Overview
Description
Statistics
- 2 Posts
Bluesky
Overview
Description
Statistics
- 2 Posts
Fediverse
🟠 CVE-2025-58150 - High (8.8)
Shadow mode tracing code uses a set of per-CPU variables to avoid
cumbersome parameter passing. Some of these variables are written to
with guest controlled data, of guest controllable size. That size can
be larger than the variable, and boundin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-58150/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
- symfony
- symfony
Description
Statistics
- 2 Posts
- 4 Interactions
Fediverse
🔐 CVE-2026-24739: Incorrect argument escaping under MSYS2/Git Bash on Windows can lead to destructive file operations
➡️ https://symfony.com/blog/cve-2026-24739-incorrect-argument-escaping-under-msys2-git-bash-on-windows-can-lead-to-destructive-file-operations
Overview
- nmedia
- Frontend File Manager Plugin
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
🟠 CVE-2026-1280 - High (7.5)
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1280/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
Description
Statistics
- 2 Posts
Fediverse
🟠 CVE-2025-69420 - High (7.5)
Issue summary: A type confusion vulnerability exists in the TimeStamp Response
verification code where an ASN1_TYPE union member is accessed without first
validating the type, causing an invalid or NULL pointer dereference when
processing a malfor...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69420/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
‼️AISLE Goes 12-for-12 on OpenSSL Vulnerability Detection
CVEs Published: January 27th, 2026
High and Moderate Severity Flaws:
▪️CVE-2025-15467: Stack Buffer Overflow in CMS AuthEnvelopedData Parsing (High): A vulnerability with the potential to enable remote code execution under specific conditions
▪️CVE-2025-11187: PBMAC1 Parameter Validation in PKCS#12 (Moderate): Missing validation that could trigger a stack-based buffer overflow
Low Severity Flaws:
▪️CVE-2025-15468: Crash in QUIC protocol cipher handling
▪️CVE-2025-15469: Silent truncation bug affecting post-quantum signature algorithms (ML-DSA)
▪️CVE-2025-66199: Memory exhaustion via TLS 1.3 certificate compression
▪️CVE-2025-68160: Memory corruption in line-buffering (affects code back to OpenSSL 1.0.2)
▪️CVE-2025-69418: Encryption flaw in OCB mode on hardware-accelerated paths
▪️CVE-2025-69419: Memory corruption in PKCS#12 character encoding
▪️CVE-2025-69420: Crash in TimeStamp Response verification
▪️CVE-2025-69421: Crash in PKCS#12 decryption
▪️CVE-2026-22795: Crash in PKCS#12 parsing
▪️CVE-2026-22796: Crash in PKCS#7 signature verification (affects code back to OpenSSL 1.0.2)
"When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.
Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk."
Writeup: https://aisle.com/blog/aisle-discovered-12-out-of-12-openssl-vulnerabilities
Overview
Description
Statistics
- 1 Post
- 3 Interactions
Overview
- Open Asset Import Library
- Assimp
Description
Statistics
- 1 Post
- 1 Interaction
Overview
- inc2734
- Snow Monkey Forms
Description
Statistics
- 1 Post
Fediverse
🔴 CVE-2026-1056 - Critical (9.8)
The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthent...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1056/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
- nmedia
- Simple User Registration
Description
Statistics
- 1 Post
Fediverse
🟠 CVE-2026-0844 - High (8.8)
The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profile_save_field' function. This makes it possible for authenticated attackers,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0844/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
Description
Statistics
- 1 Post