24h | 7d | 30d

Overview

  • ServiceNow
  • Now Assist AI Agents

12 Jan 2026
Published
13 Jan 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.07%

KEV

Description

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update to  hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Additionally, the vulnerability is addressed in the listed Store App versions. We recommend that customers promptly apply an appropriate security update or upgrade if they have not already done so.

Statistics

  • 9 Posts
  • 13 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture

sev:CRIT auth bypass in SNOW.

cve.org/CVERecord?id=CVE-2025-

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update to hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Additionally, the vulnerability is addressed in the listed Store App versions. We recommend that customers promptly apply an appropriate security update or upgrade if they have not already done so.

  • 5
  • 5
  • 0
  • 23h ago
Profile picture

ServiceNow has patched a critical vulnerability (CVE-2025-12420) in its AI Platform that allowed unauthenticated users to impersonate others and perform actions on their behalf.
thehackernews.com/2026/01/serv

  • 1
  • 0
  • 1
  • 8h ago
Profile picture

The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0. thehackernews.com/2026/01/serv

  • 1
  • 0
  • 1
  • 8h ago
Profile picture

ServiceNow patches critical AI platform flaw that could allow user impersonation cyberscoop.com/servicenow-fixe

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture
Critical CVE-2025-12420 in ServiceNow AI allowed unauthenticated user impersonation and arbitrary actions; apply provided patches for Now Assist AI Agents and Virtual Agent API.
  • 1
  • 0
  • 0
  • 8h ago
Profile picture
ServiceNow patched a critical impersonation flaw in its AI platform, tracked as CVE-2025-12420 (CVSS 9.3). The bug could allow an […]
  • 0
  • 0
  • 0
  • 7h ago
Profile picture
AI Identity Theft: Critical ServiceNow Flaw (CVE-2025-12420) Allows Unauthenticated Impersonation
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Gogs
  • Gogs
  • Gogs

10 Dec 2025
Published
13 Jan 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
2.81%

Description

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

Statistics

  • 6 Posts

Last activity: Last hour

Fediverse

Profile picture

📰 Urgent Patch: CISA Adds Actively Exploited Gogs RCE Flaw to KEV Catalog

🚨 URGENT: CISA adds a critical, actively exploited RCE vulnerability in Gogs Git service (CVE-2025-8110) to its KEV catalog. The flaw allows full server takeover. Federal agencies must patch by Feb 2. All orgs urged to act now! ⚠️ #CVE #Gogs #RCE

🔗 cyber.netsecops.io/articles/ci

  • 0
  • 0
  • 0
  • Last hour
Profile picture

Latest global tech and cybersecurity news (Jan 12-13, 2026):

The World Economic Forum's 'Global Cybersecurity Outlook 2026' highlights AI, geopolitics, and cyber-fraud as key shapers of risk, with fraud now surpassing ransomware as a top concern. CISA added a Gogs Path Traversal vulnerability (CVE-2025-8110) to its Known Exploited Vulnerabilities Catalog due to active exploitation. A critical vulnerability (CVE-2026-21858) was found in the n8n workflow automation platform, affecting thousands of systems. In technology, Google removed some medical AI Overviews following "alarming" results.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 17h ago

Bluesky

Profile picture
CISA “Must-Patch” Alert: Critical Gogs Exploit CVE-2025-8110 Active in Wild
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
⚠️ CISA has added CVE-2025-8110 to its KEV catalog after active exploitation of public-facing Gogs instances. The flaw bypasses a prior RCE fix via improper symlink handling, allowing authenticated attackers to overwrite files and achieve remote code execution. Modat Magnify Query: technology="Gogs"
  • 0
  • 0
  • 0
  • 8h ago
Profile picture
CISA ordered federal agencies to stop using Gogs or immediately mitigate a high-severity path traversal flaw (CVE-2025-8110) actively exploited to enable remote code execution.
  • 0
  • 0
  • 0
  • 7h ago
Profile picture
📌 CISA Adds Gogs Path Traversal Vulnerability (CVE-2025-8110) to KEV Catalog https://www.cyberhub.blog/article/17981-cisa-adds-gogs-path-traversal-vulnerability-cve-2025-8110-to-kev-catalog
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Fortinet
  • FortiSIEM

