| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25614 | 7.5 | 0.05% | 1 | 0 | 2026-02-05T09:31:13 | Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680. | |
| CVE-2026-1761 | 8.6 | 0.14% | 1 | 0 | 2026-02-05T07:16:17.797000 | A flaw was found in libsoup. This stack-based buffer overflow vulnerability occu | |
| CVE-2026-1642 | 5.9 | 0.00% | 1 | 0 | 2026-02-05T06:15:53.893000 | A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to u | |
| CVE-2025-10314 | 8.8 | 0.00% | 2 | 0 | 2026-02-05T03:30:23 | Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation F | |
| CVE-2025-11730 | 7.2 | 0.00% | 2 | 0 | 2026-02-05T02:15:52.380000 | A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) | |
| CVE-2026-25546 | 7.8 | 0.00% | 4 | 1 | 2026-02-05T00:37:13 | ### Impact A Command Injection vulnerability in godot-mcp allows remote code ex | |
| CVE-2026-25539 | 9.1 | 0.00% | 2 | 0 | 2026-02-05T00:36:45 | ## Summary The `/api/file/copyFile` endpoint does not validate the `dest` param | |
| CVE-2025-13192 | 8.2 | 0.00% | 2 | 0 | 2026-02-05T00:31:08 | The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, an | |
| CVE-2026-22038 | 8.1 | 0.00% | 2 | 0 | 2026-02-04T23:15:56.057000 | AutoGPT is a platform that allows users to create, deploy, and manage continuous | |
| CVE-2026-25583 | 7.8 | 0.00% | 2 | 0 | 2026-02-04T22:16:01.540000 | iccDEV provides a set of libraries and tools that allow for the interaction, man | |
| CVE-2026-25526 | 9.8 | 0.00% | 2 | 0 | 2026-02-04T22:15:59.510000 | JinJava is a Java-based template engine based on django template syntax, adapted | |
| CVE-2026-24735 | 7.5 | 0.02% | 1 | 0 | 2026-02-04T21:57:36 | Exposure of Private Personal Information to an Unauthorized Actor vulnerability | |
| CVE-2026-25161 | 8.8 | 0.00% | 2 | 0 | 2026-02-04T21:56:57 | ### Summary The application contains a Path Traversal vulnerability (CWE-22) in | |
| CVE-2026-25160 | 9.1 | 0.00% | 4 | 0 | 2026-02-04T21:56:51 | ### Summary The application disables TLS certificate verification by default for | |
| CVE-2026-25121 | 7.5 | 0.00% | 2 | 0 | 2026-02-04T21:55:46 | A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstrac | |
| CVE-2026-24884 | 8.4 | 0.00% | 2 | 0 | 2026-02-04T21:55:36 | # Arbitrary File Write via Symlink Extraction in `github.com/node-modules/compre | |
| CVE-2026-24844 | 7.8 | 0.00% | 2 | 0 | 2026-02-04T21:55:30 | An attacker who can provide build input values, but not modify pipeline definiti | |
| CVE-2026-23897 | 7.5 | 0.00% | 2 | 0 | 2026-02-04T21:55:12 | ### Impact The default configuration of `startStandaloneServer` from `@apollo/s | |
| CVE-2025-13375 | 9.8 | 0.00% | 2 | 0 | 2026-02-04T21:30:43 | IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an una | |
| CVE-2026-0536 | 7.8 | 0.00% | 2 | 0 | 2026-02-04T21:30:43 | A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause | |
| CVE-2025-69875 | 7.8 | 0.02% | 2 | 0 | 2026-02-04T21:30:32 | A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine man | |
| CVE-2025-70841 | 10.0 | 0.03% | 1 | 0 | 2026-02-04T21:30:32 | Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated | |
| CVE-2026-25027 | 7.5 | 0.05% | 2 | 0 | 2026-02-04T21:30:30 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2025-69620 | 7.5 | 0.01% | 2 | 0 | 2026-02-04T21:15:58.150000 | A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of S | |
| CVE-2026-25505 | 9.8 | 0.00% | 2 | 0 | 2026-02-04T20:16:07.707000 | Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D p | |
| CVE-2026-25502 | 7.8 | 0.01% | 2 | 0 | 2026-02-04T20:16:07.593000 | iccDEV provides a set of libraries and tools that allow for the interaction, man | |
| CVE-2026-25157 | 7.7 | 0.00% | 5 | 0 | 2026-02-04T20:16:06.577000 | OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS | |
| CVE-2026-25143 | 7.8 | 0.00% | 5 | 0 | 2026-02-04T20:16:06.227000 | melange allows users to build apk packages using declarative pipelines. From ver | |
| CVE-2026-24843 | 8.2 | 0.00% | 2 | 0 | 2026-02-04T20:16:05.393000 | melange allows users to build apk packages using declarative pipelines. In versi | |
| CVE-2026-24514 | 6.5 | 0.04% | 1 | 0 | 2026-02-04T20:05:49 | A security issue was discovered in ingress-nginx where the validating admission | |
| CVE-2026-24513 | 3.1 | 0.03% | 1 | 0 | 2026-02-04T20:05:32 | A security issue was discovered in ingress-nginx where the protection afforded b | |
| CVE-2026-24512 | 8.8 | 0.10% | 4 | 0 | 2026-02-04T20:04:50 | A security issue was discovered in ingress-nginx. Tthe `rules.http.paths.path` I | |
| CVE-2025-64712 | 9.8 | 0.00% | 2 | 0 | 2026-02-04T19:53:06 | A Path Traversal vulnerability in the `partition_msg` function allows an attacke | |
| CVE-2025-61917 | 7.7 | 0.00% | 2 | 0 | 2026-02-04T19:53:01 | ### Impact The use of `Buffer.allocUnsafe()` and `Buffer.allocUnsafeSlow()` in | |
| CVE-2025-70560 | 8.4 | 0.02% | 1 | 0 | 2026-02-04T19:43:53 | Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule l | |
| CVE-2026-25140 | 7.5 | 0.00% | 2 | 0 | 2026-02-04T19:16:15.117000 | apko allows users to build and publish OCI container images built from apk packa | |
| CVE-2025-59439 | 7.5 | 0.02% | 2 | 0 | 2026-02-04T19:16:13.590000 | An issue was discovered in Samsung Mobile Processor, Wearable Processor and Mode | |
| CVE-2025-67187 | 9.8 | 0.02% | 2 | 0 | 2026-02-04T18:31:37 | A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4 | |
| CVE-2025-46651 | 9.1 | 0.02% | 2 | 0 | 2026-02-04T18:31:36 | Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vuln | |
| CVE-2025-60865 | 7.8 | 0.01% | 2 | 0 | 2026-02-04T18:31:36 | Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 | |
| CVE-2025-67186 | 9.8 | 0.07% | 2 | 0 | 2026-02-04T18:31:36 | TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability | |
| CVE-2025-66374 | 7.8 | 0.02% | 1 | 0 | 2026-02-04T18:31:36 | CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to | |
| CVE-2026-0660 | 7.8 | 0.00% | 2 | 0 | 2026-02-04T18:30:51 | A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause | |
| CVE-2026-20119 | 7.5 | 0.00% | 3 | 0 | 2026-02-04T18:30:51 | A vulnerability in the text rendering subsystem of Cisco TelePresence Collaborat | |
| CVE-2026-0659 | 7.8 | 0.00% | 2 | 0 | 2026-02-04T18:30:51 | A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or | |
| CVE-2026-0662 | 7.8 | 0.00% | 1 | 0 | 2026-02-04T18:30:51 | A maliciously crafted project directory, when opening a max file in Autodesk 3ds | |
| CVE-2026-0537 | 7.8 | 0.00% | 4 | 0 | 2026-02-04T18:30:50 | A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force | |
| CVE-2025-59818 | 10.0 | 0.08% | 1 | 0 | 2026-02-04T18:30:39 | This vulnerability allows authenticated attackers to execute arbitrary commands | |
| CVE-2025-61506 | 9.8 | 0.04% | 2 | 1 | 2026-02-04T18:30:31 | An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated | |
| CVE-2025-63624 | 9.8 | 0.04% | 2 | 0 | 2026-02-04T18:30:31 | SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart wate | |
| CVE-2025-63372 | 7.5 | 0.06% | 2 | 0 | 2026-02-04T18:30:31 | Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Trave | |
| CVE-2025-65875 | 8.8 | 0.06% | 1 | 0 | 2026-02-04T18:30:31 | An arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 a | |
| CVE-2026-1530 | 8.1 | 0.02% | 1 | 0 | 2026-02-04T17:47:39 | A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to | |
| CVE-2026-1531 | 8.1 | 0.02% | 1 | 0 | 2026-02-04T17:46:55 | A flaw was found in foreman_kubevirt. When configuring the connection to OpenShi | |
| CVE-2026-25223 | 7.5 | 0.03% | 2 | 0 | 2026-02-04T17:46:03 | ### Impact A validation bypass vulnerability exists in Fastify where request bo | |
| CVE-2026-25510 | 10.0 | 0.23% | 2 | 0 | 2026-02-04T17:46:00 | **Summary** A critical vulnerability has been identified in CI4MS that allows a | |
| CVE-2026-25049 | 0 | 0.00% | 16 | 0 | 2026-02-04T17:16:22.833000 | n8n is an open source workflow automation platform. Prior to versions 1.123.17 a | |
| CVE-2026-20098 | 8.8 | 0.00% | 3 | 0 | 2026-02-04T17:16:14.107000 | A vulnerability in the Certificate Management feature of Cisco Meeting Managemen | |
| CVE-2026-0661 | 7.8 | 0.00% | 2 | 0 | 2026-02-04T17:16:12.947000 | A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force | |
| CVE-2026-0538 | 7.8 | 0.00% | 2 | 0 | 2026-02-04T17:16:12.403000 | A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force | |
| CVE-2025-14550 | 7.5 | 0.04% | 1 | 0 | 2026-02-04T17:09:58.100000 | An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4 | |
| CVE-2026-1340 | 9.8 | 0.18% | 3 | 0 | 2026-02-04T16:34:21.763000 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2025-57529 | 9.8 | 0.02% | 1 | 1 | 2026-02-04T16:34:21.763000 | YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in | |
| CVE-2025-63649 | 7.5 | 0.05% | 1 | 0 | 2026-02-04T16:34:21.763000 | An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_ | |
| CVE-2026-1580 | 8.8 | 0.10% | 4 | 0 | 2026-02-04T16:33:44.537000 | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubern | |
| CVE-2026-1632 | 9.1 | 0.13% | 3 | 0 | 2026-02-04T16:33:44.537000 | MOMA Seismic Station Version v2.4.2520 and prior exposes its web management inte | |
| CVE-2026-1341 | 0 | 0.02% | 1 | 0 | 2026-02-04T16:33:44.537000 | Avation Light Engine Pro exposes its configuration and control interface without | |
| CVE-2025-15285 | 7.5 | 0.08% | 1 | 0 | 2026-02-04T16:33:44.537000 | The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized mo | |
| CVE-2025-15268 | 7.5 | 0.07% | 1 | 0 | 2026-02-04T16:33:44.537000 | The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL In | |
| CVE-2026-25150 | 9.3 | 0.02% | 1 | 0 | 2026-02-04T16:33:44.537000 | Qwik is a performance focused javascript framework. Prior to version 1.19.0, a p | |
| CVE-2026-1803 | 8.1 | 0.02% | 2 | 0 | 2026-02-04T16:33:44.537000 | A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unk | |
| CVE-2026-24773 | 7.5 | 0.03% | 2 | 0 | 2026-02-04T16:33:44.537000 | The Open eClass platform (formerly known as GUnet eClass) is a complete course m | |
| CVE-2021-39935 | 6.8 | 80.80% | 3 | 0 | 2026-02-04T15:56:15.730000 | An issue has been discovered in GitLab CE/EE affecting all versions starting fro | |
| CVE-2025-15368 | 8.8 | 0.00% | 1 | 0 | 2026-02-04T15:30:35 | The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in al | |
| CVE-2025-5329 | 9.8 | 0.00% | 1 | 1 | 2026-02-04T15:30:29 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-20402 | 7.5 | 0.21% | 1 | 0 | 2026-02-04T14:28:00.447000 | In Modem, there is a possible system crash due to improper input validation. Thi | |
| CVE-2026-20404 | 7.5 | 0.21% | 2 | 0 | 2026-02-04T14:22:01.120000 | In Modem, there is a possible system crash due to improper input validation. Thi | |
| CVE-2026-20406 | 7.5 | 0.21% | 1 | 0 | 2026-02-04T13:52:44.517000 | In Modem, there is a possible system crash due to an uncaught exception. This co | |
| CVE-2026-20408 | 8.8 | 0.02% | 1 | 0 | 2026-02-04T13:48:41.430000 | In wlan, there is a possible out of bounds write due to a heap buffer overflow. | |
| CVE-2026-0818 | 4.3 | 0.02% | 1 | 0 | 2026-02-04T12:32:27 | CSS-based exfiltration of the content from partially encrypted emails when allow | |
