CVE-2025-20393

Overview

Cisco
Cisco Secure Email

17 Dec 2025

Published

15 Jan 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

4.13%

MITRE

KEV

Description

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

Statistics

2 Posts

Last activity: 6 hours ago

Bluesky

キタきつね @kitafox.bsky.social

Cisco、ゼロデイ攻撃で悪用されたAsyncOSの脆弱性（CVE-2025-20393）を修正 Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) #HelpNetSecurity (Jan 16) www.helpnetsecurity.com/2026/01/16/c...

0
0
0
6h ago

セキュリティ対策Lab @securitylab-jp.bsky.social

シスコ、メールセキュリティ製品の脆弱性 CVE-2025-20393を修正-TOKAIコミュニケーションズのゼロデイ攻撃に悪用 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃

0
0
0
6h ago

CVE-2026-0915

Overview

The GNU C Library
glibc

15 Jan 2026

Published

16 Jan 2026

Updated

CVSS

Pending

EPSS

0.02%

MITRE

KEV

Description

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Statistics

1 Post

Last activity: 5 hours ago

Fediverse

Philipp :geeko: @derfopps

😶‍🌫️ GNU C Library Fixes A Security Issue Present Since 1996 :catscoffee:
https://www.phoronix.com/news/Glibc-Security-Fix-For-1996-Bug

#CVE20260915 #GlibC

0
0
0
5h ago

CVE-2026-20965

Overview

Microsoft
Windows Admin Center in Azure Portal

13 Jan 2026

Published

16 Jan 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.04%

MITRE

KEV

Description

Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.

Statistics

1 Post

Last activity: 18 hours ago

Bluesky

CyberHub @cyberhub.blog

📌 Critical Token Validation Flaw in Azure Windows Admin Center Enables Tenant-Wide Remote Code Execution (CVE-2026-20965) https://www.cyberhub.blog/article/18181-critical-token-validation-flaw-in-azure-windows-admin-center-enables-tenant-wide-remote-code-execution-cve-2026-20965

0
0
0
18h ago

CVE-2026-0863

Overview

n8n

18 Jan 2026

Published

18 Jan 2026

Updated

CVSS v3.1

HIGH (8.5)

EPSS

Pending

MITRE

KEV

Description

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode. If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.

Statistics

3 Posts

Last activity: 12 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-0863 - High (8.5)

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system.

The vulnerability can be exploited via the Code ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0863/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
2
12h ago

CVE-2026-21444

Overview

stefanberger
libtpms

02 Jan 2026

Published

05 Jan 2026

Updated

CVSS v3.1

MEDIUM (5.5)

EPSS

0.00%

MITRE

KEV

Description

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. Version 0.10.2 fixes the issue. No known workarounds are available.

Statistics

1 Post

Last activity: 15 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

URGENT: #Fedora 43 libtpms update fixes CVE-2026-21444 - cryptographic IV flaw in VM TPM emulation. Read more: 👉 tinyurl.com/mr2a3tu8 #Security

0
0
0
15h ago

CVE-2025-36911

Overview

Google
Android

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS

Pending

EPSS

0.00%

MITRE

KEV

Description

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

1 Post

Last activity: 6 hours ago

Bluesky

セキュリティ対策Lab @securitylab-jp.bsky.social

#WhisperPair、　数億台のBluetooth 機器に深刻な脆弱性 CVE-2025-36911-Google Fast Pairの不備による盗聴・追跡リスクの実態 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃

0
0
0
6h ago

CVE-2026-22236

Overview

Bluspark Global
BLUVOYIX

14 Jan 2026

Published

14 Jan 2026

Updated

CVSS v4.0

CRITICAL (10.0)

EPSS

0.16%

MITRE

KEV

Description

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform.

Statistics

1 Post

Last activity: 5 hours ago

Fediverse

Mike Spooner @shelldozer

HOLY COW, BATMAN:

Complete takeover of a high-value target system, without cracking skills, nor any complex chained attacks:

CVE-2026-22236: APIs did not check for a valid authorization token. As a result, all APIs were unauthenticated.

followed by

CVE-2026-22240: Plaintext passwords. There were 3 APIs that could be used to retrieve the plaintext passwords of all accounts, including admins.

https://eaton-works.com/2026/01/14/bluspark-bluvoyix-hack/

0
0
0
5h ago

CVE-2026-22240

Overview

Bluspark Global
BLUVOYIX

14 Jan 2026

Published

14 Jan 2026

Updated

CVSS v4.0

CRITICAL (10.0)

EPSS

0.06%

MITRE

KEV

Description

The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the plaintext passwords of all user users. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform by logging in using an exposed admin email address and password.

Statistics

1 Post

Last activity: 5 hours ago

Fediverse

Mike Spooner @shelldozer

HOLY COW, BATMAN:

Complete takeover of a high-value target system, without cracking skills, nor any complex chained attacks:

CVE-2026-22236: APIs did not check for a valid authorization token. As a result, all APIs were unauthenticated.

followed by

CVE-2026-22240: Plaintext passwords. There were 3 APIs that could be used to retrieve the plaintext passwords of all accounts, including admins.

https://eaton-works.com/2026/01/14/bluspark-bluvoyix-hack/

0
0
0
5h ago