CVE-2026-23836

Overview

kohler
hotcrp

19 Jan 2026

Published

19 Jan 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

0.08%

MITRE

KEV

Description

HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2.

Statistics

1 Post

Last activity: 19 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-23836 - Critical (9.9)

HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23836/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
19h ago

CVE-2026-1162

Overview

UTT
HiPER 810

19 Jan 2026

Published

19 Jan 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.04%

MITRE

KEV

Description

A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted element is the function strcpy of the file /goform/setSysAdm. This manipulation of the argument passwd1 causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Statistics

1 Post

Last activity: 21 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-1162 - Critical (9.8)

A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted element is the function strcpy of the file /goform/setSysAdm. This manipulation of the argument passwd1 causes buffer overflow. Remote exploitation of the attack is possible. The ex...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1162/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
21h ago

CVE-2026-23840

Overview

leepeuker
movary

19 Jan 2026

Published

19 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.3)

EPSS

0.05%

MITRE

KEV

Description

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryDeleted=`. Version 0.70.0 fixes the issue.

Statistics

1 Post

Last activity: 19 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-23840 - Critical (9.3)

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryDeleted=`...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23840/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
19h ago

CVE-2026-23837

Overview

franklioxygen
MyTube

19 Jan 2026

Published

19 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.18%

MITRE

KEV

Description

MyTube is a self-hosted downloader and player for several video websites. A vulnerability present in version 1.7.65 and poetntially earlier versions allows unauthenticated users to bypass the mandatory authentication check in the roleBasedAuthMiddleware. By simply not providing an authentication cookie (making req.user undefined), a request is incorrectly passed through to downstream handlers. All users running MyTube with loginEnabled: true are impacted. This flaw allows an attacker to access and modify application settings via /api/settings, change administrative and visitor passwords, and access other protected routes that rely on this specific middleware. The problem is patched in v1.7.66. MyTube maintainers recommend all users upgrade to at least version v1.7.64 immediately to secure their instances. The fix ensures that the middleware explicitly blocks requests if a user is not authenticated, rather than defaulting to next(). Those who cannot upgrade immediately can mitigate risk by restricting network access by usi a firewall or reverse proxy (like Nginx) to restrict access to the /api/ endpoints to trusted IP addresses only or, if they are comfortable editing the source code, manually patch by locating roleBasedAuthMiddleware and ensuring that the logic defaults to an error (401 Unauthorized) when req.user is undefined, instead of calling next().

Statistics

1 Post

Last activity: 17 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-23837 - Critical (9.8)

MyTube is a self-hosted downloader and player for several video websites. A vulnerability present in version 1.7.65 and poetntially earlier versions allows unauthenticated users to bypass the mandatory authentication check in the roleBasedAuthMidd...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23837/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
17h ago

CVE-2025-68616

Overview

Kozea
WeasyPrint

19 Jan 2026

Published

19 Jan 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.03%

MITRE

KEV

Description

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

Statistics

1 Post

Last activity: 21 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-68616 - High (7.5)

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network reso...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68616/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
21h ago

CVE-2026-23839

Overview

leepeuker
movary

19 Jan 2026

Published

19 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.3)

EPSS

0.05%

MITRE

KEV

Description

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryUpdated=`. Version 0.70.0 fixes the issue.

Statistics

1 Post

Last activity: 19 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-23839 - Critical (9.3)

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryUpdated=`...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23839/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
19h ago

CVE-2025-62507

Overview

redis
redis

04 Nov 2025

Published

06 Nov 2025

Updated

CVSS v4.0

HIGH (7.7)

EPSS

0.10%

MITRE

KEV

Description

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

Statistics

1 Post

Last activity: 6 hours ago

Fediverse

AllAboutSecurity @allaboutsecurity

JFrog untersucht CVE 2025 62507 in Redis Streams: Risiko vom Crash bis zur Remote Code Ausführung

In der Empfehlung heißt es, dass sich durch den XACKDEL Befehl mit vielen IDs ein Stack Buffer Overflow auslösen lässt, der unter Umständen in Remote Code Ausführung münden kann.

https://www.all-about-security.de/jfrog-untersucht-cve-2025-62507-in-redis-streams-risiko-vom-crash-bis-zur-remote-code-ausfuehrung/

#RCEExploit #exploit #redis

0
0
0
6h ago

CVE-2022-33228

Overview

Qualcomm, Inc.
Snapdragon

04 Apr 2023

Published

03 Aug 2024

Updated

CVSS v3.1

HIGH (8.2)

EPSS

0.08%

MITRE

KEV

Description

Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.

