CVE-2025-13455
(7.8 HIGH)

EPSS: 0.00%

updated 2026-01-14T23:15:55.803000

1 posts

A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint.

CVE-2025-12166
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-14T23:15:54.180000

1 posts

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the `order` and `append_where_sql` parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated a

CVE-2026-0861
(8.4 HIGH)

EPSS: 0.00%

updated 2026-01-14T22:15:53.233000

1 posts

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.

CVE-2025-70747
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-14T21:35:12

1 posts

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-65397
(8.4 HIGH)

EPSS: 0.00%

updated 2026-01-14T21:35:12

1 posts

An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/public_key.der is not present in the file system. The vulnerability can be triggered by providing a maliciously crafted auth.ini file on the d

CVE-2026-22184
(9.8 CRITICAL)

EPSS: 0.11%

updated 2026-01-14T21:35:08

2 posts

zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption

CVE-2025-11224
(7.7 HIGH)

EPSS: 0.00%

updated 2026-01-14T21:34:16

1 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality.

CVE-2025-33206
(7.8 HIGH)

EPSS: 0.00%

updated 2026-01-14T21:34:16

1 posts

NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service.

CVE-2026-0732
(6.3 MEDIUM)

EPSS: 0.72%

updated 2026-01-14T21:34:06

1 posts

A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.

CVE-2026-23550
(10.0 CRITICAL)

EPSS: 0.04%

updated 2026-01-14T21:15:54.193000

1 posts

Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1.

CVE-2026-23512
(8.6 HIGH)

EPSS: 0.00%

updated 2026-01-14T21:15:54.013000

1 posts

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows execution of a malicious notepad.exe placed in the application's installation directory, leading to ar

CVE-2026-23492
(8.8 HIGH)

EPSS: 0.00%

updated 2026-01-14T21:15:44

1 posts

### Summary An **incomplete SQL injection patch** in the Admin Search Find API allows an authenticated attacker to perform **blind SQL injection**. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments (--) and catching syntax errors, the fix is insufficient. Attackers can still inject SQL payloads that do not rely on comments and infer database information via blind

CVE-2025-59470
(9.0 CRITICAL)

EPSS: 0.30%

updated 2026-01-14T20:59:08.753000

3 posts

This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.

CVE-2026-21272
(8.6 HIGH)

EPSS: 0.03%

updated 2026-01-14T20:49:33.830000

1 posts

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.

CVE-2026-21265
(6.4 MEDIUM)

EPSS: 0.21%

updated 2026-01-14T20:23:43.417000

2 posts

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes related to Windows boot manager or Secure Boot. The operating system’s certificate update protection mech

CVE-2025-71021
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-14T20:16:14.003000

1 posts

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2026-21281
(7.8 HIGH)

EPSS: 0.03%

updated 2026-01-14T19:28:33.957000

1 posts

InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-37168
(8.2 HIGH)

EPSS: 0.05%

updated 2026-01-14T19:16:41.860000

1 posts

Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentially result in denial-of-service conditions on affected devices.

CVE-2025-14502
(9.8 CRITICAL)

EPSS: 0.29%

updated 2026-01-14T18:32:34

1 posts

The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1 via the template parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or

CVE-2025-70968
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-01-14T18:31:43

1 posts

FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().

CVE-2025-67399
(4.6 MEDIUM)

EPSS: 0.00%

updated 2026-01-14T18:31:43

2 posts

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller (Wi-Fi and BLE module) on the device is open to access

1 repos

https://github.com/rupeshsurve04/CVE-2025-67399

CVE-2026-22859
(0 None)

EPSS: 0.00%

updated 2026-01-14T18:16:43.657000

2 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read. This vulnerability is fixed in 3.20.1.

CVE-2026-22857
(0 None)

EPSS: 0.00%

updated 2026-01-14T18:16:43.373000

2 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1.

CVE-2026-22854
(0 None)

EPSS: 0.00%

updated 2026-01-14T18:16:42.933000

2 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1.

