CVE-2026-21956

Overview

Oracle Corporation
Oracle VM VirtualBox

20 Jan 2026

Published

20 Jan 2026

Updated

CVSS v3.1

HIGH (8.2)

EPSS

Pending

MITRE

KEV

Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Statistics

1 Post

Last activity: 5 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-21956 - High (8.2)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21956/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
5h ago

CVE-2025-15521

Overview

kodezen
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution

21 Jan 2026

Published

21 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

Pending

MITRE

KEV

Description

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password and relying solely on a publicly-exposed nonce for authorization. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and gain access to their account.

Statistics

1 Post

Last activity: 3 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-15521 - Critical (9.8)

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15521/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
3h ago

CVE-2026-0902

Overview

Google
Chrome

20 Jan 2026

Published

20 Jan 2026

Updated

CVSS

Pending

EPSS

0.04%

MITRE

KEV

Description

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Statistics

1 Post

Last activity: 12 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-0902 - High (8.8)

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0902/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
12h ago

CVE-2026-21945

Overview

Oracle Corporation
Oracle Java SE

20 Jan 2026

Published

20 Jan 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

Pending

MITRE

KEV

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Statistics

1 Post

Last activity: 5 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-21945 - High (7.5)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.1...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21945/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
5h ago

CVE-2026-21989

Overview

Oracle Corporation
Oracle VM VirtualBox

20 Jan 2026

Published

20 Jan 2026

Updated

CVSS v3.1

HIGH (8.1)

EPSS

Pending

MITRE

KEV

Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).

Statistics

2 Posts

Last activity: 7 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-21989 - High (8.1)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21989/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
1
7h ago

CVE-2026-21988

Overview

Oracle Corporation
Oracle VM VirtualBox

20 Jan 2026

Published

20 Jan 2026

Updated

CVSS v3.1

HIGH (8.2)

EPSS

Pending

MITRE

KEV

Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Statistics

2 Posts

Last activity: 7 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-21988 - High (8.2)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21988/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
1
7h ago

CVE-2026-21962

Overview

Oracle Corporation
Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in

20 Jan 2026

Published

20 Jan 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

Pending

MITRE

KEV

Description

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in. While the vulnerability is in Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data. Note: Affected version for Weblogic Server Proxy Plug-in for IIS is 12.2.1.4.0 only. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).

Statistics

1 Post

Last activity: 7 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-21962 - Critical (10)

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that ar...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21962/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
7h ago

CVE-2026-1007

Overview

Devolutions
Server

19 Jan 2026

Published

20 Jan 2026

Updated

CVSS

Pending

EPSS

0.02%

MITRE

KEV

Description

Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12.

Statistics

1 Post

Last activity: 12 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-1007 - High (7.6)

Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1007/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
12h ago

CVE-2026-22844

Overview

Zoom Communications Inc.
Zoom Node

20 Jan 2026

Published

20 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.9)

EPSS

Pending

MITRE

KEV

Description

A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.

Statistics

3 Posts

Last activity: 14 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-22844 - Critical (9.9)

A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22844/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
2
14h ago

CVE-2026-21967

Overview

Oracle Corporation
Oracle Hospitality OPERA 5

20 Jan 2026

Published

20 Jan 2026

Updated

CVSS v3.1

HIGH (8.6)

EPSS

Pending

MITRE

KEV

Description

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.23, 5.6.25.17, 5.6.26.10 and 5.6.27.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality OPERA 5. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).

Statistics

1 Post

Last activity: 7 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-21967 - High (8.6)

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.23, 5.6.25.17, 5.6.26.10 and 5.6.27.4. Easily exploitable vulnerability allows...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21967/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
7h ago