24h | 7d | 30d

CVE-2025-70747

Overview

  • Pending
14 Jan 2026
Published
14 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-70747 - High (7.5)

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-68947

Overview

  • NSecsoft
  • NSecKrnl
13 Jan 2026
Published
13 Jan 2026
Updated
CVSS v3.1
MEDIUM (4.7)
EPSS
0.01%
KEV

Description

NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver.

Statistics

  • 1 Post
Last activity: 4 hours ago

Bluesky

Profile picture
Undercode Testing @undercode.bsky.social
Kernel Panic: How a Single IOCTL Bug (CVE-2025-68947) Lets Hackers Kill Any Process on Yourย Machine Introduction: A recently published vulnerability, CVE-2025-68947, exposes a critical flaw in the NSecsoft NSecKrnl driver, allowing local attackers to achieve arbitrary process termination. Thisโ€ฆ
  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-37168

Overview

  • Hewlett Packard Enterprise (HPE)
  • ArubaOS (AOS)
13 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
HIGH (8.2)
EPSS
0.05%
KEV

Description

Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentially result in denial-of-service conditions on affected devices.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-37168 - High (8.2)

Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete ar...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-47913

Overview

  • golang.org/x/crypto
  • golang.org/x/crypto/ssh/agent
  • golang.org/x/crypto/ssh/agent
13 Nov 2025
Published
16 Dec 2025
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Just published a deep-dive on a critical #openSUSE security advisory. The "moderate" rating on openSUSE-SU-2026:10042-1 belies the true risk: CVE-2025-47913 in mcphost has a CVSS 4.0 score of 8.7 (High). Read more: ๐Ÿ‘‰ tinyurl.com/42u59crw #Security
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-13455

Overview

  • Lenovo
  • ThinkPlus FU100
14 Jan 2026
Published
14 Jan 2026
Updated
CVSS v4.0
HIGH (7.3)
EPSS
Pending
KEV

Description

A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-13455 - High (7.8)

A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-22794

Overview

  • appsmithorg
  • appsmith
12 Jan 2026
Published
13 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.7)
EPSS
0.03%
KEV

Description

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be generated pointing to the attackerโ€™s domain, causing authentication tokens to be exposed and potentially leading to account takeover. This vulnerability is fixed in 1.93.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
Rishi @rxerium

๐Ÿšจ Critical (CVSS 9.6) vulnerability in Appsmith allows account takeover via Origin header manipulation in password reset/email verification flows.

I've created a vulnerability detection script here:
github.com/rxerium/rxerium-tem

Reference:
github.com/appsmithorg/appsmit

  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-59922

Overview

  • Fortinet
  • FortiClientEMS
13 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
MEDIUM (6.8)
EPSS
0.12%
KEV

Description

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

Statistics

  • 2 Posts
Last activity: 16 hours ago

Bluesky

Profile picture
/r/netsec @r-netsec-bot.bsky.social
Fortinet Forticlient EMS RCE CVE-2025-59922 and one IMG tag to rule them all
  • 0
  • 0
  • 1
  • 16h ago

CVE-2025-9142

Overview

  • checkpoint
  • Hramony SASE
14 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-9142 - High (7.5)

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 10h ago

CVE-2025-68957

Overview

  • Huawei
  • HarmonyOS
14 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
HIGH (8.4)
EPSS
0.00%
KEV

Description

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-68957 - High (8.4)

Multi-thread race condition vulnerability in the card framework module.
Impact: Successful exploitation of this vulnerability may affect availability.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-23477

Overview

  • RocketChat
  • Rocket.Chat
14 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
HIGH (7.7)
EPSS
Pending
KEV

Description

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long as the user knows its ID, including potentially sensitive fields such as client_id and client_secret. This vulnerability is fixed in 6.12.0.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2026-23477 - High (7.7)

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. Thi...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 6h ago
Showing 31 to 40 of 88 CVEs