CVE-2026-23744
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-01-16T22:16:26.733000

2 posts

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely v

CVE-2026-23800
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-01-16T21:15:52.037000

1 posts

Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0.

CVE-2025-68675
(7.5 HIGH)

EPSS: 0.03%

updated 2026-01-16T21:00:12

1 posts

In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be expose

CVE-2025-68438
(7.5 HIGH)

EPSS: 0.02%

updated 2026-01-16T20:59:57

1 posts

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include user-registered mask_secret() patterns, so secrets were not reliably masked before truncation and

CVE-2025-40300
(5.5 MEDIUM)

EPSS: 0.08%

updated 2026-01-16T20:25:45.940000

1 posts

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors af

CVE-2026-23742
(8.8 HIGH)

EPSS: 0.00%

updated 2026-01-16T20:15:51.613000

2 posts

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration inline allows these user to create a script that is able to read the filesystem accessibl

CVE-2026-23722
(9.1 CRITICAL)

EPSS: 0.00%

updated 2026-01-16T20:15:50.017000

2 posts

WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, specifically within the html/memorando/insere_despacho.php file. The application fails to properly sanitize or encode user-supplied input via the id_memorando GET parameter before reflecting it into the HTML source (likely inside a <script> bl

CVE-2026-21858
(10.0 CRITICAL)

EPSS: 2.96%

updated 2026-01-16T19:31:34.467000

7 posts

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise dependi

Nuclei template

4 repos

https://github.com/cropnet/ni8mare-scanner

https://github.com/Ashwesker/Ashwesker-CVE-2026-21858

https://github.com/eduardorossi84/CVE-2026-21858-POC

https://github.com/Chocapikk/CVE-2026-21858

CVE-2026-23535
(8.0 HIGH)

EPSS: 0.00%

updated 2026-01-16T19:16:19.407000

1 posts

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2.

CVE-2026-23490
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-16T19:16:19.117000

1 posts

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

CVE-2025-68924
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-16T19:16:18.370000

1 posts

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution.

CVE-2025-62291
(8.1 HIGH)

EPSS: 0.00%

updated 2026-01-16T19:16:18.163000

1 posts

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.

CVE-2025-48647
(7.8 HIGH)

EPSS: 0.00%

updated 2026-01-16T19:16:17.687000

1 posts

In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-68493
(8.1 HIGH)

EPSS: 0.06%

updated 2026-01-16T19:10:47

1 posts

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

CVE-2025-68428
(7.5 HIGH)

EPSS: 0.08%

updated 2026-01-16T18:34:24.440000

2 posts

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents

2 repos

https://github.com/Nurjaman2004/jsPDF-Bulk-Detector-CVE-2025-68428-

https://github.com/12nio/CVE-2025-68428_PoC

CVE-2025-60021
(9.8 CRITICAL)

EPSS: 0.31%

updated 2026-01-16T18:32:39

2 posts

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided extra_options parameter and executes it as a command-line argument. Attackers can execute remote commands using the extra_o

CVE-2025-68921
(7.8 HIGH)

EPSS: 0.00%

updated 2026-01-16T18:32:39

1 posts

SteelSeries Nahimic 3 1.10.7 allows Directory traversal.

1 repos

https://github.com/ZeroMemoryEx/CVE-2025-68921

CVE-2025-70753
(7.5 HIGH)

EPSS: 0.02%

updated 2026-01-16T18:32:29

1 posts

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-71024
(7.5 HIGH)

EPSS: 0.02%

updated 2026-01-16T18:32:29

1 posts

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-71026
(7.5 HIGH)

EPSS: 0.02%

updated 2026-01-16T18:32:29

1 posts

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-14017
(6.3 MEDIUM)

EPSS: 0.01%

updated 2026-01-16T18:32:29

1 posts

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

CVE-2025-70746
(7.5 HIGH)

EPSS: 0.00%

updated 2026-01-16T18:31:44

1 posts

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-71025
(7.5 HIGH)

EPSS: 0.02%

updated 2026-01-16T18:24:25.410000

1 posts

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-71027
(7.5 HIGH)

EPSS: 0.02%

updated 2026-01-16T18:24:14.237000

1 posts

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2026-0915
(0 None)

EPSS: 0.02%

updated 2026-01-16T18:16:09.487000

2 posts

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

CVE-2026-23523
(9.6 CRITICAL)

EPSS: 0.00%

updated 2026-01-16T17:15:54.480000

1 posts

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the victim’s machine. This vulnerability is fixed in 0.13.0.

