ransomware-as-a-service-threat-using-hebrew-iconography/618284/

What’s your assessment of attribution through branding?

#Infosec #Ransomware #ThreatIntelligence

##

technadu@infosec.exchange at 2026-01-15T13:03:28.000Z ##

Sicarii RaaS uses Israeli/Jewish iconography — but researchers say it’s likely deceptive branding.

• Geo-fencing to avoid Israeli systems
• CVE-2025-64446 exploitation
• Data theft + destructive ransomware

https://www.technadu.com/sicarii-ransomware-a-deceptive-new-ransomware-as-a-service-threat-using-hebrew-iconography/618284/

What’s your assessment of attribution through branding?

#Infosec #Ransomware #ThreatIntelligence

##

CVE-2025-40300(CVSS UNKNOWN)

EPSS: 0.08%

updated 2025-11-17T18:30:25

1 posts

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors af

Ubuntu@activitypub.awakari.com at 2026-01-09T16:55:37.000Z ## Ubuntu 24.04: Linux-azure-nvidia Critical Issues CVE-2025-40300 Several security issues were fixed in the Linux kernel.

#Ubuntu #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2025-12818
(5.9 MEDIUM)

EPSS: 0.06%

updated 2025-11-14T16:42:03.187000

1 posts

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

linux@activitypub.awakari.com at 2026-01-12T22:14:42.000Z ## Oracle Linux 9: ELSA-2026-0458 libpq Moderate Threat CVE-2025-12818 The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

#Oracle #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2025-8677
(7.5 HIGH)

EPSS: 0.07%

updated 2025-11-05T00:32:35

1 posts

Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

cR0w@infosec.exchange at 2026-01-14T19:48:48.000Z ##

Still no fix in BIG-IP DNS for CVE-2025-8677.

https://my.f5.com/manage/s/article/K000157317

##

EPSS: 0.05%

updated 2025-11-03T20:19:19.233000

1 posts

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

hackmag@infosec.exchange at 2026-01-10T10:04:30.000Z ##

⚪ Firefox Patches Vulnerability Discovered by a Positive Technologies Expert

🗨️ Exploitation of the vulnerability became possible after injecting malicious code into an arbitrary website, allowing an attacker to steal credentials and redirect users to phishing pages.

🔗 https://hackmag.com/news/cve-2025-6430?utm_source=mastodon&utm_medium=social&utm_campaign=repost_hackmag_to_socials

#news

##

CVE-2021-44228
(10.0 CRITICAL)

EPSS: 94.36%

updated 2025-10-22T19:13:26

1 posts

# Summary Log4j versions prior to 2.16.0 are subject to a remote code execution vulnerability via the ldap JNDI parser. As per [Apache's Log4j security guide](https://logging.apache.org/log4j/2.x/security.html): Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who

