24h | 7d | 30d

CVE-2025-68428

Overview

  • parallax
  • jsPDF
05 Jan 2026
Published
06 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.06%
KEV

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture
キタきつね @kitafox.bsky.social
CVE-2025-68428: jsPDFライブラリの重大な欠陥により、サーバー側でファイルの盗難が可能になる CVE-2025-68428: Critical Flaw in jsPDF Library Allows Server-Side File Theft #DailyCyberSecurity (Jan 6) securityonline.info/cve-2025-684...
  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-47393

Overview

  • Qualcomm, Inc.
  • Snapdragon
06 Jan 2026
Published
07 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

Memory corruption when accessing resources in kernel driver.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-47393 - High (7.8)

Memory corruption when accessing resources in kernel driver.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-67159

Overview

  • Pending
02 Jan 2026
Published
06 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-67159 - High (7.5)

Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-20795

Overview

  • MediaTek, Inc.
  • MT2718, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8195, MT8196, MT8370, MT8390, MT8391, MT8395, MT8676, MT8678, MT8696, MT8755, MT8766, MT8768, MT8781, MT8786, MT8788E, MT8791T, MT8792, MT8793, MT8796, MT8873, MT8883, MT8893
06 Jan 2026
Published
07 Jan 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10276761; Issue ID: MSV-5141.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-20795 - High (7.8)

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-69081

Overview

  • ThemeREX Group
  • Hope
07 Jan 2026
Published
07 Jan 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.12%
KEV

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Group Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope: from n/a through 3.0.0.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-69081 - High (8.1)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Group Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope: from n/a through 3.0.0.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-30996

Overview

  • Themify
  • Themify Sidepane WordPress Theme
06 Jan 2026
Published
06 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.10%
KEV

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.This issue affects Themify Sidepane WordPress Theme: from n/a through 1.9.8; Themify Newsy: from n/a through 1.9.9; Themify Folo: from n/a through 1.9.6; Themify Edmin: from n/a through 2.0.0; Bloggie: from n/a through 2.0.8; Photobox: from n/a through 2.0.1; Wigi: from n/a through 2.0.1; Rezo: from n/a through 1.9.7; Slide: from n/a through 1.7.5.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-30996 - Critical (9.9)

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify S...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-47346

Overview

  • Qualcomm, Inc.
  • Snapdragon
06 Jan 2026
Published
07 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

Memory corruption while processing a secure logging command in the trusted application.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-47346 - High (7.8)

Memory corruption while processing a secure logging command in the trusted application.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-31643

Overview

  • Dasinfomedia
  • WPCHURCH
07 Jan 2026
Published
07 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-31643 - High (8.8)

Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • Last hour

CVE-2025-67397

Overview

  • Pending
05 Jan 2026
Published
06 Jan 2026
Updated
CVSS
Pending
EPSS
0.23%
KEV

Description

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-67397 - Critical (9.1)

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-20793

Overview

  • MediaTek, Inc.
  • MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6989, MT6990, MT6991, MT6993, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893
06 Jan 2026
Published
06 Jan 2026
Updated
CVSS
Pending
EPSS
0.25%
KEV

Description

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-20793 - High (7.5)

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 20h ago
Showing 31 to 40 of 100 CVEs