Overview
- NaturalIntelligence
- fast-xml-parser
Description
Statistics
- 1 Post
Fediverse
🟠 CVE-2026-25128 - High (7.5)
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.3.6 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25128/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
Description
Statistics
- 1 Post
Fediverse
🟠 CVE-2026-24854 - High (8.8)
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint `/PaddleNumEditor.php` in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24854/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
Description
Statistics
- 1 Post
Fediverse
🔥 A vulnerability in AWStats sitting in a cPanel tree... H I D I N G?
We discovered it.
CVE-2025-63261 (or as we call it: PTT-2025-021) is what happens when "legacy meets lazy":
A single "|" in an HTTP GET param leads straight to RCE via Perl’s unsafe open() call.
And yes, this was sitting in AWStats.
Why it matters:
🔹 It’s already 2026, and we’re still finding bugs from 2000s-era web tools
🔹 Attack surface doesn’t disappear, it just ages quietly
🔹 RCE doesn’t need zero-days when it has zero hygiene
📝 We have a very comprehensive Part 1 article, written by Matei Badanoiu, who walks us through:
✅ How we found the bug
✅ How we turned it into a working exploit
✅ Why these “boring” vulns still matter
Read the article here: https://pentest-tools.com/blog/cpanel-cve-ptt-2025-021-part-1
Overview
Description
Statistics
- 1 Post
Fediverse
🔴 CVE-2025-15467 - Critical (9.8)
Issue summary: Parsing CMS AuthEnvelopedData message with maliciously
crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15467/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
Description
Statistics
- 1 Post
Overview
- SolarWinds
- Web Help Desk
Description
Statistics
- 1 Post
Overview
- quickjs-ng
- quickjs
Description
Statistics
- 1 Post
Overview
- SolarWinds
- Web Help Desk
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Overview
- quickjs-ng
- quickjs
Description
Statistics
- 1 Post