https://github.com/marcourbano/CVE-2021-44228

100 repos

https://github.com/claranet/ansible-role-log4shell

https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words

https://github.com/sunnyvale-it/CVE-2021-44228-PoC

https://github.com/NS-Sp4ce/Vm4J

https://github.com/AlexandreHeroux/Fix-CVE-2021-44228

https://github.com/jas502n/Log4j2-CVE-2021-44228

https://github.com/NCSC-NL/log4shell

https://github.com/faisalfs10x/Log4j2-CVE-2021-44228-revshell

https://github.com/mr-r3b00t/CVE-2021-44228

https://github.com/thecyberneh/Log4j-RCE-Exploiter

https://github.com/justakazh/Log4j-CVE-2021-44228

https://github.com/korteke/log4shell-demo

https://github.com/0xDexter0us/Log4J-Scanner

https://github.com/giterlizzi/nmap-log4shell

https://github.com/Jeromeyoung/log4j2burpscanner

https://github.com/mzlogin/CVE-2021-44228-Demo

https://github.com/puzzlepeaches/Log4jCenter

https://github.com/qingtengyun/cve-2021-44228-qingteng-patch

https://github.com/MalwareTech/Log4jTools

https://github.com/kubearmor/log4j-CVE-2021-44228

https://github.com/twseptian/spring-boot-log4j-cve-2021-44228-docker-lab

https://github.com/back2root/log4shell-rex

https://github.com/BinaryDefense/log4j-honeypot-flask

https://github.com/blake-fm/vcenter-log4j

https://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs

https://github.com/mergebase/log4j-detector

https://github.com/boundaryx/cloudrasp-log4j2

https://github.com/puzzlepeaches/Log4jHorizon

https://github.com/bigsizeme/Log4j-check

https://github.com/infiniroot/nginx-mitigate-log4shell

https://github.com/puzzlepeaches/Log4jUnifi

https://github.com/HynekPetrak/log4shell-finder

https://github.com/sassoftware/loguccino

https://github.com/TaroballzChen/CVE-2021-44228-log4jVulnScanner-metasploit

https://github.com/CodeShield-Security/Log4JShell-Bytecode-Detector

https://github.com/Adikso/minecraft-log4j-honeypot

https://github.com/Diverto/nse-log4shell

https://github.com/r3kind1e/Log4Shell-obfuscated-payloads-generator

https://github.com/nccgroup/log4j-jndi-be-gone

https://github.com/1lann/log4shelldetect

https://github.com/christophetd/log4shell-vulnerable-app

https://github.com/redhuntlabs/Log4JHunt

https://github.com/logpresso/CVE-2021-44228-Scanner

https://github.com/momos1337/Log4j-RCE

https://github.com/shamo0/CVE-2021-44228

https://github.com/DragonSurvivalEU/RCE

https://github.com/alexandre-lavoie/python-log4rce

https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228

https://github.com/julian911015/Log4j-Scanner-Exploit

https://github.com/ssl/scan4log4j

https://github.com/lfama/log4j_checker

https://github.com/roxas-tan/CVE-2021-44228

https://github.com/simonis/Log4jPatch

https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch

https://github.com/Azeemering/CVE-2021-44228-DFIR-Notes

https://github.com/thomaspatzke/Log4Pot

https://github.com/stripe/log4j-remediation-tools

https://github.com/darkarnium/Log4j-CVE-Detect

https://github.com/leonjza/log4jpwn

https://github.com/cisagov/log4j-scanner

https://github.com/corretto/hotpatch-for-apache-log4j2

https://github.com/NorthwaveSecurity/log4jcheck

https://github.com/future-client/CVE-2021-44228

https://github.com/mufeedvh/log4jail

https://github.com/fox-it/log4j-finder

https://github.com/fullhunt/log4j-scan

https://github.com/cyberxml/log4j-poc

https://github.com/f0ng/log4j2burpscanner

https://github.com/mr-vill4in/log4j-fuzzer

https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes

https://github.com/corelight/cve-2021-44228

https://github.com/LiveOverflow/log4shell

https://github.com/alexbakker/log4shell-tools

https://github.com/rubo77/log4j_checker_beta

https://github.com/dwisiswant0/look4jar

https://github.com/yahoo/check-log4j

https://github.com/CERTCC/CVE-2021-44228_scanner

https://github.com/aws-samples/kubernetes-log4j-cve-2021-44228-node-agent

https://github.com/takito1812/log4j-detect

https://github.com/sec13b/CVE-2021-44228-POC

https://github.com/kozmer/log4j-shell-poc

https://github.com/tippexs/nginx-njs-waf-cve2021-44228

https://github.com/Kadantte/CVE-2021-44228-poc

https://github.com/fireeye/CVE-2021-44228

https://github.com/irgoncalves/f5-waf-quick-patch-cve-2021-44228

https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce

https://github.com/wortell/log4j

https://github.com/HyCraftHD/Log4J-RCE-Proof-Of-Concept

https://github.com/toramanemre/apache-solr-log4j-CVE-2021-44228

https://github.com/0xInfection/LogMePwn

https://github.com/irgoncalves/f5-waf-enforce-sig-CVE-2021-44228

https://github.com/pedrohavay/exploit-CVE-2021-44228

https://github.com/lucab85/log4j-cve-2021-44228

https://github.com/KosmX/CVE-2021-44228-example

https://github.com/greymd/CVE-2021-44228

https://github.com/Nanitor/log4fix

https://github.com/CrackerCat/CVE-2021-44228-Log4j-Payloads

updated 2025-10-22T00:33:11

1 posts

NTLM Hash Disclosure Spoofing Vulnerability

1 repos

https://github.com/RonF98/CVE-2024-43451-POC

oversecurity@mastodon.social at 2026-01-14T09:40:05.000Z ##

German Manufacturing Under Phishing Attacks: Tracking a Stealthy AsyncRATCampaign

Learn about a new phishing campaign targeting German manufacturing companies using CVE-2024-43451.