CVE-2026-22851
(0 None)

EPSS: 0.00%

updated 2026-01-14T18:16:42.490000

2 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accessed after it has been freed during RDPGFX ResetGraphics handling. This vulnerability is fixed in 3.20.1.

CVE-2025-66050
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-01-14T17:48:29.730000

1 posts

Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need. The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

CVE-2025-66049
(7.5 HIGH)

EPSS: 0.07%

updated 2026-01-14T17:48:18.313000

1 posts

Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security.  The vendor has not replied to the CNA. Possibly all fir

CVE-2026-0406
(0 None)

EPSS: 0.04%

updated 2026-01-14T16:26:00.933000

1 posts

An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.

CVE-2025-71027
(0 None)

EPSS: 0.02%

updated 2026-01-14T16:26:00.933000

1 posts

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-13447
(8.4 HIGH)

EPSS: 0.15%

updated 2026-01-14T16:26:00.933000

1 posts

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

CVE-2025-68702
(0 None)

EPSS: 0.03%

updated 2026-01-14T16:25:40.430000

1 posts

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft(32, '0') when it should use padLeft(64, '0') because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2.

CVE-2026-20944
(8.4 HIGH)

EPSS: 0.03%

updated 2026-01-14T16:25:40.430000

1 posts

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-37166
(7.5 HIGH)

EPSS: 0.02%

updated 2026-01-14T16:25:40.430000

1 posts

A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this vulnerability to conduct a Denial-of-Service attack on a target network.

CVE-2026-0408
(0 None)

EPSS: 0.04%

updated 2026-01-14T16:25:40.430000

1 posts

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI.

CVE-2026-0407
(0 None)

EPSS: 0.05%

updated 2026-01-14T16:25:40.430000

1 posts

An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel.

CVE-2025-9142
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-14T16:25:12.057000

1 posts

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.

CVE-2025-66169
(0 None)

EPSS: 0.02%

updated 2026-01-14T16:25:12.057000

2 posts

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.

CVE-2025-14301
(9.8 CRITICAL)

EPSS: 0.09%

updated 2026-01-14T16:25:12.057000

1 posts

The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `process_table_bulk_actions()` function processing user-supplied file paths without authentication checks, nonce verification, or path validation. This makes it possible for unauthenticated attackers to delete or download arbitrary files on

CVE-2026-22686
(10.0 CRITICAL)

EPSS: 0.10%

updated 2026-01-14T16:25:12.057000

1 posts

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Error object retains its host realm p

CVE-2025-12052
(7.8 HIGH)

EPSS: 0.01%

updated 2026-01-14T16:25:12.057000

1 posts

The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.

CVE-2025-68956
(8.0 HIGH)

EPSS: 0.01%

updated 2026-01-14T16:25:12.057000

1 posts

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-68957
(8.4 HIGH)

EPSS: 0.01%

updated 2026-01-14T16:25:12.057000

1 posts

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-68960
(8.4 HIGH)

EPSS: 0.01%

updated 2026-01-14T16:25:12.057000

1 posts

Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-14338
(0 None)

EPSS: 0.02%

updated 2026-01-14T16:25:12.057000

1 posts

Polkit authentication dis isabled by default and a race condition in the Polkit authorization check in versions before v0.69.0 can lead to the same issues as in CVE-2025-66005.

CVE-2025-67859
(0 None)

EPSS: 0.02%

updated 2026-01-14T16:25:12.057000

1 posts

A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power profile in use as well as the daemon’s log settings.This issue affects TLP: from 1.9 before 1.9.1.

CVE-2026-20805
(5.5 MEDIUM)

EPSS: 23.28%

updated 2026-01-14T13:44:31.180000

11 posts

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

1 repos

https://github.com/fevar54/CVE-2026-20805-POC

CVE-2026-0532
(8.6 HIGH)

EPSS: 0.03%

updated 2026-01-14T12:31:48

1 posts

External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticated access with privileges sufficient to create or modify connectors (Alerts & Connectors: All). The

CVE-2025-66005(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-01-14T12:31:39

1 posts

Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session.

