| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-15521 | 9.8 | 0.00% | 2 | 0 | 2026-01-21T02:15:48.363000 | The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin fo | |
| CVE-2026-21962 | 10.0 | 0.00% | 2 | 0 | 2026-01-21T00:31:51 | Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in pr | |
| CVE-2026-21973 | 8.1 | 0.00% | 2 | 0 | 2026-01-21T00:31:51 | Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financ | |
| CVE-2026-21984 | 7.6 | 0.00% | 2 | 0 | 2026-01-21T00:31:51 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21989 | 8.1 | 0.00% | 4 | 0 | 2026-01-21T00:31:51 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21988 | 8.3 | 0.00% | 4 | 0 | 2026-01-21T00:31:51 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21987 | 8.3 | 0.00% | 4 | 0 | 2026-01-21T00:31:51 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21983 | 7.6 | 0.00% | 2 | 0 | 2026-01-21T00:31:51 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21982 | 7.5 | 0.00% | 2 | 0 | 2026-01-21T00:31:51 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21990 | 8.3 | 0.00% | 2 | 0 | 2026-01-21T00:31:51 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21967 | 8.6 | 0.00% | 2 | 0 | 2026-01-21T00:31:50 | Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Ap | |
| CVE-2026-21969 | 9.8 | 0.00% | 2 | 0 | 2026-01-20T22:15:59.970000 | Vulnerability in the Oracle Agile Product Lifecycle Management for Process produ | |
| CVE-2026-21957 | 7.5 | 0.00% | 2 | 0 | 2026-01-20T22:15:58.613000 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21956 | 8.2 | 0.00% | 2 | 0 | 2026-01-20T22:15:58.477000 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21955 | 8.2 | 0.00% | 2 | 0 | 2026-01-20T22:15:58.347000 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp | |
| CVE-2026-21945 | 7.5 | 0.00% | 2 | 0 | 2026-01-20T22:15:57.390000 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Ente | |
| CVE-2026-21940 | 7.5 | 0.00% | 2 | 0 | 2026-01-20T22:15:56.787000 | Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: | |
| CVE-2026-21926 | 7.5 | 0.00% | 2 | 0 | 2026-01-20T22:15:55.050000 | Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (compone | |
| CVE-2026-0905 | 9.8 | 0.01% | 2 | 0 | 2026-01-20T22:15:52.923000 | Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559. | |
| CVE-2025-56005 | 9.8 | 0.00% | 2 | 0 | 2026-01-20T21:31:41 | An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 all | |
| CVE-2025-59465 | 7.5 | 0.00% | 2 | 0 | 2026-01-20T21:31:35 | A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can caus | |
| CVE-2026-22218 | None | 0.03% | 2 | 0 | 2026-01-20T21:31:35 | Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in | |
| CVE-2025-8110 | None | 2.13% | 4 | 6 | 2026-01-20T20:48:50 | Improper Symbolic link handling in the PutContents API in Gogs allows Local Exec | |
| CVE-2026-22219 | 0 | 0.04% | 2 | 0 | 2026-01-20T19:15:50.827000 | Chainlit versions prior to 2.9.4 contain a server-side request forgery (SSRF) vu | |
| CVE-2026-22851 | 5.9 | 0.05% | 1 | 0 | 2026-01-20T18:43:31.587000 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1 | |
| CVE-2026-22855 | 9.1 | 0.06% | 1 | 0 | 2026-01-20T18:36:35.953000 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1 | |
| CVE-2025-71020 | 7.5 | 0.02% | 2 | 0 | 2026-01-20T18:33:03 | Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the securit | |
| CVE-2026-0610 | 9.8 | 0.02% | 2 | 0 | 2026-01-20T18:33:03 | SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue | |
| CVE-2025-14523 | 8.2 | 0.05% | 1 | 0 | 2026-01-20T18:32:59 | A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a requ | |
| CVE-2025-33233 | 7.8 | 0.00% | 4 | 0 | 2026-01-20T18:32:08 | NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where | |
| CVE-2025-33228 | 7.3 | 0.00% | 2 | 0 | 2026-01-20T18:32:08 | NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where | |
| CVE-2025-33230 | 7.3 | 0.00% | 2 | 0 | 2026-01-20T18:32:08 | NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, | |
| CVE-2025-33229 | 7.3 | 0.00% | 2 | 0 | 2026-01-20T18:32:08 | NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monit | |
| CVE-2025-33231 | 6.7 | 0.00% | 2 | 0 | 2026-01-20T18:32:08 | NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s | |
| CVE-2025-33015 | 8.8 | 0.00% | 1 | 0 | 2026-01-20T18:32:08 | IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not va | |
| CVE-2026-0943 | 7.5 | 0.02% | 2 | 0 | 2026-01-20T18:31:56 | HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with | |
| CVE-2026-0915 | 7.5 | 0.02% | 2 | 0 | 2026-01-20T18:31:56 | Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that spec | |
| CVE-2025-64155 | 9.8 | 0.05% | 6 | 4 | 2026-01-20T18:31:55 | An improper neutralization of special elements used in an os command ('os comman | |
| CVE-2025-53912 | 9.6 | 0.00% | 1 | 0 | 2026-01-20T18:16:03.790000 | An arbitrary file read vulnerability exists in the encapsulatedDoc functionality | |
| CVE-2025-71023 | 7.5 | 0.05% | 1 | 0 | 2026-01-20T18:04:49.637000 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac | |
| CVE-2025-68925 | 5.3 | 0.02% | 1 | 0 | 2026-01-20T17:37:26.670000 | Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libra | |
| CVE-2025-68701 | 7.5 | 0.02% | 1 | 0 | 2026-01-20T17:12:33.680000 | Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libra | |
| CVE-2026-0902 | 8.8 | 0.04% | 1 | 0 | 2026-01-20T16:16:07 | Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allow | |
| CVE-2025-29847 | 7.5 | 0.04% | 1 | 0 | 2026-01-20T16:16:02.410000 | A vulnerability in Apache Linkis. Problem Description When using the JDBC engin | |
| CVE-2026-0726 | 8.1 | 0.00% | 1 | 0 | 2026-01-20T15:33:23 | The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnera | |
| CVE-2025-12985 | 8.4 | 0.00% | 2 | 0 | 2026-01-20T15:33:21 | IBM Licensing Operator incorrectly assigns privileges to security critical files | |
| CVE-2025-14115 | 8.4 | 0.00% | 2 | 0 | 2026-01-20T15:33:21 | IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim F | |
| CVE-2026-22844 | 10.0 | 0.00% | 1 | 0 | 2026-01-20T15:33:21 | A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before | |
| CVE-2026-0907 | 9.8 | 0.05% | 1 | 0 | 2026-01-20T15:33:16 | Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allo | |
| CVE-2026-0900 | 8.8 | 0.04% | 1 | 0 | 2026-01-20T15:33:12 | Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allow | |
| CVE-2026-1007 | 7.6 | 0.02% | 1 | 0 | 2026-01-20T15:33:12 | Incorrect Authorization vulnerability in virtual gateway component in Devolution | |
| CVE-2026-0899 | 8.8 | 0.04% | 2 | 0 | 2026-01-20T15:33:12 | Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowe | |
| CVE-2026-0906 | 9.8 | 0.05% | 1 | 0 | 2026-01-20T15:33:12 | Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowe | |
| CVE-2025-60188 | 7.5 | 3.28% | 1 | 1 | template | 2026-01-20T15:31:50 | Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg At |
| CVE-2025-15347 | 8.8 | 0.00% | 2 | 0 | 2026-01-20T15:16:15.553000 | The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPre | |
| CVE-2025-14533 | 9.8 | 0.06% | 3 | 0 | 2026-01-20T10:16:05.583000 | The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privi | |
| CVE-2026-20960 | 8.0 | 0.07% | 1 | 0 | 2026-01-17T00:30:30 | Improper authorization in Microsoft Power Apps allows an authorized attacker to | |
| CVE-2026-21223 | 5.1 | 0.05% | 1 | 0 | 2026-01-16T22:16:25.983000 | Microsoft Edge Elevation Service exposes a privileged COM interface that inadequ | |
| CVE-2025-68428 | None | 0.02% | 1 | 2 | 2026-01-16T21:53:35 | ### Impact User control of the first argument of the loadFile method in the node | |
| CVE-2025-40300 | 5.5 | 0.04% | 1 | 0 | 2026-01-16T21:31:29 | In the Linux kernel, the following vulnerability has been resolved: x86/vmscape | |
| CVE-2025-68493 | 8.1 | 0.13% | 1 | 0 | 2026-01-16T19:10:47 | Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issu | |
| CVE-2025-60021 | 9.8 | 0.39% | 1 | 1 | 2026-01-16T18:32:39 | Remote command injection vulnerability in heap profiler builtin service in Apach | |
| CVE-2026-0861 | 8.4 | 0.02% | 1 | 0 | 2026-01-16T18:32:29 | Passing too large an alignment to the memalign suite of functions (memalign, pos | |
| CVE-2025-70753 | 7.5 | 0.05% | 1 | 0 | 2026-01-16T18:32:29 | Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the securit | |
| CVE-2025-71024 | 7.5 | 0.05% | 1 | 0 | 2026-01-16T18:32:29 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the ser | |
| CVE-2025-71026 | 7.5 | 0.05% | 1 | 0 | 2026-01-16T18:32:29 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wan | |
| CVE-2025-71027 | 7.5 | 0.05% | 1 | 0 | 2026-01-16T18:32:29 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wan | |
| CVE-2026-0629 | None | 0.04% | 2 | 0 | 2026-01-16T18:31:44 | Authentication bypass in the password recovery feature of the local web interfac | |
| CVE-2025-71025 | 7.5 | 0.05% | 1 | 0 | 2026-01-16T18:24:25.410000 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the clo | |
| CVE-2026-22023 | 7.5 | 0.05% | 1 | 0 | 2026-01-16T16:45:11.670000 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Secu | |
| CVE-2026-20944 | 8.4 | 0.04% | 1 | 0 | 2026-01-16T16:15:25.740000 | Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to e | |
| CVE-2025-13154 | 5.5 | 0.02% | 1 | 0 | 2026-01-16T15:55:33.063000 | An improper link following vulnerability was reported in the SmartPerformanceAdd | |
| CVE-2026-22912 | 4.3 | 0.07% | 1 | 0 | 2026-01-16T15:55:33.063000 | Improper validation of a login parameter may allow attackers to redirect users t | |
| CVE-2026-22917 | 4.3 | 0.06% | 1 | 0 | 2026-01-16T15:55:33.063000 | Improper input handling in a system endpoint may allow attackers to overload res | |
| CVE-2026-22914 | 4.3 | 0.02% | 1 | 0 | 2026-01-16T15:55:33.063000 | An attacker with limited permissions may still be able to write files to specifi | |
| CVE-2026-22644 | 5.3 | 0.06% | 1 | 0 | 2026-01-16T15:55:33.063000 | Certain requests pass the authentication token in the URL as string query parame | |
| CVE-2026-22641 | 5.0 | 0.02% | 1 | 0 | 2026-01-16T15:55:33.063000 | This vulnerability in Grafana's datasource proxy API allows authorization checks | |
| CVE-2026-22637 | 6.8 | 0.03% | 1 | 0 | 2026-01-16T15:55:33.063000 | The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user wi | |
| CVE-2026-22639 | 4.3 | 0.03% | 1 | 0 | 2026-01-16T15:55:33.063000 | Grafana is an open-source platform for monitoring and observability. The Grafana | |
| CVE-2025-9014 | 0 | 0.09% | 1 | 0 | 2026-01-16T15:55:12.257000 | A Null Pointer Dereference vulnerability exists in the referer header check of t | |
| CVE-2025-68707 | 8.8 | 0.04% | 1 | 0 | 2026-01-16T15:32:28 | An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with | |
| CVE-2025-62581 | 9.8 | 0.04% | 2 | 0 | 2026-01-16T03:30:27 | Delta Electronics DIAView has multiple vulnerabilities. | |
| CVE-2025-62582 | 9.8 | 0.04% | 2 | 0 | 2026-01-16T03:30:27 | Delta Electronics DIAView has multiple vulnerabilities. | |
| CVE-2025-66169 | None | 0.14% | 1 | 0 | 2026-01-15T22:33:19 | Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issu | |
| CVE-2026-21898 | 8.2 | 0.06% | 1 | 0 | 2026-01-15T21:48:49.657000 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Secu | |
| CVE-2026-21899 | 4.7 | 0.06% | 1 | 0 | 2026-01-15T21:45:24.500000 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Secu | |
| CVE-2025-69260 | 7.5 | 0.26% | 1 | 0 | 2026-01-15T21:32:45 | A message out-of-bounds read vulnerability in Trend Micro Apex Central could all | |
| CVE-2026-0227 | None | 0.07% | 8 | 2 | 2026-01-15T21:31:54 | A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated | |
| CVE-2025-36911 | 7.1 | 0.00% | 4 | 6 | 2026-01-15T21:31:47 | In key-based pairing, there is a possible ID due to a logic error in the code. T | |
| CVE-2025-69259 | 7.5 | 0.30% | 1 | 0 | 2026-01-15T21:31:44 | A message unchecked NULL return value vulnerability in Trend Micro Apex Central | |
| CVE-2026-21441 | 7.5 | 0.02% | 1 | 0 | 2026-01-15T19:21:06.850000 | urllib3 is an HTTP client library for Python. urllib3's streaming API is designe | |
| CVE-2026-0712 | 7.6 | 0.04% | 1 | 0 | 2026-01-15T15:31:35 | An open redirect vulnerability has been identified in Grafana OSS that can be ex | |
| CVE-2026-22643 | 8.3 | 0.07% | 1 | 0 | 2026-01-15T15:31:35 | In Grafana, an excessively long dashboard title or panel name will cause Chromiu | |
| CVE-2026-22638 | 8.3 | 0.03% | 1 | 0 | 2026-01-15T15:31:33 | A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining | |
| CVE-2026-22910 | 7.5 | 0.04% | 1 | 0 | 2026-01-15T15:31:30 | The device is deployed with weak and publicly known default passwords for certai | |
| CVE-2026-22907 | 10.0 | 0.06% | 1 | 0 | 2026-01-15T15:31:30 | An attacker may gain unauthorized access to the host filesystem, potentially all | |
| CVE-2026-22646 | 4.3 | 0.03% | 1 | 0 | 2026-01-15T15:31:27 | Certain error messages returned by the application expose internal system detail | |
| CVE-2026-22642 | 4.2 | 0.03% | 1 | 0 | 2026-01-15T15:31:27 | An open redirect vulnerability has been identified in Grafana OSS organization s | |
| CVE-2026-22908 | 9.1 | 0.15% | 1 | 0 | 2026-01-15T15:31:27 | Uploading unvalidated container images may allow remote attackers to gain full a | |
| CVE-2026-22640 | 5.5 | 0.05% | 1 | 0 | 2026-01-15T15:31:27 | An access control vulnerability was discovered in Grafana OSS where an Organizat | |
| CVE-2026-22645 | 5.3 | 0.03% | 1 | 0 | 2026-01-15T15:31:27 | The application discloses all used components, versions and license information | |
| CVE-2026-22920 | 3.7 | 0.03% | 1 | 0 | 2026-01-15T15:31:26 | The device's passwords have not been adequately salted, making them vulnerable t | |
| CVE-2026-0713 | 8.3 | 0.03% | 1 | 0 | 2026-01-15T15:31:26 | A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows a | |
| CVE-2026-22919 | 3.8 | 0.03% | 1 | 0 | 2026-01-15T15:31:26 | An attacker with administrative access may inject malicious content into the log | |
| CVE-2026-22918 | 4.3 | 0.04% | 1 | 0 | 2026-01-15T15:31:19 | An attacker may exploit missing protection against clickjacking by tricking user | |
| CVE-2026-22915 | 4.3 | 0.03% | 1 | 0 | 2026-01-15T15:31:19 | An attacker with low privileges may be able to read files from specific director | |
| CVE-2026-22916 | 4.3 | 0.04% | 1 | 0 | 2026-01-15T15:31:19 | An attacker with low privileges may be able to trigger critical system functions | |
| CVE-2026-22909 | 7.5 | 0.05% | 1 | 0 | 2026-01-15T15:31:18 | Certain system functions may be accessed without proper authorization, allowing | |
| CVE-2026-22911 | 5.3 | 0.05% | 1 | 0 | 2026-01-15T15:31:18 | Firmware update files may expose password hashes for system accounts, which coul | |
| CVE-2026-22913 | 4.3 | 0.03% | 1 | 0 | 2026-01-15T15:31:18 | Improper handling of a URL parameter may allow attackers to execute code in a us | |
| CVE-2025-14242 | 6.5 | 0.17% | 1 | 0 | 2026-01-14T22:15:49.780000 | A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) | |
| CVE-2026-23550 | 10.0 | 6.11% | 3 | 2 | template | 2026-01-14T21:34:10 | Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Esca |
| CVE-2026-0386 | 7.5 | 0.09% | 1 | 0 | 2026-01-14T20:01:53.500000 | Improper access control in Windows Deployment Services allows an unauthorized at | |
| CVE-2025-67399 | 4.6 | 0.02% | 1 | 1 | 2026-01-14T17:16:06.930000 | An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically | |
| CVE-2026-0405 | 0 | 0.14% | 1 | 0 | 2026-01-14T16:26:00.933000 | An authentication bypass vulnerability in NETGEAR Orbi devices allows users con | |
| CVE-2026-0406 | 0 | 0.05% | 1 | 0 | 2026-01-14T16:26:00.933000 | An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows a | |
| CVE-2025-37166 | 7.5 | 0.03% | 1 | 0 | 2026-01-14T16:25:40.430000 | A vulnerability affecting HPE Networking Instant On Access Points has been ident | |
| CVE-2025-14338 | 0 | 0.03% | 1 | 0 | 2026-01-14T16:25:12.057000 | Polkit authentication dis isabled by default and a race condition in the Polkit | |
| CVE-2025-66005 | None | 0.02% | 1 | 0 | 2026-01-14T12:31:39 | Lack of authorization of the InputManager D-Bus interface in InputPlumber versio | |
| CVE-2026-0836 | 8.8 | 0.08% | 1 | 0 | 2026-01-13T22:04:12.347000 | A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element | |
| CVE-2025-68704 | None | 0.06% | 1 | 0 | 2026-01-13T21:41:13 | ### Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1 | |
| CVE-2025-68703 | None | 0.01% | 1 | 0 | 2026-01-13T21:41:07 | ### Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1 | |
| CVE-2025-68702 | None | 0.02% | 1 | 0 | 2026-01-13T21:41:02 | ### Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1 | |
| CVE-2026-20805 | 5.5 | 6.74% | 7 | 2 | 2026-01-13T21:31:44 | Exposure of sensitive information to an unauthorized actor in Desktop Windows Ma | |
| CVE-2026-22813 | None | 0.10% | 1 | 0 | 2026-01-13T20:36:43 | ### Summary A malicious website can abuse the server URL override feature of the | |
| CVE-2026-22812 | 8.8 | 0.03% | 1 | 7 | 2026-01-13T19:16:27.083000 | OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatic | |
| CVE-2026-21265 | 6.4 | 0.23% | 1 | 0 | 2026-01-13T18:31:19 | Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These | |
| CVE-2026-20965 | 7.6 | 0.03% | 4 | 0 | 2026-01-13T18:31:18 | Improper verification of cryptographic signature in Windows Admin Center allows | |
| CVE-2026-20950 | 7.8 | 0.04% | 1 | 0 | 2026-01-13T18:31:18 | Use after free in Microsoft Office Excel allows an unauthorized attacker to exec | |
| CVE-2026-20952 | 8.4 | 0.04% | 1 | 0 | 2026-01-13T18:31:18 | Use after free in Microsoft Office allows an unauthorized attacker to execute co | |
| CVE-2026-20953 | 8.4 | 0.04% | 1 | 0 | 2026-01-13T18:31:18 | Use after free in Microsoft Office allows an unauthorized attacker to execute co | |
| CVE-2026-0407 | None | 0.05% | 1 | 0 | 2026-01-13T18:31:16 | An insufficient authentication vulnerability in NETGEAR WiFi range extenders al | |
| CVE-2025-59922 | 7.2 | 0.05% | 1 | 0 | 2026-01-13T18:31:14 | An improper neutralization of special elements used in an SQL command ('SQL Inje | |
| CVE-2025-37165 | 7.5 | 0.04% | 1 | 0 | 2026-01-13T18:31:14 | A vulnerability in the router mode configuration of HPE Instant On Access Points | |
| CVE-2026-0403 | None | 0.06% | 1 | 0 | 2026-01-13T18:31:10 | An insufficient input validation vulnerability in NETGEAR Orbi routers allows a | |
| CVE-2026-0408 | None | 0.05% | 1 | 0 | 2026-01-13T18:31:09 | A path traversal vulnerability in NETGEAR WiFi range extenders allows an attack | |
| CVE-2026-0404 | None | 0.64% | 1 | 0 | 2026-01-13T18:31:09 | An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 | |
| CVE-2025-66176 | 8.8 | 0.03% | 1 | 0 | 2026-01-13T18:31:03 | There is a Stack overflow Vulnerability in the device Search and Discovery featu | |
| CVE-2025-66177 | 8.8 | 0.03% | 1 | 0 | 2026-01-13T18:16:06.193000 | There is a Stack overflow Vulnerability in the device Search and Discovery featu | |
| CVE-2025-13447 | 8.5 | 0.26% | 1 | 0 | 2026-01-13T15:37:12 | OS Command Injection Remote Code Execution Vulnerability in API in Progress Load | |