🔗️ [Any] https://link.is.it/F0JDjf

##

CVE-2025-59816
(7.3 HIGH)

EPSS: 0.10%

updated 2025-09-26T14:32:19.853000

1 posts

This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue.

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2025-59817
(9.1 CRITICAL)

EPSS: 0.04%

updated 2025-09-25T21:30:37

1 posts

This vulnerability allows attackers to execute arbitrary commands on the underlying system. Because the web portal runs with root privileges, successful exploitation grants full control over the device, potentially compromising its availability, confidentiality, and integrity.

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2025-59815
(9.1 CRITICAL)

EPSS: 0.06%

updated 2025-09-25T21:30:37

1 posts

This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s availability, confidentiality, and integrity.

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2025-59814
(9.8 CRITICAL)

EPSS: 0.08%

updated 2025-09-25T21:30:36

1 posts

This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin database.

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

🔗 https://hackmag.com/news/cve-2025-50173-problem?utm_source=mastodon&utm_medium=social&utm_campaign=repost_hackmag_to_socials

##

CVE-2025-50173
(7.8 HIGH)

EPSS: 0.12%

updated 2025-08-19T14:36:03.933000

1 posts

Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally.

hackmag@infosec.exchange at 2026-01-12T20:15:45.000Z ##

⚪ August Windows updates may block app installations

🗨️ Microsoft reported that the Windows security updates for August 2025 may trigger unexpected User Account Control (UAC) prompts and cause problems with app installations. The bug affects users without administrator…

#news

##

CVE-2025-53136
(5.5 MEDIUM)

EPSS: 0.05%

updated 2025-08-19T14:13:07.783000

2 posts

Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.

1 repos

https://github.com/nu1lptr0/CVE-2025-53136

DarkWebInformer at 2026-01-15T01:23:28.650Z ##

❗️CVE-2025-53136: Windows Kernel Information Disclosure through Race condition

PoC/Exploit: https://github.com/nu1lptr0/CVE-2025-53136

CVSS: 5.5
CVE Published: Aug 12th, 2025

##

DarkWebInformer@infosec.exchange at 2026-01-15T01:23:28.000Z ##

❗️CVE-2025-53136: Windows Kernel Information Disclosure through Race condition

PoC/Exploit: https://github.com/nu1lptr0/CVE-2025-53136

CVSS: 5.5
CVE Published: Aug 12th, 2025

##

CVE-2025-25256
(9.8 CRITICAL)

EPSS: 26.27%

updated 2025-08-15T18:15:27.583000

2 posts

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.

https://github.com/watchtowrlabs/watchTowr-vs-FortiSIEM-CVE-2025-25256

1 repos

jbhall56 at 2026-01-15T14:35:44.623Z ##

The vulnerability is tracked as CVE-2025-25256, and is a combination of two issues that permit arbitrary write with admin permissions and privilege escalation to root access. https://www.bleepingcomputer.com/news/security/exploit-code-public-for-critical-fortisiem-command-injection-flaw/

##

jbhall56@infosec.exchange at 2026-01-15T14:35:44.000Z ##

The vulnerability is tracked as CVE-2025-25256, and is a combination of two issues that permit arbitrary write with admin permissions and privilege escalation to root access. https://www.bleepingcomputer.com/news/security/exploit-code-public-for-critical-fortisiem-command-injection-flaw/

##

CVE-2025-8286
(9.8 CRITICAL)

EPSS: 0.58%

updated 2025-07-31T21:32:03

1 posts

Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.

https://github.com/12nio/CVE-2025-68428_PoC

beyondmachines1@infosec.exchange at 2026-01-14T11:01:43.000Z ##

Critical authentication bypass in Güralp Systems seismic monitoring devices

Güralp Systems reported a critical authentication bypass vulnerability (CVE-2025-8286) in its FMUS and MIN series seismic devices, allowing unauthenticated attackers to modify configurations or factory reset hardware.

