24h | 7d | 30d

CVE-2026-25201

Overview

  • Samsung Electronics
  • MagicINFO 9 Server
02 Feb 2026
Published
02 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1.

Statistics

  • 2 Posts
Last activity: 1 hour ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-25201 - High (8.8)

An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server.
This issue affects MagicINFO 9 Server: less than 21.1090.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture
BaseFortify.eu @basefortify.bsky.social
🚨 Critical Samsung MagicINFO flaw disclosed: CVE-2026-25201 allows unauthenticated attackers to upload arbitrary files, leading to remote code execution on MagicINFO 9 Server. Full report: basefortify.eu/cve_reports/... #CVE #Samsung #MagicINFO 🔐
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-25253

Overview

  • OpenClaw
  • OpenClaw
01 Feb 2026
Published
01 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Statistics

  • 2 Posts
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-25253 - High (8.8)

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 11h ago

Bluesky

Profile picture
0xacb @0xacb.com
💥 One click could completely compromise a OpenClaw / Moltbot / Clawdbot (CVE-2026-25253) The vulnerability is now fixed, but here's how it worked:
  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-15467

Overview

  • OpenSSL
  • OpenSSL
27 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.32%
KEV

Description

Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Statistics

  • 2 Posts
Last activity: 6 hours ago

Fediverse

Profile picture
testssl.sh :verified: @testssl

hackingpassion.com/openssl-12-

lesswrong.com/posts/7aJwgbMEiK

AI found 12 of 12 's . CVE-2025-15467 is most remarkable

  • 0
  • 0
  • 0
  • 19h ago

Bluesky

Profile picture
OpsMatters @opsmatters.com
The latest update for #CyCognito includes "Emerging Threat: CVE-2025-15467 – OpenSSL CMS AuthEnvelopedData Stack-Based Buffer Overflow" and "Emerging Threat: CVE-2026-24061 – Telnet Authentication Bypass in GNU Inetutils". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-1281

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
14.89%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CVE-2026-1281: Safe indicator check for Ivanti EPMM & CVE-2026-1340 related paths

GitHub: github.com/Ashwesker/Ashwesker

  • 0
  • 1
  • 0
  • 13h ago
Profile picture
Anonymous :verified: @youranonnewsirc

Critical cybersecurity updates from February 1-2, 2026: Microsoft patched an actively exploited Office zero-day (CVE-2026-21509), and Fortinet fixed a critical FortiCloud SSO flaw (CVE-2026-24858). Ivanti released fixes for two exploited EPMM zero-days (CVE-2026-1281, CVE-2026-1340) by February 1, and Bitdefender reported Android RAT malware distributed via Hugging Face (February 2).

In technology, Apple overhauled its online Mac store for a "build-it-yourself" experience (February 1), and Google extended the Fitbit data migration deadline to Google accounts until May 2026.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
Ivanti、EPMMの重大RCE 脆弱性2件を公表 ゼロデイ悪用も確認(CVE-2026-1281,CVE-2026-1340)-JPCERTも注意喚起 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-1340

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.16%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CVE-2026-1281: Safe indicator check for Ivanti EPMM & CVE-2026-1340 related paths

GitHub: github.com/Ashwesker/Ashwesker

  • 0
  • 1
  • 0
  • 13h ago
Profile picture
Anonymous :verified: @youranonnewsirc

Critical cybersecurity updates from February 1-2, 2026: Microsoft patched an actively exploited Office zero-day (CVE-2026-21509), and Fortinet fixed a critical FortiCloud SSO flaw (CVE-2026-24858). Ivanti released fixes for two exploited EPMM zero-days (CVE-2026-1281, CVE-2026-1340) by February 1, and Bitdefender reported Android RAT malware distributed via Hugging Face (February 2).

In technology, Apple overhauled its online Mac store for a "build-it-yourself" experience (February 1), and Google extended the Fitbit data migration deadline to Google accounts until May 2026.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
Ivanti、EPMMの重大RCE 脆弱性2件を公表 ゼロデイ悪用も確認(CVE-2026-1281,CVE-2026-1340)-JPCERTも注意喚起 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-21876

Overview

  • coreruleset
  • coreruleset
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has a legitimate charset. Versions 4.22.0 and 3.3.8 patch the issue.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 22 hours ago

Fediverse

Profile picture
fernand0 @fernand0

CVE-2026-21876: Critical Multipart Charset Bypass Fixed in CRS 4.22.0 and 3.3.8 coreruleset.org/20260106/cve-2

  • 1
  • 0
  • 1
  • 22h ago

CVE-2025-54957

Overview

  • Pending
20 Oct 2025
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can overflow due to an integer wraparound. This can lead to the allocated buffer being too small, and the out-of-bounds check of the subsequent write to be ineffective, leading to an out-of-bounds write.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 19 hours ago

Fediverse

Profile picture
wilhelm @wilhelm

I like to point out issues at Apple. They are an easy target because even with the amount of money they make, they still don't manage to fix glaring known issues.

But #Xiaomi is no better. On #HyperOS many devices have not received 2026-01-05 security patch level including critical CVE-2025-54957.

Fun fact: currently you can't even ask about this since their forum won't load. Not that they care or give sensible answers when it is operational, so ... 🙄

  • 1
  • 0
  • 0
  • 19h ago

CVE-2025-26385

Overview

  • Johnson Controls
  • Metasys
30 Jan 2026
Published
30 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.5)
EPSS
0.60%
KEV

Description

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects  * Metasys: Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation,  * Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation,  * LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1,  * System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior,  * Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

A critical SQL injection vulnerability (CVE-2025-26385) with a maximum CVSS score of 10.0 affects multiple Johnson Controls products, including Application and Data Server (ADS) and Extended Application and Data Server (ADX), allowing remote attackers to execute arbitrary SQL commands without authentication. The vulnerability impacts systems used in critical infrastructure sectors such as commercial facilities, energy, government, and transportation, and CISA recommends network isolation, firewalls, and VPNs for mitigation.
cybersecuritynews.com/johnson-

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-23626

Overview

  • kimai
  • kimai
18 Jan 2026
Published
20 Jan 2026
Updated
CVSS v3.1
MEDIUM (6.8)
EPSS
0.03%
KEV

Description

Kimai is a web-based multi-user time-tracking application. Prior to version 2.46.0, Kimai's export functionality uses a Twig sandbox with an overly permissive security policy (`DefaultPolicy`) that allows arbitrary method calls on objects available in the template context. An authenticated user with export permissions can deploy a malicious Twig template that extracts sensitive information including environment variables, all user password hashes, serialized session tokens, and CSRF tokens. Version 2.46.0 patches this issue.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture
nixpkgs security changes @nixpkgssecuritychanges.gerbet.me
[release-25.11] kimai: 2.44.0 -> 2.46.0; fixes CVE-2026-23626 https://github.com/NixOS/nixpkgs/pull/483486 #security
  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-15536

Overview

  • BYVoid
  • OpenCC
18 Jan 2026
Published
20 Jan 2026
Updated
CVSS v4.0
MEDIUM (4.8)
EPSS
0.02%
KEV

Description

A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 URGENT: CVE-2025-15536 Patch Released for #Fedora 43. Heap-based buffer overflow in OpenCC (Chinese text converter). Read more: 👉 tinyurl.com/ydzavmk7 #Security
  • 0
  • 0
  • 0
  • 19h ago
Showing 1 to 10 of 30 CVEs