24h | 7d | 30d

CVE-2025-52691

Overview

  • SmarterTools
  • SmarterMail
29 Dec 2025
Published
09 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
10.87%
KEV

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Statistics

  • 3 Posts
  • 5 Interactions
Last activity: 15 hours ago

Fediverse

Profile picture
Catalin Cimpanu @campuscodi

watchTowr has published a technical analysis of a CVSS 10 pre-auth RCE vulnerability in SmartTool's SmarterMail business email platform.

The vulnerability (CVE-2025-52691) was silently patched in Oct and publicly disclosed only a few months later in Dec

labs.watchtowr.com/do-smart-pe

  • 3
  • 2
  • 1
  • 19h ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
πŸ“Œ Critical Pre-Auth RCE Vulnerability in SmarterMail (CVE-2025-52691) Disclosed by watchTowr Labs https://www.cyberhub.blog/article/17899-critical-pre-auth-rce-vulnerability-in-smartermail-cve-2025-52691-disclosed-by-watchtowr-labs
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-0628

Overview

  • Google
  • Chrome
06 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 1 hour ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 Attention #Fedora Users! A critical security update is available for your Chromium browser. Version 143.0.7499.192 patches a high-severity vulnerability (CVE-2026-0628) that could let malicious sites bypass security rules. Read more: πŸ‘‰ tinyurl.com/3xk6ta5d #Security
  • 0
  • 1
  • 0
  • 20h ago
Profile picture
Information Security Briefly @infosecbriefly.bsky.social
Microsoft released Edge 143.0.3650.139 to fix a serious Chromium vulnerability CVE-2026-0628, improving browser security and stability.
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-0855

Overview

  • Merit LILIN
  • P2
12 Jan 2026
Published
12 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

Statistics

  • 2 Posts
Last activity: 1 hour ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0855 - High (8.8)

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture
BaseFortify.eu @basefortify.bsky.social
🚨 CVE of the Day: CVE-2026-0855 High-severity OS command injection in Merit LILIN IP cameras allows authenticated attackers to execute arbitrary commands on the device, leading to full compromise. πŸ” Full report: basefortify.eu/cve_reports/... #CVE #IoTSecurity #IPCamera #RCE 🚨
  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-20700

Overview

  • Airoha Technology Corp.
  • AB156x, AB157x, AB158x, AB159x series, AB1627
04 Aug 2025
Published
05 Aug 2025
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 22 hours ago

Bluesky

Profile picture
0xor0ne @0xor0ne.bsky.social
Airoha Bluetooth RACE vulnerabilities (CVE-2025-20700/20701/20702) Blog post: insinuator.net/2025/12/blue... White paper: static.ernw.de/whitepaper/E... Credits Dennis Heinze, Frieder Steinmetz #infosec #bluetooth
  • 0
  • 2
  • 0
  • 22h ago

CVE-2023-38408

Overview

  • Pending
20 Jul 2023
Published
15 Oct 2024
Updated
CVSS
Pending
EPSS
68.75%
KEV

Description

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Bluesky

Profile picture
Sami Laiho @samilaiho.com
CVE-2023-38408: OpenSSH Vulnerability in Ethernet Switches URL: www.moxa.com/en/support/p... Classification: Critical, Solution: Official Fix, Exploit Maturity: Functional, CVSSv3.1: 9.8
  • 0
  • 1
  • 0
  • 2h ago

CVE-2026-0716

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 16 hours ago

Fediverse

Profile picture
Mike Gorse @MikeGorse

I'm not exactly sure why I'm doing this on a Sunday, and the hard work was done by others, but there you go; proposed fix for CVE-2026-0716. gitlab.gnome.org/GNOME/libsoup

  • 0
  • 1
  • 0
  • 16h ago

CVE-2022-26320

Overview

  • Pending
14 Mar 2022
Published
07 Oct 2024
Updated
CVSS
Pending
EPSS
0.52%
KEV

Description

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
μ–΄λ‘ μ‚¬μž @gnh1201

μš”μ¦˜ μŠ€λ ˆλ“œμ— RSA-2048을 ν•΄λ…ν–ˆλ‹€λŠ” μ–‘λ°˜μ΄ μžˆμ–΄μ„œ 글을 μ²˜μŒλΆ€ν„° λκΉŒμ§€ μ •λ…ν–ˆλ‹€.