| CVE-2025-13444 | 8.5 | 0.26% | 1 | 0 | 2026-01-13T15:37:12 | OS Command Injection Remote Code Execution Vulnerability in API in Progress Load | |
| CVE-2026-21858 | 10.0 | 3.72% | 3 | 6 | template | 2026-01-13T15:05:00 | ### Impact A vulnerability in n8n allows an attacker to access files on the unde |
| CVE-2025-70974 | 10.0 | 0.08% | 1 | 0 | 2026-01-13T14:03:46.203000 | Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JS | |
| CVE-2025-15505 | 2.4 | 0.03% | 1 | 0 | 2026-01-13T14:03:18.990000 | A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is | |
| CVE-2025-52694 | 10.0 | 0.11% | 1 | 1 | 2026-01-13T14:03:18.990000 | Successful exploitation of the SQL injection vulnerability could allow an unauth | |
| CVE-2025-40805 | 10.0 | 0.20% | 2 | 0 | 2026-01-13T12:31:48 | Affected devices do not properly enforce user authentication on specific API end | |
| CVE-2025-12420 | None | 0.09% | 6 | 1 | 2026-01-13T03:32:08 | A vulnerability has been identified in the ServiceNow AI Platform that could ena | |
| CVE-2025-66689 | 6.5 | 0.05% | 1 | 0 | 2026-01-12T21:31:38 | A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows | |
| CVE-2025-41006 | None | 0.04% | 1 | 0 | 2026-01-12T15:30:50 | Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ par | |
| CVE-2026-0855 | 8.8 | 0.39% | 1 | 0 | 2026-01-12T09:30:36 | Certain IP Camera models developed by Merit LILIN has a OS Command Injection vul | |
| CVE-2026-0854 | 8.8 | 0.39% | 1 | 0 | 2026-01-12T06:30:20 | Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulne | |
| CVE-2025-61686 | 9.1 | 0.09% | 1 | 2 | 2026-01-11T14:53:55 | If applications use `createFileSessionStorage()` from `@react-router/node` (or ` | |
| CVE-2026-0841 | 8.8 | 0.11% | 1 | 0 | 2026-01-11T09:30:26 | A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue | |
| CVE-2026-0840 | 8.8 | 0.11% | 1 | 0 | 2026-01-11T09:30:25 | A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected | |
| CVE-2026-0839 | 8.8 | 0.08% | 1 | 0 | 2026-01-11T06:30:19 | A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the func | |
| CVE-2026-0837 | 8.8 | 0.11% | 1 | 0 | 2026-01-11T06:30:19 | A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the fun | |
| CVE-2026-0838 | 8.8 | 0.11% | 1 | 0 | 2026-01-11T06:30:14 | A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts th | |
| CVE-2025-15035 | None | 0.03% | 1 | 0 | 2026-01-09T18:31:43 | Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn module | |
| CVE-2022-33318 | 9.8 | 2.11% | 1 | 1 | 2026-01-09T06:16:00.257000 | Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 | |
| CVE-2025-12543 | 9.6 | 0.15% | 1 | 0 | 2026-01-09T00:30:28 | A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBo | |
| CVE-2025-52691 | 10.0 | 13.81% | 3 | 10 | template | 2026-01-08T19:15:56.283000 | Successful exploitation of the vulnerability could allow an unauthenticated atta |
| CVE-2025-38352 | 7.4 | 0.10% | 1 | 5 | 2026-01-08T16:28:23.960000 | In the Linux kernel, the following vulnerability has been resolved: posix-cpu-t | |
| CVE-2025-69258 | 9.8 | 0.15% | 1 | 0 | 2026-01-08T15:31:28 | A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthe | |
| CVE-2025-37164 | 10.0 | 84.85% | 1 | 3 | template | 2026-01-08T00:32:16 | A remote code execution issue exists in HPE OneView. |
| CVE-2025-14631 | None | 0.02% | 1 | 0 | 2026-01-07T12:31:27 | A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modul | |
| CVE-2025-14346 | 9.8 | 0.11% | 1 | 0 | 2026-01-05T18:30:29 | WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce auth | |
| CVE-2026-21440 | None | 0.10% | 1 | 3 | 2026-01-03T00:32:10 | ### Summary **Description** A Path Traversal (CWE-22) vulnerability in AdonisJS | |
| CVE-2025-13836 | 9.1 | 0.09% | 1 | 0 | 2025-12-30T15:08:14.027000 | When reading an HTTP response from a server, if no read amount is specified, the | |
| CVE-2025-14847 | 7.5 | 51.95% | 7 | 38 | template | 2025-12-30T00:32:58 | Mismatched length fields in Zlib compressed protocol headers may allow a read of |
| CVE-2025-64113 | None | 0.02% | 1 | 1 | 2025-12-29T19:43:28 | ### Withdrawn Advisory This advisory has been withdrawn because it incorrectly l | |
| CVE-2025-13699 | 7.0 | 0.12% | 1 | 0 | 2025-12-29T15:58:56.260000 | MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerabi | |
| CVE-2025-20393 | 10.0 | 4.64% | 2 | 7 | 2025-12-17T21:30:47 | Cisco is aware of a potential vulnerability. Cisco is currently investigat | |
| CVE-2025-68285 | None | 0.06% | 1 | 0 | 2025-12-16T18:31:42 | In the Linux kernel, the following vulnerability has been resolved: libceph: fi | |
| CVE-2025-66471 | 7.5 | 0.03% | 1 | 0 | 2025-12-10T16:10:33.500000 | urllib3 is a user-friendly HTTP client library for Python. Starting in version 1 | |
| CVE-2025-55182 | 10.0 | 62.33% | 1 | 100 | template | 2025-12-09T16:53:25 | ### Impact There is an unauthenticated remote code execution vulnerability in R |
| CVE-2025-64446 | 9.8 | 88.85% | 1 | 12 | template | 2025-11-19T15:32:36 | A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1 |
| CVE-2025-12817 | 3.1 | 0.07% | 1 | 0 | 2025-11-13T15:30:37 | Missing authorization in PostgreSQL CREATE STATISTICS command allows a table own | |
| CVE-2025-12818 | 5.9 | 0.07% | 1 | 0 | 2025-11-13T15:30:37 | Integer wraparound in multiple PostgreSQL libpq client library functions allows | |
| CVE-2025-8677 | 7.5 | 0.04% | 1 | 0 | 2025-11-05T00:32:35 | Querying for records within a specially crafted zone containing certain malforme | |
| CVE-2025-40778 | 8.6 | 0.00% | 1 | 2 | 2025-11-04T22:16:11.677000 | Under certain circumstances, BIND is too lenient when accepting records from ans | |
| CVE-2025-4802 | 9.8 | 0.01% | 1 | 1 | 2025-11-03T21:34:58 | Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Librar | |
| CVE-2025-30722 | 5.3 | 0.11% | 1 | 0 | 2025-11-03T21:34:39 | Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: my | |
| CVE-2025-30693 | 5.5 | 0.09% | 1 | 0 | 2025-11-03T21:33:34 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | |
| CVE-2025-21490 | 4.9 | 0.44% | 1 | 0 | 2025-11-03T21:32:18 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | |
| CVE-2025-6430 | 6.1 | 0.05% | 1 | 0 | 2025-11-03T20:19:19.233000 | When a file download is specified via the `Content-Disposition` header, that dir | |
| CVE-2025-10585 | 9.8 | 0.70% | 1 | 1 | 2025-10-30T15:55:01.903000 | Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote a | |
| CVE-2025-39993 | None | 0.07% | 1 | 0 | 2025-10-29T15:31:52 | In the Linux kernel, the following vulnerability has been resolved: media: rc: | |
| CVE-2024-43451 | 6.5 | 90.39% | 1 | 1 | 2025-10-28T14:15:30.907000 | NTLM Hash Disclosure Spoofing Vulnerability | |
| CVE-2025-54236 | 9.1 | 57.72% | 1 | 3 | template | 2025-10-27T15:13:10 | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, |
| CVE-2025-21043 | 8.8 | 11.37% | 1 | 0 | 2025-10-22T00:34:27 | Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 al | |
| CVE-2025-59830 | 7.5 | 0.07% | 1 | 0 | 2025-09-25T16:39:27 | ## Summary `Rack::QueryParser` in version `< 2.2.18` enforces its `params_limit | |
| CVE-2025-25256 | 9.8 | 32.70% | 1 | 1 | template | 2025-08-15T18:31:55 | An improper neutralization of special elements used in an OS command ('OS Comman |
| CVE-2025-50173 | 7.8 | 0.12% | 1 | 0 | 2025-08-12T18:31:39 | Weak authentication in Windows Installer allows an authorized attacker to elevat | |
| CVE-2025-53136 | 5.5 | 0.04% | 1 | 1 | 2025-08-12T18:31:31 | Exposure of sensitive information to an unauthorized actor in Windows NT OS Kern | |
| CVE-2025-8286 | 9.8 | 0.58% | 1 | 0 | template | 2025-07-31T21:32:03 | Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-b |
| CVE-2025-6842 | 4.7 | 0.03% | 1 | 2 | 2025-07-01T14:47:11.290000 | A vulnerability was found in code-projects Product Inventory System 1.0 and clas | |
| CVE-2025-2104 | 4.3 | 0.10% | 1 | 1 | 2025-05-26T02:13:09.153000 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress | |
| CVE-2017-20149 | 9.8 | 1.72% | 1 | 0 | 2025-05-14T15:15:48.477000 | The Mikrotik RouterOS web server allows memory corruption in releases before Sta | |
| CVE-2025-1058 | 8.1 | 0.07% | 1 | 1 | 2025-02-13T06:31:52 | CWE-494: Download of Code Without Integrity Check vulnerability exists that coul | |
| CVE-2023-38408 | 9.8 | 69.19% | 1 | 8 | 2024-11-21T08:13:30.520000 | The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently t | |
| CVE-2022-25845 | 8.1 | 88.82% | 1 | 6 | 2024-05-15T06:28:36 | The package com.alibaba:fastjson before 1.2.83 is vulnerable to Deserialization | |
| CVE-2023-31096 | 7.8 | 0.02% | 1 | 0 | 2024-04-04T08:33:05 | An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver thr | |
| CVE-2017-18349 | 9.8 | 90.83% | 1 | 1 | template | 2023-09-26T14:52:01 | parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 |
| CVE-2022-3270 | 9.8 | 0.95% | 1 | 0 | 2023-01-31T05:03:00 | In multiple products by Festo a remote unauthenticated attacker could use functi | |
| CVE-2020-8554 | 5.0 | 24.78% | 1 | 5 | 2023-01-29T05:06:36 | Kubernetes API server in all versions allow an attacker who is able to create a | |
| CVE-2026-23838 | 0 | 0.11% | 1 | 0 | N/A | ||
| CVE-2025-63261 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2024-50349 | 0 | 0.39% | 1 | 0 | N/A | ||
| CVE-2026-22854 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-22852 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-22853 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-22859 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-22858 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-22857 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-22856 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2026-22260 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-22262 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-22258 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-22261 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-22264 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-22263 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-22259 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-49844 | 0 | 6.88% | 1 | 18 | template | N/A | |
| CVE-2025-5017 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-21897 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2026-22025 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2026-22697 | 0 | 0.10% | 1 | 0 | N/A | ||
| CVE-2026-21900 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-22026 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2026-22027 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-22024 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-21876 | 0 | 0.04% | 1 | 1 | N/A |
updated 2026-01-21T02:15:48.363000
2 posts
🔴 CVE-2025-15521 - Critical (9.8)
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15521/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-15521 - Critical (9.8)
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15521/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T00:31:51
2 posts
🔴 CVE-2026-21962 - Critical (10)
Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that ar...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21962/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-21962 - Critical (10)
Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that ar...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21962/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T00:31:51
2 posts
🟠 CVE-2026-21973 - High (8.1)
Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Security Management System). Supported versions that are affected are 14.5.0.15.0, 14.7.0.8.0 and 14.8.0.1.0. Easily exploitabl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21973/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21973 - High (8.1)
Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Security Management System). Supported versions that are affected are 14.5.0.15.0, 14.7.0.8.0 and 14.8.0.1.0. Easily exploitabl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21973/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T00:31:51
2 posts
🟠 CVE-2026-21984 - High (7.5)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrast...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21984/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21984 - High (7.5)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrast...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21984/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T00:31:51
4 posts
🟠 CVE-2026-21989 - High (8.1)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21989/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21989 - High (8.1)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21989/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21989 - High (8.1)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21989/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21989 - High (8.1)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21989/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T00:31:51
4 posts
🟠 CVE-2026-21988 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21988 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21988 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21988 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T00:31:51
4 posts
🟠 CVE-2026-21987 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21987/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21987 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21987/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21987 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21987/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21987 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21987/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T00:31:51
2 posts
🟠 CVE-2026-21983 - High (7.5)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrast...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21983/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21983 - High (7.5)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrast...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21983/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T00:31:51
2 posts
🟠 CVE-2026-21982 - High (7.5)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physic...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21982/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21982 - High (7.5)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physic...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21982/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T00:31:51
2 posts
🟠 CVE-2026-21990 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21990/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21990 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21990/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-21T00:31:50
2 posts
🟠 CVE-2026-21967 - High (8.6)
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.23, 5.6.25.17, 5.6.26.10 and 5.6.27.4. Easily exploitable vulnerability allows...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21967 - High (8.6)
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.23, 5.6.25.17, 5.6.26.10 and 5.6.27.4. Easily exploitable vulnerability allows...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T22:15:59.970000
2 posts
🔴 CVE-2026-21969 - Critical (9.8)
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Supplier Portal). The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows unauthenticated atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-21969 - Critical (9.8)
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Supplier Portal). The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows unauthenticated atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T22:15:58.613000
2 posts
🟠 CVE-2026-21957 - High (7.5)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrast...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21957 - High (7.5)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrast...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T22:15:58.477000
2 posts
🟠 CVE-2026-21956 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21956 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T22:15:58.347000
2 posts
🟠 CVE-2026-21955 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21955/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21955 - High (8.2)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21955/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T22:15:57.390000
2 posts
🟠 CVE-2026-21945 - High (7.5)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.1...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21945/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21945 - High (7.5)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.1...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21945/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T22:15:56.787000
2 posts
🟠 CVE-2026-21940 - High (7.5)
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: User and User Group). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21940 - High (7.5)
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: User and User Group). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T22:15:55.050000
2 posts
🟠 CVE-2026-21926 - High (7.5)
Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Server Infrastructure). Supported versions that are affected are 17.0-25.2. Easily exploitable vulnerability allows unauthenticated attacker with network access v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21926 - High (7.5)
Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Server Infrastructure). Supported versions that are affected are 17.0-25.2. Easily exploitable vulnerability allows unauthenticated attacker with network access v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T22:15:52.923000
2 posts
🔴 CVE-2026-0905 - Critical (9.8)
Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0905/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-0905 - Critical (9.8)
Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0905/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T21:31:41
2 posts
🔴 CVE-2025-56005 - Critical (9.8)
An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()`...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-56005/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-56005 - Critical (9.8)
An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()`...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-56005/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T21:31:35
2 posts
🟠 CVE-2025-59465 - High (7.5)
A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59465/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-59465 - High (7.5)
A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59465/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T21:31:35
2 posts
New. Tracked as CVE-2026-22218 and CVE-2026-22219.
