24h | 7d | 30d

CVE-2025-68493

Overview

  • Apache Software Foundation
  • Apache Struts
  • com.opensymphony:xwork
11 Jan 2026
Published
12 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Statistics

  • 3 Posts
Last activity: Last hour

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-68493 - High (8.1)

Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture
OMO @omo.bsky.social
SIOSใ‚ปใ‚ญใƒฅใƒชใƒ†ใ‚ฃใƒ–ใƒญใ‚ฐใ‚’ๆ›ดๆ–ฐใ—ใพใ—ใŸใ€‚ Apache StrutsใฎXXE่„†ๅผฑๆ€ง(CVE-2025-68493) #sios_tech #security #vulnerability #ใ‚ปใ‚ญใƒฅใƒชใƒ†ใ‚ฃ #่„†ๅผฑๆ€ง #apache #struts security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 20h ago
Profile picture
CrowdCyber @crowdcyber.bsky.social
The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-0855

Overview

  • Merit LILIN
  • P2
12 Jan 2026
Published
12 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.29%
KEV

Description

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

Statistics

  • 3 Posts
Last activity: Last hour

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2026-0855 - High (8.8)

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 7h ago
Profile picture
cR0w @cR0w

Merit

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cc: @Dio9sys @da_667

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture
BaseFortify.eu @basefortify.bsky.social
๐Ÿšจ CVE of the Day: CVE-2026-0855 High-severity OS command injection in Merit LILIN IP cameras allows authenticated attackers to execute arbitrary commands on the device, leading to full compromise. ๐Ÿ” Full report: basefortify.eu/cve_reports/... #CVE #IoTSecurity #IPCamera #RCE ๐Ÿšจ
  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-32432

Overview

  • craftcms
  • cms
25 Apr 2025
Published
29 Apr 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
75.24%
KEV

Description

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture
Alexandre Borges @alexandreborges

CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS:

opswat.com/blog/cve-2025-32432

  • 1
  • 0
  • 0
  • Last hour

Bluesky

Profile picture
Alexandre Borges @alexandreborges.bsky.social
CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS: www.opswat.com/blog/cve-202... #exploitation #cms #vulnerability #cybersecurity #informationsecurity #cve
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-0854

Overview

  • Merit LILIN
  • DH032
12 Jan 2026
Published
12 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.29%
KEV

Description

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

Statistics

  • 2 Posts
Last activity: Last hour

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2026-0854 - High (8.8)

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 8h ago
Profile picture
cR0w @cR0w

Merit

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cc: @Dio9sys @da_667

  • 0
  • 0
  • 0
  • Last hour

CVE-2022-26320

Overview

  • Pending
14 Mar 2022
Published
07 Oct 2024
Updated
CVSS
Pending
EPSS
0.52%
KEV

Description

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.

Statistics

  • 1 Post
  • 5 Interactions
Last activity: 23 hours ago

Fediverse

Profile picture
์–ด๋‘ ์‚ฌ์ž @gnh1201

์š”์ฆ˜ ์Šค๋ ˆ๋“œ์— RSA-2048์„ ํ•ด๋…ํ–ˆ๋‹ค๋Š” ์–‘๋ฐ˜์ด ์žˆ์–ด์„œ ๊ธ€์„ ์ฒ˜์Œ๋ถ€ํ„ฐ ๋๊นŒ์ง€ ์ •๋…ํ–ˆ๋‹ค.

๊ทธ๋ฆฌ๊ณ  ์ฝ”๋“œ ์—†์ด ๊ฐœ๋…์ ์œผ๋กœ ๊ฐ€๋Šฅํ•œ์ง€ ๋”ฐ์ ธ๋ด„. ์ด ์‚ฌ๋žŒ์˜ ์ฃผ์žฅ์€ ๋„ˆ๋ฌด ์ค‘๊ตฌ๋‚œ๋ฐฉ์ด๋ผ ๊น”๋”ํ•˜๊ฒŒ ํ•œ์ค„๋กœ ์š”์•ฝํ•˜๋ฉด ์ด๋ ‡๋‹ค.

"d = | q - p | ์˜ d(๊ฑฐ๋ฆฌ)๊ฐ€ 0์— ์ˆ˜๋ ดํ• ์ˆ˜๋ก RSA๊ฐ€ ๊นจ์งˆ ๊ฐ€๋Šฅ์„ฑ์ด ๋†’์•„์ง„๋‹ค."

๊ทธ๋ฆฌ๊ณ  ์ด๊ฑด ์–ผ์ถ” ์‚ฌ์‹ค์€ ๋งž์Œ.

๊ฑฐ๋ฆฌ๊ฐ€ ๊ฐ€๊นŒ์›Œ์งˆ์ˆ˜๋ก Fermat's Factorization๋ฅผ ์ด์šฉํ•œ ๊ณต๊ฒฉ์ด ๊ฐ€๋Šฅํ•ด์ง€๊ณ , ์ด์™€ ๊ด€๋ จ๋œ ๊ณต์‹ ์ทจ์•ฝ์  CVE (์˜ˆ: CVE-2022-26320)๋„ ์กด์žฌํ•œ๋‹ค.

