24h | 7d | 30d

Overview

  • MongoDB Inc.
  • MongoDB Server

19 Dec 2025
Published
12 Jan 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
69.62%

Description

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture
The latest update for #Coralogix includes "A Milestone for Government #AI: Coralogix Begins FedRAMP Journey" and "MongoBleed (CVE-2025-14847): Critical Unauthenticated #MongoDB Memory Disclosure". #cybersecurity #monitoring #logging #devops https://opsmtrs.com/3JXoJPm
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Salesforce
  • Uni2TS

09 Jan 2026
Published
12 Jan 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.

Statistics

  • 1 Post

Last activity: 7 hours ago

Fediverse

Profile picture

πŸ”΄ CVE-2026-22584 - Critical (9.8)

Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 7h ago

Overview

  • anomalyco
  • opencode

12 Jan 2026
Published
12 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
Pending

KEV

Description

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture

🟠 CVE-2026-22812 - High (8.8)

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privi...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Pending

12 Jan 2026
Published
12 Jan 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture

πŸ”΄ CVE-2025-46070 - Critical (9.8)

An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Adobe
  • ColdFusion

18 Mar 2024
Published
21 Oct 2025
Updated

CVSS v3.1
HIGH (7.4)
EPSS
94.15%

Description

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.

Statistics

  • 2 Posts

Last activity: 14 hours ago

Bluesky

Profile picture
🚨In this week’s Threat Alert article, we break down an active exploitation spike targeting CVE-2024-20767 in Adobe ColdFusion, observed across the CrowdSec Network. Read the full analysis and protect your systems πŸ‘‰ www.crowdsec.net/vulntracking... #CVE #CVE202420767 #cybersecurity #threatalert
  • 0
  • 0
  • 1
  • 14h ago

Overview

  • remix-run
  • react-router

10 Jan 2026
Published
12 Jan 2026
Updated

CVSS v3.1
HIGH (7.6)
EPSS
0.04%

KEV

Description

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta()/<Meta> APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. There is no impact if the application is being used in Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>). This issue has been patched in @remix-run/react version 2.17.1 and react-router version 7.9.0.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture
πŸ—žοΈ React Router has XSS Vulnerability Β· CVE-2025-59057 πŸ”— https://github.com/advisories/GHSA-3cgp-3xvw-98x8
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Pending

09 Jan 2026
Published
12 Jan 2026
Updated

CVSS
Pending
EPSS
0.24%

KEV

Description

A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges.

Statistics

  • 1 Post

Last activity: 7 hours ago

Fediverse

Profile picture

πŸ”΄ CVE-2025-69542 - Critical (9.8)

A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system c...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Pending

12 Jan 2026
Published
12 Jan 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture

πŸ”΄ CVE-2025-46066 - Critical (9.9)

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Pending

12 Jan 2026
Published
12 Jan 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and the 'login_id', 'pwfield', and 'login_key' parameters in (3) change_s_pwd.php. An unauthenticated or authenticated attacker can exploit these issues to bypass authentication, execute arbitrary SQL commands, modify database records, delete data, or escalate privileges to administrator level.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture

πŸ”΄ CVE-2025-67147 - Critical (9.8)

Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and the 'l...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Pending

12 Jan 2026
Published
12 Jan 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) trainer_search.php, and (3) gym_search.php, and via the 'id' parameter in (4) payment_search.php. An unauthenticated remote attacker can exploit these issues to inject malicious SQL commands, leading to unauthorized data extraction, authentication bypass, or modification of database contents.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture

πŸ”΄ CVE-2025-67146 - Critical (9.4)

Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) trainer_search.php, and (3) gym_search.php, and via the 'id' parameter in (4) payment_search.php. An un...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 2h ago
Showing 31 to 40 of 77 CVEs