Zafran Research: ChainLeak: Critical AI framework vulnerabilities expose data, enable cloud takeover https://www.zafran.io/resources/chainleak-critical-ai-framework-vulnerabilities-expose-data-enable-cloud-takeover
More:
Infosecurity-Magazine: Chainlit Security Flaws Highlight Infrastructure Risks in AI Apps https://www.infosecurity-magazine.com/news/chainlit-security-flaws-ai-apps/ #infosec #opensource #Python #vulnerability
##New. Tracked as CVE-2026-22218 and CVE-2026-22219.
Zafran Research: ChainLeak: Critical AI framework vulnerabilities expose data, enable cloud takeover https://www.zafran.io/resources/chainleak-critical-ai-framework-vulnerabilities-expose-data-enable-cloud-takeover
More:
Infosecurity-Magazine: Chainlit Security Flaws Highlight Infrastructure Risks in AI Apps https://www.infosecurity-magazine.com/news/chainlit-security-flaws-ai-apps/ #infosec #opensource #Python #vulnerability
##updated 2026-01-20T20:48:50
4 posts
6 repos
https://github.com/111ddea/goga-cve-2025-8110
https://github.com/freiwi/CVE-2025-8110
https://github.com/zAbuQasem/gogs-CVE-2025-8110
https://github.com/rxerium/CVE-2025-8110
Latest global tech and cybersecurity news (Jan 12-13, 2026):
The World Economic Forum's 'Global Cybersecurity Outlook 2026' highlights AI, geopolitics, and cyber-fraud as key shapers of risk, with fraud now surpassing ransomware as a top concern. CISA added a Gogs Path Traversal vulnerability (CVE-2025-8110) to its Known Exploited Vulnerabilities Catalog due to active exploitation. A critical vulnerability (CVE-2026-21858) was found in the n8n workflow automation platform, affecting thousands of systems. In technology, Google removed some medical AI Overviews following "alarming" results.
##❗️CISA has added 1 vulnerability to the KEV Catalog:
CVE-2025-8110: Gogs Path Traversal Vulnerability
##CVE ID: CVE-2025-8110
Vendor: Gogs
Product: Gogs
Date Added: 2026-01-12
Notes: https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8110
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-8110
Remember that Gogs ../ last month? It's now in the KEV Catalog.
http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit
##updated 2026-01-20T19:15:50.827000
2 posts
New. Tracked as CVE-2026-22218 and CVE-2026-22219.
Zafran Research: ChainLeak: Critical AI framework vulnerabilities expose data, enable cloud takeover https://www.zafran.io/resources/chainleak-critical-ai-framework-vulnerabilities-expose-data-enable-cloud-takeover
More:
Infosecurity-Magazine: Chainlit Security Flaws Highlight Infrastructure Risks in AI Apps https://www.infosecurity-magazine.com/news/chainlit-security-flaws-ai-apps/ #infosec #opensource #Python #vulnerability
##New. Tracked as CVE-2026-22218 and CVE-2026-22219.
Zafran Research: ChainLeak: Critical AI framework vulnerabilities expose data, enable cloud takeover https://www.zafran.io/resources/chainleak-critical-ai-framework-vulnerabilities-expose-data-enable-cloud-takeover
More:
Infosecurity-Magazine: Chainlit Security Flaws Highlight Infrastructure Risks in AI Apps https://www.infosecurity-magazine.com/news/chainlit-security-flaws-ai-apps/ #infosec #opensource #Python #vulnerability
##updated 2026-01-20T18:43:31.587000
1 posts
FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##updated 2026-01-20T18:36:35.953000
1 posts
FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##updated 2026-01-20T18:33:03
2 posts
🟠 CVE-2025-71020 - High (7.5)
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71020/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-71020 - High (7.5)
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71020/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T18:33:03
2 posts
🔴 CVE-2026-0610 - Critical (9.8)
SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0610/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-0610 - Critical (9.8)
SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0610/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T18:32:59
1 posts
updated 2026-01-20T18:32:08
4 posts
🟠 CVE-2025-33233 - High (7.8)
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33233/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Nvidia has posted two high-severity advisories:
Update: NVIDIA CUDA Toolkit - January 2026, relating to CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, and CVE-2025-33231 https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Update: NVIDIA Merlin - January 2026, relating to CVE-2025-33233 https://nvidia.custhelp.com/app/answers/detail/a_id/5761 #infosec #Nvidia #vulnerability
##🟠 CVE-2025-33233 - High (7.8)
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33233/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Nvidia has posted two high-severity advisories:
Update: NVIDIA CUDA Toolkit - January 2026, relating to CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, and CVE-2025-33231 https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Update: NVIDIA Merlin - January 2026, relating to CVE-2025-33233 https://nvidia.custhelp.com/app/answers/detail/a_id/5761 #infosec #Nvidia #vulnerability
##updated 2026-01-20T18:32:08
2 posts
Nvidia has posted two high-severity advisories:
Update: NVIDIA CUDA Toolkit - January 2026, relating to CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, and CVE-2025-33231 https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Update: NVIDIA Merlin - January 2026, relating to CVE-2025-33233 https://nvidia.custhelp.com/app/answers/detail/a_id/5761 #infosec #Nvidia #vulnerability
##Nvidia has posted two high-severity advisories:
Update: NVIDIA CUDA Toolkit - January 2026, relating to CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, and CVE-2025-33231 https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Update: NVIDIA Merlin - January 2026, relating to CVE-2025-33233 https://nvidia.custhelp.com/app/answers/detail/a_id/5761 #infosec #Nvidia #vulnerability
##updated 2026-01-20T18:32:08
2 posts
Nvidia has posted two high-severity advisories:
Update: NVIDIA CUDA Toolkit - January 2026, relating to CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, and CVE-2025-33231 https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Update: NVIDIA Merlin - January 2026, relating to CVE-2025-33233 https://nvidia.custhelp.com/app/answers/detail/a_id/5761 #infosec #Nvidia #vulnerability
##Nvidia has posted two high-severity advisories:
Update: NVIDIA CUDA Toolkit - January 2026, relating to CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, and CVE-2025-33231 https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Update: NVIDIA Merlin - January 2026, relating to CVE-2025-33233 https://nvidia.custhelp.com/app/answers/detail/a_id/5761 #infosec #Nvidia #vulnerability
##updated 2026-01-20T18:32:08
2 posts
Nvidia has posted two high-severity advisories:
Update: NVIDIA CUDA Toolkit - January 2026, relating to CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, and CVE-2025-33231 https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Update: NVIDIA Merlin - January 2026, relating to CVE-2025-33233 https://nvidia.custhelp.com/app/answers/detail/a_id/5761 #infosec #Nvidia #vulnerability
##Nvidia has posted two high-severity advisories:
Update: NVIDIA CUDA Toolkit - January 2026, relating to CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, and CVE-2025-33231 https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Update: NVIDIA Merlin - January 2026, relating to CVE-2025-33233 https://nvidia.custhelp.com/app/answers/detail/a_id/5761 #infosec #Nvidia #vulnerability
##updated 2026-01-20T18:32:08
2 posts
Nvidia has posted two high-severity advisories:
Update: NVIDIA CUDA Toolkit - January 2026, relating to CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, and CVE-2025-33231 https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Update: NVIDIA Merlin - January 2026, relating to CVE-2025-33233 https://nvidia.custhelp.com/app/answers/detail/a_id/5761 #infosec #Nvidia #vulnerability
##Nvidia has posted two high-severity advisories:
Update: NVIDIA CUDA Toolkit - January 2026, relating to CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, and CVE-2025-33231 https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Update: NVIDIA Merlin - January 2026, relating to CVE-2025-33233 https://nvidia.custhelp.com/app/answers/detail/a_id/5761 #infosec #Nvidia #vulnerability
##updated 2026-01-20T18:32:08
1 posts
🟠 CVE-2025-33015 - High (8.8)
IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33015/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T18:31:56
2 posts
🟠 CVE-2026-0943 - High (7.5)
HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.
Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0943/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0943 - High (7.5)
HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.
Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0943/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T18:31:56
2 posts
GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)
https://sourceware.org/pipermail/libc-announce/2026/000050.html
##updated 2026-01-20T18:31:55
6 posts
4 repos
https://github.com/horizon3ai/CVE-2025-64155
https://github.com/purehate/CVE-2025-64155-hunter
https://github.com/Ashwesker/Ashwesker-CVE-2025-64155
https://github.com/cyberdudebivash/CYBERDUDEBIVASH-FortiSIEM-CVE-2025-64155-Scanner
📢 PoC publié pour une faille critique FortiSIEM (CVE-2025-64155) permettant une exécution de code à distance
📝 Selon Help Net Security, un **code de preuve de concept (P...
📖 cyberveille : https://cyberveille.ch/posts/2026-01-20-poc-publie-pour-une-faille-critique-fortisiem-cve-2025-64155-permettant-une-execution-de-code-a-distance/
🌐 source : https://www.helpnetsecurity.com/2026/01/15/fortisiem-vulnerability-cve-2025-64155-poc-exploit/
#CVE_2025_64155 #FortiSIEM #Cyberveille
CVE-2025-64155: Three Years of Remotely Rooting the #Fortinet #FortiSIEM
##Un exploit est disponible pour cette nouvelle faille critique dans Fortinet FortiSIEM : CVE-2025-64155 https://www.it-connect.fr/fortinet-fortisiem-cve-2025-64155/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Fortinet
##‼️CVE-2025-64155: Fortinet FortiSIEM Argument Injection to Remote Code Execution
Exploit/PoC: https://github.com/horizon3ai/CVE-2025-64155
CVSS: 9.4
Published: Jan 13, 2026
Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-25-772
##CVE-2025-64155: 3 Years of Remotely Rooting the Fortinet FortiSIEM https://horizon3.ai/attack-research/disclosures/cve-2025-64155-three-years-of-remotely-rooting-the-fortinet-fortisiem/
##RE: https://infosec.exchange/@cR0w/115888888335126115
Well would you look at that. Write-up now available. Go fuck up some FortiShit.
##updated 2026-01-20T18:16:03.790000
1 posts
🔴 CVE-2025-53912 - Critical (9.6)
An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-53912/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T18:04:49.637000
1 posts
One more Tenda for old time's sake.
https://www.cve.org/CVERecord?id=CVE-2025-71023
https://www.cve.org/CVERecord?id=CVE-2025-71024
https://www.cve.org/CVERecord?id=CVE-2025-71025
https://www.cve.org/CVERecord?id=CVE-2025-71026
##updated 2026-01-20T17:37:26.670000
1 posts
I don't know this project ( Jervis ) but the fact that there are five crypto-related vulns at once seems like a legitimate opportunity for people to learn from someone else's mistakes. I don't understand many crypto vulns so they always fascinate me.
https://www.cve.org/CVERecord?id=CVE-2025-68701
https://www.cve.org/CVERecord?id=CVE-2025-68702
https://www.cve.org/CVERecord?id=CVE-2025-68703
##updated 2026-01-20T17:12:33.680000
1 posts
I don't know this project ( Jervis ) but the fact that there are five crypto-related vulns at once seems like a legitimate opportunity for people to learn from someone else's mistakes. I don't understand many crypto vulns so they always fascinate me.
https://www.cve.org/CVERecord?id=CVE-2025-68701
https://www.cve.org/CVERecord?id=CVE-2025-68702
https://www.cve.org/CVERecord?id=CVE-2025-68703
##updated 2026-01-20T16:16:07
1 posts
🟠 CVE-2026-0902 - High (8.8)
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0902/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T16:16:02.410000
1 posts
🟠 CVE-2025-29847 - High (7.5)
A vulnerability in Apache Linkis.
Problem Description
When using the JDBC engine and da
When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it ma...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-29847/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T15:33:23
1 posts
🟠 CVE-2026-0726 - High (8.1)
The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxt_unserialize_replace' function. This makes ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0726/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T15:33:21
2 posts
🟠 CVE-2025-12985 - High (8.4)
IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12985/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-12985 - High (8.4)
IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12985/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T15:33:21
2 posts
🟠 CVE-2025-14115 - High (8.4)
IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, wh...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14115/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-14115 - High (8.4)
IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, wh...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14115/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T15:33:21
1 posts
🔴 CVE-2026-22844 - Critical (9.9)
A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22844/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T15:33:16
1 posts
🔴 CVE-2026-0907 - Critical (9.8)
Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0907/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T15:33:12
1 posts
encryption (data access concerns).
- Cybersecurity patches and CVEs: Chrome CVE-2026-0900; Fortinet FortiOS/FortiSIEM/FortiSwitchManager fixes; AWS Lambda CVEs.
- Netflix live voting: Netflix rolling out live voting for real-time audience participation.
