🔴 CVE-2026-21855 - Critical (9.3)

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting (XSS) vulnerability in the toast notification system allows any attacker to execute arbitrary JavaScript in the context of...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21855/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

🟠 CVE-2025-47345 - High (8.4)

Cryptographic issue may occur while encrypting license data.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47345/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

'In 2025, the number of vulnerabilities from 2024 and earlier added to the catalog grew to 94, a 34% increase from a year earlier.

'The oldest vulnerability added to the KEV catalog in 2025 was CVE-2007-0671, a Microsoft Office Excel Remote Code Execution vulnerability.

'The oldest vulnerability in the catalog remains one from 2002 – CVE-2002-0367, a privilege escalation vulnerability in the Windows NT and Windows 2000 smss.exe debugging subsystem that has been known to be used in ransomware attacks'.
https://cyble.com/blog/cisa-kev-2025-exploited-vulnerabilities-growth/

Veeam has released an update for its Backup & Replication solution to patch several remote code execution vulnerabilities (CVE-2025-59470, CVE-2025-55125, CVE-2025-59469, CVE-2025-59468). These flaws, discovered internally by Veeam, affect version 13.0.1.180 and earlier, and while not reported as exploited in the wild, they require privileged access for exploitation and have been assigned high severity ratings.
https://www.securityweek.com/several-code-execution-flaws-patched-in-veeam-backup-replication/

🚨 Multiple Veeam CVEs Identified: Critical Flaws Allow RCE and High-Privilege Actions

CVE-2025-55125:

A flaw that allows a Backup or Tape Operator to achieve remote code execution (RCE) as root by crafting a malicious backup configuration file.

▪️Severity: High
▪️CVSS v3.1: 7.2
▪️Source: Discovered during internal testing

CVE-2025-59468:

A vulnerability enabling a Backup Administrator to execute remote code as the postgres user by supplying a malicious password parameter.

▪️Severity: Medium
▪️CVSS v3.1: 6.7
▪️Source: Discovered during internal testing

CVE-2025-59469

A security issue that allows a Backup or Tape Operator to write arbitrary files with root privileges.

▪️Severity: High
▪️CVSS v3.1: 7.2
▪️Source: Discovered during internal testing

CVE-2025-59470

A vulnerability that permits a Backup or Tape Operator to achieve remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.

▪️CVSS Severity: Critical
▪️CVSS v3.1: 9.0
▪️Source: Discovered during internal testing

Veeam: https://www.veeam.com/kb4738
Blog format: https://darkwebinformer.com/multiple-veeam-cves-identified-critical-flaws-allow-rce-and-high-privilege-actions/

Veeam has released an update for its Backup & Replication solution to patch several remote code execution vulnerabilities (CVE-2025-59470, CVE-2025-55125, CVE-2025-59469, CVE-2025-59468). These flaws, discovered internally by Veeam, affect version 13.0.1.180 and earlier, and while not reported as exploited in the wild, they require privileged access for exploitation and have been assigned high severity ratings.
https://www.securityweek.com/several-code-execution-flaws-patched-in-veeam-backup-replication/

🚨 Multiple Veeam CVEs Identified: Critical Flaws Allow RCE and High-Privilege Actions

CVE-2025-55125:

A flaw that allows a Backup or Tape Operator to achieve remote code execution (RCE) as root by crafting a malicious backup configuration file.

▪️Severity: High
▪️CVSS v3.1: 7.2
▪️Source: Discovered during internal testing

CVE-2025-59468:

A vulnerability enabling a Backup Administrator to execute remote code as the postgres user by supplying a malicious password parameter.

▪️Severity: Medium
▪️CVSS v3.1: 6.7
▪️Source: Discovered during internal testing

CVE-2025-59469

A security issue that allows a Backup or Tape Operator to write arbitrary files with root privileges.

▪️Severity: High
▪️CVSS v3.1: 7.2
▪️Source: Discovered during internal testing

CVE-2025-59470

A vulnerability that permits a Backup or Tape Operator to achieve remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.

▪️CVSS Severity: Critical
▪️CVSS v3.1: 9.0
▪️Source: Discovered during internal testing

Veeam: https://www.veeam.com/kb4738
Blog format: https://darkwebinformer.com/multiple-veeam-cves-identified-critical-flaws-allow-rce-and-high-privilege-actions/

Veeam has released an update for its Backup & Replication solution to patch several remote code execution vulnerabilities (CVE-2025-59470, CVE-2025-55125, CVE-2025-59469, CVE-2025-59468). These flaws, discovered internally by Veeam, affect version 13.0.1.180 and earlier, and while not reported as exploited in the wild, they require privileged access for exploitation and have been assigned high severity ratings.
https://www.securityweek.com/several-code-execution-flaws-patched-in-veeam-backup-replication/

🚨 Multiple Veeam CVEs Identified: Critical Flaws Allow RCE and High-Privilege Actions

CVE-2025-55125:

A flaw that allows a Backup or Tape Operator to achieve remote code execution (RCE) as root by crafting a malicious backup configuration file.

▪️Severity: High
▪️CVSS v3.1: 7.2
▪️Source: Discovered during internal testing

CVE-2025-59468:

A vulnerability enabling a Backup Administrator to execute remote code as the postgres user by supplying a malicious password parameter.

▪️Severity: Medium
▪️CVSS v3.1: 6.7
▪️Source: Discovered during internal testing

CVE-2025-59469

A security issue that allows a Backup or Tape Operator to write arbitrary files with root privileges.

▪️Severity: High
▪️CVSS v3.1: 7.2
▪️Source: Discovered during internal testing

CVE-2025-59470

A vulnerability that permits a Backup or Tape Operator to achieve remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.

▪️CVSS Severity: Critical
▪️CVSS v3.1: 9.0
▪️Source: Discovered during internal testing

Veeam: https://www.veeam.com/kb4738
Blog format: https://darkwebinformer.com/multiple-veeam-cves-identified-critical-flaws-allow-rce-and-high-privilege-actions/

#curl 8.18.0 has been released. This release fixes 2 medium and 4 low level vulnerabilities:
- CVE-2025-13034: No QUIC certificate pinning with GnuTLS https://curl.se/docs/CVE-2025-13034.html
- CVE-2025-14017: broken TLS options for threaded LDAPS https://curl.se/docs/CVE-2025-14017.html
- CVE-2025-14524: bearer token leak on cross-protocol redirect https://curl.se/docs/CVE-2025-14524.html
- CVE-2025-14819: OpenSSL partial chain store policy bypass https://curl.se/docs/CVE-2025-14819.html
- CVE-2025-15079: libssh global knownhost override https://curl.se/docs/CVE-2025-15079.html
- CVE-2025-15224: libssh key passphrase bypass without agent set https://curl.se/docs/CVE-2025-15224.html

I discovered the last 2 vulnerabilities.

Download curl 8.18.0 from https://curl.se/download.html

#vulnerabilityresearch #vulnerability #cybersecurity #infosec

#curl 8.18.0 has been released. This release fixes 2 medium and 4 low level vulnerabilities:
- CVE-2025-13034: No QUIC certificate pinning with GnuTLS https://curl.se/docs/CVE-2025-13034.html
- CVE-2025-14017: broken TLS options for threaded LDAPS https://curl.se/docs/CVE-2025-14017.html
- CVE-2025-14524: bearer token leak on cross-protocol redirect https://curl.se/docs/CVE-2025-14524.html
- CVE-2025-14819: OpenSSL partial chain store policy bypass https://curl.se/docs/CVE-2025-14819.html
- CVE-2025-15079: libssh global knownhost override https://curl.se/docs/CVE-2025-15079.html
- CVE-2025-15224: libssh key passphrase bypass without agent set https://curl.se/docs/CVE-2025-15224.html

I discovered the last 2 vulnerabilities.

Download curl 8.18.0 from https://curl.se/download.html

#vulnerabilityresearch #vulnerability #cybersecurity #infosec