그리고 μ½”λ“œ 없이 κ°œλ…μ μœΌλ‘œ κ°€λŠ₯ν•œμ§€ λ”°μ Έλ΄„. 이 μ‚¬λžŒμ˜ μ£Όμž₯은 λ„ˆλ¬΄ μ€‘κ΅¬λ‚œλ°©μ΄λΌ κΉ”λ”ν•˜κ²Œ ν•œμ€„λ‘œ μš”μ•½ν•˜λ©΄ 이렇닀.

"d = | q - p | 의 d(거리)κ°€ 0에 μˆ˜λ ΄ν• μˆ˜λ‘ RSAκ°€ 깨질 κ°€λŠ₯성이 높아진닀."

그리고 이건 μ–ΌμΆ” 사싀은 맞음.

거리가 κ°€κΉŒμ›Œμ§ˆμˆ˜λ‘ Fermat's Factorizationλ₯Ό μ΄μš©ν•œ 곡격이 κ°€λŠ₯해지고, 이와 κ΄€λ ¨λœ 곡식 취약점 CVE (예: CVE-2022-26320)도 μ‘΄μž¬ν•œλ‹€.

참고둜 μ–΄λ €μš΄κ²Œ μ•„λ‹ˆλΌ κ³ λ“±κ³Όμ • κ³±μ…ˆ 곡식 쀑 ν•˜λ‚˜λ‹€.

RSA-2048μ—μ„œλŠ” 사싀상 λΆˆκ°€λŠ₯ν•˜κ³ , RSA-256 μˆ˜μ€€μ—μ„  κ°€λŠ₯ν•  수 μžˆλ‹€. (RSA-2048은 νŠΉμ • 쑰건 λ§Œμ‘±μ‹œ κ°€λŠ₯)

RSA-2048을 ν’€μ—ˆλ‹€κ³  μ£Όμž₯ν•˜μ‹œλŠ” 뢄이 올린 μ½”λ“œλ₯Ό 봀을 λ•Œ, κ·Έλƒ₯ qλ₯Ό μ €μž₯해놓고 n mod q λ¨Ήμ—¬μ„œ 0이 λ˜λŠ”μ§€ ν™•μΈν•˜κ³  pλ₯Ό μœ λ„ν•˜λŠ” κ²ƒμž„.

κ·Έλƒ₯ 닡지가지고 μž₯λ‚œμΉ˜λŠ”κ±°λΌ μƒκ°ν•˜λ©΄ λœλ‹€.

  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-0854

Overview

  • Merit LILIN
  • DH032
12 Jan 2026
Published
12 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0854 - High (8.8)

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-0841

Overview

  • UTT
  • 进取 520W
11 Jan 2026
Published
11 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture
malwarEvangelist @malwarevangelist.com
In our cybersecurity chronicles, CVE-2026-0841 mirrors the intensity of the Heartbleed bug but with a more localized impact on home devices. Its buffer overflow potential could spread like wildfire if not contained. How do you see us addressing such vulnerabilities moving forward?
  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-69277

Overview

  • libsodium
  • libsodium
31 Dec 2025
Published
07 Jan 2026
Updated
CVSS v3.1
MEDIUM (4.5)
EPSS
0.02%
KEV

Description

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 CVE-2025-69277: Critical libsodium validation flaw impacts #Fedora42. Affects Ed25519 sig verification. Data integrity & disclosure risk. Read more: πŸ‘‰ tinyurl.com/3nypjx8s #Security
  • 0
  • 0
  • 0
  • 21h ago
Showing 1 to 10 of 26 CVEs