- FDA at-home brain device: Flow Neuroscience FL-100 at-home brain stimulation device cleared for depression. [2/2]
updated 2026-01-20T15:33:12
1 posts
🟠 CVE-2026-1007 - High (7.6)
Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1007/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T15:33:12
2 posts
🟠 CVE-2026-0899 - High (8.8)
Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0899/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0899 - High (8.8)
Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0899/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T15:33:12
1 posts
🔴 CVE-2026-0906 - Critical (9.8)
Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0906/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T15:31:50
1 posts
1 repos
https://github.com/m4sh-wacker/CVE-2025-60188-Atarim-Plugin-Exploit
❗️CVE-2025-60188: Atarim Plugin PoC Exploit
GitHub: https://github.com/m4sh-wacker/CVE-2025-60188-Atarim-Plugin-Exploit
##updated 2026-01-20T15:16:15.553000
2 posts
🟠 CVE-2025-15347 - High (8.8)
The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get_items_permissions_check func...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15347/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-15347 - High (8.8)
The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get_items_permissions_check func...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15347/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-20T10:16:05.583000
3 posts
‼️CVE-2025-14533: The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1, exposing 100,000 sites.
CVSS: 9.8
CVE Published: January 20th, 2026
Bounty: $975.00
Advisory: https://github.com/advisories/GHSA-jm76-5g2j-p4hp
Description: The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can only be exploited if 'role' is mapped to the custom field.
##‼️CVE-2025-14533: The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1, exposing 100,000 sites.
CVSS: 9.8
CVE Published: January 20th, 2026
Bounty: $975.00
Advisory: https://github.com/advisories/GHSA-jm76-5g2j-p4hp
Description: The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can only be exploited if 'role' is mapped to the custom field.
##🔴 CVE-2025-14533 - Critical (9.8)
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14533/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-17T00:30:30
1 posts
If you missed this, Microsoft posted three advisories to its security guide yesterday.
- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability, CVE-2026-21223 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21223
- Microsoft Power Apps Remote Code Execution Vulnerability, CVE-2026-20960 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20960
- Microsoft Excel Remote Code Execution Vulnerability, CVE-2026-20950 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20950 #infosec #Microsoft #Office #Chromium #Edge #vulnerability
##updated 2026-01-16T22:16:25.983000
1 posts
If you missed this, Microsoft posted three advisories to its security guide yesterday.
- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability, CVE-2026-21223 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21223
- Microsoft Power Apps Remote Code Execution Vulnerability, CVE-2026-20960 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20960
- Microsoft Excel Remote Code Execution Vulnerability, CVE-2026-20950 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20950 #infosec #Microsoft #Office #Chromium #Edge #vulnerability
##updated 2026-01-16T21:53:35
1 posts
2 repos
https://github.com/Nurjaman2004/jsPDF-Bulk-Detector-CVE-2025-68428-
❗️CVE-2025-68428: Critical Path Traversal in jsPDF
GitHub: https://github.com/12nio/CVE-2025-68428_PoC
CVSS: 9.2
CVE Published: January 5th, 2026
Exploit Published: January 8th, 2026
News source: https://www.bleepingcomputer.com/news/security/critical-jspdf-flaw-lets-hackers-steal-secrets-via-generated-pdfs/
##updated 2026-01-16T21:31:29
1 posts
updated 2026-01-16T19:10:47
1 posts
📢⚠️ Years-old vulnerable Apache Struts 2 versions were downloaded 387K+ times in one week, despite a high-severity CVE-2025-68493 flaw - Patch to 6.1.1 now!
Read: https://hackread.com/years-old-vulnerable-apache-struts-2-downloads/
#Cybersecurity #ApacheStruts #Vulnerability #InfoSec #DevSecOps
##updated 2026-01-16T18:32:39
1 posts
1 repos
https://github.com/ninjazan420/CVE-2025-60021-PoC-Apache-bRPC-Heap-Profiler-Command-Injection
Apache bRPC Critical Remote Command Injection Vulnerability
Apache bRPC versions prior to 1.15.0 contain a critical remote command injection vulnerability (CVE-2025-60021) in the heap profiler service. Attackers can exploit unvalidated input in the extra_options parameter to execute arbitrary commands and gain full system control.
**If you are using Apache bRPC, make sure all bRPC instances are isolated from the internet and accessible from trusted networks only. Disable the heap profiler service to prevent attackers from running remote commands on your servers and plan a quick upgrade to version 1.15.0.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apache-brpc-critical-remote-command-injection-vulnerability-d-8-0-d-6/gD2P6Ple2L
updated 2026-01-16T18:32:29
1 posts
"CVE-2026-0861 was also disclosed this week for Glibc where passing too large of an alignment to glibc's memalign functions could result in an integer overflow and in turn heap corruption."
2026 and we're still fixing overflows in C.
I HAVE HAD IT WITH THESE MOTHERFUCKIN' OVERFLOWS IN THIS MOTHERFUCKIN' PROGRAMMING LANGUAGE
##updated 2026-01-16T18:32:29
1 posts
updated 2026-01-16T18:32:29
1 posts
One more Tenda for old time's sake.
https://www.cve.org/CVERecord?id=CVE-2025-71023
https://www.cve.org/CVERecord?id=CVE-2025-71024
https://www.cve.org/CVERecord?id=CVE-2025-71025
https://www.cve.org/CVERecord?id=CVE-2025-71026
##updated 2026-01-16T18:32:29
1 posts
One more Tenda for old time's sake.
https://www.cve.org/CVERecord?id=CVE-2025-71023
https://www.cve.org/CVERecord?id=CVE-2025-71024
https://www.cve.org/CVERecord?id=CVE-2025-71025
https://www.cve.org/CVERecord?id=CVE-2025-71026
##updated 2026-01-16T18:32:29
1 posts
One more Tenda for old time's sake.
https://www.cve.org/CVERecord?id=CVE-2025-71023
https://www.cve.org/CVERecord?id=CVE-2025-71024
https://www.cve.org/CVERecord?id=CVE-2025-71025
https://www.cve.org/CVERecord?id=CVE-2025-71026
##updated 2026-01-16T18:31:44
2 posts
Eine kritische Sicherheitslücke CVE-2026-0629 erlaubt es Angreifern, Admin-Zugriff auf zahlreiche #TPLink Vigi-Überwachungskameras per Fernzugriff zu erlangen. https://www.golem.de/specials/tp-link/
##Eine kritische Sicherheitslücke CVE-2026-0629 erlaubt es Angreifern, Admin-Zugriff auf zahlreiche #TPLink Vigi-Überwachungskameras per Fernzugriff zu erlangen. https://www.golem.de/specials/tp-link/
##updated 2026-01-16T18:24:25.410000
1 posts
One more Tenda for old time's sake.
https://www.cve.org/CVERecord?id=CVE-2025-71023
https://www.cve.org/CVERecord?id=CVE-2025-71024
https://www.cve.org/CVERecord?id=CVE-2025-71025
https://www.cve.org/CVERecord?id=CVE-2025-71026
##updated 2026-01-16T16:45:11.670000
1 posts
Space Hacking ( NASA Cryptolib ) 🚀
https://www.cve.org/CVERecord?id=CVE-2026-21897
https://www.cve.org/CVERecord?id=CVE-2026-21898
https://www.cve.org/CVERecord?id=CVE-2026-21899
https://www.cve.org/CVERecord?id=CVE-2026-21900
https://www.cve.org/CVERecord?id=CVE-2026-22023
https://www.cve.org/CVERecord?id=CVE-2026-22024
https://www.cve.org/CVERecord?id=CVE-2026-22025
https://www.cve.org/CVERecord?id=CVE-2026-22026
##updated 2026-01-16T16:15:25.740000
1 posts
Three of the sev:CRIT RCEs list the Preview Pane as an attack vector.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20952
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20953
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20944
##updated 2026-01-16T15:55:33.063000
1 posts
Read about CVE-2025-13154, a privilege escalation vulnerability in a Lenovo Vantage addin called SmartPerformance
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:33.063000
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-16T15:55:12.257000
1 posts
updated 2026-01-16T15:32:28
1 posts
updated 2026-01-16T03:30:27
2 posts
Tenable has updated its threat research advisories, adding one new entry (including mitigation):
Critical: CVE-2025-62581 and CVE-2025-62582: Delta Electronics DIAView Multiple Vulnerabilities https://www.tenable.com/security/research/tra-2026-02 #infosec #vulnerability
##Tenable has updated its threat research advisories, adding one new entry (including mitigation):
Critical: CVE-2025-62581 and CVE-2025-62582: Delta Electronics DIAView Multiple Vulnerabilities https://www.tenable.com/security/research/tra-2026-02 #infosec #vulnerability
##updated 2026-01-16T03:30:27
2 posts
Tenable has updated its threat research advisories, adding one new entry (including mitigation):
Critical: CVE-2025-62581 and CVE-2025-62582: Delta Electronics DIAView Multiple Vulnerabilities https://www.tenable.com/security/research/tra-2026-02 #infosec #vulnerability
##Tenable has updated its threat research advisories, adding one new entry (including mitigation):
Critical: CVE-2025-62581 and CVE-2025-62582: Delta Electronics DIAView Multiple Vulnerabilities https://www.tenable.com/security/research/tra-2026-02 #infosec #vulnerability
##updated 2026-01-15T22:33:19
1 posts
Haven't seen a cypher injection for a while. This one is in Apache Camel-Neo4j.
##updated 2026-01-15T21:48:49.657000
1 posts
Space Hacking ( NASA Cryptolib ) 🚀
https://www.cve.org/CVERecord?id=CVE-2026-21897
https://www.cve.org/CVERecord?id=CVE-2026-21898
https://www.cve.org/CVERecord?id=CVE-2026-21899
https://www.cve.org/CVERecord?id=CVE-2026-21900
https://www.cve.org/CVERecord?id=CVE-2026-22023
https://www.cve.org/CVERecord?id=CVE-2026-22024
https://www.cve.org/CVERecord?id=CVE-2026-22025
https://www.cve.org/CVERecord?id=CVE-2026-22026
##updated 2026-01-15T21:45:24.500000
1 posts
Space Hacking ( NASA Cryptolib ) 🚀
https://www.cve.org/CVERecord?id=CVE-2026-21897
https://www.cve.org/CVERecord?id=CVE-2026-21898
https://www.cve.org/CVERecord?id=CVE-2026-21899
https://www.cve.org/CVERecord?id=CVE-2026-21900
https://www.cve.org/CVERecord?id=CVE-2026-22023
https://www.cve.org/CVERecord?id=CVE-2026-22024
https://www.cve.org/CVERecord?id=CVE-2026-22025
https://www.cve.org/CVERecord?id=CVE-2026-22026
##updated 2026-01-15T21:32:45
1 posts
‼️Trend Micro Apex Central Multiple Vulnerabilities
CVE:
CVE-2025-69258 (CVSS: 9.8)
CVE-2025-69259 (CVSS: 7.5)
CVE-2025-69260 (CVSS: 7.5)
CWE: CWE-1285, CWE-306, CWE-641
PoC/Writeup: https://www.tenable.com/security/research/tra-2026-01
Disclosure Date: January 7. 2026
Disclosure: https://success.trendmicro.com/en-US/solution/KA-0022071
##updated 2026-01-15T21:31:54
8 posts
2 repos
📢 CVE-2026-0227 corrigée dans PAN-OS : une faille permettait de désactiver le pare-feu à distance
📝 IT-Connect rapporte la découverte et la correction de la vulnérabilité majeure CVE-2026-0227 affectant PAN-OS...
📖 cyberveille : https://cyberveille.ch/posts/2026-01-20-cve-2026-0227-corrigee-dans-pan-os-une-faille-permettait-de-desactiver-le-pare-feu-a-distance/
🌐 source : https://www.it-connect.fr/palo-alto-networks-cve-2026-0227-firewalls/
#CVE_2026_0227 #PAN_OS #Cyberveille
Here's a summary of the most important global, technology, and cybersecurity news from the last 24 hours:
Cyber incidents remain the top global business risk for the fifth consecutive year, with AI surging to second place, according to the Allianz Risk Barometer 2026. New EvilAI malware is masquerading as AI tools to infiltrate organizations. Microsoft has disrupted the RedVDS cybercrime infrastructure. Palo Alto Networks patched a critical denial-of-service bug (CVE-2026-0227) affecting firewalls. In technology, the US imposed AI chip tariffs on Nvidia, causing global supply chain friction. OpenAI will begin testing advertisements in ChatGPT. California is investigating xAI over sexualized deepfakes. Globally, geopolitical tensions continue, with Trump threatening tariffs amidst disputes over Greenland.
##Anyone hear of a PoC for CVE-2026-0227 yet?
##PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal
Palo Alto Networks – CVE-2026-0227 : cette nouvelle faille permet de désactiver le firewall à distance https://www.it-connect.fr/palo-alto-networks-cve-2026-0227-firewalls/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #PaloAlto
##Tracked as CVE-2026-0227, this security flaw affects next-generation firewalls (running PAN-OS 10.1 or later) and Palo Alto Networks' Prisma Access configurations when the GlobalProtect gateway or portal is enabled. https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-dos-bug-letting-hackers-disable-firewalls/
##There's the DoS.
CVSS-BT: 7.7 / CVSS-B: 8.7 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:U/V:D/RE:M/U:Amber)
New security advisories. You'll need a login to access details.
Palo Alto: PAN-SA-2026-0001 Chromium: Monthly Vulnerability Update (January 2026) https://security.paloaltonetworks.com/PAN-SA-2026-0001
CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal https://security.paloaltonetworks.com/CVE-2026-0227 #PaloAlto #infosec #vulnerability #Chromium
##@cR0w cve-2026-0227 seems spicy
##updated 2026-01-15T21:31:47
4 posts
6 repos
https://github.com/Cedric-Martz/CVE-2025-36911_scan
https://github.com/SpectrixDev/DIY_WhisperPair
https://github.com/zalexdev/wpair-app
https://github.com/SteamPunk424/CVE-2025-36911-Wisper_Pair_Target_Finder-
‼️WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol.
https://github.com/zalexdev/wpair-app
Features:
▪️BLE Scanner - Discovers Fast Pair devices broadcasting the 0xFE2C service UUID
▪️Vulnerability Tester - Non-invasive check if device is patched against CVE-2025-36911
▪️Exploit Demonstration - Full proof-of-concept for authorized security testing
▪️HFP Audio Access - Demonstrates microphone access post-exploitation
▪️Live Listening - Real-time audio streaming to phone speaker
▪️Recording - Save captured audio as M4A files
##‼️WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol.
https://github.com/zalexdev/wpair-app
Features:
▪️BLE Scanner - Discovers Fast Pair devices broadcasting the 0xFE2C service UUID
▪️Vulnerability Tester - Non-invasive check if device is patched against CVE-2025-36911
▪️Exploit Demonstration - Full proof-of-concept for authorized security testing
▪️HFP Audio Access - Demonstrates microphone access post-exploitation
▪️Live Listening - Real-time audio streaming to phone speaker
▪️Recording - Save captured audio as M4A files
##Google „Fast Pair“ ist Sicherheitsrisiko
Hier kann man wieder sehen, dass "Komfort" (oder was auch immer die Amerikaner dafür halten) ein natürlicher Feind der Sicherheit ist. Google hatte ein Verfahren namens Fast Pair ersonnen, das die Kopplung von Bluetooth (BT) Zubehörgeräten mit Android vereinfachen soll. Gut gedacht, schlecht gemacht. Forschende der Uni Leuven (Belgien) haben schon im vorigen Jahr eine Schwachstelle in dem System gefunden und vertraulich an Google gemeldet. Wann genau das war, ist nirgends dokumentiert. Die zugeordnete Fehlernummer CVE-2025-36911 muss (aus der Zahl zu schließen) ungefähr um die Jahresmitte vergeben worden sein.
