24h | 7d | 30d

Overview

  • OpenC3
  • cosmos

13 Jan 2026
Published
13 Jan 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.22%

KEV

Description

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of certain APIs, attacker-controlled parameter text is parsed into values using String#convert_to_value. For array-like inputs, convert_to_value executes eval(). Because the cmd code path parses the command string before calling authorize(), an unauthenticated attacker can trigger Ruby code execution even though the request ultimately fails authorization (401). This vulnerability is fixed in 6.10.2.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture

πŸ”΄ CVE-2025-68271 - Critical (10)

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API....

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Adobe
  • Substance3D - Stager

13 Jan 2026
Published
13 Jan 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.03%

KEV

Description

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture

🟠 CVE-2026-21287 - High (7.8)

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim ...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • InternationalColorConsortium
  • iccDEV

13 Jan 2026
Published
13 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.04%

KEV

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe() at IccProfLib/IccMpeCalc.cpp. This vulnerability affects users of the iccDEV library who process ICC color profiles. The vulnerability is fixed in 2.3.1.2.

Statistics

  • 2 Posts

Last activity: 20 hours ago

Fediverse

Profile picture

🟠 CVE-2026-22861 - High (8.8)

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::De...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 20h ago

Overview

  • Fortinet
  • FortiClientEMS

13 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
MEDIUM (6.8)
EPSS
0.12%

KEV

Description

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

Statistics

  • 2 Posts

Last activity: 8 hours ago

Bluesky

Profile picture
Fortinet Forticlient EMS RCE CVE-2025-59922 and one IMG tag to rule them all
  • 0
  • 0
  • 1
  • 8h ago

Overview

  • checkpoint
  • Hramony SASE

14 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture

🟠 CVE-2025-9142 - High (7.5)

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Huawei
  • HarmonyOS

14 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
HIGH (8.4)
EPSS
0.00%

KEV

Description

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture

🟠 CVE-2025-68957 - High (8.4)

Multi-thread race condition vulnerability in the card framework module.
Impact: Successful exploitation of this vulnerability may affect availability.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • honojs
  • hono

13 Jan 2026
Published
13 Jan 2026
Updated

CVSS v3.1
HIGH (8.2)
EPSS
0.02%

KEV

Description

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly define an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged tokens to be accepted. The JWK/JWKS JWT verification middleware has been updated to require an explicit allowlist of asymmetric algorithms when verifying tokens. The middleware no longer derives the verification algorithm from untrusted JWT header values. This vulnerability is fixed in 4.11.4.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture

🟠 CVE-2026-22818 - High (8.2)

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verifi...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Adobe
  • Dreamweaver Desktop

13 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
HIGH (8.6)
EPSS
0.03%

KEV

Description

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.

Statistics

  • 2 Posts

Last activity: 22 hours ago

Fediverse

Profile picture

🟠 CVE-2026-21272 - High (8.6)

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into file...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 22h ago

Overview

  • Insyde Software
  • InsydeH2O tools

14 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.01%

KEV

Description

The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture

🟠 CVE-2025-12053 - High (7.8)

The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Fortinet
  • FortiWeb

14 Nov 2025
Published
14 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.4)
EPSS
89.81%

Description

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture
~Checkpoint~ New Sicarii ransomware claims an Israeli identity, but linguistic analysis and operational behavior suggest it may be a false-flag operation. - IOCs: CVE-2025-64446 - #FalseFlag #Ransomware #Sicarii #ThreatIntel
  • 0
  • 0
  • 0
  • 1h ago
Showing 31 to 40 of 96 CVEs