24h | 7d | 30d

CVE-2025-68493

Overview

  • Apache Software Foundation
  • Apache Struts
  • com.opensymphony:xwork
11 Jan 2026
Published
12 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Statistics

  • 5 Posts
Last activity: 6 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-68493 - High (8.1)

Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 12h ago
Profile picture
geeknik @geeknik

CVE-2025-68493 turns your XML config into a confession booth: one malicious entity and the server doxxes itself. Patch to 6.1.1 or keep streaming internal secrets to the outside like it’s reality TV.
gbhackers.com/critical-apache-

  • 0
  • 0
  • 1
  • 6h ago

Bluesky

Profile picture
CrowdCyber @crowdcyber.bsky.social
The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
キタきつね @kitafox.bsky.social
XMLトラップ:Struts 2の重大な欠陥CVE-2025-68493がデータを公開 The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data #DailyCyberSecurity (Jan 12) securityonline.info/the-xml-trap...
  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-8110

Overview

  • Gogs
  • Gogs
  • Gogs
10 Dec 2025
Published
12 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

Statistics

  • 4 Posts
  • 2 Interactions
Last activity: Last hour

Fediverse

Profile picture
cR0w @cR0w

Remember that Gogs ../ last month? It's now in the KEV Catalog.

wiz.io/blog/wiz-research-gogs-

nvd.nist.gov/vuln/detail/CVE-2

  • 0
  • 2
  • 0
  • 9h ago
Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

❗️CISA has added 1 vulnerability to the KEV Catalog:

CVE-2025-8110: Gogs Path Traversal Vulnerability

darkwebinformer.com/cisa-kev-c

  • 0
  • 0
  • 0
  • 7h ago
Profile picture
Anonymous :verified: @youranonnewsirc

Latest global tech and cybersecurity news (Jan 12-13, 2026):

The World Economic Forum's 'Global Cybersecurity Outlook 2026' highlights AI, geopolitics, and cyber-fraud as key shapers of risk, with fraud now surpassing ransomware as a top concern. CISA added a Gogs Path Traversal vulnerability (CVE-2025-8110) to its Known Exploited Vulnerabilities Catalog due to active exploitation. A critical vulnerability (CVE-2026-21858) was found in the n8n workflow automation platform, affecting thousands of systems. In technology, Google removed some medical AI Overviews following "alarming" results.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture
piggo @pigondrugs.bsky.social
~Cisa~ CISA added the actively exploited Gogs path traversal vulnerability (CVE-2025-8110) to its KEV catalog. - IOCs: CVE-2025-8110 - #CVE20258110 #Gogs #ThreatIntel
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-21858

Overview

  • n8n-io
  • n8n
07 Jan 2026
Published
12 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
2.70%
KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

  • 5 Posts
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture
Stefan Beyer @sbeyer

Die erste Ausgabe von 60 Sekunden Cyber beschäftigt sich mit dem aktuellen ESA-Hack, der Situation Taiwans, CVE-2026-21858 und dem Schlag gegen Black Axe.

60-sekunden-cyber.de/kw2-2026/

#cyber #cybersicherheit #itsicherheit #news

  • 0
  • 0
  • 0
  • 3h ago
Profile picture
Anonymous :verified: @youranonnewsirc

Latest global tech and cybersecurity news (Jan 12-13, 2026):

The World Economic Forum's 'Global Cybersecurity Outlook 2026' highlights AI, geopolitics, and cyber-fraud as key shapers of risk, with fraud now surpassing ransomware as a top concern. CISA added a Gogs Path Traversal vulnerability (CVE-2025-8110) to its Known Exploited Vulnerabilities Catalog due to active exploitation. A critical vulnerability (CVE-2026-21858) was found in the n8n workflow automation platform, affecting thousands of systems. In technology, Google removed some medical AI Overviews following "alarming" results.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture
Kevin Poireault @leekthehack.bsky.social
👀 VulnWatch Monday: CVE-2026-21858 🔓 aka "Ni8mare" A security researcher reported a critical vulnerability in popular AI workflow automation platform n8n that could enable adversaries to compromise enterprise secrets. 📰 www.infosecurity-magazine.com/news/maximum...
  • 0
  • 0
  • 0
  • 8h ago
Profile picture
OpsMatters @opsmatters.com
The latest update for #ArcticWolf includes "CVE-2025-69258: Trend Micro Apex Central Remote Code Execution Vulnerability" and "CVE-2026-21858: Critical Unauthenticated File Access Vulnerability in n8n 'Ni8mare'". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • Last hour
Profile picture
The Shadowserver Foundation @shadowserver.bsky.social
You can also track different scan results for recent n8n vulns (not just CVE-2026-21858 but also CVE-2025-68668, CVE-2025-68613, CVE-2026-21877) on Dashboard: dashboard.shadowserver.org/statistics/c... dashboard.shadowserver.org/statistics/c...
  • 0
  • 1
  • 0
  • 10h ago

CVE-2026-22184

Overview

  • zlib software
  • zlib
07 Jan 2026
Published
12 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%
KEV

Description

zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption, denial of service, and potentially code execution depending on compiler, build flags, architecture, and memory layout. The overflow occurs prior to any archive parsing or validation.