| CVE-2026-1819 | 8.8 | 0.05% | 1 | 0 | 2026-02-04T09:30:35 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site | |
| CVE-2026-1756 | 8.8 | 0.22% | 1 | 0 | 2026-02-04T09:30:30 | The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads | |
| CVE-2025-5319 | 9.8 | 0.01% | 1 | 1 | 2026-02-04T08:16:05.393000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2025-40551 | 9.8 | 22.94% | 6 | 0 | 2026-02-04T02:00:02.030000 | SolarWinds Web Help Desk was found to be susceptible to an untrusted data deseri | |
| CVE-2026-1861 | 8.8 | 0.03% | 1 | 0 | 2026-02-04T00:31:33 | Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed | |
| CVE-2026-1633 | 10.0 | 0.05% | 5 | 0 | 2026-02-04T00:30:41 | The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web mana | |
| CVE-2026-1862 | 8.8 | 0.03% | 1 | 0 | 2026-02-04T00:30:28 | Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote a | |
| CVE-2025-10878 | 10.0 | 0.18% | 1 | 1 | 2026-02-03T21:31:59 | A SQL injection vulnerability exists in the login functionality of Fikir Odalari | |
| CVE-2026-24149 | 7.8 | 0.01% | 1 | 0 | 2026-02-03T21:31:59 | NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where | |
| CVE-2026-24954 | 8.8 | 0.05% | 1 | 0 | 2026-02-03T21:31:51 | Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage | |
| CVE-2026-20419 | 7.5 | 0.07% | 1 | 0 | 2026-02-03T21:27:13.077000 | In wlan AP/STA firmware, there is a possible system becoming irresponsive due to | |
| CVE-2026-20421 | 7.5 | 0.21% | 1 | 0 | 2026-02-03T21:23:50.483000 | In Modem, there is a possible system crash due to improper input validation. Thi | |
| CVE-2026-1285 | None | 0.04% | 1 | 0 | 2026-02-03T19:31:19 | An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4 | |
| CVE-2025-67853 | 7.5 | 0.02% | 1 | 0 | 2026-02-03T19:15:23 | A flaw was found in Moodle. A remote attacker could exploit a lack of proper rat | |
| CVE-2026-1568 | 9.6 | 0.02% | 1 | 0 | 2026-02-03T18:30:53 | Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue o | |
| CVE-2019-19006 | 9.8 | 31.70% | 3 | 0 | 2026-02-03T18:30:27 | Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and bel | |
| CVE-2026-24071 | 7.8 | 0.01% | 2 | 0 | 2026-02-03T16:44:36.630000 | It was found that the XPC service offered by the privileged helper of Native Acc | |
| CVE-2025-9974 | 8.0 | 0.03% | 2 | 0 | 2026-02-03T16:44:36.630000 | The unified WEBUI application of the ONT/Beacon device contains an input handlin | |
| CVE-2025-14914 | 7.6 | 0.04% | 1 | 0 | 2026-02-03T16:44:36.630000 | IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a | |
| CVE-2025-47398 | 7.8 | 0.01% | 1 | 0 | 2026-02-03T16:44:36.630000 | Memory Corruption while deallocating graphics processing unit memory buffers due | |
| CVE-2026-1117 | 8.2 | 0.03% | 1 | 0 | 2026-02-03T16:44:36.630000 | A vulnerability in the `lollms_generation_events.py` component of parisneo/lollm | |
| CVE-2026-24788 | 8.8 | 0.23% | 1 | 0 | 2026-02-03T16:44:36.630000 | RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vul | |
| CVE-2025-6397 | 8.6 | 0.04% | 1 | 0 | 2026-02-03T16:44:03.343000 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site | |
| CVE-2025-67848 | 8.1 | 0.02% | 1 | 0 | 2026-02-03T16:44:03.343000 | A flaw was found in Moodle. This authentication bypass vulnerability allows susp | |
| CVE-2026-1375 | 8.1 | 0.04% | 1 | 0 | 2026-02-03T16:44:03.343000 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vul | |
| CVE-2026-1730 | 8.8 | 0.22% | 1 | 0 | 2026-02-03T16:44:03.343000 | The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads | |
| CVE-2026-24694 | 7.8 | 0.02% | 1 | 0 | 2026-02-03T16:44:03.343000 | The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dyn | |
| CVE-2026-24763 | 8.8 | 0.07% | 2 | 0 | 2026-02-03T16:44:03.343000 | OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own dev | |
| CVE-2026-23515 | 9.9 | 0.91% | 1 | 0 | 2026-02-03T16:44:03.343000 | Signal K Server is a server application that runs on a central hub in a boat. Pr | |
| CVE-2026-25142 | 10.0 | 0.10% | 1 | 0 | 2026-02-03T16:44:03.343000 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not | |
| CVE-2026-25060 | 8.1 | 0.01% | 1 | 0 | 2026-02-03T16:13:27 | ### Summary The application disables TLS certificate verification by default for | |
| CVE-2026-25059 | 8.8 | 0.02% | 1 | 0 | 2026-02-03T16:13:22 | ### Summary The application contains a Path Traversal vulnerability (CWE-22) in | |
| CVE-2026-24737 | 8.1 | 0.01% | 2 | 0 | 2026-02-03T16:13:02 | ### Impact User control of properties and methods of the Acroform module allows | |
| CVE-2026-23997 | 8.0 | 0.01% | 1 | 0 | 2026-02-03T16:12:22 | ### Summary A Stored Cross-Site Scripting (XSS) vulnerability was discovered in | |
| CVE-2026-22778 | 9.8 | 0.06% | 1 | 0 | 2026-02-03T16:12:13 | ## Summary **A chain of vulnerabilities in vLLM allow Remote Code Execution (RC | |
| CVE-2026-25022 | 8.5 | 0.03% | 1 | 0 | 2026-02-03T15:30:38 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2025-7760 | 7.6 | 0.01% | 1 | 0 | 2026-02-03T15:30:33 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site | |
| CVE-2025-8461 | 7.6 | 0.03% | 1 | 0 | 2026-02-03T09:30:34 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site | |
| CVE-2026-24465 | 9.8 | 0.02% | 1 | 0 | 2026-02-03T09:30:34 | Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access p | |
| CVE-2025-8456 | 7.6 | 0.03% | 1 | 0 | 2026-02-03T09:30:28 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site | |
| CVE-2025-8590 | 7.5 | 0.03% | 1 | 0 | 2026-02-03T09:30:28 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE | |
| CVE-2025-8589 | 7.6 | 0.03% | 1 | 0 | 2026-02-03T09:30:28 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site | |
| CVE-2026-20407 | 8.8 | 0.01% | 1 | 0 | 2026-02-03T00:31:23 | In wlan STA driver, there is a possible escalation of privilege due to a missing | |
| CVE-2026-20420 | 7.5 | 0.21% | 1 | 0 | 2026-02-03T00:31:23 | In Modem, there is a possible system crash due to incorrect error handling. This | |
| CVE-2026-20403 | 7.5 | 0.21% | 1 | 0 | 2026-02-03T00:31:22 | In Modem, there is a possible system crash due to a missing bounds check. This c | |
| CVE-2026-20409 | 7.8 | 0.01% | 1 | 0 | 2026-02-03T00:31:22 | In imgsys, there is a possible out of bounds write due to a missing bounds check | |
| CVE-2026-20405 | 7.5 | 0.21% | 1 | 0 | 2026-02-03T00:31:22 | In Modem, there is a possible system crash due to a missing bounds check. This c | |
| CVE-2026-20422 | 7.5 | 0.21% | 1 | 0 | 2026-02-03T00:30:18 | In Modem, there is a possible system crash due to improper input validation. Thi | |
| CVE-2026-25253 | 8.8 | 0.04% | 3 | 2 | 2026-02-02T23:41:06 | ## Summary The Control UI trusts `gatewayUrl` from the query string without val | |
| CVE-2026-0599 | 7.5 | 0.08% | 1 | 0 | 2026-02-02T22:07:42 | A vulnerability in huggingface/text-generation-inference version 3.3.6 allows un | |
| CVE-2026-20411 | 7.8 | 0.01% | 1 | 0 | 2026-02-02T21:31:27 | In cameraisp, there is a possible escalation of privilege due to use after free. | |
| CVE-2026-20412 | 7.8 | 0.01% | 1 | 0 | 2026-02-02T18:32:35 | In cameraisp, there is a possible out of bounds write due to a missing bounds ch | |
| CVE-2026-24070 | 8.8 | 0.00% | 1 | 0 | 2026-02-02T18:32:35 | During the installation of the Native Access application, a privileged helper `c | |
| CVE-2025-15030 | 9.8 | 0.01% | 1 | 0 | 2026-02-02T18:32:35 | The User Profile Builder WordPress plugin before 3.15.2 does not have a proper | |
| CVE-2025-47359 | 7.8 | 0.01% | 1 | 0 | 2026-02-02T18:31:39 | Memory Corruption when multiple threads simultaneously access a memory free API. | |
| CVE-2025-47358 | 7.8 | 0.01% | 1 | 0 | 2026-02-02T18:31:39 | Memory Corruption when user space address is modified and passed to mem_free API | |
| CVE-2025-47399 | 7.8 | 0.01% | 1 | 0 | 2026-02-02T18:31:39 | Memory Corruption while processing IOCTL call to update sensor property settings | |
| CVE-2025-47397 | 7.8 | 0.01% | 1 | 0 | 2026-02-02T18:31:39 | Memory Corruption when initiating GPU memory mapping using scatter-gather lists | |
| CVE-2026-20418 | 8.8 | 0.12% | 2 | 0 | 2026-02-02T15:30:34 | In Thread, there is a possible out of bounds write due to a missing bounds check | |
| CVE-2025-8587 | 8.6 | 0.01% | 1 | 0 | 2026-02-02T15:30:34 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-25200 | 9.8 | 0.07% | 1 | 0 | 2026-02-02T06:30:53 | A vulnerability in MagicInfo9 Server allows authorized users to upload HTML file | |
| CVE-2026-25201 | 8.8 | 0.07% | 1 | 0 | 2026-02-02T06:30:53 | An unauthenticated user can upload arbitrary files to execute remote code, leadi | |
| CVE-2026-24061 | 9.8 | 29.55% | 2 | 59 | template | 2026-01-30T13:28:59.293000 | telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a " |
| CVE-2026-1281 | 9.8 | 16.41% | 5 | 0 | 2026-01-30T00:31:29 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2025-15467 | 9.8 | 0.66% | 1 | 4 | 2026-01-29T15:31:31 | Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AE | |
| CVE-2026-24858 | 9.8 | 3.71% | 1 | 5 | 2026-01-28T00:31:41 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-2 | |
| CVE-2026-21509 | 7.8 | 2.91% | 14 | 8 | 2026-01-27T16:19:42.330000 | Reliance on untrusted inputs in a security decision in Microsoft Office allows a | |
| CVE-2025-11234 | 7.5 | 0.10% | 1 | 0 | 2026-01-22T21:33:43 | A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is w | |
| CVE-2025-9086 | 7.5 | 0.04% | 1 | 0 | 2026-01-20T14:58:01.347000 | 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is | |
| CVE-2025-68613 | 10.0 | 73.86% | 1 | 30 | template | 2026-01-09T16:53:16 | ### Impact n8n contains a critical Remote Code Execution (RCE) vulnerability in |
| CVE-2025-61729 | 7.5 | 0.02% | 1 | 0 | 2025-12-03T00:31:35 | Within HostnameError.Error(), when constructing an error string, there is no lim | |
| CVE-2025-11953 | 9.8 | 0.40% | 5 | 4 | 2025-11-13T16:25:27 | The Metro Development Server, which is opened by the React Native CLI, binds to | |
| CVE-2024-10460 | 5.3 | 0.42% | 1 | 0 | 2025-11-04T00:31:55 | The origin of an external protocol handler prompt could have been obscured using | |
| CVE-2025-22224 | 9.3 | 57.74% | 2 | 0 | 2025-10-30T19:52:49.873000 | VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulner | |
| CVE-2025-22225 | 8.2 | 6.15% | 4 | 0 | 2025-10-30T19:52:45.300000 | VMware ESXi contains an arbitrary write vulnerability. A malicious actor with pr | |
| CVE-2025-22226 | 7.1 | 4.11% | 2 | 0 | 2025-10-30T19:52:41.973000 | VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerabi | |
| CVE-2025-8088 | 8.8 | 4.61% | 4 | 27 | 2025-10-30T15:50:59.680000 | A path traversal vulnerability affecting the Windows version of WinRAR allows th | |
| CVE-2025-49825 | 9.8 | 12.25% | 3 | 0 | template | 2025-06-18T13:46:52.973000 | Teleport provides connectivity, authentication, access controls and audit for in |
| CVE-2025-46724 | 9.8 | 0.06% | 1 | 0 | 2025-05-20T20:57:00 | ### Summary `TableChatAgent` uses [pandas eval()](https://github.com/langroid/la | |
| CVE-2023-38346 | 8.8 | 1.23% | 1 | 0 | 2024-04-04T07:48:27 | An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtra | |
| CVE-2019-15006 | None | 2.18% | 1 | 0 | 2023-01-29T05:00:49 | There was a man-in-the-middle (MITM) vulnerability present in the Confluence Pre | |
| CVE-2026-25585 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-25584 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-25582 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-25519 | 0 | 0.00% | 4 | 0 | N/A | ||
| CVE-2025-67987 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-64328 | 0 | 11.03% | 3 | 1 | N/A | ||
| CVE-2026-24665 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-24669 | 0 | 0.01% | 2 | 0 | N/A | ||
| CVE-2025-66480 | 0 | 0.43% | 1 | 0 | N/A | ||
| CVE-2026-25137 | 0 | 0.03% | 1 | 0 | N/A |
updated 2026-02-05T09:31:13
1 posts
🟠 CVE-2026-25614 - High (7.5)
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25614/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-05T07:16:17.797000
1 posts
🟠 CVE-2026-1761 - High (8.6)
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart H...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-05T06:15:53.893000
1 posts
nginx-1.28.2 stable and nginx-1.29.5 mainline versions have been released, with a fix for the SSL upstream injection vulnerability (CVE-2026-1642).
http://nginx.org/#2026-02-04
#nginx #security
updated 2026-02-05T03:30:23
2 posts
🟠 CVE-2025-10314 - High (8.8)
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-10314 - High (8.8)
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-05T02:15:52.380000
2 posts
CVE-2025-11730: Remote Code Execution via DDNS configuration in ZYXEL ATP/USG Series (V5.41) https://rainpwn.blog/blog/cve-2025-11730/
##CVE-2025-11730: Remote Code Execution via DDNS configuration in ZYXEL ATP/USG Series (V5.41) https://rainpwn.blog/blog/cve-2025-11730/
##updated 2026-02-05T00:37:13
4 posts
1 repos
https://github.com/mbanyamer/CVE-2026-25546-godot-mcp-0.1.1-OS-Command-Injection
🟠 CVE-2026-25546 - High (7.8)
Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlle...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25546/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25546 - High (7.8)
Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlle...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25546/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25546 - High (7.8)
Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlle...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25546/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25546 - High (7.8)
Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlle...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25546/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-05T00:36:45
2 posts
🔴 CVE-2026-25539 - Critical (9.1)
SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25539/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25539 - Critical (9.1)
SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25539/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-05T00:31:08
2 posts
🟠 CVE-2025-13192 - High (8.2)
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints in all versions up to, and including, 2.2.0 due ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13192/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-13192 - High (8.2)
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints in all versions up to, and including, 2.2.0 due ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13192/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T23:15:56.057000
2 posts
🟠 CVE-2026-22038 - High (8.1)
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API ke...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22038/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22038 - High (8.1)
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API ke...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22038/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T22:16:01.540000
2 posts
🟠 CVE-2026-25583 - High (7.8)
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when proces...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25583/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25583 - High (7.8)
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when proces...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25583/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T22:15:59.510000
2 posts
🔴 CVE-2026-25526 - Critical (9.8)
JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25526/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25526 - Critical (9.8)
JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25526/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T21:57:36
1 posts
🟠 CVE-2026-24735 - High (7.5)
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.7.1.
An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. Thi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24735/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T21:56:57
2 posts
🟠 CVE-2026-25161 - High (8.8)
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass dire...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25161/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25161 - High (8.8)
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass dire...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25161/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T21:56:51
4 posts
🔴 CVE-2026-25160 - Critical (9.1)
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25160/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25160 - Critical (9.1)
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25160/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25160 - Critical (9.1)
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25160/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25160 - Critical (9.1)
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25160/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T21:55:46
2 posts
🟠 CVE-2026-25121 - High (7.5)
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25121 - High (7.5)
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T21:55:36
2 posts
🟠 CVE-2026-24884 - High (8.4)
Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24884/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24884 - High (8.4)
Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24884/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T21:55:30
2 posts
🟠 CVE-2026-24844 - High (7.9)
melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipelin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24844/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24844 - High (7.9)
melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipelin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24844/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T21:55:12
2 posts
🟠 CVE-2026-23897 - High (7.5)
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of st...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23897/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23897 - High (7.5)
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of st...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23897/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T21:30:43
2 posts
🔴 CVE-2025-13375 - Critical (9.8)
IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13375/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-13375 - Critical (9.8)
IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13375/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T21:30:43
2 posts
🟠 CVE-2026-0536 - High (7.8)
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0536/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0536 - High (7.8)
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0536/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T21:30:32
2 posts
🟠 CVE-2025-69875 - High (7.8)
A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69875/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-69875 - High (7.8)
A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69875/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T21:30:32
1 posts
🔴 CVE-2025-70841 - Critical (10)
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption k...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70841/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T21:30:30
2 posts
🟠 CVE-2026-25027 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.7.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25027/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25027 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.7.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25027/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T21:15:58.150000
2 posts
🟠 CVE-2025-69620 - High (7.5)
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69620/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-69620 - High (7.5)
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69620/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T20:16:07.707000
2 posts
🔴 CVE-2026-25505 - Critical (9.8)
Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue ha...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25505/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25505 - Critical (9.8)
Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue ha...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25505/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T20:16:07.593000
2 posts
🟠 CVE-2026-25502 - High (7.8)
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml() function when processing malformed ICC...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25502/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25502 - High (7.8)
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml() function when processing malformed ICC...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25502/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T20:16:06.577000
5 posts
Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #technologyAtKukei https://masto.kukei.eu/browse/technology category:
- Agentic AI and multi-agent systems: OpenClaw, Moltbook, and Claude enabling autonomous planning and action.
- Moltbook security breach: exposure of 1.5M API keys and related risk.
- European AI sovereignty: Germany’s Munich KI Factory and the move toward sovereign, EU-led AI infrastructure.
- AI security and CVEs: OpenClaw CVE-2026-25157; [1/2]
🟠 CVE-2026-25157 - High (7.7)
OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25157/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25157 - High (7.7)
OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25157/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25157 - High (7.7)
OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25157/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25157 - High (7.7)
OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25157/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T20:16:06.227000
5 posts
Melange CVE-2026-25143 and related patch/defense concerns.
- Google Gemini growth: Gemini app surpassing 750M monthly active users; Pixel 10a launch teased.
