24h | 7d | 30d

CVE-2025-67004

Overview

  • Pending
09 Jan 2026
Published
09 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture
cR0w @cR0w

../ in CouchCMS.

cve.org/CVERecord?id=CVE-2025-

  • 1
  • 3
  • 0
  • 12h ago

CVE-2025-64091

Overview

  • Zenitel
  • TCIS-3+
09 Jan 2026
Published
09 Jan 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.05%
KEV

Description

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 15 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-64091 - High (8.6)

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 15h ago
Profile picture
cR0w @cR0w

Tenda

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

D-Link

cve.org/CVERecord?id=CVE-2026-

TOTOLINK

cve.org/CVERecord?id=CVE-2026-

Zenitel

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 1
  • 0
  • 15h ago

CVE-2025-64092

Overview

  • Zenitel
  • ICX500
09 Jan 2026
Published
09 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.04%
KEV

Description

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 12 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-64092 - High (7.5)

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 12h ago
Profile picture
cR0w @cR0w

Tenda

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

D-Link

cve.org/CVERecord?id=CVE-2026-

TOTOLINK

cve.org/CVERecord?id=CVE-2026-

Zenitel

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 1
  • 0
  • 15h ago

CVE-2025-64093

Overview

  • Zenitel
  • ICX500
09 Jan 2026
Published
09 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.17%
KEV

Description

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 12 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-64093 - Critical (10)

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 12h ago
Profile picture
cR0w @cR0w

Tenda

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

D-Link

cve.org/CVERecord?id=CVE-2026-

TOTOLINK

cve.org/CVERecord?id=CVE-2026-

Zenitel

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 1
  • 0
  • 15h ago

CVE-2025-64090

Overview

  • Zenitel
  • TCIS-3+
09 Jan 2026
Published
09 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.07%
KEV

Description

This vulnerability allows authenticated attackers to execute commands via the hostname of the device.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 15 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-64090 - Critical (10)

This vulnerability allows authenticated attackers to execute commands via the hostname of the device.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 15h ago
Profile picture
cR0w @cR0w

Tenda

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

cve.org/CVERecord?id=CVE-2026-

D-Link

cve.org/CVERecord?id=CVE-2026-

TOTOLINK

cve.org/CVERecord?id=CVE-2026-

Zenitel

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 1
  • 0
  • 15h ago

CVE-2025-15035

Overview

  • TP-Link Systems Inc.
  • Archer AXE75 v1.6
09 Jan 2026
Published
09 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
Pending
KEV

Description

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture
cR0w @cR0w

TP-Link

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 12h ago

CVE-2025-2884

Overview

  • Trusted Computing Group
  • TPM2.0
10 Jun 2025
Published
13 Jun 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Bluesky

Profile picture
Nidouille @nidouille.bsky.social
Que je n'aime pas ça les cotection de sécurité au niveau du TPM. Ça touche l'authentification de mon Windows 11. Dans le cas présent, c'est lié à la CVE-2025-2884 qui est enfin corrigé via un nouveau UEFI. www.amd.com/en/resources...
  • 0
  • 1
  • 0
  • 11h ago

CVE-2020-12812

Overview

  • Fortinet FortiOS
24 Jul 2020
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
46.01%
KEV

Description

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 16 hours ago

Bluesky

Profile picture
780th Military Intelligence Brigade (Cyber) @780thmibdecyber.bsky.social
Advanced persistent threat (APT) groups, including APT5, Iranian-backed actors, Russian SVR operatives, and notorious ransomware families like Conti, REvil, Hive, and Cring have all been observed exploiting CVE-2020-12812 in the wild.
  • 0
  • 1
  • 0
  • 16h ago

CVE-2025-66049

Overview

  • Vivotek
  • IP7137
09 Jan 2026
Published
09 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.05%
KEV

Description

Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security.  The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 15 hours ago

Fediverse

Profile picture
cR0w @cR0w

Four CVEs in Vivotek cameras but no PoCs.

cert.pl/en/posts/2026/01/CVE-2

  • 0
  • 1
  • 0
  • 15h ago

CVE-2025-14017

Overview

  • curl
  • curl
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

Statistics

  • 4 Posts
Last activity: 12 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT: #openSUSE Leap 15.6 security update for curl (CVE-2025-14017) patches a critical TLS options flaw in threaded LDAPS. Read more: 👉 tinyurl.com/ym5seenw #Security
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
CRITICAL: #openSUSE Leap 15.6 security update addresses curl vulnerability CVE-2025-14017 affecting threaded LDAPS TLS options. Read more: 👉 tinyurl.com/3pk4ecm3 #Security
  • 0
  • 0
  • 0
  • 13h ago
Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 Critical cURL patch released: CVE-2025-14017. Impacts #SUSE Linux (SLES 15 SP4). Patch to curl 7.87.0-150400.7.26.1 immediately. Read more: 👉 tinyurl.com/5ekpmpvb #Security
  • 0
  • 0
  • 0
  • 12h ago
Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
CRITICAL: CVE-2025-14017 - Heap buffer overflow in curl. Patched in SUSE-2026-0078-1. Allows RCE via malicious SOCKS5 proxy response. Read more: 👉 tinyurl.com/3f8cnu3p #SUSE #Security
  • 0
  • 0
  • 0
  • 12h ago
Showing 11 to 20 of 110 CVEs