CVE-2026-22023
(7.5 HIGH)

EPSS: 0.05%

updated 2026-01-16T16:45:11.670000

1 posts

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, there is an out-of-bounds heap read vulnerability in cryptography_aead_encrypt(). This issue has been patched in version 1.4.3.

CVE-2026-22024
(5.3 MEDIUM)

EPSS: 0.06%

updated 2026-01-16T16:44:36.080000

1 posts

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the cryptography_encrypt() function allocates multiple buffers for HTTP requests and JSON parsing that are never freed on any code path. Each cal

CVE-2026-22025
(3.7 LOW)

EPSS: 0.05%

updated 2026-01-16T16:39:52.060000

1 posts

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP status code, cryptography_encrypt() and cryptography_decrypt() return immediately without freeing prev

CVE-2025-29943
(0 None)

EPSS: 0.00%

updated 2026-01-16T16:15:53.403000

1 posts

Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.

CVE-2025-13154
(5.5 MEDIUM)

EPSS: 0.02%

updated 2026-01-16T15:55:33.063000

2 posts

An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.

CVE-2026-22914
(4.3 MEDIUM)

EPSS: 0.02%

updated 2026-01-16T15:55:33.063000

1 posts

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.

CVE-2026-22643
(8.3 HIGH)

EPSS: 0.07%

updated 2026-01-16T15:55:33.063000

1 posts

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

CVE-2026-22908
(9.1 CRITICAL)

EPSS: 0.15%

updated 2026-01-16T15:55:33.063000

1 posts

Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.

CVE-2026-22639
(4.3 MEDIUM)

EPSS: 0.03%

updated 2026-01-16T15:55:33.063000

1 posts

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01

CVE-2026-22641
(5.0 MEDIUM)

EPSS: 0.02%

updated 2026-01-16T15:55:33.063000

1 posts

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily affects datasources that implement route-specific permissions, including Alertmanager and certain Promet

CVE-2026-22913
(4.3 MEDIUM)

EPSS: 0.05%

updated 2026-01-16T15:55:33.063000

1 posts

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.

CVE-2026-22645
(5.3 MEDIUM)

EPSS: 0.03%

updated 2026-01-16T15:55:33.063000

1 posts

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components.

CVE-2026-22642
(4.2 MEDIUM)

EPSS: 0.03%

updated 2026-01-16T15:55:33.063000

1 posts

An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL

CVE-2026-22916
(4.3 MEDIUM)

EPSS: 0.04%

updated 2026-01-16T15:55:33.063000

1 posts

An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.

CVE-2026-22919
(3.8 LOW)

EPSS: 0.03%

updated 2026-01-16T15:55:33.063000

1 posts

An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.

CVE-2026-22918
(4.3 MEDIUM)

EPSS: 0.04%

updated 2026-01-16T15:55:33.063000

1 posts

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.

CVE-2026-0713
(8.3 HIGH)

EPSS: 0.03%

updated 2026-01-16T15:55:33.063000

1 posts

A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers can view all dashboards/folders regardless of permissions - Editors can view/edit/delete all dashboards/folders regardless of permissions - Editors can create dashb

CVE-2026-22920
(3.7 LOW)

EPSS: 0.03%

updated 2026-01-16T15:55:33.063000

1 posts

The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks.

CVE-2026-22854
(0 None)

EPSS: 0.04%

updated 2026-01-16T15:55:33.063000

1 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1.

CVE-2026-22858
(0 None)

EPSS: 0.04%

updated 2026-01-16T15:55:33.063000

1 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypa

CVE-2026-22853
(0 None)

EPSS: 0.04%

updated 2026-01-16T15:55:33.063000

1 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.

CVE-2026-22857
(0 None)

EPSS: 0.04%

updated 2026-01-16T15:55:33.063000

1 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1.

CVE-2026-22859
(0 None)

EPSS: 0.04%

updated 2026-01-16T15:55:33.063000

1 posts

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read. This vulnerability is fixed in 3.20.1.

CVE-2025-61937
(10.0 CRITICAL)

EPSS: 0.31%

updated 2026-01-16T15:55:12.257000

1 posts

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the  model application server.

CVE-2026-0227
(0 None)

EPSS: 0.07%

updated 2026-01-16T15:55:12.257000

8 posts

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.

CVE-2025-64729
(8.1 HIGH)

EPSS: 0.01%

updated 2026-01-16T15:55:12.257000

1 posts

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files.

CVE-2025-64691
(8.8 HIGH)

EPSS: 0.02%

updated 2026-01-16T15:55:12.257000

1 posts

The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.

CVE-2025-61943
(8.4 HIGH)

EPSS: 0.02%

updated 2026-01-16T15:55:12.257000

1 posts

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.

