Overview
Description
Statistics
- 1 Post
Fediverse
🟠CVE-2026-0830 - High (7.8)
Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces.
To mitigate, users should updat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0830/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda
Overview
- AmentoTech
- Workreap (theme's plugin)
- workreap
Description
Statistics
- 1 Post
Fediverse
🔴 CVE-2025-22728 - Critical (9.8)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows SQL Injection.This issue affects Workreap (theme's plugin): from n/a through <= 3.3.6.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-22728/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda
Overview
- RustCrypto
- elliptic-curves
Description
Statistics
- 1 Post
Fediverse
🟠CVE-2026-22700 - High (7.5)
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22700/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
- Tencent
- WeKnora
Description
Statistics
- 3 Posts
Fediverse
🔴 CVE-2026-22688 - Critical (9.9)
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP st...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22688/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
- woocommerce
- WooCommerce Square
Description
Statistics
- 1 Post
Fediverse
🟠CVE-2025-13457 - High (7.5)
The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the get_token_by_id function due to missing validation on a user controlled key. This makes it possible ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13457/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
Description
Statistics
- 1 Post
Fediverse
🟠CVE-2025-67070 - High (8.2)
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password recovery process. This results in the ability to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67070/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda
Overview
Description
Statistics
- 1 Post
Fediverse
🟠CVE-2026-22594 - High (8.1)
Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22594/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
- remix-run
- react-router
Description
Statistics
- 1 Post
Fediverse
🟠CVE-2026-22029 - High (8)
React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
- Sangfor
- Operation and Maintenance Management System
Description
Statistics
- 1 Post
Fediverse
🔴 CVE-2025-15501 - Critical (9.8)
A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15501/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda
Overview
- Comfy-Org
- ComfyUI-Manager
Description
Statistics
- 1 Post
Fediverse
🟠CVE-2026-22777 - High (7.5)
ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack