24h | 7d | 30d

CVE-2025-20393

Overview

  • Cisco
  • Cisco Secure Email
17 Dec 2025
Published
15 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
4.13%
KEV

Description

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

Statistics

  • 2 Posts
Last activity: 9 hours ago

Bluesky

Profile picture
キタきつね @kitafox.bsky.social
Cisco、ゼロデイ攻撃で悪用されたAsyncOSの脆弱性(CVE-2025-20393)を修正 Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) #HelpNetSecurity (Jan 16) www.helpnetsecurity.com/2026/01/16/c...
  • 0
  • 0
  • 0
  • 10h ago
Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
シスコ、メールセキュリティ製品の脆弱性 CVE-2025-20393を修正-TOKAIコミュニケーションズのゼロデイ攻撃に悪用 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-1140

Overview

  • UTT
  • 进取 520W
19 Jan 2026
Published
19 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A vulnerability was found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigExceptAli. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-1140 - High (8.8)

A vulnerability was found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigExceptAli. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The exploit has been ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-20965

Overview

  • Microsoft
  • Windows Admin Center in Azure Portal
13 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.04%
KEV

Description

Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
📌 Critical Token Validation Flaw in Azure Windows Admin Center Enables Tenant-Wide Remote Code Execution (CVE-2026-20965) https://www.cyberhub.blog/article/18181-critical-token-validation-flaw-in-azure-windows-admin-center-enables-tenant-wide-remote-code-execution-cve-2026-20965
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-1139

Overview

  • UTT
  • 进取 520W
19 Jan 2026
Published
19 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 2 Posts
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-1139 - High (8.8)

A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The expl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 2h ago

CVE-2026-23645

Overview

  • siyuan-note
  • siyuan
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
0.04%
KEV

Description

SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file (e.g., imported from an untrusted source), arbitrary JavaScript code is executed in the context of their authenticated session. This vulnerability is fixed in 3.5.4-dev2.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture
nixpkgs security changes @nixpkgssecuritychanges.gerbet.me
[25.11] siyuan: 3.4.0 -> 3.5.4-dev2, fixes CVE-2026-23645 https://github.com/NixOS/nixpkgs/pull/481359 #security
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-0863

Overview

  • n8n
18 Jan 2026
Published
18 Jan 2026
Updated
CVSS v3.1
HIGH (8.5)
EPSS
Pending
KEV

Description

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode. If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.

Statistics

  • 3 Posts
Last activity: 15 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0863 - High (8.5)

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system.

The vulnerability can be exploited via the Code ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 2
  • 15h ago

CVE-2026-21444

Overview

  • stefanberger
  • libtpms
02 Jan 2026
Published
05 Jan 2026
Updated
CVSS v3.1
MEDIUM (5.5)
EPSS
0.00%
KEV

Description

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. Version 0.10.2 fixes the issue. No known workarounds are available.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT: #Fedora 43 libtpms update fixes CVE-2026-21444 - cryptographic IV flaw in VM TPM emulation. Read more: 👉 tinyurl.com/mr2a3tu8 #Security
  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-1143

Overview

  • TOTOLINK
  • A3700R
19 Jan 2026
Published
19 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-1143 - High (8.8)

A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be l...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-1137

Overview

  • UTT
  • 进取 520W
19 Jan 2026
Published
19 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formWebAuthGlobalConfig. Performing a manipulation results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-1137 - High (8.8)

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formWebAuthGlobalConfig. Performing a manipulation results in buffer overflow. The attack is possible to be carried out...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-36911

Overview

  • Google
  • Android
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS
Pending
EPSS
0.00%
KEV

Description

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
#WhisperPair、 数億台のBluetooth 機器に深刻な脆弱性 CVE-2025-36911-Google Fast Pairの不備による盗聴・追跡リスクの実態 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
  • 0
  • 0
  • 0
  • 9h ago
Showing 1 to 10 of 13 CVEs