24h | 7d | 30d

Overview

  • GitLab
  • GitLab

22 Jan 2026
Published
22 Jan 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 6 hours ago

Fediverse

Profile picture

🟠 CVE-2025-13928 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrec...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 1
  • 0
  • 0
  • 6h ago

Overview

  • livewire
  • livewire

17 Jul 2025
Published
17 Jul 2025
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.12%

KEV

Description

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 3 hours ago

Fediverse

Profile picture

‼️Livepyre: A tool designed to exploit CVE-2025-54068 and Remote Command Execution if the APP_KEY of the Livewire project is known.

GitHub: github.com/synacktiv/Livepyre

Writeup: synacktiv.com/en/publications/

CVSS: 9.2

Description: Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.

  • 0
  • 2
  • 0
  • 3h ago

Overview

  • SmarterTools
  • SmarterMail

29 Dec 2025
Published
22 Jan 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
13.81%

KEV

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 10 hours ago

Bluesky

Profile picture
Well, well, well - look what we’re back with. You may recall that merely two weeks ago, we analyzed CVE-2025-52691 - a pre-auth RCE vulnerability in the SmarterTools SmarterMail email solution with a timeline that is typically reserved for KEV hall-of-famers. The plot of that story had e..
  • 0
  • 1
  • 0
  • 10h ago

Overview

  • AlchemyCMS
  • alchemy_cms

19 Jan 2026
Published
21 Jan 2026
Updated

CVSS v3.1
MEDIUM (6.4)
EPSS
0.02%

KEV

Description

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby `eval()` function to dynamically execute a string provided by the `resource_handler.engine_name` attribute in `Alchemy::ResourcesHelper#resource_url_proxy`. The vulnerability exists in `app/helpers/alchemy/resources_helper.rb` at line 28. The code explicitly bypasses security linting with `# rubocop:disable Security/Eval`, indicating that the use of a dangerous function was known but not properly mitigated. Since `engine_name` is sourced from module definitions that can be influenced by administrative configurations, it allows an authenticated attacker to escape the Ruby sandbox and execute arbitrary system commands on the host OS. Versions 7.4.12 and 8.0.3 fix the issue by replacing `eval()` with `send()`.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 6 hours ago

Fediverse

Profile picture

‼️CVE-2026-23885: AlchemyCMS has Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

CVSS: 6.4
CVE Published: January 19th, 2026

Advisory/Exploit/PoC: github.com/advisories/GHSA-276

Description: Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby `eval()` function to dynamically execute a string provided by the `resource_handler.engine_name` attribute in `Alchemy::ResourcesHelper#resource_url_proxy`. The vulnerability exists in `app/helpers/alchemy/resources_helper.rb` at line 28. The code explicitly bypasses security linting with `# rubocop:disable Security/Eval`, indicating that the use of a dangerous function was known but not properly mitigated. Since `engine_name` is sourced from module definitions that can be influenced by administrative configurations, it allows an authenticated attacker to escape the Ruby sandbox and execute arbitrary system commands on the host OS. Versions 7.4.12 and 8.0.3 fix the issue by replacing `eval()` with `send()`.

  • 0
  • 1
  • 0
  • 6h ago

Overview

  • Pending

22 Jan 2026
Published
22 Jan 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 6 hours ago

Fediverse

Profile picture

πŸ”΄ CVE-2025-69764 - Critical (9.8)

Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 1
  • 0
  • 6h ago

Overview

  • Solvera Software Services Trade Inc.
  • Teknoera

22 Jan 2026
Published
22 Jan 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
Pending

KEV

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows File Content Injection.This issue affects Teknoera: through 01102025.

Statistics

  • 1 Post

Last activity: 9 hours ago

Fediverse

Profile picture

🟠 CVE-2025-10856 - High (8.1)

Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows File Content Injection.This issue affects Teknoera: through 01102025.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 9h ago

Overview

  • GnuTLS
  • libtasn1

07 Jan 2026
Published
20 Jan 2026
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture
URGENT: #Fedora 42 security update patches critical buffer overflow in mingw-libtasn1 (CVE-2025-13151). Read more: πŸ‘‰ tinyurl.com/kdw5jcua #Security
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Altium
  • AES

22 Jan 2026
Published
22 Jan 2026
Updated

CVSS v3.1
HIGH (8.6)
EPSS
0.04%

KEV

Description

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture

🟠 CVE-2025-27378 - High (8.6)

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to injec...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Dell
  • Unisphere for PowerMax

22 Jan 2026
Published
22 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
Pending

KEV

Description

Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture

🟠 CVE-2025-36588 - High (8.8)

Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnera...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • EXERT Computer Technologies Software Ltd. Co.
  • Education Management System

22 Jan 2026
Published
22 Jan 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.04%

KEV

Description

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025.

Statistics

  • 1 Post

Last activity: 9 hours ago

Fediverse

Profile picture

🟠 CVE-2025-10024 - High (7.5)

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 9h ago
Showing 11 to 20 of 51 CVEs