**Make sure all Güralp devices are isolated from the internet and accessible from trusted networks only. Review the patch, and consult with the vendor since it's still experimental. At minimum, isolate all systems from the internet, then wait for the final patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-guralp-systems-seismic-monitoring-devices-n-i-c-w-x/gD2P6Ple2L

##

CVE-2025-6842
(4.7 MEDIUM)

EPSS: 0.03%

updated 2025-07-01T15:32:11

1 posts

A vulnerability was found in code-projects Product Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit_user.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

2 repos

https://github.com/Nurjaman2004/jsPDF-Bulk-Detector-CVE-2025-68428-

DarkWebInformer@infosec.exchange at 2026-01-11T02:00:20.000Z ##

❗️CVE-2025-68428: Critical Path Traversal in jsPDF

GitHub: https://github.com/12nio/CVE-2025-68428_PoC

CVSS: 9.2
CVE Published: January 5th, 2026
Exploit Published: January 8th, 2026

News source: https://www.bleepingcomputer.com/news/security/critical-jspdf-flaw-lets-hackers-steal-secrets-via-generated-pdfs/

##

CVE-2022-23128
(9.8 CRITICAL)

EPSS: 3.77%

updated 2024-11-21T06:48:03.407000

1 posts

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of

beyondmachines1@infosec.exchange at 2026-01-09T13:01:45.000Z ##

Mitsubishi Electric patches critical SCADA and HMI vulnerabilities

Mitsubishi Electric patched several vulnerabilities in its ICONICS and HMI SCADA suites, including a critical bypass flaw (CVE-2022-23128) that allows unauthorized system control.

**Make sure all Mitsubishi Electric and ICONICS Digital Solutions devices are isolated from the internet and accessible from trusted networks only. Update to GENESIS64 version 10.97.1 immediately and all other systems which have patches. Since GENESIS32 is retired and won't be patched, use strict network isolation and plan a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/mitsubishi-electric-patches-critical-scada-and-hmi-vulnerabilities-p-5-i-0-o/gD2P6Ple2L

##

CVE-2020-8554
(6.3 MEDIUM)

EPSS: 24.78%

updated 2024-11-21T05:39:01.370000

1 posts

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to simil

5 repos

https://github.com/Dviejopomata/CVE-2020-8554

https://github.com/alebedev87/gatekeeper-cve-2020-8554

https://github.com/rancher/externalip-webhook

https://github.com/twistlock/k8s-cve-2020-8554-mitigations

https://github.com/jrmurray000/CVE-2020-8554

raesene@infosec.exchange at 2026-01-14T09:43:23.000Z ##

For anyone who's been to one of my #Kubernetes #Security talks over the last couple of years, you may have seen me mention "the unpatchable 4", which is a set of Kubernetes CVEs for which there are no patches, you need to mitigate them with configuration or architecture choices.

I've been meaning to write more about them, and finally got a chance so here's the first in a mini-series of posts looking at the CVEs and the underlying reasons they occur. This time it's CVE-2020-8554.

https://securitylabs.datadoghq.com/articles/unpatchable-kubernetes-vulnerabilities-cve-2020-8554/

##

CVE-2022-25845
(8.1 HIGH)

EPSS: 89.92%

updated 2024-05-15T06:28:36

1 posts

The package com.alibaba:fastjson before 1.2.83 is vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).

6 repos

https://github.com/hosch3n/FastjsonVulns

https://github.com/nerowander/CVE-2022-25845-exploit

https://github.com/ph0ebus/CVE-2022-25845-In-Spring

https://github.com/luelueking/CVE-2022-25845-In-Spring

https://github.com/scabench/fastjson-tp1fn1

https://github.com/cuijiung/fastjson-CVE-2022-25845

cR0w@infosec.exchange at 2026-01-09T19:46:49.000Z ##

Perfect 10 in Fastjson. 🥳

It's funny that it appears to be a challenging enough bug that it bypassed at least two previous fixes.

https://www.cve.org/CVERecord?id=CVE-2025-70974

Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload located elsewhere in that JSON document. This was exploited in the wild in 2023 through 2025. NOTE: this issue exists because of an incomplete fix for CVE-2017-18349. Also, a later bypass is covered by CVE-2022-25845.