- Artemis II launch update: NASA targets March for Artemis II lunar mission, with new windows. [2/2]
🟠 CVE-2026-25143 - High (7.8)
melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25143/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25143 - High (7.8)
melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25143/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25143 - High (7.8)
melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25143/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25143 - High (7.8)
melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25143/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T20:16:05.393000
2 posts
🟠 CVE-2026-24843 - High (8.2)
melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24843/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24843 - High (8.2)
melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24843/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T20:05:49
1 posts
updated 2026-02-04T20:05:32
1 posts
updated 2026-02-04T20:04:50
4 posts
💡 CVE-2026-24512: la vulnerabilità di ingress-NGINX che minaccia i cluster Kubernetes
##💡 CVE-2026-24512: la vulnerabilità di ingress-NGINX che minaccia i cluster Kubernetes
##🟠 CVE-2026-24512 - High (8.8)
A security issue was discovered in ingress-nginx cthe `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24512/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-24512 #devopsish #kubernetes #cve https://github.com/kubernetes/kubernetes/issues/136678
##updated 2026-02-04T19:53:06
2 posts
🔴 CVE-2025-64712 - Critical (9.8)
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partition_msg functi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64712/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-64712 - Critical (9.8)
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partition_msg functi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64712/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T19:53:01
2 posts
🟠 CVE-2025-61917 - High (7.7)
n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-61917 - High (7.7)
n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T19:43:53
1 posts
🟠 CVE-2025-70560 - High (8.4)
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70560/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T19:16:15.117000
2 posts
🟠 CVE-2026-25140 - High (7.5)
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25140/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25140 - High (7.5)
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25140/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T19:16:13.590000
2 posts
🟠 CVE-2025-59439 - High (7.5)
An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000 and Modem 5123. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59439/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-59439 - High (7.5)
An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000 and Modem 5123. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59439/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T18:31:37
2 posts
🔴 CVE-2025-67187 - Critical (9.8)
A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The flaw exists in the setIpQosRules interface of /lib/cste_modules/firewall.so where the comment parameter is not properly validated for length.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67187/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-67187 - Critical (9.8)
A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The flaw exists in the setIpQosRules interface of /lib/cste_modules/firewall.so where the comment parameter is not properly validated for length.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67187/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T18:31:36
2 posts
🔴 CVE-2025-46651 - Critical (9.1)
Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-46651/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-46651 - Critical (9.1)
Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-46651/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T18:31:36
2 posts
🟠 CVE-2025-60865 - High (7.8)
Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60865/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-60865 - High (7.8)
Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60865/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T18:31:36
2 posts
🔴 CVE-2025-67186 - Critical (9.8)
TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cste_modules/firewall.so. The vulnerability occurs because the `url` parameter is not properly validated for length, allowi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67186/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-67186 - Critical (9.8)
TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cste_modules/firewall.so. The vulnerability occurs because the `url` parameter is not properly validated for length, allowi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67186/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T18:31:36
1 posts
🟠 CVE-2025-66374 - High (7.8)
CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66374/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T18:30:51
2 posts
🟠 CVE-2026-0660 - High (7.8)
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0660/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0660 - High (7.8)
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0660/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T18:30:51
3 posts
🟠 CVE-2026-20119 - High (7.5)
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20119/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20119 - High (7.5)
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20119/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20119 - High (7.5)
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20119/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T18:30:51
2 posts
🟠 CVE-2026-0659 - High (7.8)
A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the cur...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0659/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0659 - High (7.8)
A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the cur...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0659/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T18:30:51
1 posts
🟠 CVE-2026-0662 - High (7.8)
A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0662/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T18:30:50
4 posts
🟠 CVE-2026-0537 - High (7.8)
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0537/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0537 - High (7.8)
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0537/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0537 - High (7.8)
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0537/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0537 - High (7.8)
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0537/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T18:30:39
1 posts
🔴 CVE-2025-59818 - Critical (10)
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59818/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T18:30:31
2 posts
1 repos
🔴 CVE-2025-61506 - Critical (9.8)
An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61506/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-61506 - Critical (9.8)
An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61506/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T18:30:31
2 posts
🔴 CVE-2025-63624 - Critical (9.8)
SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imei_list.aspx file.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-63624/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-63624 - Critical (9.8)
SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imei_list.aspx file.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-63624/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T18:30:31
2 posts
🟠 CVE-2025-63372 - High (7.5)
Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-63372/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-63372 - High (7.5)
Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-63372/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T18:30:31
1 posts
🟠 CVE-2025-65875 - High (8.8)
An arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-65875/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T17:47:39
1 posts
🟠 CVE-2026-1530 - High (8.1)
A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communication...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1530/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T17:46:55
1 posts
🟠 CVE-2026-1531 - High (8.1)
A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1531/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T17:46:03
2 posts
🟠 CVE-2026-25223 - High (7.5)
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25223/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25223 - High (7.5)
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25223/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T17:46:00
2 posts
🔴 CVE-2026-25510 - Critical (9.9)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Exe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25510/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25510 - Critical (9.9)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Exe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25510/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T17:16:22.833000
16 posts
Critical n8n Flaw Exposes Automation Platforms to Remote Code Execution
Introduction: Why This n8n Vulnerability Matters Workflow automation tools like n8n sit at the heart of modern DevOps, data pipelines, and business automation. They connect APIs, move sensitive data, and execute logic with elevated trust inside organizations. A newly disclosed critical vulnerability in n8n, tracked as CVE-2026-25049, shows how dangerous even “authenticated-only” flaws can be when…
https://undercodenews.com/critical-n8n-flaw-exposes-automation-platforms-to-remote-code-execution/
##CVE-2026-25049 highlights weaknesses in sandboxing user-defined JavaScript expressions within n8n workflows.
Multiple research teams demonstrated authenticated sandbox escape leading to unrestricted RCE, credential exposure, filesystem access, cloud pivoting, and AI workflow manipulation. The issue stems from incomplete AST-based sandboxing and runtime enforcement gaps.
Fixes have been released, and mitigation guidance includes updating, rotating secrets, and restricting workflow permissions.
💬 What lessons does this case offer for securing automation platforms?
➕ Follow TechNadu for accurate, vendor-neutral infosec reporting.
#Infosec #CVE #n8n #SandboxEscape #RCE #CloudSecurity #DevSecOps
##n8n : la faille critique CVE-2026-25049 réactive une précédente vulnérabilité https://www.it-connect.fr/n8n-cve-2026-25049-execution-code-a-distance/ #ActuCybersécurité #Cybersécurité #Vulnérabilité
##It seems that the recent #n8n CVE-2026-25049 is (EDIT: or was? My e-mail got answered with a generic response by an AI assistant) not only exploitable on self-hosted instances, but also in the n8n cloud. At least this is what the URL briefly visible in this video indicates. https://www.youtube.com/watch?v=QLrm7jx8kew (skip to 0:15 for a clear shot).
##Critical Sandbox Escapes in n8n AI Platform Enable Full Server Takeover
n8n patched another critical sandbox escape vulnerabilities (CVE-2026-25049) that allow authenticated users to execute arbitrary code and steal sensitive AI and cloud credentials.
**This is another important and urgent flaw in n8n. Update your n8n instances to the latest version ASAP and rotate all stored API keys and encryption secrets. Since these flaws allow full server takeover, you must assume any credentials stored in an unpatched instance are already compromised.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sandbox-escapes-in-n8n-ai-platform-enable-full-server-takeover-h-k-y-o-v/gD2P6Ple2L
Yet another critical vulnerability in n8n - CVE-2026-25049 (CVSS 9.4).
Vulnerability detection script here:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-25049.yaml
Patched versions are 1.123.17 / 2.5.2 as per:
https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8
Critical RCE Alert: n8n Workflow Automation Hit by Severe Vulnerability Allowing System Takeover
The popular workflow automation platform n8n has been rocked by a critical security flaw that could let attackers execute arbitrary system commands on affected servers. Tracked as CVE-2026-25049 with a high CVSS score of 9.4, the vulnerability stems from insufficient input sanitization—despite previous fixes for CVE-2025-68613, a similar high-severity flaw patched in…
##2026: New N8N RCE Deep Dive into CVE-2026-25049 https://blog.securelayer7.net/cve-2026-25049/
##Imagine thinking your workflow tool is safe, only to find out a single coding flaw let hackers grab everything from system access to secret credentials. How did n8n’s sandbox fail so badly? The details are wild
##‼️CVE-2026-25049: N8n AI Workflow Remote Code Execution
"This vulnerability allows an attacker to execute arbitrary system commands through misconfigured or insecure AI workflow execution paths. When chained correctly, it can lead to full server compromise depending on deployment configuration."
Video Credit: youtube.com/@SecureLayer7
##CVE-2026-25049 highlights weaknesses in sandboxing user-defined JavaScript expressions within n8n workflows.
Multiple research teams demonstrated authenticated sandbox escape leading to unrestricted RCE, credential exposure, filesystem access, cloud pivoting, and AI workflow manipulation. The issue stems from incomplete AST-based sandboxing and runtime enforcement gaps.
Fixes have been released, and mitigation guidance includes updating, rotating secrets, and restricting workflow permissions.
💬 What lessons does this case offer for securing automation platforms?
➕ Follow TechNadu for accurate, vendor-neutral infosec reporting.
#Infosec #CVE #n8n #SandboxEscape #RCE #CloudSecurity #DevSecOps
##n8n : la faille critique CVE-2026-25049 réactive une précédente vulnérabilité https://www.it-connect.fr/n8n-cve-2026-25049-execution-code-a-distance/ #ActuCybersécurité #Cybersécurité #Vulnérabilité
##It seems that the recent #n8n CVE-2026-25049 is (EDIT: or was? My e-mail got answered with a generic response by an AI assistant) not only exploitable on self-hosted instances, but also in the n8n cloud. At least this is what the URL briefly visible in this video indicates. https://www.youtube.com/watch?v=QLrm7jx8kew (skip to 0:15 for a clear shot).
##Critical Sandbox Escapes in n8n AI Platform Enable Full Server Takeover
n8n patched another critical sandbox escape vulnerabilities (CVE-2026-25049) that allow authenticated users to execute arbitrary code and steal sensitive AI and cloud credentials.
**This is another important and urgent flaw in n8n. Update your n8n instances to the latest version ASAP and rotate all stored API keys and encryption secrets. Since these flaws allow full server takeover, you must assume any credentials stored in an unpatched instance are already compromised.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sandbox-escapes-in-n8n-ai-platform-enable-full-server-takeover-h-k-y-o-v/gD2P6Ple2L
2026: New N8N RCE Deep Dive into CVE-2026-25049 https://blog.securelayer7.net/cve-2026-25049/
##‼️CVE-2026-25049: N8n AI Workflow Remote Code Execution
"This vulnerability allows an attacker to execute arbitrary system commands through misconfigured or insecure AI workflow execution paths. When chained correctly, it can lead to full server compromise depending on deployment configuration."
Video Credit: youtube.com/@SecureLayer7
##updated 2026-02-04T17:16:14.107000
3 posts
🟠 CVE-2026-20098 - High (8.8)
A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system.
This vu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20098/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20098 - High (8.8)
A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system.
This vu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20098/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20098 - High (8.8)
A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system.
This vu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20098/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T17:16:12.947000
2 posts
🟠 CVE-2026-0661 - High (7.8)
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0661/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0661 - High (7.8)
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0661/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T17:16:12.403000
2 posts
🟠 CVE-2026-0538 - High (7.8)
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0538/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0538 - High (7.8)
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0538/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T17:09:58.100000
1 posts
🟠 CVE-2025-14550 - High (7.5)
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers.
Earlier, unsupported Django...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14550/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T16:34:21.763000
3 posts
📢 Ivanti EPMM : deux RCE pré-auth (CVE-2026-1281/1340) activement exploitées — analyse watchTowr
📝 Source: watchTowr Labs publie une analyse technique de...
📖 cyberveille : https://cyberveille.ch/posts/2026-02-05-ivanti-epmm-deux-rce-pre-auth-cve-2026-1281-1340-activement-exploitees-analyse-watchtowr/
🌐 source : https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/
#Apache_RewriteMap #Bash #Cyberveille
Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 and CVE-2026-1340) https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/
##Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 and CVE-2026-1340) https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/
##updated 2026-02-04T16:34:21.763000
1 posts
1 repos
🔴 CVE-2025-57529 - Critical (9.8)
YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-57529/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T16:34:21.763000
1 posts
🟠 CVE-2025-63649 - High (7.5)
An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-63649/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T16:33:44.537000
4 posts
Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- Xcode 26.3 adds agentic coding with Claude/Codex via MCP in the IDE
- AI agents security: OpenClaw and Moltbot/MCP ecosystems risk; need guardrails
- GnuPG/Gpg4win vulnerabilities enabling code execution and DoS (WID-SEC-2026-0231)
- Ingress-Nginx auth-url bypass vulnerability CVE-2026-1580 (Kubernetes)
- ZetaSQL renamed to GoogleSQL for public [1/2]
Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- Wagtail CMS autosave feature rollout
- Xcode 26.3 adds agentic coding with Claude/Codex (MCP server)
- Ingress-NGINX auth-url protection bypass CVE-2026-1580
- Calamine Rust crate v0.33.0 release
- Ghidra MCP Server released (production-grade, 132 endpoints)
- AI-assisted coding reduces developer mastery (Anthropic study)
🟠 CVE-2026-1580 - High (8.8)
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1580/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-1580 #devopsish #kubernetes #cve https://github.com/kubernetes/kubernetes/issues/136677
##updated 2026-02-04T16:33:44.537000
3 posts
Critical Authentication Bypass Reported in RISS SRL MOMA Seismic Stations
RISS SRL MOMA Seismic Station versions <=v2.4.2520 contain a critical vulnerability (CVE-2026-1632) that allows unauthenticated attackers to take full control of the device via its web interface.
