CVE-2025-64155

Overview

Fortinet
FortiSIEM

13 Jan 2026

Published

14 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.4)

EPSS

0.09%

MITRE

KEV

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

Statistics

2 Posts
1 Interaction

Last activity: 10 hours ago

Fediverse

raptor :C_H: @raptor

CVE-2025-64155: Three Years of Remotely Rooting the #Fortinet #FortiSIEM

https://horizon3.ai/attack-research/disclosures/cve-2025-64155-three-years-of-remotely-rooting-the-fortinet-fortisiem/

1
0
0
22h ago

Bluesky

OpsMatters @opsmatters.com

The latest update for #ArcticWolf includes "The Continuing Risk of Remote Code Execution" and "CVE-2025-64155: FortiSIEM Remote Unauthenticated Command Injection Vulnerability". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl

0
0
0
10h ago

CVE-2025-53690

Overview

Sitecore
Experience Manager (XM)

03 Sep 2025

Published

21 Oct 2025

Updated

CVSS v3.1

CRITICAL (9.0)

EPSS

10.18%

MITRE

KEV

Description

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

Statistics

2 Posts
1 Interaction

Last activity: 21 hours ago

Fediverse

CyberNetsecIO @netsecio

📰 China-Linked APT 'UAT-8837' Targets North American Critical Infrastructure

🇨🇳 A China-linked APT group, UAT-8837, is actively targeting North American critical infrastructure, warns Cisco Talos. The group exploits flaws like CVE-2025-53690 and uses tools like Earthworm for espionage. #APT #CyberSecurity #ThreatIntel #China

🔗 https://cyber.netsecops.io/articles/china-linked-apt-targets-north-american-critical-infrastructure/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
1
0
21h ago

Bluesky

Kevin Poireault @leekthehack.bsky.social

🔎 VulnWatch Friday: CVE-2025-53690 🔓 China-linked hacking group UAT-8837 is exploiting CVE-2025-53690 (Sitecore vulnerability) to breach North American critical infrastructure, deploying the WeepSteel backdoor, according to @talosintelligence.com.

0
0
0
22h ago

CVE-2026-0227

Overview

Palo Alto Networks
Cloud NGFW

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS v4.0

MEDIUM (6.6)

EPSS

0.07%

MITRE

KEV

Description

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.

Statistics

2 Posts

Last activity: 21 hours ago

Fediverse

CyberNetsecIO @netsecio

📰 Palo Alto Networks Patches High-Severity DoS Flaw in PAN-OS Firewalls

Palo Alto Networks patches high-severity DoS flaw CVE-2026-0227 in PAN-OS. 🔒 The bug allows unauthenticated attackers to crash firewalls with GlobalProtect enabled. PoC exists. Patch immediately! #CyberSecurity #Vulnerability #PaloAltoNetworks

🔗 https://cyber.netsecops.io/articles/palo-alto-networks-patches-critical-pan-os-denial-of-service-flaw/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
0
0
21h ago

Bluesky

ripjyr.bsky.social @ripjyr.bsky.social

Paloaltoの脆弱性情報「CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal (Severity: HIGH)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0227

0
0
0
21h ago

CVE-2026-23550

Overview

Modular DS
Modular DS
modular-connector

14 Jan 2026

Published

14 Jan 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

0.04%

MITRE

KEV

Description

Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1.

Statistics

2 Posts

Last activity: 9 hours ago

Fediverse

CyberNetsecIO @netsecio

📰 Critical Flaw in WordPress Plugin 'Modular DS' Actively Exploited for Admin Takeover

🚨 CRITICAL 10.0 CVSS FLAW: Modular DS WordPress plugin is being actively exploited! CVE-2026-23550 allows unauthenticated admin takeover. 40,000+ sites at risk. Update to version 2.5.2 NOW. #WordPress #Vulnerability #CyberSecurity #PatchNow

🔗 https://cyber.netsecops.io/articles/modular-ds-wordpress-plugin-flaw-under-active-exploitation/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
0
0
21h ago

Bluesky

Eyal Estrin ☁️ @eyalestrin.bsky.social

Modular DS bug hands hackers instant WordPress admin access (CVE-2026-23550) #appsec

0
0
0
9h ago

CVE-2026-20805

Overview

Microsoft
Windows 10 Version 1809

13 Jan 2026

Published

16 Jan 2026

Updated

CVSS v3.1

MEDIUM (5.5)

EPSS

6.56%

MITRE

KEV

Description

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Statistics

1 Post
2 Interactions

Last activity: 11 hours ago

Fediverse

Mathrubhumi English @Mathrubhumi_English

CERT-In issues high-severity alert for Windows 10, Windows 11 and Microsoft Office over CVE-2026-20805 vulnerability. Microsoft confirms exploit in the wild, urges urgent updates. https://english.mathrubhumi.com/technology/is-your-windows-pc-at-risk-indian-govt-issues-urgent-security-alert-vkdh7w9u?utm_source=dlvr.it&utm_medium=mastodon #WindowsSecurity #MicrosoftAlert #CERTIn #CyberSecurity

1
1
0
11h ago

CVE-2026-22797

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post

Last activity: 4 hours ago

Bluesky

CrowdCyber @crowdcyber.bsky.social

OpenStack Admin Forgery: CVE-2026-22797 Lets Users ‘Ask’ for Root

0
0
0
4h ago

CVE-2025-55182

Overview

Meta
react-server-dom-webpack

03 Dec 2025

Published

11 Dec 2025

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

55.12%

MITRE

KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

1 Post

Last activity: 21 hours ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 Next.js/NextAuth : forger des cookies d’authentification via le NEXTAUTH_SECRET 📝 Dans un billet technique publié le 14 janvier 2026, l’auteur détaill… https://cyberveille.ch/posts/2026-01-16-next-js-nextauth-forger-des-cookies-dauthentification-via-le-nextauth-secret/ #CVE_2025_55182 #Cyberveille

0
0
0
21h ago

CVE-2025-68921

Overview

Pending

16 Jan 2026

Published

16 Jan 2026

Updated

CVSS

Pending

EPSS

0.06%

MITRE

KEV

Description

SteelSeries Nahimic 3 1.10.7 allows Directory traversal.

Statistics

1 Post

Last activity: 23 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-68921 - High (7.8)

SteelSeries Nahimic 3 1.10.7 allows Directory traversal.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68921/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
23h ago

CVE-2026-22812

Overview

anomalyco
opencode

12 Jan 2026

Published

13 Jan 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.10%

MITRE

KEV

Description

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

Statistics

1 Post

Last activity: 15 hours ago

Fediverse

Dark Web Informer :verified_paw: @DarkWebInformer

‼️CVE-2026-22812: OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

PoC/Exploit: https://github.com/rohmatariow/CVE-2026-22812-exploit

CVSS: 8.8
CVE Published: January 12th, 2026
Exploit Published: January 16th, 2026
Advisory: https://github.com/anomalyco/opencode/security/advisories/GHSA-vxw4-wv6m-9hhh

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

0
0
0
15h ago

CVE-2026-23744

Overview

MCPJam
inspector

16 Jan 2026

Published

16 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.49%

MITRE

KEV

Description

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.

Statistics

2 Posts

Last activity: 19 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-23744 - Critical (9.8)

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installatio...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23744/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
1
19h ago