CVE-2025-62581
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-01-16T15:55:12.257000

2 posts

Delta Electronics DIAView has multiple vulnerabilities.

CVE-2025-36911
(7.1 HIGH)

EPSS: 0.01%

updated 2026-01-16T15:55:12.257000

2 posts

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-1021
(9.8 CRITICAL)

EPSS: 0.19%

updated 2026-01-16T15:55:12.257000

1 posts

Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

CVE-2026-1023
(7.5 HIGH)

EPSS: 0.07%

updated 2026-01-16T15:55:12.257000

1 posts

Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database contents.

CVE-2026-0695
(8.7 HIGH)

EPSS: 0.00%

updated 2026-01-16T15:55:12.257000

1 posts

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected content is displayed.

CVE-2025-14844
(8.2 HIGH)

EPSS: 0.10%

updated 2026-01-16T15:55:12.257000

1 posts

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcp_stripe_create_setup_intent_for_saved_card' function due to missing capability check. Additionally, the plugin does not check a user-controlled key, which makes it possible for unauthenticated attackers to leak Stripe SetupIntent client_secr

CVE-2025-14234
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-01-16T15:55:12.257000

2 posts

Buffer overflow in CPCA list processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Serie

CVE-2025-14233
(9.8 CRITICAL)

EPSS: 0.13%

updated 2026-01-16T15:55:12.257000

2 posts

Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230

CVE-2025-14235
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-01-16T15:55:12.257000

1 posts

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP

CVE-2026-1010
(8.0 HIGH)

EPSS: 0.04%

updated 2026-01-16T15:55:12.257000

1 posts

A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow, the injected payload executes in the administrator’s browser context, allowing privilege escalation,

CVE-2025-70892
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-01-16T15:55:12.257000

1 posts

Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint.

CVE-2026-22864
(8.1 HIGH)

EPSS: 0.05%

updated 2026-01-16T15:49:39

1 posts

### Summary A prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched `.bat` or `.cmd`. That check performs a case-sensitive comparison against lowercase literals and therefore can be bypassed when the extension uses alternate casing (for example `.BAT, .Bat`, etc.). ### POC ```javascript const command = new Deno.Command('./test.

CVE-2025-14510
(8.1 HIGH)

EPSS: 0.00%

updated 2026-01-16T15:31:25

1 posts

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120.

CVE-2025-68707
(8.8 HIGH)

EPSS: 0.05%

updated 2026-01-16T15:15:53.603000

1 posts

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise of the device (i.e., via unauthenticated access to /boaform/formSaveConfig and /boaform/admin endpoint

CVE-2026-20759
(8.8 HIGH)

EPSS: 0.23%

updated 2026-01-16T09:31:31

1 posts

OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low("monitoring user") or higher privilege to execute an arbitrary OS command.

CVE-2026-1022
(7.5 HIGH)

EPSS: 0.07%

updated 2026-01-16T06:30:21

1 posts

Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.

CVE-2025-12957
(8.8 HIGH)

EPSS: 0.10%

updated 2026-01-16T06:30:21

1 posts

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.5.7. This is due to insufficient file type validation detecting VTT files, allowing double extension files to bypass sanitization while being accepted as a valid VTT file. This makes it possible for authenticated attackers, with author-level access and above, to upload a

CVE-2026-0975
(7.8 HIGH)

EPSS: 0.03%

updated 2026-01-16T06:30:16

1 posts

Delta Electronics DIAView has Command Injection vulnerability.

CVE-2026-21441(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-01-16T05:04:07

1 posts

### Impact urllib3's [streaming API](https://urllib3.readthedocs.io/en/2.6.2/advanced-usage.html#streaming-and-i-o) is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br

CVE-2025-65118
(8.8 HIGH)

EPSS: 0.01%

updated 2026-01-16T03:30:27

2 posts

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.

CVE-2025-62582
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-01-16T03:30:27

1 posts

Delta Electronics DIAView has multiple vulnerabilities.

CVE-2026-1019
(9.8 CRITICAL)

EPSS: 0.17%

updated 2026-01-16T03:30:27

1 posts

Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.

CVE-2026-1018
(7.5 HIGH)

EPSS: 0.07%

updated 2026-01-16T03:30:27

1 posts

Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files.

CVE-2025-70893
(8.8 HIGH)

EPSS: 0.03%

updated 2026-01-16T00:31:57

1 posts

A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL expressions.

CVE-2025-14237
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-01-16T00:31:05

3 posts

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230

CVE-2025-14236
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-01-16T00:31:05

2 posts

Buffer overflow in Address Book attribute tag processing on Small Office Multifunction Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/