24h | 7d | 30d

CVE-2025-4686

Overview

  • Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co.
  • Online Exam and Assessment
30 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
Pending
KEV

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment allows SQL Injection.This issue affects Online Exam and Assessment: through 30012026.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 2 Posts
Last activity: 13 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-4686 - High (8.6)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment allows SQL Injection.This issue affects On...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 13h ago

CVE-2025-55182

Overview

  • Meta
  • react-server-dom-webpack
03 Dec 2025
Published
11 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
57.94%
KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
Undercode Testing @undercode.bsky.social
Master Vulnerability Response in Microsoft Defender XDR & Sentinel: Exploiting and Mitigating React2Shell (CVE-2025-55182) + Video Introduction: Vulnerability response is a cornerstone of modern cybersecurity operations, requiring seamless integration between detection tools and incident response…
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-24423

Overview

  • SmarterTools
  • SmarterMail
23 Jan 2026
Published
24 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.12%
KEV

Description

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
Information Security Briefly @infosecbriefly.bsky.social
SmarterMail fixes critical RCE (CVE-2026-24423, CVSS 9.3) and NTLM relay path-coercion vulnerabilities in builds 9511 and 9518.
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-25130

Overview

  • aliasrobotics
  • cai
30 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.7)
EPSS
Pending
KEV

Description

Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via `subprocess.Popen()` with `shell=True`, allowing attackers to execute arbitrary commands on the host system. The `find_file()` tool executes without requiring user approval because find is considered a "safe" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2026-25130 - Critical (9.6)

Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-0921

Overview

  • Mitsubishi Electric Corporation
  • GENESIS64
15 May 2025
Published
09 Jan 2026
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
0.02%
KEV

Description

Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS version 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric BizViz all versions, and Mitsubishi Electric Iconics Digital Solutions BizViz all versions allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture
piggo @pigondrugs.bsky.social
~Paloalto~ A privileged file system vulnerability in Iconics Suite allows local attackers to corrupt critical files, leading to a denial-of-service condition. - IOCs: CVE-2025-0921 - #CVE20250921 #SCADA #ThreatIntel
  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-60021

Overview

  • Apache Software Foundation
  • Apache bRPC
16 Jan 2026
Published
17 Jan 2026
Updated
CVSS
Pending
EPSS
0.23%
KEV

Description

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided extra_options parameter and executes it as a command-line argument. Attackers can execute remote commands using the extra_options parameter.. Affected scenarios: Use the built-in bRPC heap profiler service to perform jemalloc memory profiling. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.15.0. 2. Apply this patch ( https://github.com/apache/brpc/pull/3101 ) manually.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture
Kaldata.com @kaldata.bsky.social
Изследовател от CyberArk Labs е открил критична уязвимост в популярния фреймуърк Apache bRPC, която позволява изпълнението на произволни команди на отдалечени сървъри. Уязвимостта е получила идентификатор CVE-2025-60021 и максимална оценка от 9,8 по скалата на CVSS...
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-0227

Overview

  • Palo Alto Networks
  • Cloud NGFW
15 Jan 2026
Published
30 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.6)
EPSS
0.07%
KEV

Description

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture
ripjyr.bsky.social @ripjyr.bsky.social
Paloaltoの脆弱性情報 「CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal (Severity: HIGH)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0227
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-65890

Overview

  • Pending
28 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-65890 - High (7.5)

A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-1699

Overview

  • Eclipse Foundation
  • Eclipse Theia - Website
30 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.08%
KEV

Description

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to repository secrets and a GITHUB_TOKEN with extensive write permissions (contents:write, packages:write, pages:write, actions:write). An attacker could exfiltrate secrets, publish malicious packages to the eclipse-theia organization, modify the official Theia website, and push malicious code to the repository.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2026-1699 - Critical (10)

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary cod...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-0963

Overview

  • Arcadia Technology, LLC
  • Crafty Controller
30 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.31%
KEV

Description

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2026-0963 - Critical (9.9)

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago
Showing 11 to 20 of 42 CVEs