Statistics

1 Post
2 Interactions

Last activity: 6 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-107
Endress+Hauser: Multiple products affected by Qualcomm vulnerabilities

Multiple vulnerabilities in a Qualcomm component have been reported in a closed-source report. This component is an integral part of the radio chip found in several Endress+Hauser products.
#CVE CVE-2022-33259, CVE-2022-33211, CVE-2022-25740, CVE-2022-25729, CVE-2022-25678, CVE-2020-3686, CVE-2020-11170, CVE-2019-2320, CVE-2019-2303, CVE-2019-14062, CVE-2019-10612, CVE-2019-10609, CVE-2019-10586, CVE-2019-10516, CVE-2019-10511, CVE-2019-10500, CVE-2019-10487, CVE-2020-3670, CVE-2020-3634, CVE-2020-11190, CVE-2020-11189, CVE-2020-11188, CVE-2020-11171, CVE-2020-11166, CVE-2020-11144, CVE-2019-14033, CVE-2019-14020, CVE-2019-14019, CVE-2019-14011, CVE-2019-10577, CVE-2019-10554, CVE-2019-10553, CVE-2019-10552, CVE-2020-11269, CVE-2020-11177, CVE-2022-25698, CVE-2022-25697, CVE-2022-25695, CVE-2023-21625, CVE-2022-33235, CVE-2022-33229, CVE-2022-33228, CVE-2022-33222, CVE-2022-25747, CVE-2022-25738, CVE-2022-25732, CVE-2022-25730, CVE-2022-25728, CVE-2022-25726, CVE-2020-11251, CVE-2020-11191, CVE-2020-3624, CVE-2020-3622, CVE-2020-11204, CVE-2020-11178, CVE-2019-14094, CVE-2019-14077, CVE-2019-14076, CVE-2019-14074, CVE-2019-14071, CVE-2019-14066, CVE-2019-14065, CVE-2019-14056, CVE-2019-14050, CVE-2019-14030, CVE-2019-14015, CVE-2019-14000, CVE-2019-13999, CVE-2019-13998, CVE-2019-13995, CVE-2019-13994, CVE-2019-10628, CVE-2019-10615, CVE-2019-10527, CVE-2022-33304, CVE-2022-33238, CVE-2022-33223, CVE-2022-33213, CVE-2022-25739, CVE-2022-25737, CVE-2022-25735, CVE-2022-25734, CVE-2022-25733, CVE-2022-25731, CVE-2022-25702, CVE-2021-30273, CVE-2020-11226, CVE-2020-11145, CVE-2019-2337, CVE-2019-2335, CVE-2019-14022, CVE-2019-10485, CVE-2019-14101, CVE-2019-14043, CVE-2019-14042, CVE-2019-10574, CVE-2019-14119, CVE-2019-10482, CVE-2020-3644, CVE-2020-3643, CVE-2020-3621, CVE-2020-3620, CVE-2019-2295, CVE-2019-14115, CVE-2019-14067, CVE-2019-14007, CVE-2019-10513, CVE-2020-11293

https://certvde.com/en/advisories/vde-2025-107/

#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-107.json

1
1
0
6h ago

CVE-2020-3644

Overview

Qualcomm, Inc.
Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

08 Sep 2020

Published

04 Aug 2024

Updated

CVSS

Pending

EPSS

0.10%

MITRE

KEV

Description

u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Statistics

1 Post
2 Interactions

Last activity: 6 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-107
Endress+Hauser: Multiple products affected by Qualcomm vulnerabilities

Multiple vulnerabilities in a Qualcomm component have been reported in a closed-source report. This component is an integral part of the radio chip found in several Endress+Hauser products.
#CVE CVE-2022-33259, CVE-2022-33211, CVE-2022-25740, CVE-2022-25729, CVE-2022-25678, CVE-2020-3686, CVE-2020-11170, CVE-2019-2320, CVE-2019-2303, CVE-2019-14062, CVE-2019-10612, CVE-2019-10609, CVE-2019-10586, CVE-2019-10516, CVE-2019-10511, CVE-2019-10500, CVE-2019-10487, CVE-2020-3670, CVE-2020-3634, CVE-2020-11190, CVE-2020-11189, CVE-2020-11188, CVE-2020-11171, CVE-2020-11166, CVE-2020-11144, CVE-2019-14033, CVE-2019-14020, CVE-2019-14019, CVE-2019-14011, CVE-2019-10577, CVE-2019-10554, CVE-2019-10553, CVE-2019-10552, CVE-2020-11269, CVE-2020-11177, CVE-2022-25698, CVE-2022-25697, CVE-2022-25695, CVE-2023-21625, CVE-2022-33235, CVE-2022-33229, CVE-2022-33228, CVE-2022-33222, CVE-2022-25747, CVE-2022-25738, CVE-2022-25732, CVE-2022-25730, CVE-2022-25728, CVE-2022-25726, CVE-2020-11251, CVE-2020-11191, CVE-2020-3624, CVE-2020-3622, CVE-2020-11204, CVE-2020-11178, CVE-2019-14094, CVE-2019-14077, CVE-2019-14076, CVE-2019-14074, CVE-2019-14071, CVE-2019-14066, CVE-2019-14065, CVE-2019-14056, CVE-2019-14050, CVE-2019-14030, CVE-2019-14015, CVE-2019-14000, CVE-2019-13999, CVE-2019-13998, CVE-2019-13995, CVE-2019-13994, CVE-2019-10628, CVE-2019-10615, CVE-2019-10527, CVE-2022-33304, CVE-2022-33238, CVE-2022-33223, CVE-2022-33213, CVE-2022-25739, CVE-2022-25737, CVE-2022-25735, CVE-2022-25734, CVE-2022-25733, CVE-2022-25731, CVE-2022-25702, CVE-2021-30273, CVE-2020-11226, CVE-2020-11145, CVE-2019-2337, CVE-2019-2335, CVE-2019-14022, CVE-2019-10485, CVE-2019-14101, CVE-2019-14043, CVE-2019-14042, CVE-2019-10574, CVE-2019-14119, CVE-2019-10482, CVE-2020-3644, CVE-2020-3643, CVE-2020-3621, CVE-2020-3620, CVE-2019-2295, CVE-2019-14115, CVE-2019-14067, CVE-2019-14007, CVE-2019-10513, CVE-2020-11293

