24h | 7d | 30d

Overview

  • Explorance
  • Blue

28 Jan 2026
Published
28 Jan 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The issue is exploitable without authentication, significantly raising the risk.

Statistics

  • 2 Posts

Last activity: 14 hours ago

Fediverse

Profile picture

🔴 CVE-2025-57792 - Critical (10)

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 14h ago

Overview

  • Explorance
  • Blue

28 Jan 2026
Published
28 Jan 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution.

Statistics

  • 2 Posts

Last activity: 14 hours ago

Fediverse

Profile picture

🔴 CVE-2025-57795 - Critical (9.9)

Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 14h ago

Overview

  • opf
  • openproject

28 Jan 2026
Published
28 Jan 2026
Updated

CVSS v3.1
HIGH (8.9)
EPSS
Pending

KEV

Description

OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a shared secret only known to the synchronization server. The frontend hands this encrypted token and the backend URL over to the synchronization server to check user's ability to work on the document and perform intermittent saves while editing. The synchronization server does not properly validate the backend URL and sends a request with the decrypted authentication token to the endpoint that was given to the server. An attacker could use this vulnerability to decrypt a token that he intercepted by other means to gain an access token to interact with OpenProject on the victim's behalf. This vulnerability was introduced with OpenProject 17.0.0 and was fixed in 17.0.2. As a workaround, disable the collaboration feature via Settings -> Documents -> Real time collaboration -> Disable. Additionally the `hocuspocus` container should also be disabled.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture

🟠 CVE-2026-24772 - High (8.9)

OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is curr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Cisco
  • Cisco Unified Communications Manager

21 Jan 2026
Published
22 Jan 2026
Updated

CVSS v3.1
HIGH (8.2)
EPSS
0.89%

Description

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture

🚨 Patch your Cisco UC products:

Cisco Unified Communications Products Remote Code Execution Vulnerability (CVE-2026-20045)

sec.cloudapps.cisco.com/securi

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • SolarWinds
  • Web Help Desk

28 Jan 2026
Published
29 Jan 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.24%

KEV

Description

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

Statistics

  • 1 Post

Last activity: 23 hours ago

Fediverse

Profile picture

🟠 CVE-2025-40536 - High (8.1)

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Samsung Mobile
  • Samsung Mobile Devices

07 Jan 2022
Published
21 Oct 2025
Updated

CVSS v3.1
MEDIUM (5.0)
EPSS
0.16%

Description

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture

18/08/2024: I just released the blog explaining how I leveraged CVE-2022-22265 in the Samsung npu driver. Double free to achieve UAF over signalfd + cross cache + Dirty Page Table + code inject into libbase.so for execution by init. Hope you can enjoy it soez.github.io/posts/CVE-2022-

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • nyariv
  • SandboxJS

27 Jan 2026
Published
28 Jan 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.16%

KEV

Description

SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups. However, before version 0.8.26, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () => {}).constructor`). In `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor. Constructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). Version 0.8.26 patches this vulnerability.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture
Escaping the Matrix: A Deep Dive into SandboxJS RCE (CVE-2026–23830) https://medium.com/@meysam_bal-afkan/escaping-the-matrix-a-deep-dive-into-sandboxjs-rce-cve-2026-23830-1fbbca3f46fc?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Shenzhen Tenda Technology Co., Ltd.
  • W30E V2

26 Jan 2026
Published
26 Jan 2026
Updated

CVSS v4.0
HIGH (8.2)
EPSS
0.04%

KEV

Description

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default, credentials may be exposed to network-based interception.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture

🟠 CVE-2026-24430 - High (7.5)

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over un...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • discourse
  • discourse

28 Jan 2026
Published
28 Jan 2026
Updated

CVSS v3.1
HIGH (7.6)
EPSS
Pending

KEV

Description

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture

🟠 CVE-2025-68662 - High (7.6)

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • NVIDIA
  • GeForce

28 Jan 2026
Published
29 Jan 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
Pending

KEV

Description

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture

🟠 CVE-2025-33218 - High (7.8)

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 15h ago
Showing 31 to 40 of 79 CVEs