Die Schwachstelle
https://www.pc-fluesterer.info/wordpress/2026/01/20/google-fast-pair-ist-sicherheitsrisiko/
#Empfehlung #Mobilfunk #Warnung #android #bluetooth #google #hersteller #sicherheit #vorbeugen
##The vulnerability for this was updated yesterday: https://www.cve.org/CVERecord?id=CVE-2025-36911
Malwarebytes: WhisperPair exposes Bluetooth earbuds and headphones to tracking and eavesdropping https://www.malwarebytes.com/blog/news/2026/01/whisperpair-exposes-bluetooth-earbuds-and-headphones-to-tracking-and-eavesdropping
More about Bluetooth hijacking: https://whisperpair.eu/ #infosec #bluetooth #vulnerability
##updated 2026-01-15T21:31:44
1 posts
‼️Trend Micro Apex Central Multiple Vulnerabilities
CVE:
CVE-2025-69258 (CVSS: 9.8)
CVE-2025-69259 (CVSS: 7.5)
CVE-2025-69260 (CVSS: 7.5)
CWE: CWE-1285, CWE-306, CWE-641
PoC/Writeup: https://www.tenable.com/security/research/tra-2026-01
Disclosure Date: January 7. 2026
Disclosure: https://success.trendmicro.com/en-US/solution/KA-0022071
##updated 2026-01-15T19:21:06.850000
1 posts
updated 2026-01-15T15:31:35
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:35
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:33
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:30
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:30
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:27
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:27
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:27
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:27
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:27
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:26
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:26
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:26
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:19
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:19
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:19
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:18
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:18
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-15T15:31:18
1 posts
SICK vulns, bro.
https://www.cve.org/CVERecord?id=CVE-2026-0712
https://www.cve.org/CVERecord?id=CVE-2026-0713
https://www.cve.org/CVERecord?id=CVE-2026-22637
https://www.cve.org/CVERecord?id=CVE-2026-22638
https://www.cve.org/CVERecord?id=CVE-2026-22639
https://www.cve.org/CVERecord?id=CVE-2026-22640
https://www.cve.org/CVERecord?id=CVE-2026-22641
https://www.cve.org/CVERecord?id=CVE-2026-22642
https://www.cve.org/CVERecord?id=CVE-2026-22643
https://www.cve.org/CVERecord?id=CVE-2026-22644
https://www.cve.org/CVERecord?id=CVE-2026-22645
https://www.cve.org/CVERecord?id=CVE-2026-22646
https://www.cve.org/CVERecord?id=CVE-2026-22907
https://www.cve.org/CVERecord?id=CVE-2026-22908
https://www.cve.org/CVERecord?id=CVE-2026-22909
https://www.cve.org/CVERecord?id=CVE-2026-22910
https://www.cve.org/CVERecord?id=CVE-2026-22911
https://www.cve.org/CVERecord?id=CVE-2026-22912
https://www.cve.org/CVERecord?id=CVE-2026-22913
https://www.cve.org/CVERecord?id=CVE-2026-22914
https://www.cve.org/CVERecord?id=CVE-2026-22915
https://www.cve.org/CVERecord?id=CVE-2026-22916
https://www.cve.org/CVERecord?id=CVE-2026-22917
https://www.cve.org/CVERecord?id=CVE-2026-22918
##updated 2026-01-14T22:15:49.780000
1 posts
I noticed a vulnerability was fixed in vsftpd a few days ago (CVE-2025-14242). It’s a very interesting project, and Chris Evans' work has taught me several important lessons.
I searched for more details about the issue but couldn't find much initially. Today, I saw that the issue seems to have been introduced by a Red Hat patch. That makes sense!
Bug 2419826 (CVE-2025-14242) - CVE-2025-14242 vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing[NEEDINFO]
https://bugzilla.redhat.com/show_bug.cgi?id=2419826
2ed5ba6 Resolve CVE-2025-14242
https://src.fedoraproject.org/rpms/vsftpd/c/2ed5ba6e77f1c3e365fb4b0028945f762c456131
updated 2026-01-14T21:34:10
3 posts
2 repos
https://github.com/TheTorjanCaptain/CVE-2026-23550-PoC
https://github.com/cyberdudebivash/CYBERDUDEBIVASH-Modular-DS-CVE-2026-23550-Detector
origin-mo: il trucco pigro che ha aperto 40.000 siti WordPress agli hacker
I ricercatori hanno scoperto una vulnerabilità critica nel plugin Modular DS per WordPress che ha permesso a hacker di compromettere oltre 40.000 siti con un metodo sorprendentemente semplice. La vulnerabilità CVE-2026-23550 Il plugin Modular DS, installato su decine di migliaia di siti WordPress, presentava una falla di privilege escalation classificata con un punteggio CVSS di 10.0, il massimo livello di severità. Questa debolezza, identificata come CVE-2026-23550 e catalogata nel […] ##‼️ 40,000 WordPress Sites Exposed to Risk Due to Modular DS Admin Bypass Vulnerability
CVE-2026-23550: Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access
CVSS: 10
CVE Published: January 14th, 2026
Attacking IP Addresses:
45[.]11[.]89[.]19
185[.]196[.]0[.]11
Reference: https://help.modulards.com/en/article/modular-ds-security-release-modular-connector-252-dm3mv0/
##Critical Privilege Escalation in Modular DS WordPress Plugin Actively Exploited
Attackers are exploiting a CVSS 10.0 vulnerability in the Modular DS WordPress plugin to gain unauthenticated administrative access and full site control. The flaw, tracked as CVE-2026-23550, allows hackers to bypass authentication by manipulating URL parameters.
**If you are using Modular DS plugin, this is urgent! Updat to version 2.5.2 immediately, because your site is being hacked. If you can't update, disable the plugin. After patching, check your WordPress user list for any unauthorized administrator accounts created recently.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-privilege-escalation-in-modular-ds-wordpress-plugin-actively-exploited-k-y-l-e-j/gD2P6Ple2L
updated 2026-01-14T20:01:53.500000
1 posts
Serveur WDS – CVE-2026-0386 : le correctif va impacter les fichiers de réponse https://www.it-connect.fr/serveur-wds-cve-2026-0386-le-correctif-va-impacter-les-fichiers-de-reponse/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft #WDS
##updated 2026-01-14T17:16:06.930000
1 posts
1 repos
I'm not concerned about this as a security concern, but I know people around here like their AQI monitors so this might be handy for folks trying to hack theirs for other functionality.
##updated 2026-01-14T16:26:00.933000
1 posts
Netgear
https://www.cve.org/CVERecord?id=CVE-2026-0403
https://www.cve.org/CVERecord?id=CVE-2026-0404
https://www.cve.org/CVERecord?id=CVE-2026-0405
https://www.cve.org/CVERecord?id=CVE-2026-0406
https://www.cve.org/CVERecord?id=CVE-2026-0407
##updated 2026-01-14T16:26:00.933000
1 posts
Netgear
https://www.cve.org/CVERecord?id=CVE-2026-0403
https://www.cve.org/CVERecord?id=CVE-2026-0404
https://www.cve.org/CVERecord?id=CVE-2026-0405
https://www.cve.org/CVERecord?id=CVE-2026-0406
https://www.cve.org/CVERecord?id=CVE-2026-0407
##updated 2026-01-14T16:25:40.430000
1 posts
updated 2026-01-14T16:25:12.057000
1 posts
InputPlumber: Lack of D-Bus Authorization and Input Verification allows UI Input Injection and Denial-of-Service (CVE-2025-66005, CVE-2025-14338)
https://security.opensuse.org/2026/01/09/inputplumber-lack-of-dbus-auth.html
##updated 2026-01-14T12:31:39
1 posts
InputPlumber: Lack of D-Bus Authorization and Input Verification allows UI Input Injection and Denial-of-Service (CVE-2025-66005, CVE-2025-14338)
https://security.opensuse.org/2026/01/09/inputplumber-lack-of-dbus-auth.html
##updated 2026-01-13T22:04:12.347000
1 posts
UTT
https://www.cve.org/CVERecord?id=CVE-2026-0836
https://www.cve.org/CVERecord?id=CVE-2026-0837
https://www.cve.org/CVERecord?id=CVE-2026-0838
https://www.cve.org/CVERecord?id=CVE-2026-0839
https://www.cve.org/CVERecord?id=CVE-2026-0840
https://www.cve.org/CVERecord?id=CVE-2026-0841
Luxul
##updated 2026-01-13T21:41:13
1 posts
I don't know this project ( Jervis ) but the fact that there are five crypto-related vulns at once seems like a legitimate opportunity for people to learn from someone else's mistakes. I don't understand many crypto vulns so they always fascinate me.
https://www.cve.org/CVERecord?id=CVE-2025-68701
https://www.cve.org/CVERecord?id=CVE-2025-68702
https://www.cve.org/CVERecord?id=CVE-2025-68703
##updated 2026-01-13T21:41:07
1 posts
I don't know this project ( Jervis ) but the fact that there are five crypto-related vulns at once seems like a legitimate opportunity for people to learn from someone else's mistakes. I don't understand many crypto vulns so they always fascinate me.
https://www.cve.org/CVERecord?id=CVE-2025-68701
https://www.cve.org/CVERecord?id=CVE-2025-68702
https://www.cve.org/CVERecord?id=CVE-2025-68703
##updated 2026-01-13T21:41:02
1 posts
I don't know this project ( Jervis ) but the fact that there are five crypto-related vulns at once seems like a legitimate opportunity for people to learn from someone else's mistakes. I don't understand many crypto vulns so they always fascinate me.
https://www.cve.org/CVERecord?id=CVE-2025-68701
https://www.cve.org/CVERecord?id=CVE-2025-68702
https://www.cve.org/CVERecord?id=CVE-2025-68703
##updated 2026-01-13T21:31:44
7 posts
2 repos
Here's a summary of the latest important news in technology and cybersecurity from the last 24 hours:
**Cybersecurity:** Microsoft issued an emergency patch for a critical Windows zero-day vulnerability (CVE-2026-20805) actively being exploited as of January 19, 2026. The World Economic Forum's 2026 Outlook highlights accelerating cyber risks due to AI advancements and geopolitical fragmentation.
**Technology:** NASA is preparing its Artemis II mission with a wet dress rehearsal for its Orion spacecraft (January 19, 2026). Nvidia solidified its AI hardware dominance by acquiring Groq's AI inference IP for $20 billion (early January 2026).
**Global:** A strong G3/G4 geomagnetic storm is expected, potentially making the Northern Lights visible across 24 US states on January 19-20, 2026.
##Here's a digest of the latest in technology and cybersecurity:
**Cybersecurity:** Microsoft issued an emergency patch on January 19, 2026, for a critical Windows zero-day vulnerability (CVE-2026-20805) that is currently being actively exploited by attackers.
**Technology:** Elon Musk is seeking up to $134 billion in damages from OpenAI and Microsoft in an escalating AI courtroom dispute, as of January 19, 2026. NASA also began rolling out its Artemis 2 space launch system and Orion spacecraft on January 19, 2026. Additionally, NVIDIA's $20 billion acquisition of Groq's AI inference intellectual property is consolidating power in AI hardware.
##CERT-In issues high-severity alert for Windows 10, Windows 11 and Microsoft Office over CVE-2026-20805 vulnerability. Microsoft confirms exploit in the wild, urges urgent updates. https://english.mathrubhumi.com/technology/is-your-windows-pc-at-risk-indian-govt-issues-urgent-security-alert-vkdh7w9u?utm_source=dlvr.it&utm_medium=mastodon #WindowsSecurity #MicrosoftAlert #CERTIn #CyberSecurity
##Here's a summary of the most important world, technology, and cybersecurity news from the last 24-48 hours:
World: A train crash in Thailand killed at least 22 people (Jan 14). US President Trump warned Iran amid protests and reaffirmed his desire to acquire Greenland (Jan 14).
Technology: Big Tech companies are heavily investing in energy infrastructure to power their AI ambitions amidst growing backlash over resource usage (Jan 14). Apple's status as a tech visionary is being questioned amidst the rapid AI advancements (Jan 14).
Cybersecurity: CISA and Microsoft patched an actively exploited Windows information disclosure vulnerability (CVE-2026-20805) (Jan 13-14). The World Economic Forum's 2026 outlook highlights enterprise security facing a "three-front war" from cybercrime, AI misuse, and supply chain attacks (Jan 13).
##‼️ CVE-2026-20805: Microsoft Windows Information Disclosure Vulnerability has been added to the CISA KEV Catalog
https://darkwebinformer.com/cisa-kev-catalog/
0-day: Yes
CVSS: 5.5
This vulnerability was patched during January 13th, 2026 Patch Tuesday.
##CVE ID: CVE-2026-20805
Vendor: Microsoft
Product: Windows
Date Added: 2026-01-13
Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20805 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20805
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20805
The EITW one is in the Desktop Window Manager.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805
##updated 2026-01-13T20:36:43
1 posts
OpenCode patches critical RCE flaw in Web UI
OpenCode patched a critical XSS vulnerability (CVE-2026-22813) that allowed malicious websites to execute arbitrary commands on a user's local system by abusing the tool's internal API.
**If you are using OpenCode, update to version 1.1.10 ASAP to disable the vulnerable web UI and API. Avoid clicking untrusted links, check underling URLs and don't click on any links that you haven't crafted but point to your local machine's ports .**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/opencode-patches-critical-rce-flaw-in-web-ui-c-7-g-n-7/gD2P6Ple2L
updated 2026-01-13T19:16:27.083000
1 posts
7 repos
https://github.com/CayberMods/CVE-2026-22812-POC
https://github.com/barrersoftware/opencode-secure
https://github.com/Udyz/CVE-2026-22812-Exp
https://github.com/Ashwesker/Ashwesker-CVE-2026-22812
https://github.com/rohmatariow/CVE-2026-22812-exploit
‼️CVE-2026-22812: OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
PoC/Exploit: https://github.com/rohmatariow/CVE-2026-22812-exploit
CVSS: 8.8
CVE Published: January 12th, 2026
Exploit Published: January 16th, 2026
Advisory: https://github.com/anomalyco/opencode/security/advisories/GHSA-vxw4-wv6m-9hhh
OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.
##updated 2026-01-13T18:31:19
1 posts
The publicly disclosed ones are expiring Secure Boot cert:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21265
and an old one that was published in 2023 but is apparently now applicable to all Windows systems with the Agere Soft Modem installed, even if it isn't in use.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-31096
##updated 2026-01-13T18:31:18
4 posts
CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center
#CVE_2026_20965
https://cymulate.com/blog/cve-2026-20965-azure-windows-admin-center-tenant-wide-rce/
‼️CVE-2026-20965: Windows Admin Center Azure SSO Flaw Risks Tenant-Wide Compromise
Details: Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVSS: 7.5
CVE Published: January 13th, 2026
Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20965
Writeup: https://cymulate.com/blog/cve-2026-20965-azure-windows-admin-center-tenant-wide-rce/
##Stupid cloud anyway.
https://cymulate.com/blog/cve-2026-20965-azure-windows-admin-center-tenant-wide-rce/
##CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center https://cymulate.com/blog/cve-2026-20965-azure-windows-admin-center-tenant-wide-rce/
##updated 2026-01-13T18:31:18
1 posts
If you missed this, Microsoft posted three advisories to its security guide yesterday.
- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability, CVE-2026-21223 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21223
- Microsoft Power Apps Remote Code Execution Vulnerability, CVE-2026-20960 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20960
- Microsoft Excel Remote Code Execution Vulnerability, CVE-2026-20950 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20950 #infosec #Microsoft #Office #Chromium #Edge #vulnerability
##updated 2026-01-13T18:31:18
1 posts
Three of the sev:CRIT RCEs list the Preview Pane as an attack vector.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20952
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20953
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20944
##updated 2026-01-13T18:31:18
1 posts
Three of the sev:CRIT RCEs list the Preview Pane as an attack vector.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20952
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20953
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20944
##updated 2026-01-13T18:31:16
1 posts
Netgear
https://www.cve.org/CVERecord?id=CVE-2026-0403
https://www.cve.org/CVERecord?id=CVE-2026-0404
https://www.cve.org/CVERecord?id=CVE-2026-0405
https://www.cve.org/CVERecord?id=CVE-2026-0406
https://www.cve.org/CVERecord?id=CVE-2026-0407
##updated 2026-01-13T18:31:14
1 posts
Fortinet Forticlient EMS RCE CVE-2025-59922 and one IMG tag to rule them all https://baldur.dk/blog/fortinet-ems-rce.html
##updated 2026-01-13T18:31:14
1 posts
updated 2026-01-13T18:31:10
1 posts
Netgear
https://www.cve.org/CVERecord?id=CVE-2026-0403
https://www.cve.org/CVERecord?id=CVE-2026-0404
https://www.cve.org/CVERecord?id=CVE-2026-0405
https://www.cve.org/CVERecord?id=CVE-2026-0406
https://www.cve.org/CVERecord?id=CVE-2026-0407
##updated 2026-01-13T18:31:09
1 posts
Netgear
https://www.cve.org/CVERecord?id=CVE-2026-0403
https://www.cve.org/CVERecord?id=CVE-2026-0404
https://www.cve.org/CVERecord?id=CVE-2026-0405
https://www.cve.org/CVERecord?id=CVE-2026-0406
https://www.cve.org/CVERecord?id=CVE-2026-0407
##updated 2026-01-13T18:31:09
1 posts
Netgear
https://www.cve.org/CVERecord?id=CVE-2026-0403
https://www.cve.org/CVERecord?id=CVE-2026-0404
https://www.cve.org/CVERecord?id=CVE-2026-0405
https://www.cve.org/CVERecord?id=CVE-2026-0406
https://www.cve.org/CVERecord?id=CVE-2026-0407
##updated 2026-01-13T18:31:03
1 posts
updated 2026-01-13T18:16:06.193000
1 posts
updated 2026-01-13T15:37:12
1 posts
updated 2026-01-13T15:37:12
1 posts
updated 2026-01-13T15:05:00
3 posts
6 repos
https://github.com/cropnet/ni8mare-scanner
https://github.com/Chocapikk/CVE-2026-21858
https://github.com/SystemVll/CVE-2026-21858
https://github.com/Ashwesker/Ashwesker-CVE-2026-21858
Latest global tech and cybersecurity news (Jan 12-13, 2026):
The World Economic Forum's 'Global Cybersecurity Outlook 2026' highlights AI, geopolitics, and cyber-fraud as key shapers of risk, with fraud now surpassing ransomware as a top concern. CISA added a Gogs Path Traversal vulnerability (CVE-2025-8110) to its Known Exploited Vulnerabilities Catalog due to active exploitation. A critical vulnerability (CVE-2026-21858) was found in the n8n workflow automation platform, affecting thousands of systems. In technology, Google removed some medical AI Overviews following "alarming" results.