13 Jan 2026
Published
13 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.4)
EPSS
Pending

KEV

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

Statistics

  • 5 Posts
  • 7 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture

🔴 CVE-2025-64155 - Critical (9.8)

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 3h ago

Bluesky

Profile picture
CVE-2025-64155: 3 Years of Remotely Rooting the Fortinet FortiSIEM
  • 0
  • 0
  • 1
  • 2h ago

Overview

  • SmarterTools
  • SmarterMail

29 Dec 2025
Published
09 Jan 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
10.87%

KEV

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Statistics

  • 4 Posts
  • 5 Interactions

Last activity: 8 hours ago

Fediverse

Profile picture

We've been working on a new AI-driven + human-in-the-loop threat signals detector and this morning it flagged this path that we have not seen before in the grid in the past 90d `/api/v1/licensing/about`. It turns out it's an unauth’d version check for SmarterTools SmarterMail.

If that name sounds familiar its b/c of CVE-2025-52691 (nvd.nist.gov/vuln/detail/CVE-2). (1/3)

  • 0
  • 2
  • 0
  • 9h ago
Profile picture

Timeline of vulnerability (soon to be exploited...) (SmartMail):

2025-12-28: NVD CVE published. [1]
2026-01-08: Vulnerability deepdive and PoC published. [2]
2026-01-12: Reconnaissance for instances detected. [3]
2026-01-xx: Exploitation? ...

[1]: nvd.nist.gov/vuln/detail/CVE-2
[2]: labs.watchtowr.com/do-smart-pe
[3]: labs.greynoise.io/grimoire/202

  • 0
  • 0
  • 0
  • 8h ago

Bluesky

Profile picture
We are scanning & reporting out SmarterMail hosts vulnerable to CVE-2025-52691 RCE (CVSS 10). 8001 unique IPs likely vulnerable on 2026-01-12 (18783 exposed). Note Exploit PoCs are public. Tree Map: dashboard.shadowserver.org/statistics/c... Raw IP data: www.shadowserver.org/what-we-do/n...
  • 1
  • 1
  • 0
  • 8h ago
Profile picture
NVD entry: nvd.nist.gov/vuln/detail/... Singapore CSA advisory: www.csa.gov.sg/alerts-and-a... CVE-2025-52691 Tracker: dashboard.shadowserver.org/statistics/c... SmarterMail exposure tracker (not a vulnerability assessment): dashboard.shadowserver.org/statistics/i...
  • 1
  • 0
  • 0
  • 8h ago

Overview

  • n8n-io
  • n8n

07 Jan 2026
Published
12 Jan 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
2.96%

KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

  • 4 Posts
  • 11 Interactions

Last activity: 10 hours ago

Fediverse

Profile picture

Die erste Ausgabe von 60 Sekunden Cyber beschäftigt sich mit dem aktuellen ESA-Hack, der Situation Taiwans, CVE-2026-21858 und dem Schlag gegen Black Axe.

60-sekunden-cyber.de/kw2-2026/

#cyber #cybersicherheit #itsicherheit #news

  • 0
  • 0
  • 0
  • 20h ago
Profile picture

Latest global tech and cybersecurity news (Jan 12-13, 2026):

The World Economic Forum's 'Global Cybersecurity Outlook 2026' highlights AI, geopolitics, and cyber-fraud as key shapers of risk, with fraud now surpassing ransomware as a top concern. CISA added a Gogs Path Traversal vulnerability (CVE-2025-8110) to its Known Exploited Vulnerabilities Catalog due to active exploitation. A critical vulnerability (CVE-2026-21858) was found in the n8n workflow automation platform, affecting thousands of systems. In technology, Google removed some medical AI Overviews following "alarming" results.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 17h ago
Profile picture

CERT-Bund benachrichtigt seit dem 09.01.2026 deutsche Netzbetreiber zu im Internet exponierten veraltete Instanzen der Open-Source Workflow-Automatisierungsplattform n8n, die noch für mindestens eine der kritischen Schwachstellen CVE-2025-68613, CVE-2025-68668, CVE-2026-21858 oder CVE-2026-21877 verwundbar sind.

