CVE-2025-14847

Overview

MongoDB Inc.
MongoDB Server

19 Dec 2025

Published

12 Jan 2026

Updated

CVSS v4.0

HIGH (8.7)

EPSS

69.62%

MITRE

KEV

Description

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.

Statistics

1 Post

Last activity: 21 hours ago

Bluesky

OpsMatters @opsmatters.com

The latest update for #Coralogix includes "A Milestone for Government #AI: Coralogix Begins FedRAMP Journey" and "MongoBleed (CVE-2025-14847): Critical Unauthenticated #MongoDB Memory Disclosure". #cybersecurity #monitoring #logging #devops https://opsmtrs.com/3JXoJPm

0
0
0
21h ago

CVE-2026-22584

Overview

Salesforce
Uni2TS

09 Jan 2026

Published

12 Jan 2026

Updated

CVSS

Pending

EPSS

0.03%

MITRE

KEV

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.

Statistics

1 Post

Last activity: 7 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-22584 - Critical (9.8)

Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22584/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
7h ago

CVE-2026-22812

Overview

anomalyco
opencode

12 Jan 2026

Published

12 Jan 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

Pending

MITRE

KEV

Description

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

Statistics

1 Post

Last activity: 1 hour ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-22812 - High (8.8)

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22812/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
1h ago

CVE-2025-46070

Overview

Pending

12 Jan 2026

Published

12 Jan 2026

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component

Statistics

1 Post

Last activity: 8 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-46070 - Critical (9.8)

An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-46070/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
8h ago

CVE-2024-20767

Overview

Adobe
ColdFusion

18 Mar 2024

Published

21 Oct 2025

Updated

CVSS v3.1

HIGH (7.4)

EPSS

94.15%

MITRE

KEV

Description

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.

Statistics

2 Posts

Last activity: 14 hours ago

Bluesky

CrowdSec @crowdsec.bsky.social

🚨In this week’s Threat Alert article, we break down an active exploitation spike targeting CVE-2024-20767 in Adobe ColdFusion, observed across the CrowdSec Network. Read the full analysis and protect your systems 👉 www.crowdsec.net/vulntracking... #CVE #CVE202420767 #cybersecurity #threatalert

0
0
1
14h ago

CVE-2025-59057

Overview

remix-run
react-router

10 Jan 2026

Published

12 Jan 2026

Updated

CVSS v3.1

HIGH (7.6)

EPSS

0.04%

MITRE

KEV

Description

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta()/<Meta> APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. There is no impact if the application is being used in Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>). This issue has been patched in @remix-run/react version 2.17.1 and react-router version 7.9.0.

Statistics

1 Post

Last activity: 13 hours ago

Bluesky

Application Security Feed @appsecfeed.bsky.social

🗞️ React Router has XSS Vulnerability · CVE-2025-59057 🔗 https://github.com/advisories/GHSA-3cgp-3xvw-98x8

0
0
0
13h ago

CVE-2025-69542

Overview

Pending

09 Jan 2026

Published

12 Jan 2026

Updated

CVSS

Pending

EPSS

0.24%

MITRE

KEV

Description

A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges.

Statistics

1 Post

Last activity: 7 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-69542 - Critical (9.8)

A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system c...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69542/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
7h ago

CVE-2025-46066

Overview

Pending

12 Jan 2026

Published

12 Jan 2026

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges

Statistics

1 Post

Last activity: 8 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-46066 - Critical (9.9)

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-46066/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
8h ago

CVE-2025-67147

Overview

Pending

12 Jan 2026

Published

12 Jan 2026

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and the 'login_id', 'pwfield', and 'login_key' parameters in (3) change_s_pwd.php. An unauthenticated or authenticated attacker can exploit these issues to bypass authentication, execute arbitrary SQL commands, modify database records, delete data, or escalate privileges to administrator level.

Statistics

1 Post

Last activity: 2 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-67147 - Critical (9.8)

Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and the 'l...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67147/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
2h ago

CVE-2025-67146

Overview

Pending

12 Jan 2026

Published

12 Jan 2026

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) trainer_search.php, and (3) gym_search.php, and via the 'id' parameter in (4) payment_search.php. An unauthenticated remote attacker can exploit these issues to inject malicious SQL commands, leading to unauthorized data extraction, authentication bypass, or modification of database contents.

Statistics

1 Post

Last activity: 2 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-67146 - Critical (9.4)

Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) trainer_search.php, and (3) gym_search.php, and via the 'id' parameter in (4) payment_search.php. An un...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67146/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
2h ago