CVE-2025-14770
(7.5 HIGH)

EPSS: 0.06%

updated 2026-01-14T09:31:20

1 posts

The Shipping Rate By Cities plugin for WordPress is vulnerable to SQL Injection via the 'city' parameter in all versions up to, and including, 2.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be u

CVE-2025-12053
(7.8 HIGH)

EPSS: 0.01%

updated 2026-01-14T03:30:32

1 posts

The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.

CVE-2025-68958
(8.0 HIGH)

EPSS: 0.01%

updated 2026-01-14T03:30:32

1 posts

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-68968
(7.8 HIGH)

EPSS: 0.01%

updated 2026-01-14T03:30:32

1 posts

Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function.

CVE-2025-12050
(7.8 HIGH)

EPSS: 0.01%

updated 2026-01-14T03:30:31

1 posts

The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.

CVE-2025-12051
(7.8 HIGH)

EPSS: 0.01%

updated 2026-01-14T03:30:31

1 posts

The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.

CVE-2025-68955
(8.0 HIGH)

EPSS: 0.01%

updated 2026-01-14T03:30:31

1 posts

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-60188
(7.5 HIGH)

EPSS: 3.13%

updated 2026-01-14T00:31:25

1 posts

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.

Nuclei template

1 repos

https://github.com/m4sh-wacker/CVE-2025-60188-Atarim-Plugin-Exploit

CVE-2025-14847
(7.5 HIGH)

EPSS: 57.25%

updated 2026-01-13T22:24:20.380000

9 posts

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Ser

Nuclei template

37 repos

https://github.com/JemHadar/MongoBleed-DFIR-Triage-Script-CVE-2025-14847

https://github.com/ElJoamy/MongoBleed-exploit

https://github.com/pedrocruz2202/mongobleed-scanner

https://github.com/AmadoBatista/mongobleed

https://github.com/FurkanKAYAPINAR/CVE-2025-14847-MongoBleed-Exploit

https://github.com/Systemhaus-Schulz/MongoBleed-CVE-2025-14847

https://github.com/Rishi-kaul/CVE-2025-14847-MongoBleed

https://github.com/demetriusford/mongobleed

https://github.com/CadGoose/MongoBleed-CVE-2025-14847-Fully-Automated-scanner

https://github.com/nma-io/mongobleed

https://github.com/alexcyberx/CVE-2025-14847_Expolit

https://github.com/cybertechajju/CVE-2025-14847_Expolit

https://github.com/kuyrathdaro/cve-2025-14847

https://github.com/waheeb71/CVE-2025-14847

https://github.com/vfa-tuannt/CVE-2025-14847

https://github.com/saereya/CVE-2025-14847---MongoBleed

https://github.com/Black1hp/mongobleed-scanner

https://github.com/joshuavanderpoll/CVE-2025-14847

https://github.com/keraattin/Mongobleed-Detector-CVE-2025-14847

https://github.com/sakthivel10q/CVE-2025-14847

https://github.com/sakthivel10q/sakthivel10q.github.io

https://github.com/peakcyber-security/CVE-2025-14847

https://github.com/NoNameError/MongoBLEED---CVE-2025-14847-POC-

https://github.com/tunahantekeoglu/MongoDeepDive

https://github.com/sahar042/CVE-2025-14847

https://github.com/j0lt-github/mongobleedburp

https://github.com/lincemorado97/CVE-2025-14847

https://github.com/ProbiusOfficial/CVE-2025-14847

https://github.com/Ashwesker/Ashwesker-CVE-2025-14847

https://github.com/franksec42/mongobleed-exploit-CVE-2025-14847

https://github.com/AdolfBharath/mongobleed

https://github.com/KingHacker353/CVE-2025-14847_Expolit

https://github.com/chinaxploiter/CVE-2025-14847-PoC

https://github.com/onewinner/CVE-2025-14847

https://github.com/pedrocruz2202/pedrocruz2202.github.io

https://github.com/Security-Phoenix-demo/mongobleed-exploit-CVE-2025-14847

https://github.com/14mb1v45h/CYBERDUDEBIVASH-MONGODB-DETECTOR-v2026

CVE-2026-22697
(7.5 HIGH)

