24h | 7d | 30d

CVE-2025-64155

Overview

  • Fortinet
  • FortiSIEM
13 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.4)
EPSS
0.06%
KEV

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 22 hours ago

Fediverse

Profile picture
geeknik @geeknik

FortiSIEM’s “security” tool got root-kicked for 3 yrs straight—by a single curl --next.

Your SIEM watches logs; the logs just watched it die.
horizon3.ai/attack-research/di

  • 0
  • 1
  • 0
  • 22h ago

CVE-2025-67822

Overview

  • Pending
15 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.26%
KEV

Description

A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to gain unauthorized access to user or admin accounts in the system.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-67822 - Critical (9.4)

A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanism...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-67077

Overview

  • Pending
15 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-67077 - High (8.8)

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-67823

Overview

  • Pending
15 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction where the email channel is enabled. This could allow an attacker to execute arbitrary scripts in the victim's browser or desktop client application.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-67823 - High (8.2)

A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input va...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-0227

Overview

  • Palo Alto Networks
  • Cloud NGFW
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.6)
EPSS
0.07%
KEV

Description

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture
Anonymous :verified: @youranonnewsirc

Here's a summary of the most important global, technology, and cybersecurity news from the last 24 hours:

Cyber incidents remain the top global business risk for the fifth consecutive year, with AI surging to second place, according to the Allianz Risk Barometer 2026. New EvilAI malware is masquerading as AI tools to infiltrate organizations. Microsoft has disrupted the RedVDS cybercrime infrastructure. Palo Alto Networks patched a critical denial-of-service bug (CVE-2026-0227) affecting firewalls. In technology, the US imposed AI chip tariffs on Nvidia, causing global supply chain friction. OpenAI will begin testing advertisements in ChatGPT. California is investigating xAI over sexualized deepfakes. Globally, geopolitical tensions continue, with Trump threatening tariffs amidst disputes over Greenland.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-20965

Overview

  • Microsoft
  • Windows Admin Center in Azure Portal
13 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.04%
KEV

Description

Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
Last activity: 8 hours ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
📌 Critical Token Validation Flaw in Azure Windows Admin Center Enables Tenant-Wide Remote Code Execution (CVE-2026-20965) https://www.cyberhub.blog/article/18181-critical-token-validation-flaw-in-azure-windows-admin-center-enables-tenant-wide-remote-code-execution-cve-2026-20965
  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-0863

Overview

  • n8n
18 Jan 2026
Published
18 Jan 2026
Updated
CVSS v3.1
HIGH (8.5)
EPSS
Pending
KEV

Description

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode. If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.

Statistics

  • 3 Posts
Last activity: 1 hour ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0863 - High (8.5)

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system.

The vulnerability can be exploited via the Code ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 2
  • 1h ago

CVE-2026-21444

Overview

  • stefanberger
  • libtpms
02 Jan 2026
Published
05 Jan 2026
Updated
CVSS v3.1
MEDIUM (5.5)
EPSS
0.00%
KEV

Description

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. Version 0.10.2 fixes the issue. No known workarounds are available.

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT: #Fedora 43 libtpms update fixes CVE-2026-21444 - cryptographic IV flaw in VM TPM emulation. Read more: 👉 tinyurl.com/mr2a3tu8 #Security
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-21900

Overview

  • nasa
  • CryptoLib
10 Jan 2026
Published
13 Jan 2026
Updated
CVSS v4.0
HIGH (8.2)
EPSS
0.06%
KEV

Description

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in cryptography_encrypt() occurs when parsing JSON metadata from KMC server responses. The flawed strtok iteration pattern uses ptr + strlen(ptr) + 1 which reads one byte past allocated buffer boundaries when processing short or malformed metadata strings. This issue has been patched in version 1.4.3.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture
geeknik @geeknik

CVE-2026-21900: NASA’s own crypto lib leaks heap memory like a cracked spacesuit—because strtok(ptr+strlen+1) is apparently flight-ready code.
redpacketsecurity.com/cisa-vul

  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-0861

Overview

  • The GNU C Library
  • glibc
14 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 22 hours ago

Fediverse

Profile picture
Xerz 💗 @xerz

tbh, CVE-2026-0915 does require the sysadmin to do something extremely weird, so: okay I guess

nevertheless, it’s very much a C-specific issue

…and then there’s CVE-2026-0861

  • 1
  • 0
  • 0
  • 22h ago
Showing 1 to 10 of 11 CVEs