24h | 7d | 30d

CVE-2025-68493

Overview

  • Apache Software Foundation
  • Apache Struts
  • com.opensymphony:xwork
11 Jan 2026
Published
12 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Statistics

  • 3 Posts
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-68493 - High (8.1)

Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture
OMO @omo.bsky.social
SIOSใ‚ปใ‚ญใƒฅใƒชใƒ†ใ‚ฃใƒ–ใƒญใ‚ฐใ‚’ๆ›ดๆ–ฐใ—ใพใ—ใŸใ€‚ Apache StrutsใฎXXE่„†ๅผฑๆ€ง(CVE-2025-68493) #sios_tech #security #vulnerability #ใ‚ปใ‚ญใƒฅใƒชใƒ†ใ‚ฃ #่„†ๅผฑๆ€ง #apache #struts security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
CrowdCyber @crowdcyber.bsky.social
The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-0855

Overview

  • Merit LILIN
  • P2
12 Jan 2026
Published
12 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.29%
KEV

Description

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2026-0855 - High (8.8)

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 9h ago
Profile picture
cR0w @cR0w

Merit

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 2h ago

Bluesky

Profile picture
BaseFortify.eu @basefortify.bsky.social
๐Ÿšจ CVE of the Day: CVE-2026-0855 High-severity OS command injection in Merit LILIN IP cameras allows authenticated attackers to execute arbitrary commands on the device, leading to full compromise. ๐Ÿ” Full report: basefortify.eu/cve_reports/... #CVE #IoTSecurity #IPCamera #RCE ๐Ÿšจ
  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-32432

Overview

  • craftcms
  • cms
25 Apr 2025
Published
29 Apr 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
75.24%
KEV

Description

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 3 hours ago

Fediverse

Profile picture
Alexandre Borges @alexandreborges

CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS:

opswat.com/blog/cve-2025-32432

  • 1
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture
Alexandre Borges @alexandreborges.bsky.social
CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS: www.opswat.com/blog/cve-202... #exploitation #cms #vulnerability #cybersecurity #informationsecurity #cve
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-0854

Overview

  • Merit LILIN
  • DH032
12 Jan 2026
Published
12 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.29%
KEV

Description

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2026-0854 - High (8.8)

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 10h ago
Profile picture
cR0w @cR0w

Merit

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 2h ago

CVE-2026-0841

Overview

  • UTT
  • ่ฟ›ๅ– 520W
11 Jan 2026
Published
12 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A vulnerability was detected in UTT ่ฟ›ๅ– 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture
cR0w @cR0w

UTT

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

Luxul

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 2h ago

Bluesky

Profile picture
malwarEvangelist @malwarevangelist.com
In our cybersecurity chronicles, CVE-2026-0841 mirrors the intensity of the Heartbleed bug but with a more localized impact on home devices. Its buffer overflow potential could spread like wildfire if not contained. How do you see us addressing such vulnerabilities moving forward?
  • 0
  • 0
  • 0
  • 13h ago

CVE-2023-38408

Overview

  • Pending
20 Jul 2023
Published
15 Oct 2024
Updated
CVSS
Pending
EPSS
68.75%
KEV

Description

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Bluesky

Profile picture
Sami Laiho @samilaiho.com
CVE-2023-38408: OpenSSH Vulnerability in Ethernet Switches URL: www.moxa.com/en/support/p... Classification: Critical, Solution: Official Fix, Exploit Maturity: Functional, CVSSv3.1: 9.8
  • 0
  • 1
  • 0
  • 9h ago

CVE-2025-59057

Overview

  • remix-run
  • react-router
10 Jan 2026
Published
10 Jan 2026
Updated
CVSS v3.1
HIGH (7.6)
EPSS
0.04%
KEV

Description

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta()/<Meta> APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. There is no impact if the application is being used in Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>). This issue has been patched in @remix-run/react version 2.17.1 and react-router version 7.9.0.

Statistics

  • 1 Post
Last activity: 4 hours ago

Bluesky

Profile picture
Application Security Feed @appsecfeed.bsky.social
๐Ÿ—ž๏ธ React Router has XSS Vulnerability ยท CVE-2025-59057 ๐Ÿ”— https://github.com/advisories/GHSA-3cgp-3xvw-98x8
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-0628

Overview

  • Google
  • Chrome
06 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

Statistics

  • 1 Post
Last activity: 8 hours ago

Bluesky

Profile picture
Information Security Briefly @infosecbriefly.bsky.social
Microsoft released Edge 143.0.3650.139 to fix a serious Chromium vulnerability CVE-2026-0628, improving browser security and stability.
  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-68431

Overview

  • strukturag
  • libheif
29 Dec 2025
Published
30 Dec 2025
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
0.04%
KEV

Description

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converted to `size_t` and is passed to `memcpy`, causing a very large read past the end of the source plane and a crash. Version 1.21.0 contains a patch. As a workaround, avoid decoding images using `iovl` overlay boxes.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
๐Ÿšจ Critical libheif vulnerabilities patched in #Ubuntu. CVE-2025-68431 allows Denial of Service and potential Arbitrary Code Execution. Read more: ๐Ÿ‘‰ tinyurl.com/w683nmtu #Security
  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-52694

Overview

  • Advantech
  • IoTSuite and IoT Edge Products
12 Jan 2026
Published
12 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.07%
KEV

Description

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐Ÿ”ด CVE-2025-52694 - Critical (10)

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 13h ago
Showing 1 to 10 of 43 CVEs