CVE-2026-23842

Overview

gunthercox
ChatterBot

19 Jan 2026

Published

19 Jan 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.04%

MITRE

KEV

Description

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the get_response() method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service unavailability and requiring a manual restart to recover. Version 1.2.11 fixes the issue.

Statistics

1 Post

Last activity: 21 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-23842 - High (7.5)

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23842/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
21h ago

CVE-2026-23949

Overview

jaraco
jaraco.context

20 Jan 2026

Published

20 Jan 2026

Updated

CVSS v3.1

HIGH (8.6)

EPSS

0.04%

MITRE

KEV

Description

jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The strip_first_component filter splits the path on the first `/` and extracts the second component, while allowing `../` sequences. Paths like `dummy_dir/../../etc/passwd` become `../../etc/passwd`. Note that this suffers from a nested tarball attack as well with multi-level tar files such as `dummy_dir/inner.tar.gz`, where the inner.tar.gz includes a traversal `dummy_dir/../../config/.env` that also gets translated to `../../config/.env`. Version 6.1.0 contains a patch for the issue.

Statistics

1 Post

Last activity: 15 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-23949 - High (8.6)

jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0....

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23949/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
15h ago

CVE-2026-21858

Overview

n8n-io
n8n

07 Jan 2026

Published

12 Jan 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

3.72%

MITRE

KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

1 Post

Last activity: 19 hours ago

Fediverse

CVEDatabase.com @cvedatabase

A new critical unauthenticated RCE in n8n (CVE-2026-21858) allows full takeover of exposed workflow instances, including access to connected APIs and data pipelines. If you self‑host n8n, lock down public access and patch immediately.

https://www.cvedatabase.com/cve/CVE-2026-21858

#CyberSecurity #n8n

0
0
0
19h ago

CVE-2025-60021

Overview

Apache Software Foundation
Apache bRPC

16 Jan 2026

Published

17 Jan 2026

Updated

CVSS

Pending

EPSS

0.39%

MITRE

KEV

Description

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided extra_options parameter and executes it as a command-line argument. Attackers can execute remote commands using the extra_options parameter.. Affected scenarios: Use the built-in bRPC heap profiler service to perform jemalloc memory profiling. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.15.0. 2. Apply this patch ( https://github.com/apache/brpc/pull/3101 ) manually.

Statistics

1 Post

Last activity: 11 hours ago

Bluesky

セキュリティ対策Lab @securitylab-jp.bsky.social

Apache bRPCにコマンドインジェクション脆弱性(CVE-2025-60021) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security

0
0
0
11h ago

CVE-2026-22844

Overview

Zoom Communications Inc.
Zoom Node

20 Jan 2026

Published

20 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.9)

EPSS

Pending

MITRE

KEV

Description

A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.

Statistics

3 Posts

Last activity: 2 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-22844 - Critical (9.9)

A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22844/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
2
2h ago

CVE-2026-23876

Overview

ImageMagick
ImageMagick

20 Jan 2026

Published

20 Jan 2026

Updated

CVSS v3.1

HIGH (8.1)

EPSS

0.04%

MITRE

KEV

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue.

Statistics

1 Post

Last activity: 15 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-23876 - High (8.1)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write contr...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23876/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
15h ago

CVE-2025-53912

Overview

MedDream
MedDream PACS Premium

20 Jan 2026

Published

20 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.6)

EPSS

Pending

MITRE

KEV

Description

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.

Statistics

1 Post

Last activity: Last hour

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-53912 - Critical (9.6)

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-53912/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
Last hour

CVE-2025-29943

Overview

AMD
AMD EPYC™ 9004 Series Processors

16 Jan 2026

Published

16 Jan 2026

Updated

CVSS v4.0

MEDIUM (4.6)

EPSS

0.01%

MITRE

KEV

Description

Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.

Statistics

1 Post

Last activity: 22 hours ago

Bluesky

CyberMaterial @cybermaterial.bsky.social

StackWarp Attack Threatens AMD VMs Read More: buff.ly/nI23NTy #AMD #Zen #ConfidentialComputing #CloudSecurity #VirtualizationSecurity #SEVSNP #HardwareSecurity #CVE202529943 #VMescape #CryptoSecurity #CyberResearch

0
0
0
22h ago

CVE-2026-0906

Overview

Google
Chrome

20 Jan 2026

Published

20 Jan 2026

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

Statistics

1 Post

Last activity: Last hour

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-0906 - Critical (9.8)

Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0906/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
Last hour

CVE-2025-12985

Overview

IBM
IBM Licensing Operator

20 Jan 2026

Published

20 Jan 2026

Updated

CVSS v3.1

HIGH (8.4)

EPSS

Pending

MITRE

KEV

Description

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.

Statistics

1 Post

Last activity: Last hour

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-12985 - High (8.4)

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12985/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
Last hour