24h | 7d | 30d

CVE-2025-62582

Overview

  • Delta Electronics
  • DIAView
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%
KEV

Description

Delta Electronics DIAView has multiple vulnerabilities.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-62582 - Critical (9.8)

Delta Electronics DIAView has multiple vulnerabilities.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 1
  • 0
  • 10h ago

CVE-2025-13601

Overview

  • glib
26 Nov 2025
Published
27 Nov 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 14 hours ago

Bluesky

Profile picture
Lambda Watchdog @lambdawatchdog.bsky.social
🔍 Lambda Watchdog detected that CVE-2025-13601 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/360 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 1
  • 0
  • 14h ago

CVE-2025-55182

Overview

  • Meta
  • react-server-dom-webpack
03 Dec 2025
Published
11 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
55.12%
KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 Next.js/NextAuth : forger des cookies d’authentification via le NEXTAUTH_SECRET 📝 Dans un billet technique publié le 14 janvier 2026, l’auteur détaill… https://cyberveille.ch/posts/2026-01-16-next-js-nextauth-forger-des-cookies-dauthentification-via-le-nextauth-secret/ #CVE_2025_55182 #Cyberveille
  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-6966

Overview

  • Canonical
  • python-apt
  • python-apt
05 Dec 2025
Published
15 Dec 2025
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.02%
KEV

Description

NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

Statistics

  • 1 Post
Last activity: 10 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical: #Ubuntu 20.04 LTS #python-apt vulnerability CVE-2025-6966 patched in USN-7916-2. DoS flaw + regression fix. Read more: 👉 tinyurl.com/3vtebxuy #Security
  • 0
  • 0
  • 0
  • 10h ago

CVE-2025-68921

Overview

  • Pending
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

SteelSeries Nahimic 3 1.10.7 allows Directory traversal.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-68921 - High (7.8)

SteelSeries Nahimic 3 1.10.7 allows Directory traversal.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-1022

Overview

  • Gotac
  • Statistics Database System
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.07%
KEV

Description

Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-1022 - High (7.5)

Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-22812

Overview

  • anomalyco
  • opencode
12 Jan 2026
Published
13 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.10%
KEV

Description

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️CVE-2026-22812: OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

PoC/Exploit: github.com/rohmatariow/CVE-202

CVSS: 8.8
CVE Published: January 12th, 2026
Exploit Published: January 16th, 2026
Advisory: github.com/anomalyco/opencode/

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-33073

Overview

  • Microsoft
  • Windows 10 Version 1809
10 Jun 2025
Published
21 Oct 2025
Updated
CVSS v3.1
HIGH (8.8)
EPSS
51.19%
KEV

Description

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Statistics

  • 2 Posts
Last activity: 12 hours ago

Bluesky

Profile picture
r/purpleteamsec bot @r-purpleteamsec.bsky.social
Using NTLM Reflection to Own Active Directory (CVE-2025-33073)
  • 0
  • 0
  • 1
  • 12h ago

CVE-2026-23744

Overview

  • MCPJam
  • inspector
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.

Statistics

  • 2 Posts
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2026-23744 - Critical (9.8)

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installatio...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 5h ago

CVE-2026-23529

Overview

  • Aiven-Open
  • bigquery-connector-for-apache-kafka
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
HIGH (7.7)
EPSS
Pending
KEV

Description

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations for authentication to BigQuery services. During connector configuration, users can supply credential JSON files that are processed by Google authentication libraries. The service fails to validate externally-sourced credential configurations before passing them to the authentication libraries. An attacker can exploit this by providing a malicious credential configuration containing crafted credential_source.file paths or credential_source.url endpoints, resulting in arbitrary file reads or SSRF attacks.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-23529 - High (7.7)

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connecto...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 8h ago
Showing 11 to 20 of 62 CVEs