24h | 7d | 30d

Overview

  • divisupreme
  • Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder

15 Jan 2026
Published
15 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
Pending

KEV

Description

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitization while being accepted as a valid JSON file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture

🟠 CVE-2025-13062 - High (8.8)

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass san...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • Last hour

Overview

  • avahi

21 Nov 2024
Published
11 Nov 2025
Updated

CVSS
Pending
EPSS
0.07%

KEV

Description

A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture
#SUSE Security Advisory: Avahi DNS Spoofing Vulnerability Patched #SUSE has addressed CVE-2024-52615, a DNS spoofing vulnerability in the Avahi service discovery implementation with security update SUSE-SU-2026:20027-1. Read more: 👉 tinyurl.com/z9y769nu #Security
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • SICK AG
  • Incoming Goods Suite

15 Jan 2026
Published
15 Jan 2026
Updated

CVSS v3.1
HIGH (7.6)
EPSS
Pending

KEV

Description

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture

🟠 CVE-2026-0712 - High (7.6)

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XS...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Pending

09 Jan 2026
Published
12 Jan 2026
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture
ðŸšĻ Critical #openSUSE Tumbleweed patch alert! CVE-2025-56225 - a severe buffer overflow in fluidsynth (ALSA-utils). Remote code execution risk. Read more: 👉 tinyurl.com/bara7m7y #Security
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • pnggroup
  • libpng

03 Dec 2025
Published
04 Dec 2025
Updated

CVSS v3.1
HIGH (7.1)
EPSS
0.08%

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture
ðŸšĻ CVE-2025-66293 PATCHED for #Ubuntu. Critical RCE flaw in libpng library demands immediate action. Read more: 👉 tinyurl.com/29ybrwke #Security
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • GitLab
  • GitLab

14 Jan 2026
Published
15 Jan 2026
Updated

CVSS v3.1
HIGH (7.7)
EPSS
0.02%

KEV

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture

🟠 CVE-2025-11224 - High (7.7)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • AWS
  • Kiro IDE

09 Jan 2026
Published
09 Jan 2026
Updated

CVSS v4.0
HIGH (8.4)
EPSS
0.04%

KEV

Description

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture
CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper #patchmanagement
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • SICK AG
  • Incoming Goods Suite

15 Jan 2026
Published
15 Jan 2026
Updated

CVSS v3.1
HIGH (8.3)
EPSS
Pending

KEV

Description

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture

🟠 CVE-2026-22643 - High (8.3)

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • Last hour

Overview

  • SICK AG
  • Incoming Goods Suite

15 Jan 2026
Published
15 Jan 2026
Updated

CVSS v3.1
HIGH (8.3)
EPSS
Pending

KEV

Description

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF. The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture

🟠 CVE-2026-22638 - High (8.3)

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. T...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • Last hour

Overview

  • redis
  • redis

03 Oct 2025
Published
03 Oct 2025
Updated

CVSS v3.1
HIGH (7.0)
EPSS
22.69%

KEV

Description

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture
ðŸšĻ Attention System Admins & DevOps Professionals! ðŸšĻA critical vulnerability (CVE-2025-46817) has been found in #Valkey, the high-performance Redis fork, impacting #SUSE Linux Enterprise Server 15. Read more: 👉 tinyurl.com/47ywwc8v #Security
  • 0
  • 0
  • 0
  • 2h ago
Showing 31 to 40 of 74 CVEs