24h | 7d | 30d

CVE-2025-25256

Overview

  • Fortinet
  • FortiSIEM
12 Aug 2025
Published
16 Aug 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
26.27%
KEV

Description

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.

Statistics

  • 3 Posts
Last activity: 13 hours ago

Fediverse

Profile picture
Jeff Hall - PCIGuru :verified: @jbhall56

The vulnerability is tracked as CVE-2025-25256, and is a combination of two issues that permit arbitrary write with admin permissions and privilege escalation to root access. bleepingcomputer.com/news/secu

  • 0
  • 0
  • 1
  • 22h ago

Bluesky

Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
FortiSIEMに未認証RCEのクリティカル脆弱性、PoC公開で悪用リスクが急上昇(CVE-2025-64155/CVE-2025-25256) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security
  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-54957

Overview

  • Pending
20 Oct 2025
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.05%
KEV

Description

An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can overflow due to an integer wraparound. This can lead to the allocated buffer being too small, and the out-of-bounds check of the subsequent write to be ineffective, leading to an out-of-bounds write.

Statistics

  • 2 Posts
Last activity: 17 hours ago

Fediverse

Profile picture
Mathrubhumi English @Mathrubhumi_English

CERT-In urges immediate Android updates for critical Dolby audio vulnerability (CVE-2025-54957). Zero-click threat allows remote device takeover. english.mathrubhumi.com/techno #AndroidSafety #bugs #SecurityUpdate #Cybersecurity

  • 0
  • 0
  • 0
  • 20h ago
Profile picture
Emory @emory

RE: hachyderm.io/@evacide/11590066

Vulnerability introduced by AI-enhanced media processing.

• Attackers can leverage tiny memory corruption windows
• Media decoder memory layouts present consistent security vulnerabilities

thank you 🙇🏻 @evacide for this high-quality explainer with references:

1. CVE-2025-49415
2. CVE-2025-54957
3. CVE-2025-36934
4. Dolby Digital (DD) and Dolby Digital Plus (DD+) audio formats
5. ETSI audio format specification

this isn't over imo. #infosec

  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-9014

Overview

  • TP-Link Systems Inc.
  • TL-WR841N v14
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.3)
EPSS
Pending
KEV

Description

A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation.  A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N v14: before 250908.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 18 hours ago

Fediverse

Profile picture
cR0w @cR0w

TP-Link

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 1
  • 2
  • 0
  • 18h ago

CVE-2026-22907

Overview

  • SICK AG
  • TDC-X401GL
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
Pending
KEV

Description

An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2026-22907 - Critical (9.9)

An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago
Profile picture
cR0w @cR0w

SICK vulns, bro.

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

  • 0
  • 3
  • 0
  • 22h ago

CVE-2026-0712

Overview

  • SICK AG
  • Incoming Goods Suite
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (7.6)
EPSS
Pending
KEV

Description

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0712 - High (7.6)

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XS...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago
Profile picture
cR0w @cR0w

SICK vulns, bro.

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

  • 0
  • 3
  • 0
  • 22h ago

CVE-2026-22908

Overview

  • SICK AG
  • TDC-X401GL
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
Pending
KEV

Description

Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2026-22908 - Critical (9.1)

Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago
Profile picture
cR0w @cR0w

SICK vulns, bro.

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

  • 0
  • 3
  • 0
  • 22h ago

CVE-2026-22643

Overview

  • SICK AG
  • Incoming Goods Suite
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (8.3)
EPSS
Pending
KEV

Description

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-22643 - High (8.3)

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago
Profile picture
cR0w @cR0w

SICK vulns, bro.

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

  • 0
  • 3
  • 0
  • 22h ago

CVE-2026-22910

Overview

  • SICK AG
  • TDC-X401GL
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-22910 - High (7.5)

The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago
Profile picture
cR0w @cR0w

SICK vulns, bro.

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

  • 0
  • 3
  • 0
  • 22h ago

CVE-2026-22909

Overview

  • SICK AG
  • TDC-X401GL
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-22909 - High (7.5)

Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago
Profile picture
cR0w @cR0w

SICK vulns, bro.

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

  • 0
  • 3
  • 0
  • 22h ago

CVE-2026-22638

Overview

  • SICK AG
  • Incoming Goods Suite
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (8.3)
EPSS
Pending
KEV

Description

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF. The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-22638 - High (8.3)

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. T...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago
Profile picture
cR0w @cR0w

SICK vulns, bro.

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

  • 0
  • 3
  • 0
  • 22h ago
Showing 11 to 20 of 94 CVEs