Overview
- Advantech
- IoTSuite and IoT Edge Products
12 Jan 2026
Published
12 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
Pending
KEV
Description
Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet.
Statistics
- 1 Post
Last activity: 4 hours ago
Fediverse
🔴 CVE-2025-52694 - Critical (10)
Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52694/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
Description
A remote code execution issue exists in HPE OneView.
Statistics
- 1 Post
Last activity: 5 hours ago
Overview
- Apache Software Foundation
- Apache Struts
- com.opensymphony:xwork
11 Jan 2026
Published
11 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV
Description
Missing XML Validation vulnerability in Apache Struts, Apache Struts.
This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.
Users are recommended to upgrade to version 6.1.1, which fixes the issue.
Statistics
- 1 Post
Last activity: 14 hours ago
Overview
Description
Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces.
To mitigate, users should update to the latest version.
Statistics
- 1 Post
Last activity: 7 hours ago
Bluesky
📢 CVE-2026-0830 : injection de commandes dans Kiro IDE (corrigé en 0.6.18)
📝 Selon un bulletin de sécurité AWS (Bulletin ID: 2026-001-AWS) publié le 9 janvier 20…
https://cyberveille.ch/posts/2026-01-10-cve-2026-0830-injection-de-commandes-dans-kiro-ide-corrige-en-0-6-18/ #CVE_2026_0830 #Cyberveille
Overview
Description
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0.
Statistics
- 1 Post
Last activity: 1 hour ago
Bluesky
Overview
Description
n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.
Statistics
- 1 Post
Last activity: 7 hours ago
Overview
Description
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.
Statistics
- 1 Post
Last activity: 4 hours ago
Overview
- Merit LILIN
- P2
12 Jan 2026
Published
12 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV
Description
Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
Statistics
- 1 Post
Last activity: 1 hour ago
Fediverse
🟠 CVE-2026-0855 - High (8.8)
Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0855/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
- Veeam
- Backup and Recovery
08 Jan 2026
Published
09 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.0)
EPSS
0.22%
KEV
Description
This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
Statistics
- 1 Post
Last activity: 8 hours ago
Overview
- aio-libs
- aiohttp
05 Jan 2026
Published
06 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.05%
KEV
Description
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory. This issue is fixed in version 3.13.3.
Statistics
- 1 Post
Last activity: 21 hours ago