24h | 7d | 30d

Overview

  • Pending

22 Jan 2026
Published
23 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture

πŸ”΄ CVE-2025-56590 - Critical (9.8)

An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Anritsu
  • ShockLine

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS v3.0
HIGH (7.8)
EPSS
0.21%

KEV

Description

Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CHX files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27833.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture

🟠 CVE-2025-15348 - High (7.8)

Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is requ...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Anritsu
  • VectorStar

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS v3.0
HIGH (7.8)
EPSS
0.21%

KEV

Description

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CHX files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27040.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture

🟠 CVE-2025-15351 - High (7.8)

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is re...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Anritsu
  • ShockLine

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS v3.0
HIGH (7.5)
EPSS
0.09%

KEV

Description

Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Anritsu ShockLine. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SCPI component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27315.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture

🟠 CVE-2025-15349 - High (7.5)

Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Anritsu ShockLine. Authentication is not required to exploit thi...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Pending

20 Jan 2026
Published
23 Jan 2026
Updated

CVSS
Pending
EPSS
0.28%

KEV

Description

An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because `pickle` allows execution of embedded code via `__reduce__()`, an attacker can achieve code execution by passing a malicious pickle file. The parameter is not mentioned in official documentation or the GitHub repository, yet it is active in the PyPI version. This introduces a stealthy backdoor and persistence risk.

Statistics

  • 2 Posts

Last activity: 14 hours ago

Fediverse

Profile picture
CVE-2025-56005 - If you pass untrusted data in the `run_this_code` parameter of bar() of library foo then untrusted code gets executed. This is a vulnerability, because it's not documented that `run_this_code` will run code.

Developer resigned:
https://github.com/dabeaz/ply/commit/9d7c40099e23ff78f9d86ef69a26c1e8a83e706a

#cve #slop #FOSS
  • 0
  • 0
  • 1
  • 14h ago

Overview

  • Python Software Foundation
  • CPython

03 Dec 2025
Published
14 Jan 2026
Updated

CVSS v4.0
MEDIUM (6.3)
EPSS
0.12%

KEV

Description

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2025-12084 impacts python in 14 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/384 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • langflow-ai
  • langflow

07 Apr 2025
Published
29 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
91.42%

Description

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture
The latest update for #Indusface includes "CVE-2025-3248: Critical Langflow Unauthenticated Remote Code Execution Vulnerability" and "How to Sell Premium Web Security Retainers". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Hubitat
  • Elevation C3

22 Jan 2026
Published
23 Jan 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
0.04%

KEV

Description

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation.

Statistics

  • 1 Post

Last activity: 9 hours ago

Fediverse

Profile picture

A write up of the 9.4 vuln in #hubitat (CVE-2026-1201) is available on the ostrich lab site. ostrichlab.io/research-blog/?p

If you have a hubitat please update. If you like this kind of research please follow!

#homeautomation #smarthome #cybersecurity #cybersec #CVE

  • 0
  • 0
  • 0
  • 9h ago

Overview

  • VMware
  • VCF operations

29 Sep 2025
Published
04 Nov 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.68%

Description

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.Β A malicious local actor with non-administrative privileges having access to a VM with VMware ToolsΒ installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture
🚨 CRITICAL: CVE-2025-41244 affects open-vm-tools on #SUSE Linux Enterprise Server 16.0 (CVSS: 8.5). Local privilege escalation vulnerability requiring immediate patching. Read more: πŸ‘‰ tinyurl.com/3h9ve98w #Security
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • mcp-server-siri-shortcuts
  • mcp-server-siri-shortcuts

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS v3.0
HIGH (7.8)
EPSS
0.05%

KEV

Description

mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of mcp-server-siri-shortcuts. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the shortcutName parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-27910.

Statistics

  • 2 Posts

Last activity: 23 hours ago

Fediverse

Profile picture

🟠 CVE-2026-0758 - High (7.8)

mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of mcp-server-siri-shortcuts. An attacker must first obtain the...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 23h ago
Showing 31 to 40 of 78 CVEs