24h | 7d | 30d

CVE-2025-67399

Overview

  • Pending
14 Jan 2026
Published
14 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller (Wi-Fi and BLE module) on the device is open to access

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture
cR0w @cR0w

I'm not concerned about this as a security concern, but I know people around here like their AQI monitors so this might be handy for folks trying to hack theirs for other functionality.

github.com/rupeshsurve04/CVE-2

  • 1
  • 2
  • 0
  • 10h ago

CVE-2025-14847

Overview

  • MongoDB Inc.
  • MongoDB Server
19 Dec 2025
Published
12 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
57.25%
KEV

Description

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 4 hours ago

Bluesky

Profile picture
piyokango @piyokango.bsky.social
脅威概要: MongoDB の脆弱性 (CVE-2025-14847) #CybersecurityNews unit42.paloaltonetworks.com/mongobleed-c...
  • 1
  • 2
  • 0
  • 4h ago

CVE-2025-8677

Overview

  • ISC
  • BIND 9
22 Oct 2025
Published
04 Nov 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.06%
KEV

Description

Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture
cR0w @cR0w

Still no fix in BIG-IP DNS for CVE-2025-8677.

my.f5.com/manage/s/article/K00

  • 1
  • 2
  • 0
  • 8h ago

CVE-2025-66032

Overview

  • anthropics
  • claude-code
03 Dec 2025
Published
03 Dec 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.15%
KEV

Description

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 15 hours ago

Bluesky

Profile picture
Application Security Feed @appsecfeed.bsky.social
🗞️ Claude Code CVE-2025-66032: Why Allowlists Aren't Enough 🔗 https://niyikiza.com/posts/cve-2025-66032/
  • 1
  • 0
  • 0
  • 15h ago

CVE-2025-53136

Overview

  • Microsoft
  • Windows 10 Version 1809
12 Aug 2025
Published
10 Nov 2025
Updated
CVSS v3.1
MEDIUM (5.5)
EPSS
0.05%
KEV

Description

Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

❗️CVE-2025-53136: Windows Kernel Information Disclosure through Race condition

PoC/Exploit: github.com/nu1lptr0/CVE-2025-5

CVSS: 5.5
CVE Published: Aug 12th, 2025

  • 1
  • 0
  • 0
  • 2h ago

CVE-2025-40778

Overview

  • ISC
  • BIND 9
22 Oct 2025
Published
07 Nov 2025
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.00%
KEV

Description

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture
cR0w @cR0w

Nor is there one for CVE-2025-40778.

my.f5.com/manage/s/article/K00

  • 0
  • 2
  • 0
  • 8h ago

CVE-2025-49844

Overview

  • redis
  • redis
03 Oct 2025
Published
04 Nov 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
6.88%
KEV

Description

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 13 hours ago

Fediverse

Profile picture
cR0w @cR0w

Redis Lua vuln impacts BIG-IP Next and no patches are available.

my.f5.com/manage/s/article/K00

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • 13h ago

CVE-2026-0861

Overview

  • The GNU C Library
  • glibc
14 Jan 2026
Published
14 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0861 - High (8.4)

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap cor...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-12166

Overview

  • croixhaug
  • Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
14 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the `order` and `append_where_sql` parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-12166 - High (7.5)

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the `order` and `append_where_sql` parameters in all versions up to, and including, 1.6.9.9 due to insuf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-33206

Overview

  • NVIDIA
  • NSIGHT Graphics
14 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-33206 - High (7.8)

NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 8h ago
Showing 11 to 20 of 87 CVEs