EPSS: 0.07%

updated 2026-01-13T22:16:07.690000

1 posts

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields retur

CVE-2026-0838
(8.8 HIGH)

EPSS: 0.07%

updated 2026-01-13T22:02:34.320000

1 posts

A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did no

CVE-2026-0839
(8.8 HIGH)

EPSS: 0.07%

updated 2026-01-13T21:57:24.170000

1 posts

A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in

CVE-2026-0841
(8.8 HIGH)

EPSS: 0.07%

updated 2026-01-13T21:55:32.140000

1 posts

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-68925(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-01-13T21:41:23

1 posts

### Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L244-L249 The code doesn't validate that the JWT header specifies `"alg":"RS256"`. ### Impact Depending on the broader system, this could allow JWT forgery. Internally this severity is low since JWT is only intended to interface with

CVE-2025-68704(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-01-13T21:41:13

1 posts

### Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L593-L594 Uses `java.util.Random()` which is not cryptographically secure. ### Impact If an attacker can predict the random delays, they may still be able to perform timing attacks. ### Patches Jervis will use `SecureRandom` for timi

CVE-2025-68703(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-01-13T21:41:07

1 posts

### Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L869-L870 https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L894-L895 The salt is derived from sha256Sum(passphrase). Two encryption operation

CVE-2025-68701(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-01-13T21:40:57

1 posts

### Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L866-L874 https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L891-L900 Same passphrase + same plaintext = same ciphertext (IV reuse) ### Impact

CVE-2025-71023
(7.5 HIGH)

EPSS: 0.04%

updated 2026-01-13T21:32:48

1 posts

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2026-21299
(7.8 HIGH)

EPSS: 0.03%

updated 2026-01-13T21:31:53

1 posts

Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-21271
(8.6 HIGH)

EPSS: 0.04%

updated 2026-01-13T21:31:52

1 posts

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.

CVE-2026-21268
(8.6 HIGH)

EPSS: 0.04%

updated 2026-01-13T21:31:52

1 posts

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.

CVE-2025-64155
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-01-13T21:31:44

5 posts

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

2 repos

https://github.com/purehate/CVE-2025-64155-hunter

https://github.com/horizon3ai/CVE-2025-64155

CVE-2026-22813(CVSS UNKNOWN)

EPSS: 0.08%

updated 2026-01-13T20:36:43

1 posts

### Summary A malicious website can abuse the server URL override feature of the OpenCode web UI to achieve cross-site scripting on `http://localhost:4096`. From there, it is possible to run arbitrary commands on the local system using the `/pty/` endpoints provided by the OpenCode API. ### Code execution via OpenCode API - The OpenCode API has `/pty/` endpoints that allow spawning arbitrary pro

CVE-2026-20953
(8.4 HIGH)

EPSS: 0.03%

updated 2026-01-13T18:31:18

1 posts

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20952
(8.4 HIGH)

EPSS: 0.03%

updated 2026-01-13T18:31:18

1 posts

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-59922
(7.2 HIGH)

EPSS: 0.12%

updated 2026-01-13T18:31:14

2 posts

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands

CVE-2025-37165
(7.5 HIGH)

EPSS: 0.03%

updated 2026-01-13T18:31:14

1 posts

A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets.

CVE-2026-0405(CVSS UNKNOWN)

EPSS: 0.09%

updated 2026-01-13T18:31:14

1 posts

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

CVE-2026-0386
(7.5 HIGH)

EPSS: 0.08%

updated 2026-01-13T18:31:13

2 posts

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.

