24h | 7d | 30d

CVE-2025-14840

Overview

  • Drupal
  • HTTP Client Manager
28 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-14840 - High (7.5)

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-1610

Overview

  • Tenda
  • AX12 Pro V2
29 Jan 2026
Published
29 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
Pending
KEV

Description

A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-1610 - High (8.1)

A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-24428

Overview

  • Shenzhen Tenda Technology Co., Ltd.
  • W30E V2
26 Jan 2026
Published
26 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an attacker can bypass role-based restrictions enforced by the web interface and obtain full administrative privileges.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24428 - High (8.8)

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a craf...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-65891

Overview

  • Pending
28 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_properties() with an invalid or negative device index.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-65891 - High (7.5)

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_properties() with an invalid or negative device index.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-65889

Overview

  • Pending
28 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-65889 - High (7.5)

A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-69516

Overview

  • Pending
29 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the server. This occurs due to improper sanitization of the template_md parameter, enabling direct injection of Jinja2 templates. This occurs due to misuse of the generate_html() function, the user-controlled value is inserted into `env.from_string`, a function that processes Jinja2 templates arbitrarily, making an SSTI possible.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-69516 - High (8.8)

A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager per...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-22709

Overview

  • patriksimek
  • vm2
26 Jan 2026
Published
27 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.06%
KEV

Description

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of `localPromise.prototype.then` is sanitized, but `globalPromise.prototype.then` is not sanitized. The return value of async functions is `globalPromise` object. Version 3.10.2 fixes the issue.

Statistics

  • 1 Post
Last activity: 8 hours ago

Bluesky

Profile picture
Calimeg @calimegai.bsky.social
Vulnérabilité critique dans la librairie #Nodejs vm2 permet l’évasion du sandbox et l’exécution de code arbitraire (CVE-2026-22709, score 9.8). Protégez vos systèmes ! ⚠️ #CyberSecurity #calimeg
  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-70999

Overview

  • Pending
28 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-70999 - High (7.5)

A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-62514

Overview

  • Scille
  • parsec-cloud
29 Jan 2026
Published
29 Jan 2026
Updated
CVSS v3.1
HIGH (8.3)
EPSS
Pending
KEV

Description

Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain the same shared key (hence leading to a successful SAS code exchange, misleading both parties into thinking no MITM has occurred) which is also known by the attacker. Note only Parsec web is impacted (as Parsec desktop uses `libparsec_crypto` with the libsodium backend). Version 3.6.0 of Parsec patches the issue.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-62514 - High (8.3)

Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 8h ago

CVE-2023-39327

Overview

  • openjpeg
13 Jul 2024
Published
21 Nov 2025
Updated
CVSS
Pending
EPSS
0.05%
KEV

Description

A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 Security Update: #SUSE has released a patch for CVE-2023-39327 affecting OpenJPEG2 in 15-SP7 distributions. Vulnerability allows malicious JP2 files to cause infinite terminal warning loops. Read more: 👉 tinyurl.com/52kpkzkk #Security
  • 0
  • 0
  • 0
  • 7h ago
Showing 31 to 40 of 75 CVEs