24h | 7d | 30d

Overview

  • mrvladus
  • Errands

12 Jan 2026
Published
12 Jan 2026
Updated

CVSS v3.1
HIGH (8.2)
EPSS
0.01%

KEV

Description

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture

🟠 CVE-2025-71063 - High (8.2)

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • SAP_SE
  • SAP Application Server for ABAP and SAP NetWeaver RFCSDK

13 Jan 2026
Published
13 Jan 2026
Updated

CVSS v3.1
HIGH (8.4)
EPSS
0.44%

KEV

Description

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture

🟠 CVE-2026-0507 - High (8.4)

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If pro...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Microsoft
  • Windows 10 Version 1809

08 Jul 2025
Published
23 Aug 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.08%

KEV

Description

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

Statistics

  • 2 Posts

Last activity: 3 hours ago

Fediverse

Profile picture

FYI: Es gibt einen Micropatch für die CredsSSP-Schwachstelle CVE-2025-47987 für Windows-Systeme, die von MS keine Updates mehr bekommen.

borncity.com/blog/2026/01/13/0

  • 0
  • 0
  • 1
  • 3h ago

Overview

  • dfir-iris
  • iris-web

12 Jan 2026
Published
12 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.6)
EPSS
0.06%

KEV

Description

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_name field combined with path trust in the delete operation enables authenticated users to delete arbitrary filesystem paths. The vulnerability manifests through a three-step attack chain: authenticated users upload a file to the datastore, update the file's file_local_name field to point to an arbitrary filesystem path through mass assignment, then trigger the delete operation which removes the target file without path validation. This vulnerability is fixed in 2.4.24.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture

🔴 CVE-2026-22783 - Critical (9.6)

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_name fie...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Termix-SSH
  • Termix

12 Jan 2026
Published
12 Jan 2026
Updated

CVSS v3.1
HIGH (8.0)
EPSS
0.03%

KEV

Description

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. This allows an attacker who has compromised a managed SSH server to plant a malicious file, which, when previewed by the Termix user, executes arbitrary JavaScript in the context of the application. The vulnerability is located in src/ui/desktop/apps/file-manager/components/FileViewer.tsx. This vulnerability is fixed in 1.10.0.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture

🟠 CVE-2026-22804 - High (8)

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • mindsdb
  • mindsdb

12 Jan 2026
Published
12 Jan 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.03%

KEV

Description

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture

🟠 CVE-2025-68472 - High (8.1)

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Pending

12 Jan 2026
Published
12 Jan 2026
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and the 'login_id', 'pwfield', and 'login_key' parameters in (3) change_s_pwd.php. An unauthenticated or authenticated attacker can exploit these issues to bypass authentication, execute arbitrary SQL commands, modify database records, delete data, or escalate privileges to administrator level.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture

🔴 CVE-2025-67147 - Critical (9.8)

Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and the 'l...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • appsmithorg
  • appsmith

12 Jan 2026
Published
12 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.7)
EPSS
0.03%

KEV

Description

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be generated pointing to the attacker’s domain, causing authentication tokens to be exposed and potentially leading to account takeover. This vulnerability is fixed in 1.93.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture

🔴 CVE-2026-22794 - Critical (9.6)

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • SAP_SE
  • SAP NetWeaver Application Server ABAP and ABAP Platform

13 Jan 2026
Published
13 Jan 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.04%

KEV

Description

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs, resulting in a high impact on integrity and availability, while confidentiality remains unaffected.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture

🟠 CVE-2026-0506 - High (8.1)

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the at...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • SMEWebify
  • WebErpMesv2

12 Jan 2026
Published
12 Jan 2026
Updated

CVSS v3.1
HIGH (8.2)
EPSS
0.09%

KEV

Description

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies, quotes, orders, tasks, and whiteboards. Limited write access allows creation of company records and full manipulation of collaboration whiteboards. This vulnerability is fixed in 1.19.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture

🟠 CVE-2026-22788 - High (8.2)

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 15h ago
Showing 31 to 40 of 85 CVEs