CVE-2025-70753(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-01-13T18:31:12

1 posts

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-71026(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-01-13T18:31:12

1 posts

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-71025(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-01-13T18:31:12

1 posts

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-71024(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-01-13T18:31:12

1 posts

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2026-0403(CVSS UNKNOWN)

EPSS: 0.05%

updated 2026-01-13T18:31:10

1 posts

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.

CVE-2026-0404(CVSS UNKNOWN)

EPSS: 0.51%

updated 2026-01-13T18:31:09

1 posts

An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.

CVE-2025-68707(CVSS UNKNOWN)

EPSS: 0.05%

updated 2026-01-13T18:31:09

1 posts

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise of the device (i.e., via unauthenticated access to /boaform/formSaveConfig and /boaform/admin endpoint

CVE-2025-66176
(8.8 HIGH)

EPSS: 0.02%

updated 2026-01-13T18:31:03

1 posts

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

CVE-2025-66177
(8.8 HIGH)

EPSS: 0.02%

updated 2026-01-13T18:16:06.193000

1 posts

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

CVE-2025-8110
(8.8 HIGH)

EPSS: 0.95%

updated 2026-01-13T15:50:02.180000

5 posts

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

6 repos

https://github.com/Ashwesker/Ashwesker-CVE-2025-8110

https://github.com/rxerium/CVE-2025-8110

https://github.com/freiwi/CVE-2025-8110

https://github.com/tovd-go/CVE-2025-8110

https://github.com/111ddea/goga-cve-2025-8110

https://github.com/zAbuQasem/gogs-CVE-2025-8110

CVE-2025-13444
(8.5 HIGH)

EPSS: 0.15%

updated 2026-01-13T15:37:12

1 posts

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

CVE-2025-12420
(0 None)

EPSS: 0.07%

updated 2026-01-13T15:15:57.787000

7 posts

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update to  hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hos

CVE-2026-21858
(10.0 CRITICAL)

EPSS: 2.96%

updated 2026-01-13T15:05:00

12 posts

### Impact A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker. This could result in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. ### Pa

Nuclei template

4 repos

https://github.com/eduardorossi84/CVE-2026-21858-POC

https://github.com/cropnet/ni8mare-scanner

https://github.com/Ashwesker/Ashwesker-CVE-2026-21858

https://github.com/Chocapikk/CVE-2026-21858

CVE-2026-21898
(8.2 HIGH)

EPSS: 0.05%

updated 2026-01-13T14:03:46.203000

1 posts

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_AOS_ProcessSecurity function reads memory without valid bounds checking when parsing AOS frame hashes. This issue has been patched in

CVE-2026-21899
(4.7 MEDIUM)

EPSS: 0.03%

updated 2026-01-13T14:03:46.203000

1 posts

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping dereferences input[inputLen - 1] before checking that inputLen > 0 or that input != NULL. For inputLen == 0

CVE-2025-70974
(10.0 CRITICAL)

EPSS: 0.06%

updated 2026-01-13T14:03:46.203000

1 posts

Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload located elsewhere in that JSON document. This was exploited in the wild in 2023 throug

CVE-2025-69425
(0 None)

EPSS: 0.10%

updated 2026-01-13T14:03:46.203000

1 posts

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication

CVE-2025-70161
(9.8 CRITICAL)

EPSS: 0.24%

updated 2026-01-13T14:03:46.203000

1 posts

EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution.

CVE-2025-64090
(10.0 CRITICAL)

EPSS: 0.06%

updated 2026-01-13T14:03:46.203000

1 posts

This vulnerability allows authenticated attackers to execute commands via the hostname of the device.

CVE-2025-64093
(10.0 CRITICAL)

EPSS: 0.22%

updated 2026-01-13T14:03:46.203000

1 posts

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.

CVE-2026-22079
(0 None)

EPSS: 0.03%

updated 2026-01-13T14:03:46.203000

1 posts

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the credentials transmitt

CVE-2025-69194
(8.8 HIGH)

EPSS: 0.03%

updated 2026-01-13T14:03:46.203000

1 posts

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment.

1 repos

https://github.com/secdongle/POC_CVE-2025-69194