##

CVE-2023-38408
(9.8 CRITICAL)

EPSS: 68.75%

updated 2024-04-19T05:07:56

1 posts

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

8 repos

https://github.com/wxrdnx/CVE-2023-38408

https://github.com/kali-mx/CVE-2023-38408

https://github.com/Adel2411/cve-2023-38408

https://github.com/classic130/CVE-2023-38408

https://github.com/fazilbaig1/cve_2023_38408_scanner

https://github.com/LucasPDiniz/CVE-2023-38408

https://github.com/mrtacojr/CVE-2023-38408

https://github.com/TX-One/CVE-2023-38408

beyondmachines1@infosec.exchange at 2026-01-14T12:01:44.000Z ##

Critical OpenSSH flaw exposes Moxa industrial switches to remote takeover

Moxa issued a critical advisory for a remote code execution vulnerability (CVE-2023-38408) affecting several industrial Ethernet switch series. The flaw allows unauthenticated attackers to take full control of devices if a user forwards an ssh-agent to a compromised system.

**Make sure all Moza devices are isolated from the internet and accessible from trusted networks only. Contact Moxa support to get the latest firmware for your EDS and RKS switches.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-openssh-flaw-exposes-moxa-industrial-switches-to-remote-takeover-f-u-h-q-u/gD2P6Ple2L

##

CVE-2023-31096
(7.8 HIGH)

EPSS: 0.02%

updated 2024-04-04T08:33:05

1 posts

An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploi

cR0w@infosec.exchange at 2026-01-13T18:04:31.000Z ##

The publicly disclosed ones are expiring Secure Boot cert:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21265

and an old one that was published in 2023 but is apparently now applicable to all Windows systems with the Agere Soft Modem installed, even if it isn't in use.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-31096

https://www.cve.org/CVERecord?id=CVE-2023-31096

##

CVE-2017-18349
(9.8 CRITICAL)

EPSS: 92.08%

updated 2023-09-26T14:52:01

1 posts

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.

https://github.com/h0cksr/Fastjson--CVE-2017-18349-

1 repos

cR0w@infosec.exchange at 2026-01-09T19:46:49.000Z ##

Perfect 10 in Fastjson. 🥳

It's funny that it appears to be a challenging enough bug that it bypassed at least two previous fixes.

https://www.cve.org/CVERecord?id=CVE-2025-70974

Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload located elsewhere in that JSON document. This was exploited in the wild in 2023 through 2025. NOTE: this issue exists because of an incomplete fix for CVE-2017-18349. Also, a later bypass is covered by CVE-2022-25845.

##

CVE-2026-22265
(0 None)

EPSS: 0.00%

1 posts

N/A

thehackerwire@mastodon.social at 2026-01-15T17:43:21.000Z ##

🟠 CVE-2026-22265 - High (7.5)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22265/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22859
(0 None)

EPSS: 0.04%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-14T18:38:50.000Z ##

FreeRDP

Edit to add more.

##

CVE-2026-22853
(0 None)

EPSS: 0.04%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-14T18:38:50.000Z ##

FreeRDP

Edit to add more.

##

CVE-2026-22259
(0 None)

EPSS: 0.00%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-14T17:13:52.000Z ##

Suricata

##

CVE-2026-22262
(0 None)

EPSS: 0.00%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-14T17:13:52.000Z ##

Suricata

##

CVE-2026-22261
(0 None)

EPSS: 0.00%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-14T17:13:52.000Z ##

Suricata

##

CVE-2026-22264
(0 None)

EPSS: 0.00%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-14T17:13:52.000Z ##

Suricata

##

CVE-2026-22260
(0 None)

EPSS: 0.00%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-14T17:13:52.000Z ##

Suricata

##

CVE-2026-22258
(0 None)

EPSS: 0.00%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-14T17:13:52.000Z ##

Suricata

##

CVE-2026-22263
(0 None)

EPSS: 0.00%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-14T17:13:52.000Z ##

Suricata

##

CVE-2025-49844
(0 None)

