24h | 7d | 30d

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 16 hours ago

Fediverse

Profile picture

📰 Apple & Google Issue Emergency Patches for 'GhostTouch' Zero-Click RCE Flaw (CVE-2026-23456)

🚨 URGENT: Apple & Google issue emergency patches for 'GhostTouch' (CVE-2026-23456), a zero-click RCE flaw affecting billions of devices. Actively exploited to deliver spyware via a malicious image. UPDATE your iPhone & Android NOW! 📱 #ZeroClick #V...

🔗 cyber.netsecops.io/articles/ap

  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Pending

26 Jan 2026
Published
26 Jan 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval module endpoints

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture

🟠 CVE-2025-67274 - High (7.5)

An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data r...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Is-Daouda
  • is-Engine

27 Jan 2026
Published
27 Jan 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture

🟠 CVE-2026-24828 - High (7.5)

Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Pending

23 Jan 2026
Published
26 Jan 2026
Updated

CVSS
Pending
EPSS
0.00%

KEV

Description

An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows an attacker to inject and execute arbitrary SQL code by submitting crafted input in the id parameter, leading to unauthorized data access or modification.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture

🔴 CVE-2025-52025 - Critical (9.4)

An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without pro...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Salesforce
  • Marketing Cloud Engagement

24 Jan 2026
Published
27 Jan 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture

🔴 CVE-2026-22583 - Critical (9.8)

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engageme...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Cisco
  • Cisco Secure Email

17 Dec 2025
Published
15 Jan 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
4.64%

Description

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture

第288回 投げます。一石、!スペシャル! - podcast - tsujileaks.com/?p=2172

2026年1月19日公開の
・生成AIによる音声からのなりすまし詐欺から始める、様々なコミュニケーション(電話/LINE/ChatWorkなど)におけるなりすまし手口
・Cisco Secure Email製品における脆弱性: CVE-2025-20393

お便りコーナーの「ログアウトする・しない」も興味深く聴きました

一つの手口ではなく類似の手口を複数並べることで共通項が見えてきて面白いです/コミュニケーションツールの使い方は場所によって様々だから、それぞれの中の人が「汎用的な手口を理解し、技術的に対策した上でその手口に気をつける」とよさそう。あと状況次第で誰でもなりすましに引っかかると思うから、「引っかからないこと」に注意を促すだけじゃなく、素早い事後対応も大事にしたい/LastPass, FerrariのCEOディープフェイクへの対策も勉強になる

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Pending

23 Jan 2026
Published
26 Jan 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services, each with an HTML form for submitting test input. These panels are intended for developer use, but are accessible in production environments with no authentication or session validation. This grants any external actor the ability to discover, test, and execute API endpoints that perform critical functions including but not limited to user transaction retrieval, credit adjustments, POS actions, and internal data queries.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture

🔴 CVE-2025-52024 - Critical (9.4)

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 17h ago

Overview

  • patriksimek
  • vm2

26 Jan 2026
Published
26 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of `localPromise.prototype.then` is sanitized, but `globalPromise.prototype.then` is not sanitized. The return value of async functions is `globalPromise` object. Version 3.10.2 fixes the issue.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture

🔴 CVE-2026-22709 - Critical (9.8)

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Salesforce
  • Marketing Cloud Engagement

24 Jan 2026
Published
27 Jan 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

Statistics

  • 2 Posts

Last activity: 16 hours ago

Fediverse

Profile picture

🔴 CVE-2026-22582 - Critical (9.8)

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagemen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 16h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • bootc

21 Jan 2026
Published
21 Jan 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture
Thread: Critical patch for #Fedora devs. CVE-2026-0988 affects mingw-glib2. Integer overflow in g_buffered_input_stream_peek() leads to DoS. Windows binaries built on Fedora could be vulnerable. Read more: 👉 tinyurl.com/3dha57wh #Security
  • 0
  • 0
  • 0
  • 23h ago
Showing 31 to 40 of 57 CVEs