24h | 7d | 30d

CVE-2026-1257

Overview

  • shazdeh
  • Administrative Shortcodes
24 Jan 2026
Published
24 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.07%
KEV

Description

The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'get_template' shortcode. This is due to insufficient path validation on user-supplied input passed to the get_template_part() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-1257 - High (7.5)

The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'get_template' shortcode. This is due to insufficient path validation on user-supp...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-14321

Overview

  • Mozilla
  • Firefox
09 Dec 2025
Published
11 Dec 2025
Updated
CVSS
Pending
EPSS
0.08%
KEV

Description

Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
📌 Firefox WebRTC Encoded Transforms Vulnerability: Use-After-Free via Undetached ArrayBuffer (CVE-2025-14321) https://www.cyberhub.blog/article/18458-firefox-webrtc-encoded-transforms-vulnerability-use-after-free-via-undetached-arraybuffer-cve-2025-14321
  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-56590

Overview

  • Pending
22 Jan 2026
Published
23 Jan 2026
Updated
CVSS
Pending
EPSS
0.05%
KEV

Description

An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-56590 - Critical (9.8)

An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-0911

Overview

  • wpmudev
  • Hustle – Email Marketing, Lead Generation, Optins, Popups
24 Jan 2026
Published
24 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, with a lower-privileged role (e.g., Subscriber-level access and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires an admin to grant Hustle module permissions (or module edit access) to the low-privileged user so they can access the Hustle admin page and obtain the required nonce.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0911 - High (7.5)

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-24635

Overview

  • DevsBlink
  • EduBlink Core
  • edublink-core
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS
Pending
EPSS
0.11%
KEV

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DevsBlink EduBlink Core edublink-core allows PHP Local File Inclusion.This issue affects EduBlink Core: from n/a through <= 2.0.7.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24635 - High (7.5)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DevsBlink EduBlink Core edublink-core allows PHP Local File Inclusion.This issue affects EduBlink Core: from n/a through &lt;=...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-24399

Overview

  • chattermate
  • chattermate.chat
24 Jan 2026
Published
24 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.01%
KEV

Description

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an <iframe> payload containing a javascript: URI can be processed and executed in the browser context. This allows access to sensitive client-side data such as localStorage tokens and cookies, resulting in client-side injection. This issue has been fixed in version 1.0.9.

Statistics

  • 2 Posts
Last activity: 21 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2026-24399 - Critical (9.3)

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be proces...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 21h ago
Showing 31 to 36 of 36 CVEs