24h | 7d | 30d

CVE-2025-66177

Overview

  • Hikvision
  • DS-96xxxNI-Hx
13 Jan 2026
Published
13 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.02%
KEV

Description

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-66177 - High (8.8)

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially craft...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago
Profile picture
cR0w @cR0w

Hikvision

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 12h ago

CVE-2025-66176

Overview

  • Hikvision
  • DS-K1T331
13 Jan 2026
Published
13 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.02%
KEV

Description

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-66176 - High (8.8)

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially craf...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago
Profile picture
cR0w @cR0w

Hikvision

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 12h ago

CVE-2026-21265

Overview

  • Microsoft
  • Windows 10 Version 1809
13 Jan 2026
Published
13 Jan 2026
Updated
CVSS v3.1
MEDIUM (6.4)
EPSS
Pending
KEV

Description

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes related to Windows boot manager or Secure Boot. The operating system’s certificate update protection mechanism relies on firmware components that might contain defects, which can cause certificate trust updates to fail or behave unpredictably. This leads to potential disruption of the Secure Boot trust chain and requires careful validation and deployment to restore intended security guarantees. Certificate Authority (CA) Location Purpose Expiration Date Microsoft Corporation KEK CA 2011 KEK Signs updates to the DB and DBX 06/24/2026 Microsoft Corporation UEFI CA 2011 DB Signs 3rd party boot loaders, Option ROMs, etc. 06/27/2026 Microsoft Windows Production PCA 2011 DB Signs the Windows Boot Manager 10/19/2026 For more information see this CVE and Windows Secure Boot certificate expiration and CA updates.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 4 hours ago

Fediverse

Profile picture
The IT Nerd @The_IT_Nerd

Guest Post: 115 CVEs Mark One of the Biggest January Patch Tuesdays Yet

By Tyler Reguly, Associate Director, Security R&D, Fortra CISOs this month should be paying a lot of attention to CVE-2026-21265 and the guidance associated with it. More specifically, they should be looking at the Windows Secure Boot certificate expiration and CA Updates that Microsoft published June 26, 2025. When the Secure Boot certificates expire in June of this year, organizations that…

itnerd.blog/2026/01/13/guest-p

  • 0
  • 0
  • 1
  • 4h ago
Profile picture
cR0w @cR0w

The publicly disclosed ones are expiring Secure Boot cert:

msrc.microsoft.com/update-guid

and an old one that was published in 2023 but is apparently now applicable to all Windows systems with the Agere Soft Modem installed, even if it isn't in use.

msrc.microsoft.com/update-guid

cve.org/CVERecord?id=CVE-2023-

  • 0
  • 1
  • 0
  • 9h ago

CVE-2026-20953

Overview

  • Microsoft
  • Microsoft Office 2019
13 Jan 2026
Published
13 Jan 2026
Updated
CVSS v3.1
HIGH (8.4)
EPSS
Pending
KEV

Description

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 8 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-20953 - High (8.4)

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 8h ago
Profile picture
cR0w @cR0w

Three of the sev:CRIT RCEs list the Preview Pane as an attack vector.

msrc.microsoft.com/update-guid

msrc.microsoft.com/update-guid

msrc.microsoft.com/update-guid

  • 0
  • 1
  • 0
  • 9h ago

CVE-2025-8581

Overview

  • Google
  • Chrome
07 Aug 2025
Published
07 Aug 2025
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture
OWASP Ottawa @OWASP_Ottawa

🚨 OWASP Ottawa January Meetup – Featuring Vincent Dragnea! 🚨

is excited to announce that we are hosting our first monthly meetup of the year! We’re thrilled to welcome Vincent Dragnea to our in-person meetup at the University of Ottawa on January 21, 2026.

RSVP at:

meetup.com/owasp-ottawa/events

πŸ“… Date: January 21, 2026
⏰ Time: 6:00 PM EST – Arrival, networking & pizza πŸ•
6:30 PM EST – Technical Talks
πŸ“ Location: 150 Louis-Pasteur Private, University of Ottawa, Room 117
πŸŽ™οΈ Talk: "SameSite...or not? Bypassing SameSite cookie protections in browsers"

SameSite cookies are often relied upon too heavily to prevent cross-site request forgery, yet, due to browser implementations, these cookies can be included in unexpected requests. This talk demonstrates novel techniques to attach SameSite=Strict cookies to GET requests originating from another site, including a Google Chrome vulnerability (CVE-2025-8581) discovered while researching these methods. This material aims to help researchers identify insecure behaviors, as well as teach developers how to avoid them.

πŸ“Ί Can’t make it in person? Watch live on the YouTube channel at youtube.com/@OWASP_Ottawa

  • 3
  • 1
  • 0
  • 11h ago

CVE-2025-64113

Overview

  • EmbySupport
  • security
09 Dec 2025
Published
09 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.02%
KEV

Description

Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server (for Emby Server administration, not at the OS level). Other than network access, no specific preconditions need to be fulfilled for a server to be vulnerable. This issue is fixed in version 4.9.1.81.

Statistics

  • 1 Post
  • 5 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture
GEBIRGE @GEBIRGE

Here's my analysis of the recent-ish 9.3 Critical in (CVE-2025-64113).

Sadly, the vulnerability turned out to be pretty boring, but I've tried to make the best of it.

gebir.ge/blog/its-not-mine-cve

  • 2
  • 3
  • 0
  • 7h ago

CVE-2025-70753

Overview

  • Pending
13 Jan 2026
Published
13 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture
cR0w @cR0w

Another Tenda

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 1
  • 1
  • 0
  • 10h ago

CVE-2025-14847

Overview

  • MongoDB Inc.
  • MongoDB Server
19 Dec 2025
Published
12 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
67.16%
KEV

Description

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture
cR0w @cR0w

Did PANW just take a couple months off? They're just now publishing a threat brief on MongoBleed? Maybe that's why we haven't seen any advisories from them. Can't wait to see what's been sitting EITW in their queues.

unit42.paloaltonetworks.com/mo

  • 0
  • 3
  • 0
  • 6h ago

CVE-2025-68707

Overview

  • Pending
13 Jan 2026
Published
13 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise of the device (i.e., via unauthenticated access to /boaform/formSaveConfig and /boaform/admin endpoints).

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture
cR0w @cR0w

Tongyu

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 10h ago

CVE-2026-21441

Overview

  • urllib3
  • urllib3
07 Jan 2026
Published
08 Jan 2026
Updated
CVSS v4.0
HIGH (8.9)
EPSS
0.02%
KEV

Description

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 15 hours ago

Bluesky

Profile picture
Lambda Watchdog @lambdawatchdog.bsky.social
πŸ” Lambda Watchdog detected that CVE-2026-21441 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/373 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 1
  • 0
  • 15h ago
Showing 11 to 20 of 128 CVEs