https://certvde.com/en/advisories/vde-2025-107/

#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-107.json

1
1
0
6h ago

CVE-2022-33238

Overview

Qualcomm, Inc.
Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

13 Dec 2022

Published

22 Apr 2025

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.36%

MITRE

KEV

Description

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Statistics

1 Post
2 Interactions

Last activity: 6 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-107
Endress+Hauser: Multiple products affected by Qualcomm vulnerabilities

Multiple vulnerabilities in a Qualcomm component have been reported in a closed-source report. This component is an integral part of the radio chip found in several Endress+Hauser products.
#CVE CVE-2022-33259, CVE-2022-33211, CVE-2022-25740, CVE-2022-25729, CVE-2022-25678, CVE-2020-3686, CVE-2020-11170, CVE-2019-2320, CVE-2019-2303, CVE-2019-14062, CVE-2019-10612, CVE-2019-10609, CVE-2019-10586, CVE-2019-10516, CVE-2019-10511, CVE-2019-10500, CVE-2019-10487, CVE-2020-3670, CVE-2020-3634, CVE-2020-11190, CVE-2020-11189, CVE-2020-11188, CVE-2020-11171, CVE-2020-11166, CVE-2020-11144, CVE-2019-14033, CVE-2019-14020, CVE-2019-14019, CVE-2019-14011, CVE-2019-10577, CVE-2019-10554, CVE-2019-10553, CVE-2019-10552, CVE-2020-11269, CVE-2020-11177, CVE-2022-25698, CVE-2022-25697, CVE-2022-25695, CVE-2023-21625, CVE-2022-33235, CVE-2022-33229, CVE-2022-33228, CVE-2022-33222, CVE-2022-25747, CVE-2022-25738, CVE-2022-25732, CVE-2022-25730, CVE-2022-25728, CVE-2022-25726, CVE-2020-11251, CVE-2020-11191, CVE-2020-3624, CVE-2020-3622, CVE-2020-11204, CVE-2020-11178, CVE-2019-14094, CVE-2019-14077, CVE-2019-14076, CVE-2019-14074, CVE-2019-14071, CVE-2019-14066, CVE-2019-14065, CVE-2019-14056, CVE-2019-14050, CVE-2019-14030, CVE-2019-14015, CVE-2019-14000, CVE-2019-13999, CVE-2019-13998, CVE-2019-13995, CVE-2019-13994, CVE-2019-10628, CVE-2019-10615, CVE-2019-10527, CVE-2022-33304, CVE-2022-33238, CVE-2022-33223, CVE-2022-33213, CVE-2022-25739, CVE-2022-25737, CVE-2022-25735, CVE-2022-25734, CVE-2022-25733, CVE-2022-25731, CVE-2022-25702, CVE-2021-30273, CVE-2020-11226, CVE-2020-11145, CVE-2019-2337, CVE-2019-2335, CVE-2019-14022, CVE-2019-10485, CVE-2019-14101, CVE-2019-14043, CVE-2019-14042, CVE-2019-10574, CVE-2019-14119, CVE-2019-10482, CVE-2020-3644, CVE-2020-3643, CVE-2020-3621, CVE-2020-3620, CVE-2019-2295, CVE-2019-14115, CVE-2019-14067, CVE-2019-14007, CVE-2019-10513, CVE-2020-11293

https://certvde.com/en/advisories/vde-2025-107/

#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-107.json

1
1
0
6h ago