24h | 7d | 30d

Overview

  • Pending

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

SteelSeries Nahimic 3 1.10.7 allows Directory traversal.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture

🟠 CVE-2025-68921 - High (7.8)

SteelSeries Nahimic 3 1.10.7 allows Directory traversal.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • anomalyco
  • opencode

12 Jan 2026
Published
13 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.10%

KEV

Description

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture

‼️CVE-2026-22812: OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

PoC/Exploit: github.com/rohmatariow/CVE-202

CVSS: 8.8
CVE Published: January 12th, 2026
Exploit Published: January 16th, 2026
Advisory: github.com/anomalyco/opencode/

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • MCPJam
  • inspector

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.49%

KEV

Description

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.

Statistics

  • 2 Posts

Last activity: 19 hours ago

Fediverse

Profile picture

🔴 CVE-2026-23744 - Critical (9.8)

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installatio...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 19h ago

Overview

  • Aiven-Open
  • bigquery-connector-for-apache-kafka

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS v3.1
HIGH (7.7)
EPSS
0.07%

KEV

Description

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations for authentication to BigQuery services. During connector configuration, users can supply credential JSON files that are processed by Google authentication libraries. The service fails to validate externally-sourced credential configurations before passing them to the authentication libraries. An attacker can exploit this by providing a malicious credential configuration containing crafted credential_source.file paths or credential_source.url endpoints, resulting in arbitrary file reads or SSRF attacks.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture

🟠 CVE-2026-23529 - High (7.7)

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connecto...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • TheLibrarian
  • TheLibrarian.io

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture

🟠 CVE-2026-0616 - High (7.5)

TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Delta Electronics
  • DIAView

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%

KEV

Description

Delta Electronics DIAView has multiple vulnerabilities.

Statistics

  • 2 Posts

Last activity: 22 hours ago

Fediverse

Profile picture

🔴 CVE-2025-62581 - Critical (9.8)

Delta Electronics DIAView has multiple vulnerabilities.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 22h ago

Overview

  • metagauss
  • RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login

17 Jan 2026
Published
17 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.08%

KEV

Description

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_exists' AJAX action and allows arbitrary updates to the 'admin_order' setting. This makes it possible for unauthenticated attackers to injecting an empty slug into the order parameter, and manipulate the plugin's menu generation logic, and when the admin menu is subsequently built, the plugin adds 'manage_options' capability for the target role. Note: The vulnerability can only be exploited unauthenticated, but further privilege escalation requires at least a subscriber user.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture

🔴 CVE-2025-15403 - Critical (9.8)

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_exists' AJAX action and allows arbitrary updates ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • FmeAddons
  • Registration & Login with Mobile Phone Number for WooCommerce

17 Jan 2026
Published
17 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.25%

KEV

Description

The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.1. This is due to the plugin not properly verifying a users identity prior to authenticating them via the fma_lwp_set_session_php_fun() function. This makes it possible for unauthenticated attackers to authenticate as any user on the site, including administrators, without a valid password.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture

🔴 CVE-2025-10484 - Critical (9.8)

The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.1. This is due to the plugin not properly verifying a users identity prior to a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • strongSwan
  • strongSwan

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.04%

KEV

Description

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture

🟠 CVE-2025-62291 - High (8.1)

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Gotac
  • Police Statistics Database System

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.19%

KEV

Description

Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Statistics

  • 1 Post

Last activity: 23 hours ago

Fediverse

Profile picture

🔴 CVE-2026-1021 - Critical (9.8)

Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago
Showing 11 to 20 of 54 CVEs