24h | 7d | 30d

Overview

  • Oracle Corporation
  • Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in

20 Jan 2026
Published
28 Jan 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.04%

KEV

Description

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in. While the vulnerability is in Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data. Note: Affected version for Weblogic Server Proxy Plug-in for IIS is 12.2.1.4.0 only. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).

Statistics

  • 2 Posts

Last activity: 2 hours ago

Fediverse

Profile picture

Odd WebLogic Request. Possible CVE-2026-21962 Exploit Attempt or AI Slop? isc.sans.edu/diary/rss/32662

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture
Odd WebLogic Request. Possible CVE-2026-21962 Exploit Attempt or AI Slop? https://isc.sans.edu/diary/32662
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • n8n

27 Jan 2026
Published
27 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
0.31%

KEV

Description

n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.

Statistics

  • 2 Posts

Last activity: 7 hours ago

Bluesky

Profile picture
Allerta n8n: Scoperte due falle RCE critiche (CVE-2026-1470). Aggiorna ora! 📌 Link all'articolo : www.redhotcyber.com/post/all... #redhotcyber #news #cybersecurity #hacking #vulnerabilita #sicurezzainformatica #n8n #codicearbitrario
  • 0
  • 0
  • 0
  • 7h ago
Profile picture
n8n contains two Sandbox-escape flaws that can lead to remote code execution for authenticated users. One issue, CVE-2026-1470, scores 9.9 […]
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
27 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations. When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference. Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity. The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue. OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.

Statistics

  • 2 Posts
  • 4 Interactions

Last activity: 22 hours ago

Bluesky

Profile picture
OpenSSLの脆弱性(High: CVE-2025-15467, Moderate: CVE-2025-11187, Low: CVE-2025-15468等, CVE-2026-22795, CVE-2026-22796)と新バージョン(3.6.1, 3.5.5, 3.4.4, 3.3.6, 3.0.19) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #ssl #openssl security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Xen
  • Xen

28 Jan 2026
Published
28 Jan 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.

Statistics

  • 2 Posts

Last activity: 5 hours ago

Fediverse

Profile picture

🟠 CVE-2025-58150 - High (8.8)

Shadow mode tracing code uses a set of per-CPU variables to avoid
cumbersome parameter passing. Some of these variables are written to
with guest controlled data, of guest controllable size. That size can
be larger than the variable, and boundin...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture
URGENT: #openSUSE Leap 15.6 users must patch Xen hypervisor vulnerabilities CVE-2025-58150 (buffer overrun) and CVE-2026-23553 (incomplete IBPB). Read more: 👉 tinyurl.com/3yvpza8s #Security
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • dnnsoftware
  • Dnn.Platform

27 Jan 2026
Published
28 Jan 2026
Updated

CVSS v3.1
HIGH (7.7)
EPSS
0.04%

KEV

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during some module operations in the Persona Bar. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 21 hours ago

Fediverse

Profile picture

🟠 CVE-2026-24837 - High (7.6)

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during som...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 1
  • 0
  • 0
  • 21h ago

Overview

  • nmedia
  • Frontend File Manager Plugin

28 Jan 2026
Published
28 Jan 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.04%

KEV

Description

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files via email by supplying a file ID. Since file IDs are sequential integers, attackers can enumerate all uploaded files on the site and exfiltrate sensitive data that was intended to be restricted to administrators only.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 9 hours ago

Fediverse

Profile picture

🟠 CVE-2026-1280 - High (7.5)

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 1
  • 0
  • 0
  • 9h ago

Overview

  • symfony
  • symfony

28 Jan 2026
Published
28 Jan 2026
Updated

CVSS v3.1
MEDIUM (6.3)
EPSS
Pending

KEV

Description

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mis-handle unquoted arguments containing these characters. This can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended. If an application (or tooling such as Composer scripts) uses Symfony Process to invoke file-management commands (e.g. `rmdir`, `del`, etc.) with a path argument containing `=`, the MSYS2 conversion layer may alter the argument at runtime. In affected setups this can result in operations being performed on an unintended path, up to and including deletion of the contents of a broader directory or drive. The issue is particularly relevant when untrusted input can influence process arguments (directly or indirectly, e.g. via repository paths, extracted archive paths, temporary directories, or user-controlled configuration). Versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5 contains a patch for the issue. Some workarounds are available. Avoid running PHP/one's own tooling from MSYS2-based shells on Windows; prefer cmd.exe or PowerShell for workflows that spawn native executables. Avoid passing paths containing `=` (and similar MSYS2-sensitive characters) to Symfony Process when operating under Git Bash/MSYS2. Where applicable, configure MSYS2 to disable or restrict argument conversion (e.g. via `MSYS2_ARG_CONV_EXCL`), understanding this may affect other tooling behavior.

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: 11 hours ago

Fediverse

Profile picture

🔐 CVE-2026-24739: Incorrect argument escaping under MSYS2/Git Bash on Windows can lead to destructive file operations
➡️ symfony.com/blog/cve-2026-2473

  • 0
  • 2
  • 1
  • 11h ago

Overview

  • Open Asset Import Library
  • Assimp

05 Oct 2025
Published
06 Oct 2025
Updated

CVSS v4.0
MEDIUM (4.8)
EPSS
0.03%

KEV

Description

A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 8 hours ago

Bluesky

Profile picture
🧵 #Fedora's urgent patch for CVE-2025-11277 in the assimp 3D library is a critical case study in supply chain security. This vulnerability affected a core dependency used in game dev, CAD, and simulation tools. Read more: 👉 tinyurl.com/2vyxedmk #Security
  • 0
  • 1
  • 0
  • 8h ago

Overview

  • Meta
  • react-server-dom-webpack

26 Jan 2026
Published
26 Jan 2026
Updated

CVSS
Pending
EPSS
0.60%

KEV

Description

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints, and could lead to server crashes, out-of-memory exceptions or excessive CPU usage; depending on the vulnerable code path being exercised, the application configuration and application code. Strongly consider upgrading to the latest package versions to reduce risk and prevent availability issues in applications using React Server Components.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 18 hours ago

Bluesky

Profile picture
vercel.com/changelog/summa... Summary of CVE-2026-23864 - Vercel
  • 0
  • 1
  • 0
  • 18h ago

Overview

  • inc2734
  • Snow Monkey Forms

28 Jan 2026
Published
28 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture

🔴 CVE-2026-1056 - Critical (9.8)

The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthent...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 8h ago
Showing 11 to 20 of 82 CVEs