24h | 7d | 30d

CVE-2026-23742

Overview

  • zalando
  • skipper
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.04%
KEV

Description

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration inline allows these user to create a script that is able to read the filesystem accessible to the skipper process and if the user has access to read the logs, they an read skipper secrets. This vulnerability is fixed in 0.23.0.

Statistics

  • 2 Posts
Last activity: 18 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-23742 - High (8.8)

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for e...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 18h ago

CVE-2024-23108

Overview

  • Fortinet
  • FortiSIEM
05 Feb 2024
Published
14 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.7)
EPSS
90.39%
KEV

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via viaΒ crafted API requests.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
πŸ“Œ Hackers Actively Exploiting Critical Fortinet FortiSIEM Vulnerability (CVE-2024-23108) https://www.cyberhub.blog/article/18104-hackers-actively-exploiting-critical-fortinet-fortisiem-vulnerability-cve-2024-23108
  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-34451

Overview

  • rofl0r
  • proxychains-ng
  • proxychains-ng
18 Dec 2025
Published
20 Dec 2025
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.02%
KEV

Description

rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture
nixpkgs security changes @nixpkgssecuritychanges.gerbet.me
proxychains-ng: apply patch for CVE-2025-34451 https://github.com/NixOS/nixpkgs/pull/479844 #security
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-23722

Overview

  • LabRedesCefetRJ
  • WeGIA
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.08%
KEV

Description

WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, specifically within the html/memorando/insere_despacho.php file. The application fails to properly sanitize or encode user-supplied input via the id_memorando GET parameter before reflecting it into the HTML source (likely inside a <script> block or an attribute). This allows unauthenticated attackers to inject arbitrary JavaScript or HTML into the context of the user's browser session. This vulnerability is fixed in 3.6.2.

Statistics

  • 2 Posts
Last activity: 18 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2026-23722 - Critical (9.1)

WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, specifically within the html/memorando/insere_despacho.php file. The application fails to ...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 18h ago

CVE-2025-68973

Overview

  • GnuPG
  • GnuPG
28 Dec 2025
Published
14 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.01%
KEV

Description

In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 Critical Security Update: #Oracle Linux 10 ELSA-2026-0697 patches a memory corruption flaw (CVE-2025-68973) in gnupg2. Affects crypto signing & S/MIME. Read more: πŸ‘‰ tinyurl.com/dycpmu8b #Security
  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-14894

Overview

  • bee interactive
  • Livewire Filemanager
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup process within Laravel applications has been completed.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-14894 - High (7.5)

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-0613

Overview

  • TheLibrarian
  • TheLibrarian.io
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0613 - High (7.5)

The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud ...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-69581

Overview

  • Pending
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to view confidential information. This leads to profiling, impersonation, targeted attacks, and significant privacy risks.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-69581 - High (7.5)

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data,...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-14478

Overview

  • kraftplugins
  • Demo Importer Plus
17 Jan 2026
Published
17 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.08%
KEV

Description

The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE) in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in vulnerable configurations. This only impacts sites on versions of PHP older than 8.0.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-14478 - High (7.5)

The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE) in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-lev...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-60021

Overview

  • Apache Software Foundation
  • Apache bRPC
16 Jan 2026
Published
17 Jan 2026
Updated
CVSS
Pending
EPSS
0.39%
KEV

Description

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided extra_options parameter and executes it as a command-line argument. Attackers can execute remote commands using the extra_options parameter.. Affected scenarios:Β Use the built-in bRPC heap profiler service to perform jemalloc memory profiling. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.15.0. 2. Apply this patch ( https://github.com/apache/brpc/pull/3101 ) manually.

Statistics

  • 2 Posts
Last activity: 22 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2025-60021 - Critical (9.8)

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions &lt; 1.15.0)) on all platforms allows attacker to inject remote command.

Root Cause: The bRPC heap profiler built-in service (/pprof/heap) doe...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 22h ago
Showing 31 to 40 of 54 CVEs