์ฐธ๊ณ ๋กœ ์–ด๋ ค์šด๊ฒŒ ์•„๋‹ˆ๋ผ ๊ณ ๋“ฑ๊ณผ์ • ๊ณฑ์…ˆ ๊ณต์‹ ์ค‘ ํ•˜๋‚˜๋‹ค.

RSA-2048์—์„œ๋Š” ์‚ฌ์‹ค์ƒ ๋ถˆ๊ฐ€๋Šฅํ•˜๊ณ , RSA-256 ์ˆ˜์ค€์—์„  ๊ฐ€๋Šฅํ•  ์ˆ˜ ์žˆ๋‹ค. (RSA-2048์€ ํŠน์ • ์กฐ๊ฑด ๋งŒ์กฑ์‹œ ๊ฐ€๋Šฅ)

RSA-2048์„ ํ’€์—ˆ๋‹ค๊ณ  ์ฃผ์žฅํ•˜์‹œ๋Š” ๋ถ„์ด ์˜ฌ๋ฆฐ ์ฝ”๋“œ๋ฅผ ๋ดค์„ ๋•Œ, ๊ทธ๋ƒฅ q๋ฅผ ์ €์žฅํ•ด๋†“๊ณ  n mod q ๋จน์—ฌ์„œ 0์ด ๋˜๋Š”์ง€ ํ™•์ธํ•˜๊ณ  p๋ฅผ ์œ ๋„ํ•˜๋Š” ๊ฒƒ์ž„.

๊ทธ๋ƒฅ ๋‹ต์ง€๊ฐ€์ง€๊ณ  ์žฅ๋‚œ์น˜๋Š”๊ฑฐ๋ผ ์ƒ๊ฐํ•˜๋ฉด ๋œ๋‹ค.

  • 2
  • 3
  • 0
  • 23h ago

CVE-2026-0841

Overview

  • UTT
  • ่ฟ›ๅ– 520W
11 Jan 2026
Published
11 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A vulnerability was detected in UTT ่ฟ›ๅ– 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 2 Posts
Last activity: Last hour

Fediverse

Profile picture
cR0w @cR0w

UTT

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

Luxul

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture
malwarEvangelist @malwarevangelist.com
In our cybersecurity chronicles, CVE-2026-0841 mirrors the intensity of the Heartbleed bug but with a more localized impact on home devices. Its buffer overflow potential could spread like wildfire if not contained. How do you see us addressing such vulnerabilities moving forward?
  • 0
  • 0
  • 0
  • 11h ago

CVE-2023-38408

Overview

  • Pending
20 Jul 2023
Published
15 Oct 2024
Updated
CVSS
Pending
EPSS
68.75%
KEV

Description

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 7 hours ago

Bluesky

Profile picture
Sami Laiho @samilaiho.com
CVE-2023-38408: OpenSSH Vulnerability in Ethernet Switches URL: www.moxa.com/en/support/p... Classification: Critical, Solution: Official Fix, Exploit Maturity: Functional, CVSSv3.1: 9.8
  • 0
  • 1
  • 0
  • 7h ago

CVE-2026-0716

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 21 hours ago

Fediverse

Profile picture
Mike Gorse @MikeGorse

I'm not exactly sure why I'm doing this on a Sunday, and the hard work was done by others, but there you go; proposed fix for CVE-2026-0716. gitlab.gnome.org/GNOME/libsoup

  • 0
  • 1
  • 0
  • 21h ago

CVE-2026-21876

Overview

  • coreruleset
  • coreruleset
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.03%
KEV

Description

The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has a legitimate charset. Versions 4.22.0 and 3.3.8 patch the issue.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
๐Ÿ“Œ Critical WAF Bypass Vulnerability (CVE-2026-21876) Affects OWASP ModSecurity and Coraza https://www.cyberhub.blog/article/17896-critical-waf-bypass-vulnerability-cve-2026-21876-affects-owasp-modsecurity-and-coraza
  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-59057

Overview

  • remix-run
  • react-router
10 Jan 2026
Published
10 Jan 2026
Updated
CVSS v3.1
HIGH (7.6)
EPSS
0.04%
KEV

Description

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta()/<Meta> APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. There is no impact if the application is being used in Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>). This issue has been patched in @remix-run/react version 2.17.1 and react-router version 7.9.0.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture
Application Security Feed @appsecfeed.bsky.social
๐Ÿ—ž๏ธ React Router has XSS Vulnerability ยท CVE-2025-59057 ๐Ÿ”— https://github.com/advisories/GHSA-3cgp-3xvw-98x8
  • 0
  • 0
  • 0
  • 2h ago
Showing 1 to 10 of 42 CVEs