Statistics

  • 3 Posts
Last activity: 2 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 CRITICAL: #Mageia 9 zlib buffer overflow vulnerability (CVE-2026-22184) allows RCE via archive processing. Read more: 👉 tinyurl.com/bdhr2dcz #Security
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
キタきつね @kitafox.bsky.social
CVE-2026-22184 (CVSS 9.3): 重大なzlibの欠陥により、グローバルバッファオーバーフローが発生する可能性があります CVE-2026-22184 (CVSS 9.3): Critical zlib Flaw Opens Door to Global Buffer Overflow #DailyCyberSecurity (Jan 12) securityonline.info/cve-2026-221...
  • 0
  • 0
  • 0
  • 6h ago
Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
zlibに深刻な脆弱性(CVE-2026-22184) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security
  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-0855

Overview

  • Merit LILIN
  • P2
12 Jan 2026
Published
12 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.29%
KEV

Description

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0855 - High (8.8)

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 20h ago
Profile picture
cR0w @cR0w

Merit

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 13h ago

Bluesky

Profile picture
BaseFortify.eu @basefortify.bsky.social
🚨 CVE of the Day: CVE-2026-0855 High-severity OS command injection in Merit LILIN IP cameras allows authenticated attackers to execute arbitrary commands on the device, leading to full compromise. 🔍 Full report: basefortify.eu/cve_reports/... #CVE #IoTSecurity #IPCamera #RCE 🚨
  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-38352

Overview

  • Linux
  • Linux
22 Jul 2025
Published
07 Jan 2026
Updated
CVSS
Pending
EPSS
0.25%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.

Statistics

  • 1 Post
  • 24 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

❗️Chronomaly: Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable Linux kernels v5.10.x.

GitHub: github.com/farazsth98/chronoma

  • 13
  • 11
  • 0
  • 9h ago

CVE-2025-32432

Overview

  • craftcms
  • cms
25 Apr 2025
Published
29 Apr 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
75.24%
KEV

Description

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 13 hours ago

Fediverse

Profile picture
Alexandre Borges @alexandreborges

CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS:

opswat.com/blog/cve-2025-32432

  • 1
  • 0
  • 0
  • 13h ago

Bluesky

Profile picture
Alexandre Borges @alexandreborges.bsky.social
CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS: www.opswat.com/blog/cve-202... #exploitation #cms #vulnerability #cybersecurity #informationsecurity #cve
  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-56225

Overview

  • Pending
09 Jan 2026
Published
12 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.

Statistics

  • 2 Posts
Last activity: 8 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-56225 - High (7.5)

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 8h ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Security Advisory for Music Professionals #Fedora 43 has released a critical patch for MuseScore (CVE-2025-56225) addressing a FluidSynth denial-of-service vulnerability triggered through malformed MIDI files. Read more: 👉 tinyurl.com/59rwmw39
  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-69258

Overview

  • Trend Micro, Inc.
  • Trend Micro Apex Central
08 Jan 2026
Published
09 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.15%
KEV

Description

A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️Trend Micro Apex Central Multiple Vulnerabilities

CVE:

CVE-2025-69258 (CVSS: 9.8)
CVE-2025-69259 (CVSS: 7.5)
CVE-2025-69260 (CVSS: 7.5)

CWE: CWE-1285, CWE-306, CWE-641

PoC/Writeup: tenable.com/security/research/

Disclosure Date: January 7. 2026

Disclosure: success.trendmicro.com/en-US/s

  • 1
  • 0
  • 0
  • 8h ago

Bluesky

Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
トレンドマイクロ Apex Centralに複数の脆弱性(CVE-2025-69258 / 69259 / 69260) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
  • 0
  • 0
  • 0
  • 4h ago
Profile picture
OpsMatters @opsmatters.com
The latest update for #ArcticWolf includes "CVE-2025-69258: Trend Micro Apex Central Remote Code Execution Vulnerability" and "CVE-2026-21858: Critical Unauthenticated File Access Vulnerability in n8n 'Ni8mare'". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-0854

Overview

  • Merit LILIN
  • DH032
12 Jan 2026
Published
12 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.29%
KEV

Description

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0854 - High (8.8)

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 20h ago
Profile picture
cR0w @cR0w

Merit

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 13h ago
Showing 1 to 10 of 79 CVEs