##Die erste Ausgabe von 60 Sekunden Cyber beschäftigt sich mit dem aktuellen ESA-Hack, der Situation Taiwans, CVE-2026-21858 und dem Schlag gegen Black Axe.
##Tell your friends.
The vulnerability, tracked as CVE-2026-21858 (CVSS score: 10.0), has been codenamed Ni8mare by Cyera Research Labs. Security researcher Dor Attias discovered and reported it on November 9, 2025.
https://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.html
##updated 2026-01-13T14:03:46.203000
1 posts
Perfect 10 in Fastjson. 🥳
It's funny that it appears to be a challenging enough bug that it bypassed at least two previous fixes.
https://www.cve.org/CVERecord?id=CVE-2025-70974
##Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload located elsewhere in that JSON document. This was exploited in the wild in 2023 through 2025. NOTE: this issue exists because of an incomplete fix for CVE-2017-18349. Also, a later bypass is covered by CVE-2022-25845.
updated 2026-01-13T14:03:18.990000
1 posts
UTT
https://www.cve.org/CVERecord?id=CVE-2026-0836
https://www.cve.org/CVERecord?id=CVE-2026-0837
https://www.cve.org/CVERecord?id=CVE-2026-0838
https://www.cve.org/CVERecord?id=CVE-2026-0839
https://www.cve.org/CVERecord?id=CVE-2026-0840
https://www.cve.org/CVERecord?id=CVE-2026-0841
Luxul
##updated 2026-01-13T14:03:18.990000
1 posts
1 repos
Advantech patches maximum-severity SQL injection flaw in IoT products
Advantech patched a maximum-severity SQL injection vulnerability (CVE-2025-52694) in its IoTSuite and IoT Edge products that allows unauthenticated remote attackers to execute arbitrary database commands.
**Make sure all industrial devices are isolated from the internet and accessible from trusted networks only. Update your Advantech IoTSuite and IoT Edge software to the latest versions immediately to prevent remote database takeovers.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/advantech-patches-maximum-severity-sql-injection-flaw-in-iot-products-n-q-4-8-9/gD2P6Ple2L
updated 2026-01-13T12:31:48
2 posts
Siemens Patches Critical Authentication Bypass in Industrial Edge Device Kit
Siemens reports a maximum severity critical authentication bypass vulnerability (CVE-2025-40805) in its Industrial Edge Device Kit that allows remote attackers to impersonate users and gain unauthorized access to industrial systems.
**If you are using Siemens Industrial Edge Device Kit, this is urgent and important. Make sure all Industrial Edge Device Kit systems are isolated from the internet and accessible from trusted networks only. Then plan a very quick update, this is a perfect 10 score vulnerability. Even with all the isolation, there may be a way in, so better patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/siemens-patches-critical-authentication-bypass-in-industrial-edge-device-kit-7-3-0-2-c/gD2P6Ple2L
Siemens Issues Fix for Maximum Severit flaw in Industrial Edge Devices
Siemens disclosed a max severity (10) critical vulnerability (CVE-2025-40805) in its Industrial Edge Devices that allows unauthenticated remote attackers to bypass authentication and impersonate users.
**This is maximum severity, so don't ignore it. Review the advisory to check if you use any of these product lines. Ofcourse, make sure all industrial devices are isolated from the internet and accessible from trusted networks only. Then plan a quick update cycle.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/siemens-issues-fix-for-maximum-severit-flaw-in-industrial-edge-devices-z-5-e-m-b/gD2P6Ple2L
updated 2026-01-13T03:32:08
6 posts
1 repos
https://github.com/cyberdudebivash/CYBERDUDEBIVASH-ServiceNow-AI-Agent-Audit-Script
Fascinating 🛡️ BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow 🛡️
Key Takeaways
AI agents significantly amplify the impact of traditional security flaws.
A Virtual Agent integration flaw (CVE-2025-12420) allowed unauthenticated attackers to impersonate any ServiceNow user using only an email address, bypassing MFA and SSO.
Virtual Agent APIs can become unintended execution paths for privileged AI workflows.
Internal topics such as AIA-Agent Invoker AutoChat enable AI agents to be executed outside expected deployment constraints.
Point-in-time fixes do not eliminate systemic risk from insecure provider and agent configurations.
Preventing abuse of agentic AI in conversational channels requires:
Strong provider configuration controls, including enforced MFA for account linking
Establishing an agent approval-process
Implementing lifecycle management policies to de-provision unused or stagnant agents.
https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow/ #InfoSec
ServiceNow patches critical AI Platform flaw enabling user impersonation
ServiceNow patched a critical privilege escalation vulnerability (CVE-2025-12420) in its AI platform that allowed unauthenticated attackers to impersonate users and execute unauthorized actions.
**If yoy are using self hosted ServiceNow, this is very important. Make sure the API is isolated from the internet if possible and accessible from trusted networks only. Then patch. If your ServiceNow must be exposed to the internet, this is urgent. Start patching now.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/servicenow-patches-critical-ai-platform-flaw-enabling-user-impersonation-8-5-w-h-p/gD2P6Ple2L
Here's a digest of the most important news from the last 24 hours:
**World:**
US President Donald Trump ordered 25% tariffs on all countries doing business with Iran (Jan 13). The UN warned of alarming child malnutrition in Gaza, with nearly 95,000 cases in 2025.
**Technology:**
Google is set to integrate product purchases within its Gemini AI platform (Jan 13). Meta is reportedly laying off hundreds of employees in its metaverse division (Jan 13).
**Cybersecurity:**
The World Economic Forum's Global Cybersecurity Outlook 2026 highlights cybercrime, AI misuse, and supply chain risks as major threats. ServiceNow patched a critical AI platform flaw (CVE-2025-12420) on January 13, which could allow unauthenticated user impersonation.
ServiceNow patches critical AI platform flaw that could allow user impersonation https://cyberscoop.com/servicenow-fixes-critical-ai-vulnerability-cve-2025-12420/
##The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0. https://thehackernews.com/2026/01/servicenow-patches-critical-ai-platform.html
##sev:CRIT auth bypass in SNOW.
https://www.cve.org/CVERecord?id=CVE-2025-12420
##A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update to hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Additionally, the vulnerability is addressed in the listed Store App versions. We recommend that customers promptly apply an appropriate security update or upgrade if they have not already done so.
updated 2026-01-12T21:31:38
1 posts
updated 2026-01-12T15:30:50
1 posts
Critical SQL Injection and XSS flaws reported in Imaster business software
Imaster's business management systems suffer from four vulnerabilities, including a critical SQL injection (CVE-2025-41006) that allows unauthenticated database access. These flaws enable attackers to steal sensitive patient data and execute malicious scripts in administrative sessions.
**If you are using Imaster MEMS Events CRM and the Patient Records Management System, make sure they are isolated from the internet and accessible from trusted networks only. Reach out to the vendor for patches, and in the meantime use a Web Application Firewall to filter malicious SQL and XSS traffic.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sql-injection-and-xss-vulnerabilities-discovered-in-imaster-business-software-v-f-v-d-t/gD2P6Ple2L
updated 2026-01-12T09:30:36
1 posts
updated 2026-01-12T06:30:20
1 posts
updated 2026-01-11T14:53:55
1 posts
2 repos
Critical directory traversal vulnerability reported in React Router and Remix
React Router and Remix released patches for a critical directory traversal vulnerability, CVE-2025-61686, which allows attackers to read or write server files via unsigned session cookies.
**If you are using createFileSessionStorage in React Router and Remix, this is important and urgent. Check if you are using signed cookies for session storage. If not, change that ASAP, and update packages to the latest versions immediately. Ideally, limit file system permissions of your web server process to the bare minimum.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-directory-traversal-vulnerability-patched-in-react-router-and-remix-f-v-1-s-w/gD2P6Ple2L
updated 2026-01-11T09:30:26
1 posts
UTT
https://www.cve.org/CVERecord?id=CVE-2026-0836
https://www.cve.org/CVERecord?id=CVE-2026-0837
https://www.cve.org/CVERecord?id=CVE-2026-0838
https://www.cve.org/CVERecord?id=CVE-2026-0839
https://www.cve.org/CVERecord?id=CVE-2026-0840
https://www.cve.org/CVERecord?id=CVE-2026-0841
Luxul
##updated 2026-01-11T09:30:25
1 posts
UTT
https://www.cve.org/CVERecord?id=CVE-2026-0836
https://www.cve.org/CVERecord?id=CVE-2026-0837
https://www.cve.org/CVERecord?id=CVE-2026-0838
https://www.cve.org/CVERecord?id=CVE-2026-0839
https://www.cve.org/CVERecord?id=CVE-2026-0840
https://www.cve.org/CVERecord?id=CVE-2026-0841
Luxul
##updated 2026-01-11T06:30:19
1 posts
UTT
https://www.cve.org/CVERecord?id=CVE-2026-0836
https://www.cve.org/CVERecord?id=CVE-2026-0837
https://www.cve.org/CVERecord?id=CVE-2026-0838
https://www.cve.org/CVERecord?id=CVE-2026-0839
https://www.cve.org/CVERecord?id=CVE-2026-0840
https://www.cve.org/CVERecord?id=CVE-2026-0841
Luxul
##updated 2026-01-11T06:30:19
1 posts
UTT
https://www.cve.org/CVERecord?id=CVE-2026-0836
https://www.cve.org/CVERecord?id=CVE-2026-0837
https://www.cve.org/CVERecord?id=CVE-2026-0838
https://www.cve.org/CVERecord?id=CVE-2026-0839
https://www.cve.org/CVERecord?id=CVE-2026-0840
https://www.cve.org/CVERecord?id=CVE-2026-0841
Luxul
##updated 2026-01-11T06:30:14
1 posts
UTT
https://www.cve.org/CVERecord?id=CVE-2026-0836
https://www.cve.org/CVERecord?id=CVE-2026-0837
https://www.cve.org/CVERecord?id=CVE-2026-0838
https://www.cve.org/CVERecord?id=CVE-2026-0839
https://www.cve.org/CVERecord?id=CVE-2026-0840
https://www.cve.org/CVERecord?id=CVE-2026-0841
Luxul
##updated 2026-01-09T18:31:43
1 posts
updated 2026-01-09T06:16:00.257000
1 posts
1 repos
Mitsubishi Electric and ICONICS Patch Critical Industrial Software Flaws
Mitsubishi Electric and ICONICS patched multiple vulnerabilities in industrial software, including a critical remote code execution flaw (CVE-2022-33318). These bugs allow attackers to take over systems, steal data, or disrupt manufacturing operations across several product lines.
**Review the advisory to check if you are using the affected product lines. As usual, make sure all industrial devices are isolated from the internet and accessible from trusted networks only. Then plan a patch cycle. For older products like MC Works64 and GENESIS32 plan a replacement path, they won't be getting a patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/mitsubishi-electric-and-iconics-patch-critical-industrial-software-flaws-4-h-b-q-o/gD2P6Ple2L
updated 2026-01-09T00:30:28
1 posts
CVE-2025-12543: Host Header Validation Bypass in #Undertow
https://www.endorlabs.com/learn/cve-2025-12543-host-header-validation-bypass-in-undertow
##updated 2026-01-08T19:15:56.283000
3 posts
10 repos
https://github.com/DeathShotXD/CVE-2025-52691-APT-PoC
https://github.com/nxgn-kd01/smartermail-cve-scanner
https://github.com/Ashwesker/Ashwesker-CVE-2025-52691
https://github.com/rxerium/CVE-2025-52691
https://github.com/yt2w/CVE-2025-52691
https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691
https://github.com/hilwa24/CVE-2025-52691
https://github.com/you-ssef9/CVE-2025-52691
https://github.com/rimbadirgantara/CVE-2025-52691-poc
https://github.com/SuJing-cy/CVE-2025-2025-52691-SmarterMail-Exp
@ljrk I see your ../../../../../ and raise you one ../../../../../../../../../../../../../../../
https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
Timeline of vulnerability (soon to be exploited...) (SmartMail):
2025-12-28: NVD CVE published. [1]
2026-01-08: Vulnerability deepdive and PoC published. [2]
2026-01-12: Reconnaissance for instances detected. [3]
2026-01-xx: Exploitation? ...
[1]: https://nvd.nist.gov/vuln/detail/CVE-2025-52691
[2]: https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
[3]: https://www.labs.greynoise.io/grimoire/2026-01-13-smartermail-version-enumeration/
We've been working on a new AI-driven + human-in-the-loop threat signals detector and this morning it flagged this path that we have not seen before in the grid in the past 90d `/api/v1/licensing/about`. It turns out it's an unauth’d version check for SmarterTools SmarterMail.
If that name sounds familiar its b/c of CVE-2025-52691 (https://nvd.nist.gov/vuln/detail/CVE-2025-52691). (1/3)
##updated 2026-01-08T16:28:23.960000
1 posts
5 repos
https://github.com/Crime2/poc-CVE-2025-38352
https://github.com/Soikoth3010/soikoth3010.github.io
https://github.com/farazsth98/chronomaly
❗️Chronomaly: Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable Linux kernels v5.10.x.
##updated 2026-01-08T15:31:28
1 posts
‼️Trend Micro Apex Central Multiple Vulnerabilities
CVE:
CVE-2025-69258 (CVSS: 9.8)
CVE-2025-69259 (CVSS: 7.5)
CVE-2025-69260 (CVSS: 7.5)
CWE: CWE-1285, CWE-306, CWE-641
PoC/Writeup: https://www.tenable.com/security/research/tra-2026-01
Disclosure Date: January 7. 2026
Disclosure: https://success.trendmicro.com/en-US/solution/KA-0022071
##updated 2026-01-08T00:32:16
1 posts
3 repos
https://github.com/LACHHAB-Anas/Exploit_CVE-2025-37164
CISA urges emergency patching after a critical HPE OneView vulnerability (CVE-2025-37164) with active exploitation - Check your versions and update to OneView v11.00 or later now.
Read: https://hackread.com/cisa-emergency-patching-exploit-hpe-oneview-flaw/
##updated 2026-01-07T12:31:27
1 posts
CyRC Discovers Critical WLAN Vulnerabilities in ASUS and TP-Link Routers (CVE-2025-14631) | Black Duck Blog #devopsish https://www.blackduck.com/blog/cyrc-discovers-asus-tplink-wlan-vulnerabilities.html
##updated 2026-01-05T18:30:29
1 posts
CVE-2025-14346: WHILL electric wheelchairs models C2 and F are vulnerable to takeover over bluetooth.
Reminds me of how PGDrives Rnet systems can be controlled remotely but in that case it requires a device be plugged in to the control bus.
##updated 2026-01-03T00:32:10
1 posts
3 repos
https://github.com/Ashwesker/Ashwesker-CVE-2026-21440
❗️CVE-2026-21440: A critical path traversal vulnerability affecting the AdonisJS framework, specifically its multipart file upload handling.
PoC Exploit: https://github.com/Ashwesker/Ashwesker-CVE-2026-21440
▪️CVSS: 9.2
▪️CVE Published: January 2nd, 2026
▪️Exploit Published: January 5th, 2026
Details:
AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.