EPSS: 6.88%

1 posts

N/A

https://github.com/Network-Sec/CVE-2025-49844-RediShell-AI-made-Revshell

18 repos

https://github.com/pedrorichil/CVE-2025-49844

https://github.com/MiclelsonCN/CVE-2025-49844_POC

https://github.com/gopinaath/CVE-2025-49844-discovery

https://github.com/lastvocher/redis-CVE-2025-49844

https://github.com/Mufti22/CVE-2025-49844-RediShell-Vulnerability-Scanner

https://github.com/angelusrivera/CVE-2025-49844

https://github.com/ksnnd32/redis_exploit

https://github.com/Yuri08loveElaina/CVE-2025-49844

https://github.com/Ashwesker/Ashwesker-CVE-2025-49844

https://github.com/saneki/cve-2025-49844

https://github.com/imbas007/CVE-2025-49844-Vulnerability-Scanner

https://github.com/hzhsec/redis-cve_2025_49844

https://github.com/dwisiswant0/CVE-2025-49844

https://github.com/Zain3311/CVE-2025-49844

https://github.com/raminfp/redis_exploit

https://github.com/srozb/reditrap

https://github.com/elyasbassir/CVE-2025-49844

cR0w@infosec.exchange at 2026-01-14T14:21:58.000Z ##

Redis Lua vuln impacts BIG-IP Next and no patches are available.

https://my.f5.com/manage/s/article/K000159544

https://www.cve.org/CVERecord?id=CVE-2025-49844

##

CVE-2025-61675
(0 None)

EPSS: 0.04%

1 posts

N/A

5 repos

https://github.com/jhow019/jhow019.github.io

https://github.com/cyberleelawat/FreePBX-Multiple-CVEs-2025

https://github.com/BimBoxH4/CVE-2025-66039_CVE-2025-61675_CVE-2025-61678_reePBX

https://github.com/rxerium/FreePBX-Vulns-December-25

https://github.com/jhow019/FreePBX-Vulns-December-25

AAKL@infosec.exchange at 2026-01-13T16:42:31.000Z ##

New.

Picus: Critical FreePBX Vulnerabilities: CVE-2025-66039, CVE-2025-61675, CVE-2025-61675 https://www.picussecurity.com/resource/blog/critical-freepbx-vulnerabilities-cve-2025-66039-cve-2025-61675-cve-2025-61675 #infosec #vilnerability #threatresearch #opensource

##

CVE-2025-5017
(0 None)

EPSS: 0.00%

1 posts

N/A

hackmag@infosec.exchange at 2026-01-12T20:15:45.000Z ##

⚪ August Windows updates may block app installations

🗨️ Microsoft reported that the Windows security updates for August 2025 may trigger unexpected User Account Control (UAC) prompts and cause problems with app installations. The bug affects users without administrator…

🔗 https://hackmag.com/news/cve-2025-50173-problem?utm_source=mastodon&utm_medium=social&utm_campaign=repost_hackmag_to_socials

#news

##

CVE-2026-22026
(0 None)

EPSS: 0.04%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-12T14:39:00.000Z ##

Space Hacking ( NASA Cryptolib ) 🚀

##

CVE-2026-21898
(0 None)

EPSS: 0.05%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-12T14:39:00.000Z ##

Space Hacking ( NASA Cryptolib ) 🚀

##

CVE-2026-21897
(0 None)

EPSS: 0.04%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-12T14:39:00.000Z ##

Space Hacking ( NASA Cryptolib ) 🚀

##

CVE-2026-22023
(0 None)

EPSS: 0.04%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-12T14:39:00.000Z ##

Space Hacking ( NASA Cryptolib ) 🚀

##

CVE-2026-22024
(0 None)

EPSS: 0.05%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-12T14:39:00.000Z ##

Space Hacking ( NASA Cryptolib ) 🚀

##

CVE-2026-22025
(0 None)

EPSS: 0.04%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-12T14:39:00.000Z ##

Space Hacking ( NASA Cryptolib ) 🚀

##

CVE-2026-21899
(0 None)

EPSS: 0.03%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-12T14:39:00.000Z ##

Space Hacking ( NASA Cryptolib ) 🚀

##

CVE-2025-59818
(0 None)

EPSS: 0.00%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel

##

CVE-2025-59819
(0 None)

EPSS: 0.00%

1 posts

N/A

cR0w@infosec.exchange at 2026-01-09T14:14:27.000Z ##

Tenda

D-Link

TOTOLINK

Zenitel