24h | 7d | 30d

Overview

  • ILIAS

06 Oct 2025
Published
23 Jan 2026
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.19%

KEV

Description

A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote. Upgrading to version 8.24, 9.14 and 10.2 addresses this issue. It is recommended to upgrade the affected component.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: Last hour

Fediverse

Profile picture

ILIAS 10.0, 10.1, 10.2 – Unauthenticated RCE write-up published:
srlabs.de/blog/breaking-ilias-

Why is this being published only now?

The vulnerability discussed here is tracked as CVE-2025-11344 and was assigned a CVSS base score of 5.3 (MEDIUM). Anyone wondering why this was not classified as CRITICAL should be aware that the CNA relied on the base score and severity assessment provided by ILIAS in its security advisory, which included neither a scoring matrix nor any justification for the rating.

  • 0
  • 1
  • 0
  • Last hour

Overview

  • Gitea
  • Gitea Open Source Git Server

22 Jan 2026
Published
23 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 12 hours ago

Fediverse

Profile picture

🔴 CVE-2026-20897 - Critical (9.1)

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 1
  • 0
  • 12h ago

Overview

  • InternationalColorConsortium
  • iccDEV

24 Jan 2026
Published
24 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
Pending

KEV

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function. This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 10 hours ago

Fediverse

Profile picture

🟠 CVE-2026-24412 - High (8.8)

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function. This occurs ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 1
  • 0
  • 10h ago

Overview

  • Gitea
  • Gitea Open Source Git Server

22 Jan 2026
Published
23 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 12 hours ago

Fediverse

Profile picture

🟠 CVE-2026-20736 - High (7.5)

Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different rep...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 1
  • 0
  • 12h ago

Overview

  • GIMP
  • GIMP

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS v3.0
HIGH (7.8)
EPSS
0.06%

KEV

Description

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28232.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture

🟠 CVE-2025-15059 - High (7.8)

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Framelink
  • Figma MCP Server

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS v3.0
CRITICAL (9.8)
EPSS
0.85%

KEV

Description

Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the fetchWithRetry method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27877.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture

🔴 CVE-2025-15061 - Critical (9.8)

Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not re...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Anritsu
  • VectorStar

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS v3.0
HIGH (7.8)
EPSS
0.21%

KEV

Description

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CHX files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27039.

Statistics

  • 1 Post

Last activity: 23 hours ago

Fediverse

Profile picture

🟠 CVE-2025-15350 - High (7.8)

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is re...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Gitea
  • Gitea Open Source Git Server

22 Jan 2026
Published
23 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture

🔴 CVE-2026-20750 - Critical (9.1)

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Pending

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture

🔴 CVE-2025-67229 - Critical (9.8)

An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 17h ago

Overview

  • InternationalColorConsortium
  • iccDEV

24 Jan 2026
Published
24 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
Pending

KEV

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture

🟠 CVE-2026-24405 - High (8.8)

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllab...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 11h ago
Showing 11 to 20 of 62 CVEs