##updated 2025-12-30T15:08:14.027000
1 posts
updated 2025-12-30T00:32:58
7 posts
38 repos
https://github.com/alexcyberx/CVE-2025-14847_Expolit
https://github.com/JemHadar/MongoBleed-DFIR-Triage-Script-CVE-2025-14847
https://github.com/cybertechajju/CVE-2025-14847_Expolit
https://github.com/CadGoose/MongoBleed-CVE-2025-14847-Fully-Automated-scanner
https://github.com/Systemhaus-Schulz/MongoBleed-CVE-2025-14847
https://github.com/kuyrathdaro/cve-2025-14847
https://github.com/sakthivel10q/CVE-2025-14847
https://github.com/KingHacker353/CVE-2025-14847_Expolit
https://github.com/pedrocruz2202/mongobleed-scanner
https://github.com/NoNameError/MongoBLEED---CVE-2025-14847-POC-
https://github.com/keraattin/Mongobleed-Detector-CVE-2025-14847
https://github.com/FurkanKAYAPINAR/CVE-2025-14847-MongoBleed-Exploit
https://github.com/Ashwesker/Ashwesker-CVE-2025-14847
https://github.com/onewinner/CVE-2025-14847
https://github.com/joshuavanderpoll/CVE-2025-14847
https://github.com/demetriusford/mongobleed
https://github.com/vfa-tuannt/CVE-2025-14847
https://github.com/Security-Phoenix-demo/mongobleed-exploit-CVE-2025-14847
https://github.com/amnnrth/CVE-2025-14847
https://github.com/saereya/CVE-2025-14847---MongoBleed
https://github.com/waheeb71/CVE-2025-14847
https://github.com/sakthivel10q/sakthivel10q.github.io
https://github.com/nma-io/mongobleed
https://github.com/Black1hp/mongobleed-scanner
https://github.com/chinaxploiter/CVE-2025-14847-PoC
https://github.com/ElJoamy/MongoBleed-exploit
https://github.com/Rishi-kaul/CVE-2025-14847-MongoBleed
https://github.com/j0lt-github/mongobleedburp
https://github.com/tunahantekeoglu/MongoDeepDive
https://github.com/franksec42/mongobleed-exploit-CVE-2025-14847
https://github.com/pedrocruz2202/pedrocruz2202.github.io
https://github.com/AdolfBharath/mongobleed
https://github.com/ProbiusOfficial/CVE-2025-14847
https://github.com/sahar042/CVE-2025-14847
https://github.com/14mb1v45h/CYBERDUDEBIVASH-MONGODB-DETECTOR-v2026
https://github.com/AmadoBatista/mongobleed
Did PANW just take a couple months off? They're just now publishing a threat brief on MongoBleed? Maybe that's why we haven't seen any advisories from them. Can't wait to see what's been sitting EITW in their queues.
https://unit42.paloaltonetworks.com/mongobleed-cve-2025-14847/
##updated 2025-12-29T19:43:28
1 posts
1 repos
Here's my analysis of the recent-ish 9.3 Critical in #Emby (CVE-2025-64113).
Sadly, the vulnerability turned out to be pretty boring, but I've tried to make the best of it.
##updated 2025-12-29T15:58:56.260000
1 posts
updated 2025-12-17T21:30:47
2 posts
7 repos
https://github.com/Ashwesker/Ashwesker-CVE-2025-20393
https://github.com/KingHacker353/CVE-2025-20393
https://github.com/MRH701/cisco-sa-sma-attack-N9bf4
https://github.com/cyberleelawat/CVE-2025-20393
https://github.com/MRH701/mrh701.github.io
https://github.com/cyberdudebivash/CYBERDUDEBIVASH-Cisco-AsyncOS-CVE-2025-20393-Scanner
Here's a brief on the latest global, tech, and cybersecurity news from the last 24 hours:
Global: Uganda's Yoweri Museveni was declared winner of the presidential election. Over 100 people have died in torrential rains and floods across Southern Africa.
Tech: OpenAI is reportedly considering introducing ads to ChatGPT. Google filed to appeal a decision in its search monopoly case, and new generative AI features are rolling out for Gmail.
Cybersecurity: Cisco patched a zero-day vulnerability (CVE-2025-20393) exploited by a China-linked APT (Jan 16). A new PayPal phishing scam uses verified invoices with fake support numbers, and the GhostPoster browser malware, active for five years, was exposed.
##Updated Cisco advisory. "Rudolph, the red-nosed reindeer ...." 🎵 🎶 🎧
"There are no workarounds identified that directly mitigate the risk concerning this attack campaign, but administrators can view and follow the guidance provided in the Recommendations section of this advisory."
Cisco: CVE-2025-20393, critical: Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4
There are three other entries for today:
- Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-9TDh2kx
- Cisco Identity Services Engine Cross-Site Scripting Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-964cdxW5
- Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-stored-xss-GEkX8yWK @TalosSecurity #infosec #Cisco #vulnerability
##updated 2025-12-16T18:31:42
1 posts
Heads up for my fellow Red Hat Enterprise Linux (RHEL) 10 users:
Important: kernel security update
kernel: libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285)
So do your `dnf update` ASAP :)
More details: https://access.redhat.com/errata/RHSA-2026:0786
##updated 2025-12-10T16:10:33.500000
1 posts
updated 2025-12-09T16:53:25
1 posts
100 repos
https://github.com/hoosin/CVE-2025-55182
https://github.com/jf0x3a/CVE-2025-55182-exploit
https://github.com/kOaDT/poc-cve-2025-55182
https://github.com/sickwell/CVE-2025-55182
https://github.com/pyroxenites/Nextjs_RCE_Exploit_Tool
https://github.com/timsonner/React2Shell-CVE-2025-55182
https://github.com/fatguru/CVE-2025-55182-scanner
https://github.com/Dh4v4l8/CVE-2025-55182-poc-tool
https://github.com/zack0x01/CVE-2025-55182-advanced-scanner-
https://github.com/Rsatan/Next.js-Exploit-Tool
https://github.com/xcanwin/CVE-2025-55182-React-RCE
https://github.com/RuoJi6/CVE-2025-55182-RCE-shell
https://github.com/MoLeft/React2Shell-Toolbox
https://github.com/StealthMoud/CVE-2025-55182-Scanner
https://github.com/kondukto-io/vulnerable-next-js-poc
https://github.com/VeilVulp/RscScan-cve-2025-55182
https://github.com/sho-luv/React2Shell
https://github.com/TrixSec/CVE-2025-55182-Scanner
https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc
https://github.com/websecuritylabs/React2Shell-Library
https://github.com/sudo-Yangziran/CVE-2025-55182POC
https://github.com/Pizz33/CVE-2025-55182-burpscanner
https://github.com/acheong08/CVE-2025-55182-poc
https://github.com/EynaExp/CVE-2025-55182-POC
https://github.com/aliclub0x00/CVE-2025-55182-POC-NEXTJS
https://github.com/emredavut/CVE-2025-55182
https://github.com/MrR0b0t19/CVE-2025-55182-shellinteractive
https://github.com/ejpir/CVE-2025-55182-bypass
https://github.com/im-ezboy/CVE-2025-55182-zoomeye
https://github.com/Cillian-Collins/CVE-2025-55182
https://github.com/sumanrox/rschunter
https://github.com/theman001/CVE-2025-55182
https://github.com/Ashwesker/Ashwesker-CVE-2025-55182
https://github.com/zzhorc/CVE-2025-55182
https://github.com/yz9yt/React2Shell-CTF
https://github.com/chrahman/react2shell-CVE-2025-55182-full-rce-script
https://github.com/zr0n/react2shell
https://github.com/onlylovetx/CVE-2025-55182-CVE-2025-66478-Exploit-GUI
https://github.com/theori-io/reactguard
https://github.com/BlackTechX011/React2Shell
https://github.com/c0rydoras/CVE-2025-55182
https://github.com/alsaut1/react2shell-lab
https://github.com/BeichenDream/CVE-2025-55182-GodzillaMemoryShell
https://github.com/Saturate/CVE-2025-55182-Scanner
https://github.com/logesh-GIT001/CVE-2025-55182
https://github.com/ejpir/CVE-2025-55182-research
https://github.com/pax-k/react2shell-CVE-2025-55182-full-rce-script
https://github.com/LemonTeatw1/CVE-2025-55182-exploit
https://github.com/nehkark/CVE-2025-55182
https://github.com/anuththara2007-W/CVE-2025-55182-Exploit-extension
https://github.com/hidden-investigations/react2shell-scanner
https://github.com/gensecaihq/react2shell-scanner
https://github.com/dwisiswant0/CVE-2025-55182
https://github.com/hualy13/CVE-2025-55182
https://github.com/ZihxS/check-react-rce-cve-2025-55182
https://github.com/M4xSec/CVE-2025-55182-React2Shell-RCE-Shell
https://github.com/Faithtiannn/CVE-2025-55182
https://github.com/Chocapikk/CVE-2025-55182
https://github.com/GelukCrab/React-Server-Components-RCE
https://github.com/momika233/CVE-2025-55182-bypass
https://github.com/freeqaz/react2shell
https://github.com/xalgord/React2Shell
https://github.com/Cr4at0r/Next.js-RCE-Scanner-BurpSuite-Extension-
https://github.com/l4rm4nd/CVE-2025-55182
https://github.com/SainiONHacks/CVE-2025-55182-Scanner
https://github.com/tobiasGuta/Next.js-RSC-RCE-Scanner-Burp-Suite-Extension
https://github.com/mrknow001/RSC_Detector
https://github.com/hackersatyamrastogi/react2shell-ultimate
https://github.com/shyambhanushali/React2Shell
https://github.com/santihabib/CVE-2025-55182-analysis
https://github.com/zack0x01/vuln-app-CVE-2025-55182
https://github.com/CirqueiraDev/MassExploit-CVE-2025-55182
https://github.com/techgaun/cve-2025-55182-scanner
https://github.com/kavienanj/CVE-2025-55182
https://github.com/fullhunt/react2shell-test-server
https://github.com/subhdotsol/CVE-2025-55182
https://github.com/Updatelap/CVE-2025-55182
https://github.com/surajhacx/react2shellpoc
https://github.com/heiheishushu/rsc_detect_CVE-2025-55182
https://github.com/yanoshercohen/React2Shell_CVE-2025-55182
https://github.com/fBUZk2BH/RSC-Detect-CVE-2025-55182
https://github.com/CymulateResearch/React2Shell-Scanner
https://github.com/alfazhossain/CVE-2025-55182-Exploiter
https://github.com/BankkRoll/Quickcheck-CVE-2025-55182-React-and-CVE-2025-66478-Next.js
https://github.com/AliHzSec/CVE-2025-55182
https://github.com/whiteov3rflow/CVE-2025-55182-poc
https://github.com/C00LN3T/React2Shell
https://github.com/ynsmroztas/NextRce
https://github.com/keklick1337/CVE-2025-55182-golang-PoC
https://github.com/songsanggggg/CVE-2025-55182
https://github.com/vijay-shirhatti/RSC-Detect-CVE-2025-55182
https://github.com/XiaomingX/CVE-2025-55182-poc
https://github.com/cybertechajju/R2C-CVE-2025-55182-66478
https://github.com/ThemeHackers/CVE-2025-55182
https://github.com/assetnote/react2shell-scanner
https://github.com/xkillbit/cve-2025-55182-scanner
https://github.com/msanft/CVE-2025-55182
I had a chance last week to chat with Benjamin Read of #Wiz. Last month, Read and other members of his team published a deep dive into the #React2Shell
(CVE-2025-55182) vulnerability, and I was curious to see what has been hitting my honeypot, so I took a closer look.
This is doing some weird stuff, friends.
As is normally the case with exploits targeting internet-facing devices, once the exploit becomes known, it ends up in the automated scanners used by threat actors and security researchers. What I've seen over the past week is a combination of both.
In just a few hours of operation, I identified a small number of source IP addresses exploiting React2Shell by pointing the vulnerable system at URLs hosting BASH scripts. These scripts are really familiar to anyone who routinely looks at honeypot data - they contain a series of commands that pull down and execute malicious payloads.
And as I've seen in the past, some of these payloads use racially inflammatory language in their malware. It's weird and gross, but unfortunately, really common.
But while most of these payloads were "the usual suspects" - remote shells, cryptocurrency miners - there was one payload that stuck out.
It's an exploit file, based on this proof-of-concept [https://github.com/iotwar/FIVEM-POC/blob/main/fivem-poc.py] designed to DDoS a modded server running "FiveM," a popular version of the game Grand Theft Auto V.
Let that one sink in: among the earliest adopters of a brand new exploit are...people trying to mess with other people's online game servers.
I've long said that exploits like these are the canaries in the datacenter coal mine. After all, if an attacker can force your server to run a cryptominer (or a game DDoS tool), they can force it to run far more malicious code.
I guess someone, or a group of someones, just want to ruin everyone's good time, no matter how or what form that takes. And they'll do it in the most offensive way possible.
Anyway, patch your servers, please, if only to stick it to these people who want to be the reason we can't have nice things.
#PoC #exploit #CVE_2025_55182 #DDoS #FiveM #REACT #Bash #cryptominer #malware
##updated 2025-11-19T15:32:36
1 posts
12 repos
https://github.com/sxyrxyy/CVE-2025-64446-FortiWeb-CGI-Bypass-PoC
https://github.com/Ashwesker/Ashwesker-CVE-2025-64446
https://github.com/mrk336/Silent-WebStorm-Fortinet-s-Hidden-Exploits
https://github.com/fevar54/CVE-2025-64446-PoC---FortiWeb-Path-Traversal
https://github.com/D3crypT0r/CVE-2025-64446
https://github.com/soltanali0/CVE-2025-64446-Exploit
https://github.com/sensepost/CVE-2025-64446
https://github.com/AN5I/cve-2025-64446-fortiweb-exploit
https://github.com/Death112233/CVE-2025-64446-
https://github.com/lequoca/fortinet-fortiweb-cve-2025-64446-58034
https://github.com/verylazytech/CVE-2025-64446
https://github.com/lincemorado97/CVE-2025-64446_CVE-2025-58034
Sicarii RaaS uses Israeli/Jewish iconography — but researchers say it’s likely deceptive branding.
• Geo-fencing to avoid Israeli systems
• CVE-2025-64446 exploitation
• Data theft + destructive ransomware
What’s your assessment of attribution through branding?
##updated 2025-11-13T15:30:37
1 posts
updated 2025-11-13T15:30:37
1 posts
updated 2025-11-05T00:32:35
1 posts
Still no fix in BIG-IP DNS for CVE-2025-8677.
##updated 2025-11-04T22:16:11.677000
1 posts
2 repos
https://github.com/sirbuvladste/BIND-9-Cache-Poisoning-PoC---CVE-2025-40778
updated 2025-11-03T21:34:58
1 posts
1 repos
https://github.com/Betim-Hodza/CVE-2025-4802-Proof-of-Concept
Cool bug 🐞
CVE-2025-4802: Arbitrary library path #vulnerability in static setuid binary in #GLIBC
https://hackyboiz.github.io/2025/12/03/millet/cve-2025-4802/
##updated 2025-11-03T21:34:39
1 posts
updated 2025-11-03T21:33:34
1 posts
updated 2025-11-03T21:32:18
1 posts
updated 2025-11-03T20:19:19.233000
1 posts
⚪ Firefox Patches Vulnerability Discovered by a Positive Technologies Expert
🗨️ Exploitation of the vulnerability became possible after injecting malicious code into an arbitrary website, allowing an attacker to steal credentials and redirect users to phishing pages.
##updated 2025-10-30T15:55:01.903000
1 posts
1 repos
https://github.com/AdityaBhatt3010/CVE-2025-10585-The-Chrome-V8-Zero-Day
⚪ Google patches a Chrome zero-day; the vulnerability is already being exploited in attacks
🗨️ Google has released updates for Chrome to address four vulnerabilities. According to the company, one of them (CVE-2025-10585) has already been exploited by attackers.
##updated 2025-10-29T15:31:52
1 posts
updated 2025-10-28T14:15:30.907000
1 posts
1 repos
German Manufacturing Under Phishing Attacks: Tracking a Stealthy AsyncRATCampaign
Learn about a new phishing campaign targeting German manufacturing companies using CVE-2024-43451.
🔗️ [Any] https://link.is.it/F0JDjf
##updated 2025-10-27T15:13:10
1 posts
3 repos
https://github.com/amalpvatayam67/day01-sessionreaper-lab
⚪ Adobe Commerce and Magento Vulnerability Enables Account Takeover
🗨️ Adobe has disclosed a critical bug (CVE-2025-54236) that affects the Commerce and Magento platforms. Researchers have dubbed this vulnerability SessionReaper and describe it as one of the most serious in…
##updated 2025-10-22T00:34:27
1 posts
⚪ Samsung patches a 0‑day exploited in attacks against Android users
🗨️ Samsung has patched a zero-day RCE vulnerability that was already being exploited in attacks against devices running Android.
##updated 2025-09-25T16:39:27
1 posts
updated 2025-08-15T18:31:55
1 posts
1 repos
https://github.com/watchtowrlabs/watchTowr-vs-FortiSIEM-CVE-2025-25256
The vulnerability is tracked as CVE-2025-25256, and is a combination of two issues that permit arbitrary write with admin permissions and privilege escalation to root access. https://www.bleepingcomputer.com/news/security/exploit-code-public-for-critical-fortisiem-command-injection-flaw/
##updated 2025-08-12T18:31:39
1 posts
⚪ August Windows updates may block app installations
🗨️ Microsoft reported that the Windows security updates for August 2025 may trigger unexpected User Account Control (UAC) prompts and cause problems with app installations. The bug affects users without administrator…
##updated 2025-08-12T18:31:31
1 posts
1 repos
❗️CVE-2025-53136: Windows Kernel Information Disclosure through Race condition
PoC/Exploit: https://github.com/nu1lptr0/CVE-2025-53136
CVSS: 5.5
CVE Published: Aug 12th, 2025
updated 2025-07-31T21:32:03
1 posts
Critical authentication bypass in Güralp Systems seismic monitoring devices
Güralp Systems reported a critical authentication bypass vulnerability (CVE-2025-8286) in its FMUS and MIN series seismic devices, allowing unauthenticated attackers to modify configurations or factory reset hardware.