**If you use MOMA Seismic Station seismic stations, isolate them off the public internet immediately and put them behind a firewall or VPN. Since the vendor hasn't responded with a patch, your only real defense is strict network isolation. And consider if it's feasible to replace these devices, especially if they are networked or connected to public systems.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-riss-srl-moma-seismic-stations-exposes-infrastructure-5-4-4-r-f/gD2P6Ple2L
Critical Authentication Bypass Reported in RISS SRL MOMA Seismic Stations
RISS SRL MOMA Seismic Station versions <=v2.4.2520 contain a critical vulnerability (CVE-2026-1632) that allows unauthenticated attackers to take full control of the device via its web interface.
**If you use MOMA Seismic Station seismic stations, isolate them off the public internet immediately and put them behind a firewall or VPN. Since the vendor hasn't responded with a patch, your only real defense is strict network isolation. And consider if it's feasible to replace these devices, especially if they are networked or connected to public systems.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-riss-srl-moma-seismic-stations-exposes-infrastructure-5-4-4-r-f/gD2P6Ple2L
🔴 CVE-2026-1632 - Critical (9.1)
MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1632/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T16:33:44.537000
1 posts
Critical Authentication Bypass in Avation Light Engine Pro Allows Full Device Takeover
Avation Light Engine Pro contains a critical vulnerability (CVE-2026-1341) that allows unauthenticated remote attackers to take full control of the device due to a complete lack of authentication.
**Isolate your Avation Light Engine Pro from the internet and make them accessible only from trusted networks. There is no patch, and the vendor is unresponsive. Use a VPN and firewalls to ensure only authorized internal staff can reach the control interface, and start planning for a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-avation-light-engine-pro-allows-full-device-takeover-r-o-s-n-n/gD2P6Ple2L
updated 2026-02-04T16:33:44.537000
1 posts
🟠 CVE-2025-15285 - High (7.5)
The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication() and checkCategoryAuthentication() functions in all versions up to, and including,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15285/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T16:33:44.537000
1 posts
🟠 CVE-2025-15268 - High (7.5)
The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infility_get_data' API action in all versions up to, and including, 2.14.46. This is due to insufficient escaping on the user supplied parameter and l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15268/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T16:33:44.537000
1 posts
🔴 CVE-2026-25150 - Critical (9.3)
Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj() function within @builder.io/qwik-city middleware. The function processes form field names with dot notation ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25150/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T16:33:44.537000
2 posts
🟠 CVE-2026-1803 - High (8.1)
A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH Service. This manipulation causes use of default credentials. Remote exploitation of the attack is possible. The complexity...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1803/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1803 - High (8.1)
A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH Service. This manipulation causes use of default credentials. Remote exploitation of the attack is possible. The complexity...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1803/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T16:33:44.537000
2 posts
🟠 CVE-2026-24773 - High (7.5)
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows unauthenticated remote attackers to access personal files of ot...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24773/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24773 - High (7.5)
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows unauthenticated remote attackers to access personal files of ot...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24773/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T15:56:15.730000
3 posts
‼️ CISA has added 4 vulnerabilities to the KEV Catalog
https://darkwebinformer.com/cisa-kev-catalog/
CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
CVE-2019-19006: Sangoma FreePBX Improper Authentication Vulnerability
CVE-2025-64328: Sangoma FreePBX OS Command Injection Vulnerability
CVE-2021-39935: GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
##CISA has updated the KEV catalogue.
- CVE-2019-19006: Sangoma FreePBX Improper Authentication Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-19006
- CVE-2025-64328: Sangoma FreePBX OS Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-64328
- CVE-2021-39935: GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability https://www.cve.org/CVERecord?id=CVE-2021-39935 #CISA #infosec #GitLab #vulnerability
##CVE ID: CVE-2021-39935
Vendor: GitLab
Product: Community and Enterprise Editions
Date Added: 2026-02-03
Notes: https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2021-39935
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2021-39935
updated 2026-02-04T15:30:35
1 posts
🟠 CVE-2025-15368 - High (8.8)
The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'template_name' attribute. This makes it possible for authenticated attackers, with contributor-level and above ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T15:30:29
1 posts
1 repos
🔴 CVE-2025-5329 - Critical (9.8)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection.This issue affects Delta Course Automation: through 04022026.
NOTE: The vend...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-5329/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T14:28:00.447000
1 posts
🟠 CVE-2026-20402 - High (7.5)
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. Use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20402/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T14:22:01.120000
2 posts
🟠 CVE-2026-20404 - High (7.5)
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. Use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20404/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20404 - High (7.5)
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. Use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20404/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T13:52:44.517000
1 posts
🟠 CVE-2026-20406 - High (7.5)
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20406/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T13:48:41.430000
1 posts
🟠 CVE-2026-20408 - High (8)
In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20408/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T12:32:27
1 posts
updated 2026-02-04T09:30:35
1 posts
🟠 CVE-2026-1819 - High (8.8)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Karel Electronics Industry and Trade Inc. ViPort allows Stored XSS.This issue affects ViPort: through 23012026.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1819/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T09:30:30
1 posts
🟠 CVE-2026-1756 - High (8.8)
The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WP_FOFT_Loader_Mimes::file_and_ext' function in all versions up to, and including, 2.1.39. This makes it possible for aut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1756/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T08:16:05.393000
1 posts
1 repos
🔴 CVE-2025-5319 - Critical (9.8)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Emit Information and Communication Technologies Industry and Trade Ltd. Co. Efficiency Management System allows SQL Injection.This issue affects ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-5319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T02:00:02.030000
6 posts
Looks like CISA added SolarWinds to the KEV catalogue yesterday:
Critical: CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability #infosec #CISA #SolarWinds #vulnerability
##CISA Mandates Immediate Patching for Actively Exploited SolarWinds Web Help Desk RCE Flaw
CISA reports active exploitation of a critical flaw in SolarWinds Web Help Desk software (CVE-2025-40551). CISA has mandated that federal agencies apply the update within three days.
**If you are using Web Help Desk, this is urgent and important. Your Solar Web Help Desk is under attack. If your process allows for it, isolate Web Help Desk from the internet, then plan a quick update. If you can't isolate from the internet, patch now!**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-mandates-immediate-patching-for-actively-exploited-solarwinds-web-help-desk-rce-flaw-q-e-8-a-2/gD2P6Ple2L
CISA has added CVE-2025-40551, a critical SolarWinds Web Help Desk deserialization vulnerability, to the KEV catalog after confirming active exploitation.
The flaw enables unauthenticated remote code execution and has already been patched, though exploitation details remain undisclosed. Additional KEV inclusions span Sangoma FreePBX and GitLab, reflecting continued abuse of both enterprise and open-source platforms.
This reinforces the importance of KEV-driven prioritization and continuous monitoring beyond initial disclosure.
Source: https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html
Community insight welcome.
Follow TechNadu for ongoing vulnerability and threat intelligence updates.
#Infosec #KEV #CISA #VulnerabilityResearch #SolarWinds #ThreatLandscape #CyberDefense
##CISA orders federal agencies to patch exploited SolarWinds bug by Friday
CVE-2025-40551 carries a critical severity score of 9.8 out of 10 and impacts SolarWinds Web Help Desk (WHD) — an IT service management platform...
🔗️ [Therecord] https://link.is.it/Ir7OlU
##‼️ CISA has added 4 vulnerabilities to the KEV Catalog
https://darkwebinformer.com/cisa-kev-catalog/
CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
CVE-2019-19006: Sangoma FreePBX Improper Authentication Vulnerability
CVE-2025-64328: Sangoma FreePBX OS Command Injection Vulnerability
CVE-2021-39935: GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
##CVE ID: CVE-2025-40551
Vendor: SolarWinds
Product: Web Help Desk
Date Added: 2026-02-03
Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40551 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40551
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-40551
updated 2026-02-04T00:31:33
1 posts
🟠 CVE-2026-1861 - High (8.8)
Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1861/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T00:30:41
5 posts
New Episode: SANS Stormcast Thursday, February 5th, 2026: Malicious Scripts; Synectix Vuln; Google Chrome; Google Looker;
Shownotes:
Malicious Script Delivering More Maliciousness
https://isc.sans.edu/diary/Malicious+Script+Delivering+More+Maliciousness/32682
Synectix LAN 232 TRIO Unauthenticated Web Admin CVE-2026-1633
https://www.cisa.gov/news-events/ics-advisorie
AntennaPod | Anytime Player | Apple Podcasts | Castamatic | CurioCaster | Fountain | gPodder | Overcast | Pocket Casts | Podcast Addict | Podcast Guru | Podnews | Podverse | Truefans
Or Listen right here.
##CVE-2026-1633 Missing Authentication for Critical Function (CWE-306) https://feedly.com/cve/CVE-2026-1633
##CVE-2026-1633 Missing Authentication for Critical Function (CWE-306) https://feedly.com/cve/CVE-2026-1633
##Critical Authentication Bypass in End-of-Life Synectix LAN 232 TRIO Adapters
Synectix LAN 232 TRIO adapters contain a critical vulnerability (CVE-2026-1633) that allows unauthenticated remote attackers to take full control of the device. Because the manufacturer is out of business, no patches will be released.
**If you use these Synectix adapters, isolate them from the internet immediately because they have no password protection and will never be patched. Since the company is out of business, plan a replacement of the devices.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-end-of-life-synectix-lan-232-trio-adapters-j-r-d-l-z/gD2P6Ple2L
🔴 CVE-2026-1633 - Critical (10)
The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1633/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-04T00:30:28
1 posts
🟠 CVE-2026-1862 - High (8.8)
Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1862/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T21:31:59
1 posts
1 repos
https://github.com/onurcangnc/CVE-2025-10878-AdminPandov1.0.1-SQLi
🔴 CVE-2025-10878 - Critical (10)
A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10878/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T21:31:59
1 posts
🟠 CVE-2026-24149 - High (7.8)
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privilege...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24149/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T21:31:51
1 posts
🟠 CVE-2026-24954 - High (8.8)
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.0.8.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24954/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T21:27:13.077000
1 posts
🟠 CVE-2026-20419 - High (7.5)
In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20419/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T21:23:50.483000
1 posts
🟠 CVE-2026-20421 - High (7.5)
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. Use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20421/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T19:31:19
1 posts
🟠 CVE-2026-1285 - High (7.5)
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1285/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T19:15:23
1 posts
🟠 CVE-2025-67853 - High (7.5)
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67853/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T18:30:53
1 posts
🔴 CVE-2026-1568 - Critical (9.6)
Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service (ACS) cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup
via "Security Console" ins...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1568/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T18:30:27
3 posts
‼️ CISA has added 4 vulnerabilities to the KEV Catalog
https://darkwebinformer.com/cisa-kev-catalog/
CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
CVE-2019-19006: Sangoma FreePBX Improper Authentication Vulnerability
CVE-2025-64328: Sangoma FreePBX OS Command Injection Vulnerability
CVE-2021-39935: GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
##CISA has updated the KEV catalogue.
- CVE-2019-19006: Sangoma FreePBX Improper Authentication Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-19006
- CVE-2025-64328: Sangoma FreePBX OS Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-64328
- CVE-2021-39935: GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability https://www.cve.org/CVERecord?id=CVE-2021-39935 #CISA #infosec #GitLab #vulnerability
##CVE ID: CVE-2019-19006
Vendor: Sangoma
Product: FreePBX
Date Added: 2026-02-03
Notes: https://wiki.freepbx.org/display/FOP/2019-11-20%2BRemote%2BAdmin%2BAuthentication%2BBypass ; https://nvd.nist.gov/vuln/detail/CVE-2019-19006
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-19006
updated 2026-02-03T16:44:36.630000
2 posts
🔴 CVE-2026-24071 - Critical (9.3)
It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24071/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24071 - Critical (9.3)
It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24071/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:44:36.630000
2 posts
🟠 CVE-2025-9974 - High (8.8)
The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged aut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-9974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-9974 - High (8.8)
The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged aut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-9974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:44:36.630000
1 posts
🟠 CVE-2025-14914 - High (7.6)
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14914/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:44:36.630000
1 posts
🟠 CVE-2025-47398 - High (7.8)
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47398/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:44:36.630000
1 posts
🟠 CVE-2026-1117 - High (8.2)
A vulnerability in the `lollms_generation_events.py` component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The `add_events` function registers event handlers such as `generate_text`, `cancel_genera...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1117/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:44:36.630000
1 posts
🟠 CVE-2026-24788 - High (8.8)
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24788/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:44:03.343000
1 posts
🟠 CVE-2025-6397 - High (8.6)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS.This issue affects Website Software: through 03022026.
NOTE: The ve...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-6397/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:44:03.343000
1 posts
🟠 CVE-2025-67848 - High (8.1)
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the us...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67848/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:44:03.343000
1 posts
🟠 CVE-2026-1375 - High (8.1)
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References (IDOR) in all versions up to, and including, 3.9.5. This is due to missing object-level authorization checks in the `cou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1375/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:44:03.343000
1 posts
🟠 CVE-2026-1730 - High (8.8)
The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OS_DataHub_Maps_Admin::add_file_and_ext' function in all versions up to, and including, 1.8.3. This makes it possible fo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1730/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:44:03.343000
1 posts
🟠 CVE-2026-24694 - High (7.8)
The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the application.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24694/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:44:03.343000
2 posts
🟠 CVE-2026-24763 - High (8.8)
OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24763/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24763 - High (8.8)
OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24763/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:44:03.343000
1 posts
🔴 CVE-2026-23515 - Critical (9.9)
Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23515/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:44:03.343000
1 posts
🔴 CVE-2026-25142 - Critical (10)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerability is f...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25142/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:13:27
1 posts
🟠 CVE-2026-25060 - High (8.1)
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig() function in inter...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25060/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:13:22
1 posts
🟠 CVE-2026-25059 - High (8.8)
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:13:02
2 posts
🟠 CVE-2026-24737 - High (8.1)
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24737/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24737 - High (8.1)
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24737/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:12:22
1 posts
🟠 CVE-2026-23997 - High (8)
FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Observations field. The flaw occurs in the History view, where hist...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23997/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T16:12:13
1 posts
🔴 CVE-2026-22778 - Critical (9.8)
vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22778/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T15:30:38
1 posts
🟠 CVE-2026-25022 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.16.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25022/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T15:30:33
1 posts
🟠 CVE-2025-7760 - High (7.6)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers.This issue affects Association Web P...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-7760/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T09:30:34
1 posts
🟠 CVE-2025-8461 - High (7.6)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Seres Software syWEB allows Reflected XSS.This issue affects syWEB: through 03022026.
NOTE: The vendor was contacted early about this d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8461/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T09:30:34
1 posts
🔴 CVE-2026-24465 - Critical (9.8)
Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24465/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T09:30:28
1 posts
🟠 CVE-2025-8456 - High (7.6)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kod8 Software Technologies Trade Ltd. Co. Kod8 Individual and SME Website allows Reflected XSS.This issue affects Kod8 Individual and SME ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8456/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T09:30:28
1 posts
🟠 CVE-2025-8590 - High (7.5)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.This issue affects SKSPro: through 07012026.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8590/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T09:30:28
1 posts
🟠 CVE-2025-8589 - High (7.6)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Reflected XSS.This issue affects SKSPro: through 07012026.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8589/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T00:31:23
1 posts
🟠 CVE-2026-20407 - High (8.8)
In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20407/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T00:31:23
1 posts
🟠 CVE-2026-20420 - High (7.5)
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20420/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T00:31:22
1 posts
🟠 CVE-2026-20403 - High (7.5)
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20403/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T00:31:22
1 posts
🟠 CVE-2026-20409 - High (7.8)
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Pat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20409/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T00:31:22
1 posts
🟠 CVE-2026-20405 - High (7.5)
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20405/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-03T00:30:18
1 posts
🟠 CVE-2026-20422 - High (7.5)
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. Use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-02T23:41:06
3 posts
2 repos
OpenClaw – CVE-2026-25253 : un lien malveillant suffit à exécuter du code à distance en 1-clic https://www.it-connect.fr/openclaw-cve-2026-25253-un-lien-malveillant-suffit-a-executer-du-code-a-distance-en-1-clic/ #ActuCybersécurité #Cybersécurité #IA
##depthfirst | 1-Click RCE To Steal Your Moltbot Data and Keys (CVE-2026-25253)
https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys
##Here's a summary of the latest global, technology, and cybersecurity news from the last 24-48 hours:
**Global:** US-Iran talks on a nuclear deal are progressing, though Iran warned of regional war if attacked (Feb 1-2). A Russian drone strike killed 15 mineworkers in Dnipro, Ukraine (Feb 1).
**Tech/Cybersecurity:** ETSI launched a new, globally applicable cybersecurity standard for AI models (ETSI EN 304 223, Feb 2). A critical remote code execution (RCE) flaw in the OpenClaw AI assistant (CVE-2026-25253) was disclosed (Feb 2). AI-driven cyber threats are escalating, and Microsoft's extensive AI infrastructure spending is raising Wall Street concerns (Jan 30 - Feb 2).
##updated 2026-02-02T22:07:42
1 posts
🟠 CVE-2026-0599 - High (7.5)
A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Mark...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0599/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-02T21:31:27
1 posts
🟠 CVE-2026-20411 - High (7.8)
In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20411/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-02T18:32:35
1 posts
🟠 CVE-2026-20412 - High (7.8)
In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20412/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-02T18:32:35
1 posts
🟠 CVE-2026-24070 - High (8.8)
During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is de...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24070/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-02T18:32:35
1 posts
🔴 CVE-2025-15030 - Critical (9.8)
The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15030/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-02T18:31:39
1 posts
🟠 CVE-2025-47359 - High (7.8)
Memory Corruption when multiple threads simultaneously access a memory free API.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47359/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-02T18:31:39
1 posts
🟠 CVE-2025-47358 - High (7.8)
Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-02T18:31:39
1 posts
🟠 CVE-2025-47399 - High (7.8)
Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47399/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-02T18:31:39
1 posts
🟠 CVE-2025-47397 - High (7.8)
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47397/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-02T15:30:34
2 posts
🟠 CVE-2026-20418 - High (8.8)
In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR004...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20418/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20418 - High (8.8)
In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR004...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20418/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-02T15:30:34
1 posts
🟠 CVE-2025-8587 - High (8.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8587/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-02T06:30:53
1 posts
🔴 CVE-2026-25200 - Critical (9.8)
A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover
This issue affects MagicINFO 9 Server: less than 21.1090.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25200/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-02T06:30:53
1 posts
🟠 CVE-2026-25201 - High (8.8)
An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server.
This issue affects MagicINFO 9 Server: less than 21.1090.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25201/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-01-30T13:28:59.293000
2 posts
59 repos
https://github.com/DeadlyHollows/CVE-2026-24061-setup
https://github.com/Mefhika120/Ashwesker-CVE-2026-24061
https://github.com/xuemian168/CVE-2026-24061
https://github.com/Gabs-hub/CVE-2026-24061_Lab
https://github.com/novitahk/Exploit-CVE-2026-24061
https://github.com/balgan/CVE-2026-24061
https://github.com/X-croot/CVE-2026-24061_POC
https://github.com/BrainBob/CVE-2026-24061
https://github.com/Chocapikk/CVE-2026-24061
https://github.com/Alter-N0X/CVE-2026-24061-POC
https://github.com/franckferman/CVE_2026_24061_PoC
https://github.com/androidteacher/CVE-2026-24061-PoC-Telnetd
https://github.com/FurkanKAYAPINAR/CVE-2026-24061-telnet2root
https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester
https://github.com/LucasPDiniz/CVE-2026-24061
https://github.com/SafeBreach-Labs/CVE-2026-24061
https://github.com/obrunolima1910/CVE-2026-24061
https://github.com/Lingzesec/CVE-2026-24061-GUI
https://github.com/parameciumzhang/Tell-Me-Root
https://github.com/lavabyte/telnet-CVE-2026-24061
https://github.com/punitdarji/telnetd-cve-2026-24061
https://github.com/hilwa24/CVE-2026-24061
https://github.com/cumakurt/tscan
https://github.com/leonjza/inetutils-telnetd-auth-bypass
https://github.com/yanxinwu946/CVE-2026-24061--telnetd
https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061
https://github.com/m3ngx1ng/cve_2026_24061_cli
https://github.com/z3n70/CVE-2026-24061
https://github.com/obrunolima1910/obrunolima1910.github.io
https://github.com/0x7556/CVE-2026-24061
https://github.com/ridpath/Terrminus-CVE-2026-2406
https://github.com/SystemVll/CVE-2026-24061
https://github.com/JayGLXR/CVE-2026-24061-POC
https://github.com/XsanFlip/CVE-2026-24061-Scanner
https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061
https://github.com/Moxxic1/moxxic1.github.io
https://github.com/Good123321-bot/CVE-2026-24061-POC
https://github.com/Moxxic1/Tell-Me-Root
https://github.com/madfxr/Twenty-Three-Scanner
https://github.com/monstertsl/CVE-2026-24061
https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-
https://github.com/TryA9ain/CVE-2026-24061
https://github.com/Good123321-bot/good123321-bot.github.io
https://github.com/hackingyseguridad/root
https://github.com/infat0x/CVE-2026-24061
https://github.com/buzz075/CVE-2026-24061
https://github.com/midox008/CVE-2026-24061
https://github.com/Mr-Zapi/CVE-2026-24061
https://github.com/Ali-brarou/telnest
https://github.com/ibrahmsql/CVE-2026-24061-PoC
https://github.com/SeptembersEND/CVE--2026-24061
https://github.com/ms0x08-dev/CVE-2026-24061-POC
https://github.com/typeconfused/CVE-2026-24061
https://github.com/cyberpoul/CVE-2026-24061-POC
https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061
https://github.com/h3athen/CVE-2026-24061
https://github.com/duy-31/CVE-2026-24061---telnetd
Whatever your system is you need to patch in the fix for this CVE:
https://www.cve.org/CVERecord?id=CVE-2026-24061
The attack requires no credentials, no prior system access, and no user interaction.
Geez.