Aktuell sind uns rund 24.000 n8n-Systeme bei deutschen Netzbetreibern bekannt, von denen ca. 13.800 (58%) noch verwundbar sind.

  • 5
  • 6
  • 0
  • 10h ago

Bluesky

Profile picture
The latest update for #ArcticWolf includes "CVE-2025-69258: Trend Micro Apex Central Remote Code Execution Vulnerability" and "CVE-2026-21858: Critical Unauthenticated File Access Vulnerability in n8n 'Ni8mare'". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Progress Software
  • LoadMaster

13 Jan 2026
Published
13 Jan 2026
Updated

CVSS v3.1
HIGH (8.4)
EPSS
Pending

KEV

Description

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

Statistics

  • 6 Posts
  • 1 Interaction

Last activity: 4 hours ago

Fediverse

Profile picture

🟠 CVE-2025-13444 - High (8.4)

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 2
  • 4h ago
Profile picture

Im Kemp Loadmaster sind im Dez. 2025 kritische Schwachstelle CVE-2025-13444 und CVE-2025-13447 gepatcht worden. Nun dürfen die Details öffentlich gemacht werden - mein Nachtrag:

borncity.com/blog/2025/12/21/p

  • 0
  • 0
  • 1
  • 9h ago

Overview

  • Progress Software
  • LoadMaster

13 Jan 2026
Published
13 Jan 2026
Updated

CVSS v3.1
HIGH (8.4)
EPSS
Pending

KEV

Description

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

Statistics

  • 4 Posts
  • 1 Interaction

Last activity: 5 hours ago

Fediverse

Profile picture

🟠 CVE-2025-13447 - High (8.4)

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago
Profile picture

Im Kemp Loadmaster sind im Dez. 2025 kritische Schwachstelle CVE-2025-13444 und CVE-2025-13447 gepatcht worden. Nun dürfen die Details öffentlich gemacht werden - mein Nachtrag:

borncity.com/blog/2025/12/21/p

  • 0
  • 0
  • 1
  • 9h ago

Overview

  • anomalyco
  • opencode

12 Jan 2026
Published
13 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.10%

KEV

Description

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

Statistics

  • 2 Posts

Last activity: 9 hours ago

Fediverse

Profile picture

🟠 CVE-2026-22812 - High (8.8)

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture
🚨 A critical flaw in the AI coding agent OpenCode allowed websites to execute arbitrary code on developer machines — no clicks required. We break down CVE-2026-22812 and why this matters beyond OpenCode: 👉 basefortify.eu/posts/2026/0... #cybersecurity #AI #CVE #infosec #OpenCode
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • SAP_SE
  • SAP S/4HANA Private Cloud and On-Premise (Financials � General Ledger)

13 Jan 2026
Published
13 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
0.05%

KEV

Description

Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity, and availability of the application.

Statistics

  • 2 Posts

Last activity: 12 hours ago

Fediverse

Profile picture

🔴 CVE-2026-0501 - Critical (9.9)

Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 17h ago

Bluesky

Profile picture
🚨 CVE of the Day: CVE-2026-0501 Critical SQL injection in SAP S/4HANA (Private Cloud & On-Premise) allows authenticated users to read, modify, or delete backend financial data. 🔍 Full report: basefortify.eu/cve_reports/... #CVE #SAP #S4HANA #SQLi 🚨
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Phoenix Contact
  • TC ROUTER 3002T-3G

13 Jan 2026
Published
13 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.10%

KEV

Description

An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation ('Code Injection’).

Statistics

  • 2 Posts

Last activity: 12 hours ago

Fediverse

Profile picture

🟠 CVE-2025-41717 - High (8.8)

An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity d...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 12h ago
Profile picture

VDE-2025-073
Phoenix Contact: Security Advisory for TC ROUTER and CLOUD CLIENT Industrial mobile network routers

A code injection vulnerability at the upload-config endpoint in the firmware of TC ROUTER and CLOUD CLIENT Industrial Mobile network routers has been discovered that can be exploited by an high privileged attacker.
CVE-2025-41717

certvde.com/en/advisories/vde-

phoenixcontact.csaf-tp.certvde

  • 0
  • 0
  • 0
  • 12h ago
Showing 1 to 10 of 130 CVEs