24h | 7d | 30d

CVE-2025-64512

Overview

  • pdfminer
  • pdfminer.six
10 Nov 2025
Published
08 Jan 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.04%
KEV

Description

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The `CMapDB._load_data()` function in pdfminer.six uses `pickle.loads()` to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in the `cmap/` directory, but a malicious PDF can specify an alternative directory and filename as long as the filename ends in `.pickle.gz`. A malicious, zipped pickle file can then contain code which will automatically execute when the PDF is processed. Version 20251107 fixes the issue.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT: #Fedora 42 issues patch for critical CVE-2025-64512 in python-pdfminer. PDF parsing flaw allows arbitrary code execution. Read more: 👉 tinyurl.com/2z5amenv #Security
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-0839

Overview

  • UTT
  • 进取 520W
11 Jan 2026
Published
11 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0839 - High (8.8)

A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-68493

Overview

  • Apache Software Foundation
  • Apache Struts
  • com.opensymphony:xwork
11 Jan 2026
Published
11 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture
OMO @omo.bsky.social
SIOSセキュリティブログを更新しました。 Apache StrutsのXXE脆弱性(CVE-2025-68493) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #apache #struts security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-59470

Overview

  • Veeam
  • Backup and Recovery
08 Jan 2026
Published
09 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.0)
EPSS
0.22%
KEV

Description

This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture
Information Security Briefly @infosecbriefly.bsky.social
Instagram fixed an issue allowing external parties to request password reset emails; Malwarebytes reported a 17.5M data claim; Veeam patched four high‑severity vulnerabilities including CVE-2025-59470.
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-0838

Overview

  • UTT
  • 进取 520W
11 Jan 2026
Published
11 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0838 - High (8.8)

A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-69223

Overview

  • aio-libs
  • aiohttp
05 Jan 2026
Published
06 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.05%
KEV

Description

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory. This issue is fixed in version 3.13.3.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT: #openSUSE Tumbleweed advisory patches 8 CVEs in python311-aiohttp (CVE-2025-69223 to 69230). Read more: 👉 tinyurl.com/4usce7hw #Security
  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-22224

Overview

  • VMware
  • ESXi
04 Mar 2025
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
51.47%
KEV

Description

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 Huntress détaille un kit d’évasion VMware ESXi exploitant CVE-2025-22224/22225/22226 📝 Selon Huntress (Tactical Response et SOC), u… https://cyberveille.ch/posts/2026-01-10-huntress-detaille-un-kit-devasion-vmware-esxi-exploitant-cve-2025-22224-22225-22226/ #CVE_2025_22224_22225_22226 #Cyberveille
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-0837

Overview

  • UTT
  • 进取 520W
11 Jan 2026
Published
11 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 2 Posts
Last activity: 19 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0837 - High (8.8)

A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The explo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 19h ago

CVE-2026-0836

Overview

  • UTT
  • 进取 520W
11 Jan 2026
Published
11 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW. This manipulation of the argument ssid causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0836 - High (8.8)

A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW. This manipulation of the argument ssid causes buffer overflow. Remote exploitation of the att...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-22184

Overview

  • zlib software
  • zlib
07 Jan 2026
Published
07 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%
KEV

Description

zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption, denial of service, and potentially code execution depending on compiler, build flags, architecture, and memory layout. The overflow occurs prior to any archive parsing or validation.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 CRITICAL: #Mageia 9 security update MGASA-2026-0006 patches a severe buffer overflow in zlib (CVE-2026-22184). Affects versions <=1.3.1.2. Remote code execution risk. Read more: 👉 tinyurl.com/4k4b6nz2 #Security
  • 0
  • 0
  • 0
  • 9h ago
Showing 11 to 20 of 22 CVEs