##🚨 Active exploitation confirmed: CVE-2026-24061.
This isn't just theoretical, it's a massive exposure. With nearly 800,000 Telnet instances exposed globally across legacy IoT and outdated servers, the risk of a root-level compromise is real and immediate.
We have updated Pentest-Tools.com to help you validate your exposure:
📡 Network Scanner - detects exposed Telnet services across your internal and external perimeters, identifying potentially vulnerable GNU Inetutils daemons.
🎯 Sniper Auto-Exploiter - safely executes a proof-of-concept to confirm if the authentication bypass is actually exploitable on your systems, providing the evidence needed to prioritize an immediate fix.
⚠️ Crucial detail: This critical vulnerability exists because telnetd fails to sanitize the USER environment variable. An attacker can simply supply -f root to bypass the login prompt entirely and gain instant, unauthenticated root shell access.
Attacks are happening in real-time. Validate your risk before it becomes a root-level compromise.
#offensivesecurity #ethicalhacking #infosec #cybersecurity
Check out more details about this critical vulnerability: https://pentest-tools.com/vulnerabilities-exploits/telnet-inetutils-authentication-bypass_28759
Detect with Network Scanner: https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online
Validate with Sniper Auto-Exploiter: https://pentest-tools.com/exploit-helpers/sniper
##updated 2026-01-30T00:31:29
5 posts
📢 Ivanti EPMM : deux RCE pré-auth (CVE-2026-1281/1340) activement exploitées — analyse watchTowr
📝 Source: watchTowr Labs publie une analyse technique de...
📖 cyberveille : https://cyberveille.ch/posts/2026-02-05-ivanti-epmm-deux-rce-pre-auth-cve-2026-1281-1340-activement-exploitees-analyse-watchtowr/
🌐 source : https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/
#Apache_RewriteMap #Bash #Cyberveille
📢 NCSC NL alerte: exploitation active de la zero‑day Ivanti EPMM (CVE‑2026‑1281), assume‑breach requis
📝 Selon le NCSC (Pays-Bas), une mise à jour de son av...
📖 cyberveille : https://cyberveille.ch/posts/2026-02-05-ncsc-nl-alerte-exploitation-active-de-la-zero-day-ivanti-epmm-cve-2026-1281-assume-breach-requis/
🌐 source : https://www.ncsc.nl/waarschuwing/ncsc-roept-organisaties-op-zich-te-melden-bij-gebruik-van-ivanti-endpoint-manager
#CVE_2026_1281 #Ivanti_EPMM #Cyberveille
Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 and CVE-2026-1340) https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/
##📢 NCSC NL alerte: exploitation active de la zero‑day Ivanti EPMM (CVE‑2026‑1281), assume‑breach requis
📝 Selon le NCSC (Pays-Bas), une mise à jour de son av...
📖 cyberveille : https://cyberveille.ch/posts/2026-02-05-ncsc-nl-alerte-exploitation-active-de-la-zero-day-ivanti-epmm-cve-2026-1281-assume-breach-requis/
🌐 source : https://www.ncsc.nl/waarschuwing/ncsc-roept-organisaties-op-zich-te-melden-bij-gebruik-van-ivanti-endpoint-manager
#CVE_2026_1281 #Ivanti_EPMM #Cyberveille
Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 and CVE-2026-1340) https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/
##updated 2026-01-29T15:31:31
1 posts
4 repos
https://github.com/MAXI8594/CVE-2025-15467_Scan
https://github.com/balgan/CVE-2025-15467
OpenSSL Patches 12 Vulnerabilities Including One Critical RCE
OpenSSL has patched 12 vulnerabilities, including a critical stack buffer overflow (CVE-2025-15467) that allows unauthenticated remote code execution via crafted CMS messages.
**Review your OpenSSL libraries, and start planning a patch. Prioritize 3.x versions since they are exposed to the critical flaw.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/openssl-patches-12-vulnerabilities-including-one-critical-rce-m-6-5-1-y/gD2P6Ple2L
updated 2026-01-28T00:31:41
1 posts
5 repos
https://github.com/SimoesCTT/SCTT-2026-33-0004-FortiCloud-SSO-Identity-Singularity
https://github.com/absholi7ly/CVE-2026-24858-FortiCloud-SSO-Authentication-Bypass
https://github.com/b1gchoi/CVE-2026-24858
updated 2026-01-27T16:19:42.330000
14 posts
8 repos
https://github.com/kimstars/Ashwesker-CVE-2026-21509
https://github.com/kaizensecurity/CVE-2026-21509
https://github.com/SimoesCTT/CTT-NFS-Vortex-RCE
https://github.com/gavz/CVE-2026-21509-PoC
https://github.com/SimoesCTT/CTT-MICROSOFT-OFFICE-OLE-MANIFOLD-BYPASS-CVE-2026-21509
https://github.com/decalage2/detect_CVE-2026-21509
https://github.com/ksk-itdk/KSK-ITDK-CVE-2026-21509-Mitigation
https://github.com/SimoesCTT/SCTT-2026-33-0007-The-OLE-Vortex-Laminar-Bypass-
Fancy Bear Strikes Fast: How APT28 Exploited CVE-2026-21509 in a Sophisticated European Espionage Campaign
In early 2026, European governments and strategic organizations found themselves targeted by one of the most aggressive cyber-espionage operations of the year. Russian state-sponsored group APT28, also known as Fancy Bear, leveraged a newly disclosed Office vulnerability, CVE-2026-21509, to launch a lightning-fast attack. Within just 24 hours of the flaw’s…
##APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure
Attack exploited a 1-day vuln within 24 hours of the patch release
https://www.trellix.com/blogs/research/apt28-stealthy-campaign-leveraging-cve-2026-21509-cloud-c2/
APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure
Attack exploited a 1-day vuln within 24 hours of the patch release
https://www.trellix.com/blogs/research/apt28-stealthy-campaign-leveraging-cve-2026-21509-cloud-c2/
New. You'd think it's Tuesday, based on today's prolific output.
Picus: CVE-2026-21509: APT28 Exploits Microsoft Office Zero-day Vulnerability https://www.picussecurity.com/resource/blog/cve-2026-21509-apt28-exploits-microsoft-office-zero-day-vulnerability
Securonix: Analyzing Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode https://www.securonix.com/blog/deadvax-threat-research-security-advisory/
Silent Push Identifies More Than 10,000 Infected IPs as Part of SystemBC Botnet Malware Family https://www.silentpush.com/blog/systembc/
Sophos: Malicious use of virtual machine infrastructure https://www.sophos.com/en-us/blog/malicious-use-of-virtual-machine-infrastructure @sophos
Tenable: LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem) https://www.tenable.com/blog/google-looker-vulnerabilities-rce-internal-access-lookout @tenable #infosec #Google #Microsoft #threatresearch #zeroday #vulnerability #malware #botnet
##Robin Dost details how APT28 uses CVE-2026-21509 in practice, relying on crafted RTF files that trigger OLE parsing without macros. The blog post walks through efficient IOC extraction from weaponised documents. https://blog.synapticsystems.de/apt28-geofencing-as-a-targeting-signal-cve-2026-21509/
##This is from yesterday.
Zscaler: APT28 Leverages CVE-2026-21509 in Operation Neusploit https://www.zscaler.com/blogs/security-research/apt28-leverages-cve-2026-21509-operation-neusploit #infosec #vulnerability #threatresearch
##Russian state hackers exploit new Microsoft Office flaw in attacks on Ukraine, EU
Ukraine’s computer emergency response team, CERT-UA, said attackers began abusing the flaw — tracked as CVE-2026-21509 — shortly after Microsoft...
🔗️ [Therecord] https://link.is.it/ZQMXsZ
##RE: https://mastodon.social/@campuscodi/116006284031729445
More on this campaign from Zscaler: https://www.zscaler.com/blogs/security-research/apt28-leverages-cve-2026-21509-operation-neusploit
Other targets also include Romania and Slovakia
##Latest News (Feb 2-3, 2026):
Global: India and the US have finalized a trade deal. Pakistani forces killed 145 militants in Balochistan after coordinated attacks.
Tech: SpaceX merged with xAI, announcing plans for space-based AI data centers. Oracle plans a $50B expansion for AI cloud infrastructure.
Cybersecurity: A Russian hacker alliance, "Russian Legion," threatens a major cyberattack on Denmark. Russia-linked APT28 exploits a new Microsoft Office flaw (CVE-2026-21509) in attacks across Ukraine and the EU.
##Zscaler ThreatLabz reports on Operation Neusploit, a January 2026 campaign targeting Central and Eastern Europe. Weaponised Microsoft RTF files exploit CVE-2026-21509 to deliver multi-stage backdoors. The campaign is attributed to APT28 with high confidence. https://www.zscaler.com/blogs/security-research/apt28-leverages-cve-2026-21509-operation-neusploit
##Russian hackers exploit recently patched Microsoft Office bug in attacks
Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple…
#NewsBeep #News #US #USA #UnitedStates #UnitedStatesOfAmerica #Technology
https://www.newsbeep.com/us/445936/
"Microsoft Office zero-day actively exploited" 🕵️ 🙄
(CVSS 7.8)
https://hackingpassion.com/office-zero-day-cve-2026-21509
#cve202621509 #cybersec #cybersecurity #infosec #microsoft #office #microsoftoffice #ole
##Russian hackers exploit recently patched Microsoft Office bug in attacks
Ukraine's Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in...
🔗️ [Bleepingcomputer] https://link.is.it/iMsHDY
##updated 2026-01-22T21:33:43
1 posts
updated 2026-01-20T14:58:01.347000
1 posts
updated 2026-01-09T16:53:16
1 posts
30 repos
https://github.com/Khin-96/n8n-cve-2025-68613-thm
https://github.com/nehkark/CVE-2025-68613
https://github.com/hackersatyamrastogi/n8n-exploit-CVE-2025-68613-n8n-God-Mode-Ultimate
https://github.com/sahilccras/Blackash-CVE-2025-68613
https://github.com/intbjw/CVE-2025-68613-poc-via-copilot
https://github.com/manyaigdtuw/CVE-2025-68613_Scanner
https://github.com/gagaltotal/n8n-cve-2025-68613
https://github.com/rxerium/CVE-2025-68613
https://github.com/ahmedshamsddin/n8n-RCE-CVE-2025-68613
https://github.com/secjoker/CVE-2025-68613
https://github.com/ali-py3/Exploit-CVE-2025-68613
https://github.com/GnuTLam/POC-CVE-2025-68613
https://github.com/AbdulRKB/n8n-RCE
https://github.com/Rishi-kaul/n8n-CVE-2025-68613
https://github.com/mbanyamer/n8n-Authenticated-Expression-Injection-RCE-CVE-2025-68613
https://github.com/r4j3sh-com/CVE-2025-68613-n8n-lab
https://github.com/TheStingR/CVE-2025-68613-POC
https://github.com/TheInterception/n8n_CVE-2025-68613_exploit_payloads
https://github.com/J4ck3LSyN-Gen2/n8n-CVE-2025-68613-TryHackMe
https://github.com/JohannesLks/CVE-2025-68613-Python-Exploit
https://github.com/Dlanang/homelab-CVE-2025-68613
https://github.com/shibaaa204/CVE-2025-68613
https://github.com/Ak-cybe/CVE-2025-68613-n8n-rce-analysis
https://github.com/reem-012/poc_CVE-2025-68613
https://github.com/cv-sai-kamesh/n8n-CVE-2025-68613
https://github.com/LingerANR/n8n-CVE-2025-68613
https://github.com/intelligent-ears/CVE-2025-68613
https://github.com/wioui/n8n-CVE-2025-68613-exploit
https://github.com/releaseown/analysis-and-poc-n8n-CVE-2025-68613
Critical RCE Alert: n8n Workflow Automation Hit by Severe Vulnerability Allowing System Takeover
The popular workflow automation platform n8n has been rocked by a critical security flaw that could let attackers execute arbitrary system commands on affected servers. Tracked as CVE-2026-25049 with a high CVSS score of 9.4, the vulnerability stems from insufficient input sanitization—despite previous fixes for CVE-2025-68613, a similar high-severity flaw patched in…
##updated 2025-12-03T00:31:35
1 posts
updated 2025-11-13T16:25:27
5 posts
4 repos
https://github.com/Mr-In4inci3le/CVE-2025-11953-POC-
https://github.com/N3k0t-dev/PoC-CVE-collection
https://github.com/SaidBenaissa/cve-2025-11953-vulnerability-demo
📢 Exploitation active de CVE-2025-11953 (« Metro4Shell ») sur Metro (React Native) observée par VulnCheck
📝 Selon VulnCheck, des exploitations de la vulnérabilité CVE-2025-11953 (« Metro4Shell ») ont été observées dès le 21 décembr...
