Overview
- samrocketman
- jervis
13 Jan 2026
Published
13 Jan 2026
Updated
CVSS v4.0
HIGH (8.2)
EPSS
Pending
KEV
Description
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2.
Statistics
- 1 Post
- 3 Interactions
Last activity: 2 hours ago
Fediverse
I don't know this project ( Jervis ) but the fact that there are five crypto-related vulns at once seems like a legitimate opportunity for people to learn from someone else's mistakes. I don't understand many crypto vulns so they always fascinate me.
https://www.cve.org/CVERecord?id=CVE-2025-68701
https://www.cve.org/CVERecord?id=CVE-2025-68702
https://www.cve.org/CVERecord?id=CVE-2025-68703
Overview
Description
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Statistics
- 1 Post
- 3 Interactions
Last activity: 6 hours ago
Overview
Description
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Statistics
- 1 Post
- 3 Interactions
Last activity: 6 hours ago
Overview
Description
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Statistics
- 1 Post
- 3 Interactions
Last activity: 6 hours ago
Overview
Description
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Statistics
- 1 Post
- 3 Interactions
Last activity: 6 hours ago
Overview
Description
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Statistics
- 1 Post
- 3 Interactions
Last activity: 6 hours ago
Overview
- NETGEAR
- XR1000v2
13 Jan 2026
Published
13 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.1)
EPSS
Pending
KEV
Description
An insufficient input validation vulnerability in the NETGEAR XR1000v2
allows attackers connected to the router's LAN to execute OS command
injections.
Statistics
- 1 Post
- 2 Interactions
Last activity: 5 hours ago
Overview
Description
An insufficient input validation vulnerability in NETGEAR Orbi routers
allows attackers connected to the router's LAN to execute OS command
injections.
Statistics
- 1 Post
- 2 Interactions
Last activity: 5 hours ago
Overview
- NETGEAR
- RBRE960
13 Jan 2026
Published
13 Jan 2026
Updated
CVSS v4.0
MEDIUM (4.8)
EPSS
Pending
KEV
Description
An insufficient input validation vulnerability in NETGEAR Orbi devices'
DHCPv6 functionality allows network adjacent attackers authenticated
over WiFi or on LAN to execute OS command injections on the router.
DHCPv6 is not enabled by default.
Statistics
- 1 Post
- 2 Interactions
Last activity: 5 hours ago
Overview
- NETGEAR
- RBE970
13 Jan 2026
Published
13 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.1)
EPSS
Pending
KEV
Description
An authentication bypass vulnerability in NETGEAR Orbi devices allows
users connected to the local network to access the router web interface
as an admin.
Statistics
- 1 Post
- 2 Interactions
Last activity: 5 hours ago