24h | 7d | 30d

CVE-2026-24367

Overview

  • shinetheme
  • Traveler
  • traveler
22 Jan 2026
Published
23 Jan 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24367 - High (8.8)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through &lt; 3.2.8.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-0911

Overview

  • wpmudev
  • Hustle – Email Marketing, Lead Generation, Optins, Popups
24 Jan 2026
Published
24 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, with a lower-privileged role (e.g., Subscriber-level access and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires an admin to grant Hustle module permissions (or module edit access) to the low-privileged user so they can access the Hustle admin page and obtain the required nonce.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0911 - High (7.5)

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-64720

Overview

  • pnggroup
  • libpng
24 Nov 2025
Published
25 Nov 2025
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.06%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.

Statistics

  • 2 Posts
Last activity: 21 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Technical Breakdown: ELSA-2026-0251 for #Oracle Linux 7 addresses CVE-2025-64720, a buffer overflow in libpng 1.5.13. The flaw exists in PNG chunk processing. Read more: 👉 tinyurl.com/mpskytjr #Security
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
CRITICAL: Patch Java 17 on #Oracle Linux 8 now. New advisory ELSA-2026-0927 fixes RCE vulnerability CVE-2025-64720 and 4 other CVEs. Read more: 👉 tinyurl.com/4fk788ms #Security
  • 0
  • 0
  • 0
  • 21h ago

CVE-2025-69180

Overview

  • themepassion
  • Ultra Portfolio
  • ultra-portfolio
22 Jan 2026
Published
23 Jan 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra Portfolio: from n/a through <= 6.7.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-69180 - High (8.8)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra Portfolio: from n/a through &lt;= 6.7.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-23490

Overview

  • pyasn1
  • pyasn1
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.05%
KEV

Description

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical security update for #Ubuntu systems: CVE-2026-23490 exposes pyasn1 library vulnerability allowing denial of service through memory exhaustion. Read more: 👉 tinyurl.com/32h7hxa9 #Security
  • 0
  • 0
  • 0
  • 22h ago
Showing 11 to 15 of 15 CVEs