**Make sure all Güralp devices are isolated from the internet and accessible from trusted networks only. Review the patch, and consult with the vendor since it's still experimental. At minimum, isolate all systems from the internet, then wait for the final patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-guralp-systems-seismic-monitoring-devices-n-i-c-w-x/gD2P6Ple2L
updated 2025-07-01T14:47:11.290000
1 posts
2 repos
https://github.com/Nurjaman2004/jsPDF-Bulk-Detector-CVE-2025-68428-
❗️CVE-2025-68428: Critical Path Traversal in jsPDF
GitHub: https://github.com/12nio/CVE-2025-68428_PoC
CVSS: 9.2
CVE Published: January 5th, 2026
Exploit Published: January 8th, 2026
News source: https://www.bleepingcomputer.com/news/security/critical-jspdf-flaw-lets-hackers-steal-secrets-via-generated-pdfs/
##updated 2025-05-26T02:13:09.153000
1 posts
1 repos
⚪ Samsung patches a 0‑day exploited in attacks against Android users
🗨️ Samsung has patched a zero-day RCE vulnerability that was already being exploited in attacks against devices running Android.
##updated 2025-05-14T15:15:48.477000
1 posts
This looks to be Hajime only going after Mikrotik routers in some scanner's inventory. Highly targeted (only hitting our Mikrotiks), low and slow over time.
Definitely coming from a wide array of other compromised edge devices.
https://viz.greynoise.io/tags/mikrotik-routeros-rce-cve-2017-20149-attempt?days=90
##updated 2025-02-13T06:31:52
1 posts
1 repos
https://github.com/AdityaBhatt3010/CVE-2025-10585-The-Chrome-V8-Zero-Day
⚪ Google patches a Chrome zero-day; the vulnerability is already being exploited in attacks
🗨️ Google has released updates for Chrome to address four vulnerabilities. According to the company, one of them (CVE-2025-10585) has already been exploited by attackers.
##updated 2024-11-21T08:13:30.520000
1 posts
8 repos
https://github.com/Adel2411/cve-2023-38408
https://github.com/mrtacojr/CVE-2023-38408
https://github.com/LucasPDiniz/CVE-2023-38408
https://github.com/classic130/CVE-2023-38408
https://github.com/kali-mx/CVE-2023-38408
https://github.com/wxrdnx/CVE-2023-38408
Critical OpenSSH flaw exposes Moxa industrial switches to remote takeover
Moxa issued a critical advisory for a remote code execution vulnerability (CVE-2023-38408) affecting several industrial Ethernet switch series. The flaw allows unauthenticated attackers to take full control of devices if a user forwards an ssh-agent to a compromised system.
**Make sure all Moza devices are isolated from the internet and accessible from trusted networks only. Contact Moxa support to get the latest firmware for your EDS and RKS switches.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-openssh-flaw-exposes-moxa-industrial-switches-to-remote-takeover-f-u-h-q-u/gD2P6Ple2L
updated 2024-05-15T06:28:36
1 posts
6 repos
https://github.com/nerowander/CVE-2022-25845-exploit
https://github.com/scabench/fastjson-tp1fn1
https://github.com/ph0ebus/CVE-2022-25845-In-Spring
https://github.com/luelueking/CVE-2022-25845-In-Spring
Perfect 10 in Fastjson. 🥳
It's funny that it appears to be a challenging enough bug that it bypassed at least two previous fixes.
https://www.cve.org/CVERecord?id=CVE-2025-70974
##Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload located elsewhere in that JSON document. This was exploited in the wild in 2023 through 2025. NOTE: this issue exists because of an incomplete fix for CVE-2017-18349. Also, a later bypass is covered by CVE-2022-25845.
updated 2024-04-04T08:33:05
1 posts
The publicly disclosed ones are expiring Secure Boot cert:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21265
and an old one that was published in 2023 but is apparently now applicable to all Windows systems with the Agere Soft Modem installed, even if it isn't in use.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-31096
##updated 2023-09-26T14:52:01
1 posts
1 repos
Perfect 10 in Fastjson. 🥳
It's funny that it appears to be a challenging enough bug that it bypassed at least two previous fixes.
https://www.cve.org/CVERecord?id=CVE-2025-70974
##Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload located elsewhere in that JSON document. This was exploited in the wild in 2023 through 2025. NOTE: this issue exists because of an incomplete fix for CVE-2017-18349. Also, a later bypass is covered by CVE-2022-25845.
updated 2023-01-31T05:03:00
1 posts
Critical Unsecured Protocol Vulnerability Reported in Festo Industrial Firmware
Festo reports a critical exposure (CVE-2022-3270) in numerous industrial controllers and bus modules caused by undocumented and unsecured protocols that allow unauthenticated remote takeover.
**This is a weird report - there will be no patch, the unsecured ports will remain unsecured. Your only option is to isolate the systems from the internet and make them accessible from trusted networks only.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unsecured-protocol-vulnerability-reported-in-festo-industrial-firmware-r-a-c-h-v/gD2P6Ple2L
updated 2023-01-29T05:06:36
1 posts
5 repos
https://github.com/Dviejopomata/CVE-2020-8554
https://github.com/twistlock/k8s-cve-2020-8554-mitigations
https://github.com/jrmurray000/CVE-2020-8554
For anyone who's been to one of my #Kubernetes #Security talks over the last couple of years, you may have seen me mention "the unpatchable 4", which is a set of Kubernetes CVEs for which there are no patches, you need to mitigate them with configuration or architecture choices.
I've been meaning to write more about them, and finally got a chance so here's the first in a mini-series of posts looking at the CVEs and the underlying reasons they occur. This time it's CVE-2020-8554.
https://securitylabs.datadoghq.com/articles/unpatchable-kubernetes-vulnerabilities-cve-2020-8554/
##Security Advisory: SQLite database externally accessible with the default settings of Tandoor Recipes module (CVE-2026-23838)
##Ever named your own CVE? We sure did. 😏
Meet PTT-2025-021 (aka CVE-2025-63261).
A vulnerability in AWStats hiding inside cPanel.
One misplaced "|" flips log analysis into command execution.
No magic. Just unsafe open() and legacy code trusting input.
On our blog, we walk through how we traced it, proved it, and why this vulnerability class still bites.
Special thanks to Matei Badanoiu for the research. 👏
See the full attack path in Part 1: https://pentest-tools.com/blog/cpanel-cve-ptt-2025-021-part-1
##FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##FreeRDP
https://www.cve.org/CVERecord?id=CVE-2026-22851
https://www.cve.org/CVERecord?id=CVE-2026-22852
https://www.cve.org/CVERecord?id=CVE-2026-22853
https://www.cve.org/CVERecord?id=CVE-2026-22854
https://www.cve.org/CVERecord?id=CVE-2026-22855
https://www.cve.org/CVERecord?id=CVE-2026-22856
https://www.cve.org/CVERecord?id=CVE-2026-22857
https://www.cve.org/CVERecord?id=CVE-2026-22858
https://www.cve.org/CVERecord?id=CVE-2026-22859
Edit to add more.
##Suricata
https://www.cve.org/CVERecord?id=CVE-2026-22258
https://www.cve.org/CVERecord?id=CVE-2026-22259
https://www.cve.org/CVERecord?id=CVE-2026-22260
https://www.cve.org/CVERecord?id=CVE-2026-22261
https://www.cve.org/CVERecord?id=CVE-2026-22262
https://www.cve.org/CVERecord?id=CVE-2026-22263
##Suricata
https://www.cve.org/CVERecord?id=CVE-2026-22258
https://www.cve.org/CVERecord?id=CVE-2026-22259
https://www.cve.org/CVERecord?id=CVE-2026-22260
https://www.cve.org/CVERecord?id=CVE-2026-22261
https://www.cve.org/CVERecord?id=CVE-2026-22262
https://www.cve.org/CVERecord?id=CVE-2026-22263
##Suricata
https://www.cve.org/CVERecord?id=CVE-2026-22258
https://www.cve.org/CVERecord?id=CVE-2026-22259
https://www.cve.org/CVERecord?id=CVE-2026-22260
https://www.cve.org/CVERecord?id=CVE-2026-22261
https://www.cve.org/CVERecord?id=CVE-2026-22262
https://www.cve.org/CVERecord?id=CVE-2026-22263
##Suricata
https://www.cve.org/CVERecord?id=CVE-2026-22258
https://www.cve.org/CVERecord?id=CVE-2026-22259
https://www.cve.org/CVERecord?id=CVE-2026-22260
https://www.cve.org/CVERecord?id=CVE-2026-22261
https://www.cve.org/CVERecord?id=CVE-2026-22262
https://www.cve.org/CVERecord?id=CVE-2026-22263
##Suricata
https://www.cve.org/CVERecord?id=CVE-2026-22258
https://www.cve.org/CVERecord?id=CVE-2026-22259
https://www.cve.org/CVERecord?id=CVE-2026-22260
https://www.cve.org/CVERecord?id=CVE-2026-22261
https://www.cve.org/CVERecord?id=CVE-2026-22262
https://www.cve.org/CVERecord?id=CVE-2026-22263
##Suricata
https://www.cve.org/CVERecord?id=CVE-2026-22258
https://www.cve.org/CVERecord?id=CVE-2026-22259
https://www.cve.org/CVERecord?id=CVE-2026-22260
https://www.cve.org/CVERecord?id=CVE-2026-22261
https://www.cve.org/CVERecord?id=CVE-2026-22262
https://www.cve.org/CVERecord?id=CVE-2026-22263
##Suricata
https://www.cve.org/CVERecord?id=CVE-2026-22258
https://www.cve.org/CVERecord?id=CVE-2026-22259
https://www.cve.org/CVERecord?id=CVE-2026-22260
https://www.cve.org/CVERecord?id=CVE-2026-22261
https://www.cve.org/CVERecord?id=CVE-2026-22262
https://www.cve.org/CVERecord?id=CVE-2026-22263
##1 posts
18 repos
https://github.com/hzhsec/redis-cve_2025_49844
https://github.com/lastvocher/redis-CVE-2025-49844
https://github.com/saneki/cve-2025-49844
https://github.com/angelusrivera/CVE-2025-49844
https://github.com/Network-Sec/CVE-2025-49844-RediShell-AI-made-Revshell
https://github.com/raminfp/redis_exploit
https://github.com/gopinaath/CVE-2025-49844-discovery
https://github.com/elyasbassir/CVE-2025-49844
https://github.com/MiclelsonCN/CVE-2025-49844_POC
https://github.com/Ashwesker/Ashwesker-CVE-2025-49844
https://github.com/imbas007/CVE-2025-49844-Vulnerability-Scanner
https://github.com/pedrorichil/CVE-2025-49844
https://github.com/dwisiswant0/CVE-2025-49844
https://github.com/Yuri08loveElaina/CVE-2025-49844
https://github.com/srozb/reditrap
https://github.com/Zain3311/CVE-2025-49844
https://github.com/ksnnd32/redis_exploit
https://github.com/Mufti22/CVE-2025-49844-RediShell-Vulnerability-Scanner
Redis Lua vuln impacts BIG-IP Next and no patches are available.
##⚪ August Windows updates may block app installations
🗨️ Microsoft reported that the Windows security updates for August 2025 may trigger unexpected User Account Control (UAC) prompts and cause problems with app installations. The bug affects users without administrator…
##Space Hacking ( NASA Cryptolib ) 🚀
https://www.cve.org/CVERecord?id=CVE-2026-21897
https://www.cve.org/CVERecord?id=CVE-2026-21898
https://www.cve.org/CVERecord?id=CVE-2026-21899
https://www.cve.org/CVERecord?id=CVE-2026-21900
https://www.cve.org/CVERecord?id=CVE-2026-22023
https://www.cve.org/CVERecord?id=CVE-2026-22024
https://www.cve.org/CVERecord?id=CVE-2026-22025
https://www.cve.org/CVERecord?id=CVE-2026-22026
##Space Hacking ( NASA Cryptolib ) 🚀
https://www.cve.org/CVERecord?id=CVE-2026-21897
https://www.cve.org/CVERecord?id=CVE-2026-21898
https://www.cve.org/CVERecord?id=CVE-2026-21899
https://www.cve.org/CVERecord?id=CVE-2026-21900
https://www.cve.org/CVERecord?id=CVE-2026-22023
https://www.cve.org/CVERecord?id=CVE-2026-22024
https://www.cve.org/CVERecord?id=CVE-2026-22025
https://www.cve.org/CVERecord?id=CVE-2026-22026
##Space Hacking ( NASA Cryptolib ) 🚀
https://www.cve.org/CVERecord?id=CVE-2026-21897
https://www.cve.org/CVERecord?id=CVE-2026-21898
https://www.cve.org/CVERecord?id=CVE-2026-21899
https://www.cve.org/CVERecord?id=CVE-2026-21900
https://www.cve.org/CVERecord?id=CVE-2026-22023
https://www.cve.org/CVERecord?id=CVE-2026-22024
https://www.cve.org/CVERecord?id=CVE-2026-22025
https://www.cve.org/CVERecord?id=CVE-2026-22026
##Space Hacking ( NASA Cryptolib ) 🚀
https://www.cve.org/CVERecord?id=CVE-2026-21897
https://www.cve.org/CVERecord?id=CVE-2026-21898
https://www.cve.org/CVERecord?id=CVE-2026-21899
https://www.cve.org/CVERecord?id=CVE-2026-21900
https://www.cve.org/CVERecord?id=CVE-2026-22023
https://www.cve.org/CVERecord?id=CVE-2026-22024
https://www.cve.org/CVERecord?id=CVE-2026-22025
https://www.cve.org/CVERecord?id=CVE-2026-22026
##Space Hacking ( NASA Cryptolib ) 🚀
https://www.cve.org/CVERecord?id=CVE-2026-21897
https://www.cve.org/CVERecord?id=CVE-2026-21898
https://www.cve.org/CVERecord?id=CVE-2026-21899
https://www.cve.org/CVERecord?id=CVE-2026-21900
https://www.cve.org/CVERecord?id=CVE-2026-22023
https://www.cve.org/CVERecord?id=CVE-2026-22024
https://www.cve.org/CVERecord?id=CVE-2026-22025
https://www.cve.org/CVERecord?id=CVE-2026-22026
##Space Hacking ( NASA Cryptolib ) 🚀
https://www.cve.org/CVERecord?id=CVE-2026-21897
https://www.cve.org/CVERecord?id=CVE-2026-21898
https://www.cve.org/CVERecord?id=CVE-2026-21899
https://www.cve.org/CVERecord?id=CVE-2026-21900
https://www.cve.org/CVERecord?id=CVE-2026-22023
https://www.cve.org/CVERecord?id=CVE-2026-22024
https://www.cve.org/CVERecord?id=CVE-2026-22025
https://www.cve.org/CVERecord?id=CVE-2026-22026
##Space Hacking ( NASA Cryptolib ) 🚀
https://www.cve.org/CVERecord?id=CVE-2026-21897
https://www.cve.org/CVERecord?id=CVE-2026-21898
https://www.cve.org/CVERecord?id=CVE-2026-21899
https://www.cve.org/CVERecord?id=CVE-2026-21900
https://www.cve.org/CVERecord?id=CVE-2026-22023
https://www.cve.org/CVERecord?id=CVE-2026-22024
https://www.cve.org/CVERecord?id=CVE-2026-22025
https://www.cve.org/CVERecord?id=CVE-2026-22026
##OWASP CRS Patches Critical Multipart Charset Validation Bypass
OWASP CRS released patches for a critical vulnerability (CVE-2026-21876) that allows attackers to bypass charset validation in multipart requests. By placing malicious payloads in early request parts, attackers can slip UTF-7/16/32 encoded XSS attacks past the WAF.
**If you are using WAF OWASP Core Rule Set to version 4.22.0 or 3.3.8 this is important. Update the Core rule 922110 ASAP. Don't not rely on default settings for rule 922110 until you have applied these patches. Attackers can easily hide malicious scripts in multi-part uploads.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/owasp-crs-patches-critical-multipart-charset-validation-bypass-6-n-o-8-z/gD2P6Ple2L