24h | 7d | 30d

CVE-2025-14942

Overview

  • wolfSSL
  • wolfSSH
06 Jan 2026
Published
06 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
Pending
KEV

Description

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommended for wolfSSH server applications. While there aren’t any specific attacks on server applications, the same defect is present. Thanks to Aina Toky Rasoamanana of Valeo and Olivier Levillain of Telecom SudParis for the report.

Statistics

  • 1 Post
  • 11 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture
cR0w @cR0w

Oops.

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommended for wolfSSH server applications. While there aren’t any specific attacks on server applications, the same defect is present. Thanks to Aina Toky Rasoamanana of Valeo and Olivier Levillain of Telecom SudParis for the report.

sev:CRIT 9.4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Red

cve.org/CVERecord?id=CVE-2025-

  • 3
  • 8
  • 0
  • 11h ago

CVE-2025-6389

Overview

  • Sneeit
  • Sneeit Framework
25 Nov 2025
Published
25 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.37%
KEV

Description

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leveraged to inject backdoors or, for example, create new administrative user accounts.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

🚨 CVE-2025-6389: WordPress Sneeit Framework plugin vulnerability currently under active exploitation

PoC: github.com/Ashwesker/Ashwesker

▪️Vulnerability Type: Remote Code Execution (RCE)
▪️CVSS: 9.8
▪️Published: 11/24/2025

Impact:

▪️Full site compromise
▪️Create admin accounts
▪️Install backdoors/malicious files
▪️Redirect visitors or inject malware

Credit: youtube.com/@Nxploited

  • 1
  • 1
  • 0
  • 9h ago

CVE-2024-23769

Overview

  • Pending
07 Feb 2024
Published
15 May 2025
Updated
CVSS v3.1
HIGH (7.3)
EPSS
0.05%
KEV

Description

Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 4 hours ago

Fediverse

Profile picture
:awesome:🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉 @nemo

⚠️ Samsung warnt vor gefährlicher Sicherheitslücke in SSD-Tool Magician: Lokale Angreifer können privilegierte Daten ausnutzen (CVE-2024-23769, CVSS 7.3). Update auf Version 8.0.1 jetzt installieren! golem.de/news/samsung-warnt-ge #Cybersecurity #SamsungSSD #ITsicherheit

Tja Opensource ist euer freund, freunde der IT-Sicherheit… 🤷

  • 1
  • 0
  • 0
  • 4h ago

CVE-2025-39477

Overview

  • Sfwebservice
  • InWave Jobs
06 Jan 2026
Published
06 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-39477 - Critical (9.8)

Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 1
  • 0
  • 0
  • 11h ago

CVE-2025-69228

Overview

  • aio-libs
  • aiohttp
05 Jan 2026
Published
06 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.6)
EPSS
0.04%
KEV

Description

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post() method, an attacker may be able to freeze the server by exhausting the memory. This issue is fixed in version 3.13.3.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 19 hours ago

Bluesky

Profile picture
BaseFortify.eu @basefortify.bsky.social
🚨 CVE of the Day: CVE-2025-69228 A memory exhaustion flaw in AIOHTTP lets attackers freeze Python async servers by abusing Request.post. A single crafted request can exhaust memory and cause a denial of service 🔍 Our report: basefortify.eu/cve_reports/... #CVE #Python #AIOHTTP #DoS #CyberSecurity
  • 0
  • 2
  • 0
  • 19h ago

CVE-2025-65606

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture
cR0w @cR0w

TOTOLINK

cve.org/CVERecord?id=CVE-2025- ( not yet published )

kb.cert.org/vuls/id/295169

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 13h ago

CVE-2026-0641

Overview

  • TOTOLINK
  • WA300
06 Jan 2026
Published
06 Jan 2026
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
Pending
KEV

Description

A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture
cR0w @cR0w

TOTOLINK

cve.org/CVERecord?id=CVE-2026-

cc: @Dio9sys @da_667

  • 0
  • 1
  • 0
  • 9h ago

CVE-2025-15472

Overview

  • TRENDnet
  • TEW-811DRU
06 Jan 2026
Published
06 Jan 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
Pending
KEV

Description

A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL  of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 6 hours ago

Fediverse

Profile picture
cR0w @cR0w

@Dio9sys @da_667 Another one:

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • 6h ago

CVE-2025-20781

Overview

  • MediaTek, Inc.
  • MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883
06 Jan 2026
Published
06 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4699.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-20781 - High (7.8)

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: AL...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-60534

Overview

  • Pending
06 Jan 2026
Published
06 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate credentials.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-60534 - Critical (9.8)

Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate cr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 8h ago
Showing 11 to 20 of 90 CVEs