24h | 7d | 30d

CVE-2026-25201

Overview

  • Samsung Electronics
  • MagicINFO 9 Server
02 Feb 2026
Published
02 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.07%
KEV

Description

An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1.

Statistics

  • 2 Posts
Last activity: 7 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-25201 - High (8.8)

An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server.
This issue affects MagicINFO 9 Server: less than 21.1090.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 11h ago

Bluesky

Profile picture
BaseFortify.eu @basefortify.bsky.social
🚨 Critical Samsung MagicINFO flaw disclosed: CVE-2026-25201 allows unauthenticated attackers to upload arbitrary files, leading to remote code execution on MagicINFO 9 Server. Full report: basefortify.eu/cve_reports/... #CVE #Samsung #MagicINFO 🔐
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-25253

Overview

  • OpenClaw
  • OpenClaw
01 Feb 2026
Published
01 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.04%
KEV

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Statistics

  • 2 Posts
Last activity: 8 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-25253 - High (8.8)

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 17h ago

Bluesky

Profile picture
0xacb @0xacb.com
💥 One click could completely compromise a OpenClaw / Moltbot / Clawdbot (CVE-2026-25253) The vulnerability is now fixed, but here's how it worked:
  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-1281

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
13.12%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 4 Posts
  • 4 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture
Christoph Schmees @PC_Fluesterer

Ivanti: Notfall-Update gegen Zero-Days

Wieder einmal fällt der US-Hersteller Ivanti mit gefährlichen (9,8 von 10) Sicherheitslücken auf, die zum Zeitpunkt der Updates bereits angegriffen werden. Sagte ich wieder einmal? Ja, einige vergangene Meldungen: hier, hier, hier oder hier. Die beiden Sicherheitslücken CVE-2026-1281 und CVE-2026-1340 wurden mit Notfall-Updates geschlossen. Angeblich kann der Hersteller nicht sagen, welche Schwäche genau angegriffen wird, da zu wenige bekannte Angriffe vorlägen. Ach ja, aber flicken konnte man die unbekannten Schwächen? Glaubwürdigkeit gleich null. Da drängt

pc-fluesterer.info/wordpress/2

#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #foss #hintertür #politik #UnplugTrump #usa #vorbeugen #vorfälle #wissen #zeroday

  • 3
  • 0
  • 0
  • 2h ago
Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CVE-2026-1281: Safe indicator check for Ivanti EPMM & CVE-2026-1340 related paths

GitHub: github.com/Ashwesker/Ashwesker

  • 0
  • 1
  • 0
  • 19h ago
Profile picture
Anonymous :verified: @youranonnewsirc

Critical cybersecurity updates from February 1-2, 2026: Microsoft patched an actively exploited Office zero-day (CVE-2026-21509), and Fortinet fixed a critical FortiCloud SSO flaw (CVE-2026-24858). Ivanti released fixes for two exploited EPMM zero-days (CVE-2026-1281, CVE-2026-1340) by February 1, and Bitdefender reported Android RAT malware distributed via Hugging Face (February 2).

In technology, Apple overhauled its online Mac store for a "build-it-yourself" experience (February 1), and Google extended the Fitbit data migration deadline to Google accounts until May 2026.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
Ivanti、EPMMの重大RCE 脆弱性2件を公表 ゼロデイ悪用も確認(CVE-2026-1281,CVE-2026-1340)-JPCERTも注意喚起 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-1340

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.14%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 4 Posts
  • 4 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture
Christoph Schmees @PC_Fluesterer

Ivanti: Notfall-Update gegen Zero-Days

Wieder einmal fällt der US-Hersteller Ivanti mit gefährlichen (9,8 von 10) Sicherheitslücken auf, die zum Zeitpunkt der Updates bereits angegriffen werden. Sagte ich wieder einmal? Ja, einige vergangene Meldungen: hier, hier, hier oder hier. Die beiden Sicherheitslücken CVE-2026-1281 und CVE-2026-1340 wurden mit Notfall-Updates geschlossen. Angeblich kann der Hersteller nicht sagen, welche Schwäche genau angegriffen wird, da zu wenige bekannte Angriffe vorlägen. Ach ja, aber flicken konnte man die unbekannten Schwächen? Glaubwürdigkeit gleich null. Da drängt

pc-fluesterer.info/wordpress/2

#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #foss #hintertür #politik #UnplugTrump #usa #vorbeugen #vorfälle #wissen #zeroday

  • 3
  • 0
  • 0
  • 2h ago
Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CVE-2026-1281: Safe indicator check for Ivanti EPMM & CVE-2026-1340 related paths

GitHub: github.com/Ashwesker/Ashwesker

  • 0
  • 1
  • 0
  • 19h ago
Profile picture
Anonymous :verified: @youranonnewsirc

Critical cybersecurity updates from February 1-2, 2026: Microsoft patched an actively exploited Office zero-day (CVE-2026-21509), and Fortinet fixed a critical FortiCloud SSO flaw (CVE-2026-24858). Ivanti released fixes for two exploited EPMM zero-days (CVE-2026-1281, CVE-2026-1340) by February 1, and Bitdefender reported Android RAT malware distributed via Hugging Face (February 2).