📖 cyberveille : https://cyberveille.ch/posts/2026-02-04-exploitation-active-de-cve-2025-11953-metro4shell-sur-metro-react-native-observee-par-vulncheck/
🌐 source : https://www.vulncheck.com/blog/metro4shell_eitw
#CVE_2025_11953 #IOC #Cyberveille
Critical React Native Metro Server Bug Under Active Exploitation
Attackers are actively exploiting a critical command injection vulnerability (CVE-2025-11953) in the React Native Metro development server to deploy malware on Windows and Linux systems.
**This is now urgent and important. If you're a React Native developer, update @react-native-community/cli-server-api to version 20.0.0 or higher. Your tools are being actively exploited. If you can't update right away, start your Metro server with the --host 127.0.0.1 flag (like `npx react-native start --host 127.0.0.1`). Make sure to patch all projects on your computer and the globally installed version.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-react-native-metro-server-bug-under-active-exploitation-m-3-d-o-k/gD2P6Ple2L
Our team wrote about in-the-wild exploitation of React Metro Server CVE-2025-11953, which VulnCheck's Canary Intelligence network detected for the first time in December 2025.
##Hackers exploit critical React Native Metro bug to breach dev systems
Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious...
🔗️ [Bleepingcomputer] https://link.is.it/9a1Dng
##Hackers exploit critical React Native Metro bug to breach dev systems
Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious...
🔗️ [Bleepingcomputer] https://link.is.it/w9Y7HI
##updated 2025-11-04T00:31:55
1 posts
updated 2025-10-30T19:52:49.873000
2 posts
Broadcom patched this ESXi arbitrary-write vulnerability (tracked as CVE-2025-22225) almost one year ago, in March 2025, alongside a memory leak (CVE-2025-22226) and a TOCTOU flaw (CVE-2025-22224), and tagged them all as actively exploited zero-days. https://www.bleepingcomputer.com/news/security/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks/
##Broadcom patched this ESXi arbitrary-write vulnerability (tracked as CVE-2025-22225) almost one year ago, in March 2025, alongside a memory leak (CVE-2025-22226) and a TOCTOU flaw (CVE-2025-22224), and tagged them all as actively exploited zero-days. https://www.bleepingcomputer.com/news/security/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks/
##updated 2025-10-30T19:52:45.300000
4 posts
Broadcom patched this ESXi arbitrary-write vulnerability (tracked as CVE-2025-22225) almost one year ago, in March 2025, alongside a memory leak (CVE-2025-22226) and a TOCTOU flaw (CVE-2025-22224), and tagged them all as actively exploited zero-days. https://www.bleepingcomputer.com/news/security/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks/
##CISA Sounds the Alarm: VMware ESXi Zero-Day Actively Exploited in Ransomware Attacks
Introduction: A Critical Threat Hits Virtualized Infrastructure U.S. cybersecurity authorities have issued a stark warning to organizations worldwide after confirming active exploitation of a severe VMware ESXi vulnerability in real-world ransomware attacks. The flaw, tracked as CVE-2025-22225, is no longer theoretical or limited to proof-of-concept exploits—it is now being weaponized…
##Ransomware gangs have found a way to break out of virtual machines and take over entire data centers in one move. Here is how a single VMware ESXi flaw is changing the rules of cyberattacks.
##Broadcom patched this ESXi arbitrary-write vulnerability (tracked as CVE-2025-22225) almost one year ago, in March 2025, alongside a memory leak (CVE-2025-22226) and a TOCTOU flaw (CVE-2025-22224), and tagged them all as actively exploited zero-days. https://www.bleepingcomputer.com/news/security/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks/
##updated 2025-10-30T19:52:41.973000
2 posts
Broadcom patched this ESXi arbitrary-write vulnerability (tracked as CVE-2025-22225) almost one year ago, in March 2025, alongside a memory leak (CVE-2025-22226) and a TOCTOU flaw (CVE-2025-22224), and tagged them all as actively exploited zero-days. https://www.bleepingcomputer.com/news/security/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks/
##Broadcom patched this ESXi arbitrary-write vulnerability (tracked as CVE-2025-22225) almost one year ago, in March 2025, alongside a memory leak (CVE-2025-22226) and a TOCTOU flaw (CVE-2025-22224), and tagged them all as actively exploited zero-days. https://www.bleepingcomputer.com/news/security/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks/
##updated 2025-10-30T15:50:59.680000
4 posts
27 repos
https://github.com/ghostn4444/CVE-2025-8088
https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC
https://github.com/pescada-dev/-CVE-2025-8088
https://github.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal
https://github.com/nuky-alt/CVE-2025-8088
https://github.com/nhattanhh/CVE-2025-8088
https://github.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC
https://github.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC
https://github.com/lucyna77/winrar-exploit
https://github.com/ilhamrzr/RAR-Anomaly-Inspector
https://github.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition
https://github.com/travisbgreen/cve-2025-8088
https://github.com/pentestfunctions/best-CVE-2025-8088
https://github.com/Markusino488/cve-2025-8088
https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder
https://github.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit-
https://github.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability
https://github.com/hbesljx/CVE-2025-8088-EXP
https://github.com/pentestfunctions/CVE-2025-8088-Multi-Document
https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool
https://github.com/jordan922/CVE-2025-8088
https://github.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui
https://github.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR
https://github.com/techcorp/CVE-2025-8088-Exploit
https://github.com/xi0onamdev/WinRAR-CVE-2025-8088-Exploitation-Toolkit
Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia - Check Point Research
##Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia - Check Point Research
##New.
Check Point: Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia https://research.checkpoint.com/2026/amaranth-dragon-weaponizes-cve-2025-8088-for-targeted-espionage/
More:
The Hacker News: China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns https://thehackernews.com/2026/02/china-linked-amaranth-dragon-exploits.html #Windows #infosec #vulnerability
##New Amaranth Dragon cyberespionage group exploits WinRAR flaw
A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR...
🔗️ [Bleepingcomputer] https://link.is.it/vE4Qlj
##updated 2025-06-18T13:46:52.973000
3 posts
Exploiting CVE-2025-49825 - authentication bypass vulnerability in Teleport https://blog.offensive.af/posts/exploiting-cve-2025-49825/
##Exploiting CVE-2025-49825 - authentication bypass vulnerability in Teleport https://blog.offensive.af/posts/exploiting-cve-2025-49825/
##Exploiting CVE-2025-49825 (authentication bypass vulnerability in Teleport) https://blog.offensive.af/posts/exploiting-cve-2025-49825/
##updated 2025-05-20T20:57:00
1 posts
🚨 EUVD-2026-5347
📊 Score: 9.4/10 (CVSS v3.1)
📦 Product: langroid
🏢 Vendor: langroid
📅 Updated: 2026-02-04
📝 Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandas_eval tool to evaluate the expression. There is a WAF in langroid/utils/p...
##updated 2024-04-04T07:48:27
1 posts
RE: https://mastodon.social/@bagder/116001950411560304
My CVEs are still at 0 medals, but thanks to VxWorks I was able to achieve a CVE on Mars (#Curiosity rover, CVE-2023-38346) 😉
Btw. if anyone from #NASA could confirm curiosity was/is really affected (but probably without attack vector so no impact I guess), that would mean a lot to me
##updated 2023-01-29T05:00:49
1 posts
@rk @hrbrmstr
Are you forgetting CVE-2019-15006 by Taylor Swift on Security?
🟠 CVE-2026-25585 - High (7.8)
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25585/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25585 - High (7.8)
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25585/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25584 - High (7.8)
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum::GetValues(). ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25584/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25584 - High (7.8)
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum::GetValues(). ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25584/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25582 - High (7.8)
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25582/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25582 - High (7.8)
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25582/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25519 - High (8.1)
OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally config...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25519/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25519 - High (8.1)
OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally config...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25519/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25519 - High (8.1)
OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally config...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25519/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25519 - High (8.1)
OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally config...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25519/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##SQL Injection Vulnerability Reported in Quiz and Survey Master WordPress Plugin
A SQL injection vulnerability (CVE-2025-67987) in the Quiz and Survey Master WordPress plugin affects over 40,000 sites, allowing authenticated users with Subscriber-level access to extract sensitive database information.
**If you are using the Quiz and Survey Master plugin, plan a quick update to version 10.3.2. Even low-level user accounts can exploit this flaw, so do not assume your site is safe just because you trust your registered users.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sql-injection-vulnerability-reported-in-quiz-and-survey-master-wordpress-plugin-k-x-8-0-b/gD2P6Ple2L
3 posts
1 repos
https://github.com/mcorybillington/CVE-2025-64328_FreePBX-framework-Command-Injection
‼️ CISA has added 4 vulnerabilities to the KEV Catalog
https://darkwebinformer.com/cisa-kev-catalog/
CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
CVE-2019-19006: Sangoma FreePBX Improper Authentication Vulnerability
CVE-2025-64328: Sangoma FreePBX OS Command Injection Vulnerability
CVE-2021-39935: GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
##CISA has updated the KEV catalogue.
- CVE-2019-19006: Sangoma FreePBX Improper Authentication Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-19006
- CVE-2025-64328: Sangoma FreePBX OS Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-64328
- CVE-2021-39935: GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability https://www.cve.org/CVERecord?id=CVE-2021-39935 #CISA #infosec #GitLab #vulnerability
##CVE ID: CVE-2025-64328
Vendor: Sangoma
Product: FreePBX
Date Added: 2026-02-03
Notes: https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vm9p-46mv-5xvw ; https://nvd.nist.gov/vuln/detail/CVE-2025-64328
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-64328
🟠 CVE-2026-24665 - High (8.7)
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into uploaded as...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24665/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24665 - High (8.7)
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into uploaded as...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24665/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24669 - High (7.8)
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24669/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24669 - High (7.8)
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24669/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-66480 - Critical (9.8)
Wildfire IM is an instant messaging and real-time audio/video solution. Prior to 1.4.3, a critical vulnerability exists in the im-server component related to the file upload functionality found in com.xiaoleilu.loServer.action.UploadFileAction. Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66480/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25137 - Critical (9.1)
The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and downloa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25137/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##