24h | 7d | 30d

CVE-2025-14631

Overview

  • TP-Link Systems Inc.
  • Archer BE400
07 Jan 2026
Published
07 Jan 2026
Updated
CVSS v4.0
HIGH (7.1)
EPSS
0.02%
KEV

Description

A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allowsΒ  an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture
Chris "Not So" Short @ChrisShort

CyRC Discovers Critical WLAN Vulnerabilities in ASUS and TP-Link Routers (CVE-2025-14631) | Black Duck Blog #devopsish blackduck.com/blog/cyrc-discov

  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-68675

Overview

  • Apache Software Foundation
  • Apache Airflow
  • apache-airflow
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed. Users are recommended to upgrade to 3.1.6 or later, which fixes this issue

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-68675 - High (7.5)

In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatic...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-23490

Overview

  • pyasn1
  • pyasn1
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-23490 - High (7.5)

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-20960

Overview

  • Microsoft
  • Microsoft Power Apps
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
HIGH (8.0)
EPSS
Pending
KEV

Description

Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-20960 - High (8)

Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-0612

Overview

  • TheLibrarian
  • TheLibrarian.io
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. The vendor has fixed the vulnerability in all versions of TheLibrarian.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0612 - High (7.5)

The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. Th...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-65118

Overview

  • AVEVA
  • Process Optimization
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.01%
KEV

Description

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.

Statistics

  • 2 Posts
Last activity: 11 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-65118 - High (8.8)

The vulnerability, if exploited, could allow an authenticated miscreant
(OS Standard User) to trick Process Optimization services into loading
arbitrary code and escalate privileges to OS System, potentially
resulting in complete compromise of ...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 11h ago

CVE-2026-23523

Overview

  • OpenAgentPlatform
  • Dive
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.7)
EPSS
Pending
KEV

Description

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the victim’s machine. This vulnerability is fixed in 0.13.0.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2026-23523 - Critical (9.6)

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lea...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-23742

Overview

  • zalando
  • skipper
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration inline allows these user to create a script that is able to read the filesystem accessible to the skipper process and if the user has access to read the logs, they an read skipper secrets. This vulnerability is fixed in 0.23.0.

Statistics

  • 2 Posts
Last activity: 8 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-23742 - High (8.8)

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for e...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 8h ago

CVE-2024-23108

Overview

  • Fortinet
  • FortiSIEM
05 Feb 2024
Published
14 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.7)
EPSS
91.25%
KEV

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via viaΒ crafted API requests.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
πŸ“Œ Hackers Actively Exploiting Critical Fortinet FortiSIEM Vulnerability (CVE-2024-23108) https://www.cyberhub.blog/article/18104-hackers-actively-exploiting-critical-fortinet-fortisiem-vulnerability-cve-2024-23108
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-20759

Overview

  • TOA Corporation
  • Multiple Network Cameras TRIFORA 3 series
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.0
HIGH (8.8)
EPSS
0.23%
KEV

Description

OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low("monitoring user") or higher privilege to execute an arbitrary OS command.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-20759 - High (8.8)

OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low("monitoring user") or higher privilege to execute an arbitrary OS command.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago
Showing 31 to 40 of 63 CVEs