24h | 7d | 30d

Overview

  • Enhancesoft
  • osTicket

12 Jan 2026
Published
22 Jan 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
4.28%

KEV

Description

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently sanitized before being processed by the mPDF PDF generator during export. When the attacker exports the ticket to PDF, the generated PDF can embed the contents of attacker-selected files from the server filesystem as bitmap images, allowing disclosure of sensitive local files in the context of the osTicket application user. This issue is exploitable in default configurations where guests may create tickets and access ticket status, or where self-registration is enabled.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 3 hours ago

Fediverse

Profile picture

Die Detektion offen aus dem Internet erreichbarer osTicket-Systeme konnte verbessert werden. Damit sind uns aktuell rund 1.700 Systeme bei deutschen Netzbetreibern bekannt.

Davon laufen 22% mit der aktuellen Version 1.17.7 oder 1.18.3, welche die Schwachstelle CVE-2026-22200 schlieรŸt.

50% laufen mit veralteten Versionen 1.17.x bzw. 1.18.x.

28% laufen mit Versionen 1.9 bis 1.16, die nicht mehr vom Hersteller unterstรผtzt werden.

  • 0
  • 2
  • 0
  • 3h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture
Critical HarfBuzz Vulnerability Analysis - SUSE-2026-0287-1 The recent patch for HarfBuzz (CVE-2025-53086) addresses a classic yet dangerous heap corruption bug. Read more: ๐Ÿ‘‰ tinyurl.com/48jsydbr #OpenSUSE #Security
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Kludex
  • python-multipart

27 Jan 2026
Published
27 Jan 2026
Updated

CVSS v3.1
HIGH (8.6)
EPSS
0.02%

KEV

Description

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Users should upgrade to version 0.0.22 to receive a patch or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=True` in project configurations.

Statistics

  • 2 Posts

Last activity: 13 hours ago

Fediverse

Profile picture

๐ŸŸ  CVE-2026-24486 - High (8.6)

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded f...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 13h ago

Overview

  • curl
  • curl

07 Nov 2025
Published
10 Nov 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture
๐Ÿ” Lambda Watchdog detected that CVE-2025-10966 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/371 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • curl
  • curl

12 Sep 2025
Published
08 Jan 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path=\"/\",`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture
๐Ÿ” Lambda Watchdog detected that CVE-2025-9086 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/372 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Meta
  • react-server-dom-webpack

03 Dec 2025
Published
11 Dec 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
57.94%

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture
Adversaries exploit CVE-2025-55182 to attack Russian companies
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Imagination Technologies
  • Graphics DDK

24 Jan 2026
Published
26 Jan 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. The shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture

๐Ÿ”ด CVE-2025-13952 - Critical (9.8)

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privile...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Linux
  • Linux

07 Oct 2025
Published
05 Jan 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a loop to print details for every iSCSI connection in a session without checking for the buffer length. With enough iSCSI connections it's possible to overflow the buffer provided by configfs and corrupt the memory. This patch replaces sprintf() with sysfs_emit_at() that checks for buffer boundries.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture
Just published a technical dissection of #SUSE Security Advisory SUSE-2024-0284-1 (CVE-2023-53676). This isn't just another CVE summary. Read more: ๐Ÿ‘‰ tinyurl.com/3t9cvtcp #Security
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Ralim
  • IronOS

27 Jan 2026
Published
27 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%

KEV

Description

Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture

๐Ÿ”ด CVE-2026-24830 - Critical (9.8)

Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • curl
  • curl

12 Sep 2025
Published
18 Nov 2025
Updated

CVSS
Pending
EPSS
0.10%

KEV

Description

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture
๐Ÿ” Lambda Watchdog detected that CVE-2025-10148 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/370 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 2h ago
Showing 11 to 20 of 66 CVEs