24h | 7d | 30d

CVE-2025-13928

Overview

  • GitLab
  • GitLab
22 Jan 2026
Published
22 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 6 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-13928 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrec...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 1
  • 0
  • 0
  • 6h ago

CVE-2025-54068

Overview

  • livewire
  • livewire
17 Jul 2025
Published
17 Jul 2025
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.12%
KEV

Description

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️Livepyre: A tool designed to exploit CVE-2025-54068 and Remote Command Execution if the APP_KEY of the Livewire project is known.

GitHub: github.com/synacktiv/Livepyre

Writeup: synacktiv.com/en/publications/

CVSS: 9.2

Description: Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.

  • 0
  • 2
  • 0
  • 3h ago

CVE-2025-52691

Overview

  • SmarterTools
  • SmarterMail
29 Dec 2025
Published
22 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
13.81%
KEV

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Bluesky

Profile picture
Tech-News @technology-news.bsky.social
Well, well, well - look what we’re back with. You may recall that merely two weeks ago, we analyzed CVE-2025-52691 - a pre-auth RCE vulnerability in the SmarterTools SmarterMail email solution with a timeline that is typically reserved for KEV hall-of-famers. The plot of that story had e..
  • 0
  • 1
  • 0
  • 10h ago

CVE-2026-23885

Overview

  • AlchemyCMS
  • alchemy_cms
19 Jan 2026
Published
21 Jan 2026
Updated
CVSS v3.1
MEDIUM (6.4)
EPSS
0.02%
KEV

Description

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby `eval()` function to dynamically execute a string provided by the `resource_handler.engine_name` attribute in `Alchemy::ResourcesHelper#resource_url_proxy`. The vulnerability exists in `app/helpers/alchemy/resources_helper.rb` at line 28. The code explicitly bypasses security linting with `# rubocop:disable Security/Eval`, indicating that the use of a dangerous function was known but not properly mitigated. Since `engine_name` is sourced from module definitions that can be influenced by administrative configurations, it allows an authenticated attacker to escape the Ruby sandbox and execute arbitrary system commands on the host OS. Versions 7.4.12 and 8.0.3 fix the issue by replacing `eval()` with `send()`.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 6 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️CVE-2026-23885: AlchemyCMS has Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

CVSS: 6.4
CVE Published: January 19th, 2026

Advisory/Exploit/PoC: github.com/advisories/GHSA-276

Description: Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby `eval()` function to dynamically execute a string provided by the `resource_handler.engine_name` attribute in `Alchemy::ResourcesHelper#resource_url_proxy`. The vulnerability exists in `app/helpers/alchemy/resources_helper.rb` at line 28. The code explicitly bypasses security linting with `# rubocop:disable Security/Eval`, indicating that the use of a dangerous function was known but not properly mitigated. Since `engine_name` is sourced from module definitions that can be influenced by administrative configurations, it allows an authenticated attacker to escape the Ruby sandbox and execute arbitrary system commands on the host OS. Versions 7.4.12 and 8.0.3 fix the issue by replacing `eval()` with `send()`.

  • 0
  • 1
  • 0
  • 6h ago

CVE-2025-69764

Overview

  • Pending
22 Jan 2026
Published
22 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 6 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2025-69764 - Critical (9.8)

Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 1
  • 0
  • 6h ago

CVE-2025-10856

Overview

  • Solvera Software Services Trade Inc.
  • Teknoera
22 Jan 2026
Published
22 Jan 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
Pending
KEV

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows File Content Injection.This issue affects Teknoera: through 01102025.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-10856 - High (8.1)

Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows File Content Injection.This issue affects Teknoera: through 01102025.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 9h ago

CVE-2025-13151

Overview

  • GnuTLS
  • libtasn1
07 Jan 2026
Published
20 Jan 2026
Updated
CVSS
Pending
EPSS
0.06%
KEV

Description

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

Statistics

  • 1 Post
Last activity: 10 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT: #Fedora 42 security update patches critical buffer overflow in mingw-libtasn1 (CVE-2025-13151). Read more: πŸ‘‰ tinyurl.com/kdw5jcua #Security
  • 0
  • 0
  • 0
  • 10h ago

CVE-2025-27378

Overview

  • Altium
  • AES
22 Jan 2026
Published
22 Jan 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.04%
KEV

Description

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-27378 - High (8.6)

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to injec...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 21h ago

CVE-2025-36588

Overview

  • Dell
  • Unisphere for PowerMax
22 Jan 2026
Published
22 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-36588 - High (8.8)

Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnera...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-10024

Overview

  • EXERT Computer Technologies Software Ltd. Co.
  • Education Management System
22 Jan 2026
Published
22 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.04%
KEV

Description

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-10024 - High (7.5)

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 9h ago
Showing 11 to 20 of 51 CVEs