24h | 7d | 30d

CVE-2025-52691

Overview

  • SmarterTools
  • SmarterMail
29 Dec 2025
Published
09 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
10.87%
KEV

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Statistics

  • 4 Posts
  • 3 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture
Catalin Cimpanu @campuscodi

watchTowr has published a technical analysis of a CVSS 10 pre-auth RCE vulnerability in SmartTool's SmarterMail business email platform.

The vulnerability (CVE-2025-52691) was silently patched in Oct and publicly disclosed only a few months later in Dec

labs.watchtowr.com/do-smart-pe

  • 1
  • 2
  • 1
  • 6h ago

Bluesky

Profile picture
CyberVeille @cyberveille-ch.bsky.social
๐Ÿ“ข SmarterMail: RCE prรฉ-auth (CVE-2025-52691) via endpoint dโ€™upload non authentifiรฉ et traversรฉe de chemin ๐Ÿ“ Selon un billet technโ€ฆ https://cyberveille.ch/posts/2026-01-10-smartermail-rce-pre-auth-cve-2025-52691-via-endpoint-dupload-non-authentifie-et-traversee-de-chemin/ #CVE_2025_52691 #Cyberveille
  • 0
  • 0
  • 0
  • 23h ago
Profile picture
CyberHub @cyberhub.blog
๐Ÿ“Œ Critical Pre-Auth RCE Vulnerability in SmarterMail (CVE-2025-52691) Disclosed by watchTowr Labs https://www.cyberhub.blog/article/17899-critical-pre-auth-rce-vulnerability-in-smartermail-cve-2025-52691-disclosed-by-watchtowr-labs
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-68428

Overview

  • parallax
  • jsPDF
05 Jan 2026
Published
06 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.08%
KEV

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 19 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

โ—๏ธCVE-2025-68428: Critical Path Traversal in jsPDF

GitHub: github.com/12nio/CVE-2025-6842

CVSS: 9.2
CVE Published: January 5th, 2026
Exploit Published: January 8th, 2026

News source: bleepingcomputer.com/news/secu

  • 3
  • 1
  • 0
  • 19h ago

CVE-2025-20700

Overview

  • Airoha Technology Corp.
  • AB156x, AB157x, AB158x, AB159x series, AB1627
04 Aug 2025
Published
05 Aug 2025
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 9 hours ago

Bluesky

Profile picture
0xor0ne @0xor0ne.bsky.social
Airoha Bluetooth RACE vulnerabilities (CVE-2025-20700/20701/20702) Blog post: insinuator.net/2025/12/blue... White paper: static.ernw.de/whitepaper/E... Credits Dennis Heinze, Frieder Steinmetz #infosec #bluetooth
  • 0
  • 2
  • 0
  • 9h ago

CVE-2025-55182

Overview

  • Meta
  • react-server-dom-webpack
03 Dec 2025
Published
11 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
53.46%
KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 20 hours ago

Fediverse

Profile picture
CVEDatabase.com @cvedatabase

โš ๏ธ If you are running Next.js, you need to see this.

The "React2Shell" vulnerability (CVE-2025-55182) is currently making waves, and for good reason. Unauthenticated RCE on default configurations is about as critical as it gets for modern web frameworks.

If you haven't audited your versions yet, do it now.

See the full technical breakdown: ๐Ÿ‘‰ cvedatabase.com/cve/CVE-2025-5

#AppSec #ReactJS #NextJS #CyberSecurity #RCE #DevOps

  • 0
  • 2
  • 0
  • 20h ago

CVE-2026-0628

Overview

  • Google
  • Chrome
06 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 8 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
๐Ÿšจ Attention #Fedora Users! A critical security update is available for your Chromium browser. Version 143.0.7499.192 patches a high-severity vulnerability (CVE-2026-0628) that could let malicious sites bypass security rules. Read more: ๐Ÿ‘‰ tinyurl.com/3xk6ta5d #Security
  • 0
  • 1
  • 0
  • 8h ago

CVE-2026-21440

Overview

  • adonisjs
  • core
02 Jan 2026
Published
05 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.32%
KEV

Description

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 21 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

โ—๏ธCVE-2026-21440: A critical path traversal vulnerability affecting the AdonisJS framework, specifically its multipart file upload handling.

PoC Exploit: github.com/Ashwesker/Ashwesker

โ–ช๏ธCVSS: 9.2
โ–ช๏ธCVE Published: January 2nd, 2026
โ–ช๏ธExploit Published: January 5th, 2026

Details:

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.

  • 0
  • 1
  • 0
  • 21h ago

CVE-2025-60188

Overview

  • Vito Peleg
  • Atarim
  • atarim-visual-collaboration
06 Nov 2025
Published
17 Nov 2025
Updated
CVSS
Pending
EPSS
10.74%
KEV

Description

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 21 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

โ—๏ธCVE-2025-60188: Atarim Plugin PoC Exploit

GitHub: github.com/m4sh-wacker/CVE-202

  • 0
  • 1
  • 0
  • 21h ago

CVE-2026-0716

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 4 hours ago

Fediverse

Profile picture
Mike Gorse @MikeGorse

I'm not exactly sure why I'm doing this on a Sunday, and the hard work was done by others, but there you go; proposed fix for CVE-2026-0716. gitlab.gnome.org/GNOME/libsoup

  • 0
  • 1
  • 0
  • 4h ago

CVE-2026-21876

Overview

  • coreruleset
  • coreruleset
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.03%
KEV

Description

The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has a legitimate charset. Versions 4.22.0 and 3.3.8 patch the issue.

