CVE-2025-71063

Overview

mrvladus
Errands

12 Jan 2026

Published

12 Jan 2026

Updated

CVSS v3.1

HIGH (8.2)

EPSS

0.01%

MITRE

KEV

Description

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.

Statistics

1 Post

Last activity: 21 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-71063 - High (8.2)

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71063/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
21h ago

CVE-2026-0507

Overview

SAP_SE
SAP Application Server for ABAP and SAP NetWeaver RFCSDK

13 Jan 2026

Published

13 Jan 2026

Updated

CVSS v3.1

HIGH (8.4)

EPSS

0.44%

MITRE

KEV

Description

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.

Statistics

1 Post

Last activity: 11 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-0507 - High (8.4)

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If pro...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0507/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
11h ago

CVE-2025-47987

Overview

Microsoft
Windows 10 Version 1809

08 Jul 2025

Published

23 Aug 2025

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.08%

MITRE

KEV

Description

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

Statistics

2 Posts

Last activity: 3 hours ago

Fediverse

Günter Born @gborn

FYI: Es gibt einen Micropatch für die CredsSSP-Schwachstelle CVE-2025-47987 für Windows-Systeme, die von MS keine Updates mehr bekommen.

https://borncity.com/blog/2026/01/13/0patch-micropatch-fuer-credssp-schwachstelle-cve-2025-47987/

0
0
1
3h ago

CVE-2026-22783

Overview

dfir-iris
iris-web

12 Jan 2026

Published

12 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.6)

EPSS

0.06%

MITRE

KEV

Description

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_name field combined with path trust in the delete operation enables authenticated users to delete arbitrary filesystem paths. The vulnerability manifests through a three-step attack chain: authenticated users upload a file to the datastore, update the file's file_local_name field to point to an arbitrary filesystem path through mass assignment, then trigger the delete operation which removes the target file without path validation. This vulnerability is fixed in 2.4.24.

Statistics

1 Post

Last activity: 18 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-22783 - Critical (9.6)

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_name fie...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22783/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
18h ago

CVE-2026-22804

Overview

Termix-SSH
Termix

12 Jan 2026

Published

12 Jan 2026

Updated

CVSS v3.1

HIGH (8.0)

EPSS

0.03%

MITRE

KEV

Description

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. This allows an attacker who has compromised a managed SSH server to plant a malicious file, which, when previewed by the Termix user, executes arbitrary JavaScript in the context of the application. The vulnerability is located in src/ui/desktop/apps/file-manager/components/FileViewer.tsx. This vulnerability is fixed in 1.10.0.

Statistics

1 Post

Last activity: 14 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-22804 - High (8)

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22804/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
14h ago

CVE-2025-68472

Overview

mindsdb
mindsdb

12 Jan 2026

Published

12 Jan 2026

Updated

CVSS v3.1

HIGH (8.1)

EPSS

0.03%

MITRE

KEV

Description

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1.

Statistics

1 Post

Last activity: 20 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-68472 - High (8.1)

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68472/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
20h ago

CVE-2025-67147

Overview

Pending

12 Jan 2026

Published

12 Jan 2026

Updated

CVSS

Pending

EPSS

0.06%

MITRE

KEV

Description

Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and the 'login_id', 'pwfield', and 'login_key' parameters in (3) change_s_pwd.php. An unauthenticated or authenticated attacker can exploit these issues to bypass authentication, execute arbitrary SQL commands, modify database records, delete data, or escalate privileges to administrator level.

Statistics

1 Post

Last activity: 15 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-67147 - Critical (9.8)

Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and the 'l...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67147/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
15h ago

CVE-2026-22794

Overview

appsmithorg
appsmith

12 Jan 2026

Published

12 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.7)

EPSS

0.03%

MITRE

KEV

Description

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be generated pointing to the attacker’s domain, causing authentication tokens to be exposed and potentially leading to account takeover. This vulnerability is fixed in 1.93.

Statistics

1 Post

Last activity: 15 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-22794 - Critical (9.6)

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22794/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
15h ago

CVE-2026-0506

Overview

SAP_SE
SAP NetWeaver Application Server ABAP and ABAP Platform

13 Jan 2026

Published

13 Jan 2026

Updated

CVSS v3.1

HIGH (8.1)

EPSS

0.04%

MITRE

KEV

Description

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs, resulting in a high impact on integrity and availability, while confidentiality remains unaffected.

Statistics

1 Post

Last activity: 11 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-0506 - High (8.1)

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the at...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0506/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
11h ago

CVE-2026-22788

Overview

SMEWebify
WebErpMesv2

12 Jan 2026

Published

12 Jan 2026

Updated

CVSS v3.1

HIGH (8.2)

EPSS

0.09%

MITRE

KEV

Description

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies, quotes, orders, tasks, and whiteboards. Limited write access allows creation of company records and full manipulation of collaboration whiteboards. This vulnerability is fixed in 1.19.

Statistics

1 Post

Last activity: 15 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-22788 - High (8.2)

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22788/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
15h ago