🟠 CVE-2025-55292 - High (8.2)

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-55292/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-40537 - High (7.5)

SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40537/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2025-40552 - Critical (9.8)

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40552/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-24841 - Critical (9.9)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint `/docker-container-terminal`. The `containerId` and `activeWay` parameter...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24841/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2025-40553 - Critical (9.8)

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without au...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40553/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-24770 - Critical (9.8)

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24770/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-24875 - High (7.8)

Integer Overflow or Wraparound vulnerability in yoyofr modizer.This issue affects modizer: before 4.1.1.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24875/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-24838 - Critical (9.1)

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24838/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-22260 - High (7.5)

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for `request-body-limit` and `respo...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22260/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-22258 - High (7.5)

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22258/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack