24h | 7d | 30d

Overview

  • pdfminer
  • pdfminer.six

10 Nov 2025
Published
08 Jan 2026
Updated

CVSS v3.1
HIGH (8.6)
EPSS
0.04%

KEV

Description

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The `CMapDB._load_data()` function in pdfminer.six uses `pickle.loads()` to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in the `cmap/` directory, but a malicious PDF can specify an alternative directory and filename as long as the filename ends in `.pickle.gz`. A malicious, zipped pickle file can then contain code which will automatically execute when the PDF is processed. Version 20251107 fixes the issue.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture
URGENT: #Fedora 42 issues patch for critical CVE-2025-64512 in python-pdfminer. PDF parsing flaw allows arbitrary code execution. Read more: 👉 tinyurl.com/2z5amenv #Security
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • UTT
  • 进取 520W

11 Jan 2026
Published
11 Jan 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture

🟠 CVE-2026-0839 - High (8.8)

A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Apache Software Foundation
  • Apache Struts
  • com.opensymphony:xwork

11 Jan 2026
Published
11 Jan 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture
SIOSセキュリティブログを更新しました。 Apache StrutsのXXE脆弱性(CVE-2025-68493) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #apache #struts security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Veeam
  • Backup and Recovery

08 Jan 2026
Published
09 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.0)
EPSS
0.22%

KEV

Description

This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture
Instagram fixed an issue allowing external parties to request password reset emails; Malwarebytes reported a 17.5M data claim; Veeam patched four high‑severity vulnerabilities including CVE-2025-59470.
  • 0
  • 0
  • 0
  • Last hour

Overview

  • UTT
  • 进取 520W

11 Jan 2026
Published
11 Jan 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture

🟠 CVE-2026-0838 - High (8.8)

A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • aio-libs
  • aiohttp

05 Jan 2026
Published
06 Jan 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.05%

KEV

Description

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory. This issue is fixed in version 3.13.3.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture
URGENT: #openSUSE Tumbleweed advisory patches 8 CVEs in python311-aiohttp (CVE-2025-69223 to 69230). Read more: 👉 tinyurl.com/4usce7hw #Security
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • VMware
  • ESXi

04 Mar 2025
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
51.47%

Description

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture
📢 Huntress détaille un kit d’évasion VMware ESXi exploitant CVE-2025-22224/22225/22226 📝 Selon Huntress (Tactical Response et SOC), u… https://cyberveille.ch/posts/2026-01-10-huntress-detaille-un-kit-devasion-vmware-esxi-exploitant-cve-2025-22224-22225-22226/ #CVE_2025_22224_22225_22226 #Cyberveille
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • UTT
  • 进取 520W

11 Jan 2026
Published
11 Jan 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 2 Posts

Last activity: 19 hours ago

Fediverse

Profile picture

🟠 CVE-2026-0837 - High (8.8)

A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The explo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 19h ago

Overview

  • UTT
  • 进取 520W

11 Jan 2026
Published
11 Jan 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW. This manipulation of the argument ssid causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture

🟠 CVE-2026-0836 - High (8.8)

A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW. This manipulation of the argument ssid causes buffer overflow. Remote exploitation of the att...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • zlib software
  • zlib

07 Jan 2026
Published
07 Jan 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%

KEV

Description

zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption, denial of service, and potentially code execution depending on compiler, build flags, architecture, and memory layout. The overflow occurs prior to any archive parsing or validation.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture
🚨 CRITICAL: #Mageia 9 security update MGASA-2026-0006 patches a severe buffer overflow in zlib (CVE-2026-22184). Affects versions <=1.3.1.2. Remote code execution risk. Read more: 👉 tinyurl.com/4k4b6nz2 #Security
  • 0
  • 0
  • 0
  • 9h ago
Showing 11 to 20 of 22 CVEs