In technology, Apple overhauled its online Mac store for a "build-it-yourself" experience (February 1), and Google extended the Fitbit data migration deadline to Google accounts until May 2026.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
Ivanti、EPMMの重大RCE 脆弱性2件を公表 ゼロデイ悪用も確認(CVE-2026-1281,CVE-2026-1340)-JPCERTも注意喚起 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-15467

Overview

  • OpenSSL
  • OpenSSL
27 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.39%
KEV

Description

Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Statistics

  • 2 Posts
Last activity: 2 hours ago

Bluesky

Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 OpenSSL: débordement de pile CVE-2025-15467 exposant à une exécution de code (RCE) 📝 Selon JFrog Security Research (research.jfrog.com), une nouvelle v… https://cyberveille.ch/posts/2026-02-02-openssl-debordement-de-pile-cve-2025-15467-exposant-a-une-execution-de-code-rce/ #CMS_PKCS_7 #Cyberveille
  • 0
  • 0
  • 0
  • 2h ago
Profile picture
OpsMatters @opsmatters.com
The latest update for #CyCognito includes "Emerging Threat: CVE-2025-15467 – OpenSSL CMS AuthEnvelopedData Stack-Based Buffer Overflow" and "Emerging Threat: CVE-2026-24061 – Telnet Authentication Bypass in GNU Inetutils". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-21509

Overview

  • Microsoft
  • Microsoft Office 2019
26 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
2.91%
KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 2 Posts
Last activity: 1 hour ago

Fediverse

Profile picture
Anonymous :verified: @youranonnewsirc

Critical cybersecurity updates from February 1-2, 2026: Microsoft patched an actively exploited Office zero-day (CVE-2026-21509), and Fortinet fixed a critical FortiCloud SSO flaw (CVE-2026-24858). Ivanti released fixes for two exploited EPMM zero-days (CVE-2026-1281, CVE-2026-1340) by February 1, and Bitdefender reported Android RAT malware distributed via Hugging Face (February 2).

In technology, Apple overhauled its online Mac store for a "build-it-yourself" experience (February 1), and Google extended the Fitbit data migration deadline to Google accounts until May 2026.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture
Blacky @coldblacksun.bsky.social
Ukraine’s Computer Emergency Response Team has warned of a new wave of targeted cyberattacks exploiting a critical MS Office vulnerability (CVE-2026-21509) disclosed on January 26, 2026 cert.gov.ua/article/6287...
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-21858

Overview

  • n8n-io
  • n8n
07 Jan 2026
Published
12 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
5.37%
KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 7 hours ago

Fediverse

Profile picture
CVEDatabase.com @cvedatabase

RCE Threat in Workflow Automation
⚠️ CVE-2026-21858 — Critical unauthenticated remote code execution in n8n self-hosted instances can allow complete takeover if left unpatched.
Check remediation guidance here:
👉 cvedatabase.com/cve/CVE-2026-2 #CyberSecurity #DevOps

  • 0
  • 1
  • 0
  • 7h ago

CVE-2026-1484

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • bootc
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 3 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 Security Alert for Linux Administrators & #DevOps Teams 🚨 A critical buffer overflow vulnerability (CVE-2026-1484) in the core glib2 library has been patched by #SUSE (SUSE-2026-0355-1). Read more: 👉 tinyurl.com/328yctsd #Security
  • 0
  • 1
  • 0
  • 3h ago

CVE-2025-26385

Overview

  • Johnson Controls
  • Metasys
30 Jan 2026
Published
30 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.5)
EPSS
0.60%
KEV

Description

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects  * Metasys: Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation,  * Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation,  * LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1,  * System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior,  * Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

A critical SQL injection vulnerability (CVE-2025-26385) with a maximum CVSS score of 10.0 affects multiple Johnson Controls products, including Application and Data Server (ADS) and Extended Application and Data Server (ADX), allowing remote attackers to execute arbitrary SQL commands without authentication. The vulnerability impacts systems used in critical infrastructure sectors such as commercial facilities, energy, government, and transportation, and CISA recommends network isolation, firewalls, and VPNs for mitigation.
cybersecuritynews.com/johnson-

  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-23626

Overview

  • kimai
  • kimai
18 Jan 2026
Published
20 Jan 2026
Updated
CVSS v3.1
MEDIUM (6.8)
EPSS
0.03%
KEV

Description

Kimai is a web-based multi-user time-tracking application. Prior to version 2.46.0, Kimai's export functionality uses a Twig sandbox with an overly permissive security policy (`DefaultPolicy`) that allows arbitrary method calls on objects available in the template context. An authenticated user with export permissions can deploy a malicious Twig template that extracts sensitive information including environment variables, all user password hashes, serialized session tokens, and CSRF tokens. Version 2.46.0 patches this issue.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture
nixpkgs security changes @nixpkgssecuritychanges.gerbet.me
[release-25.11] kimai: 2.44.0 -> 2.46.0; fixes CVE-2026-23626 https://github.com/NixOS/nixpkgs/pull/483486 #security
  • 0
  • 0
  • 0
  • 21h ago
Showing 1 to 10 of 45 CVEs