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
๐Ÿ“Œ Critical WAF Bypass Vulnerability (CVE-2026-21876) Affects OWASP ModSecurity and Coraza https://www.cyberhub.blog/article/17896-critical-waf-bypass-vulnerability-cve-2026-21876-affects-owasp-modsecurity-and-coraza
  • 0
  • 0
  • 0
  • 5h ago

CVE-2022-26320

Overview

  • Pending
14 Mar 2022
Published
07 Oct 2024
Updated
CVSS
Pending
EPSS
0.52%
KEV

Description

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture
์–ด๋‘ ์‚ฌ์ž @gnh1201

์š”์ฆ˜ ์Šค๋ ˆ๋“œ์— RSA-2048์„ ํ•ด๋…ํ–ˆ๋‹ค๋Š” ์–‘๋ฐ˜์ด ์žˆ์–ด์„œ ๊ธ€์„ ์ฒ˜์Œ๋ถ€ํ„ฐ ๋๊นŒ์ง€ ์ •๋…ํ–ˆ๋‹ค.

๊ทธ๋ฆฌ๊ณ  ์ฝ”๋“œ ์—†์ด ๊ฐœ๋…์ ์œผ๋กœ ๊ฐ€๋Šฅํ•œ์ง€ ๋”ฐ์ ธ๋ด„. ์ด ์‚ฌ๋žŒ์˜ ์ฃผ์žฅ์€ ๋„ˆ๋ฌด ์ค‘๊ตฌ๋‚œ๋ฐฉ์ด๋ผ ๊น”๋”ํ•˜๊ฒŒ ํ•œ์ค„๋กœ ์š”์•ฝํ•˜๋ฉด ์ด๋ ‡๋‹ค.

"d = | q - p | ์˜ d(๊ฑฐ๋ฆฌ)๊ฐ€ 0์— ์ˆ˜๋ ดํ• ์ˆ˜๋ก RSA๊ฐ€ ๊นจ์งˆ ๊ฐ€๋Šฅ์„ฑ์ด ๋†’์•„์ง„๋‹ค."

๊ทธ๋ฆฌ๊ณ  ์ด๊ฑด ์–ผ์ถ” ์‚ฌ์‹ค์€ ๋งž์Œ.

๊ฑฐ๋ฆฌ๊ฐ€ ๊ฐ€๊นŒ์›Œ์งˆ์ˆ˜๋ก Fermat's Factorization๋ฅผ ์ด์šฉํ•œ ๊ณต๊ฒฉ์ด ๊ฐ€๋Šฅํ•ด์ง€๊ณ , ์ด์™€ ๊ด€๋ จ๋œ ๊ณต์‹ ์ทจ์•ฝ์  CVE (์˜ˆ: CVE-2022-26320)๋„ ์กด์žฌํ•œ๋‹ค.

์ฐธ๊ณ ๋กœ ์–ด๋ ค์šด๊ฒŒ ์•„๋‹ˆ๋ผ ๊ณ ๋“ฑ๊ณผ์ • ๊ณฑ์…ˆ ๊ณต์‹ ์ค‘ ํ•˜๋‚˜๋‹ค.

RSA-2048์—์„œ๋Š” ์‚ฌ์‹ค์ƒ ๋ถˆ๊ฐ€๋Šฅํ•˜๊ณ , RSA-256 ์ˆ˜์ค€์—์„  ๊ฐ€๋Šฅํ•  ์ˆ˜ ์žˆ๋‹ค. (RSA-2048์€ ํŠน์ • ์กฐ๊ฑด ๋งŒ์กฑ์‹œ ๊ฐ€๋Šฅ)

RSA-2048์„ ํ’€์—ˆ๋‹ค๊ณ  ์ฃผ์žฅํ•˜์‹œ๋Š” ๋ถ„์ด ์˜ฌ๋ฆฐ ์ฝ”๋“œ๋ฅผ ๋ดค์„ ๋•Œ, ๊ทธ๋ƒฅ q๋ฅผ ์ €์žฅํ•ด๋†“๊ณ  n mod q ๋จน์—ฌ์„œ 0์ด ๋˜๋Š”์ง€ ํ™•์ธํ•˜๊ณ  p๋ฅผ ์œ ๋„ํ•˜๋Š” ๊ฒƒ์ž„.

๊ทธ๋ƒฅ ๋‹ต์ง€๊ฐ€์ง€๊ณ  ์žฅ๋‚œ์น˜๋Š”๊ฑฐ๋ผ ์ƒ๊ฐํ•˜๋ฉด ๋œ๋‹ค.

  • 0
  • 0
  • 0
  • 6h ago
Showing 1 to 10 of 22 CVEs