🟠 CVE-2025-68921 - High (7.8)

SteelSeries Nahimic 3 1.10.7 allows Directory traversal.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68921/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

‼️CVE-2026-22812: OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

PoC/Exploit: https://github.com/rohmatariow/CVE-2026-22812-exploit

CVSS: 8.8
CVE Published: January 12th, 2026
Exploit Published: January 16th, 2026
Advisory: https://github.com/anomalyco/opencode/security/advisories/GHSA-vxw4-wv6m-9hhh

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

🔴 CVE-2026-23744 - Critical (9.8)

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installatio...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23744/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-23529 - High (7.7)

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connecto...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23529/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-0616 - High (7.5)

TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0616/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2025-62581 - Critical (9.8)

Delta Electronics DIAView has multiple vulnerabilities.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-62581/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2025-15403 - Critical (9.8)

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_exists' AJAX action and allows arbitrary updates ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15403/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2025-10484 - Critical (9.8)

The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.1. This is due to the plugin not properly verifying a users identity prior to a...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10484/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-62291 - High (8.1)

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-62291/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-1021 - Critical (9.8)

Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1021/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack