24h | 7d | 30d

CVE-2025-69083

Overview

  • Elated-Themes
  • Frappé
06 Jan 2026
Published
06 Jan 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
Pending
KEV

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Frappé allows PHP Local File Inclusion.This issue affects Frappé: from n/a through 1.8.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-69083 - High (8.1)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Frappé allows PHP Local File Inclusion.This issue affects Frappé: from n/a through 1.8.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-21677

Overview

  • InternationalColorConsortium
  • iccDEV
06 Jan 2026
Published
06 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.06%
KEV

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in version 2.3.1.1.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-21677 - High (8.8)

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in vers...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-53966

Overview

  • Pending
05 Jan 2026
Published
05 Jan 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow during handling of an IOCTL message.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-53966 - High (8.4)

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow during handling of an IOCTL message.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-21676

Overview

  • InternationalColorConsortium
  • iccDEV
06 Jan 2026
Published
06 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.04%
KEV

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-21676 - High (8.8)

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in versio...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-68664

Overview

  • langchain-ai
  • langchain
23 Dec 2025
Published
24 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.07%
KEV

Description

LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture
Eyal Estrin ☁️ @eyalestrin.bsky.social
All I Want for Christmas is Your Secrets: LangGrinch hits LangChain Core (CVE-2025-68664) #appsec
  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-69086

Overview

  • Jwsthemes
  • Issabella
06 Jan 2026
Published
06 Jan 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
Pending
KEV

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jwsthemes Issabella allows PHP Local File Inclusion.This issue affects Issabella: from n/a through 1.1.2.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-69086 - High (8.1)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jwsthemes Issabella allows PHP Local File Inclusion.This issue affects Issabella: from n/a through 1.1.2.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-14346

Overview

  • WHILL
  • Model C2 Electric Wheelchair
05 Jan 2026
Published
05 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.09%
KEV

Description

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
John-Mark Gurney @encthenet

@mwl

This seems perfect fodder for a plot device.

> cve.org/CVERecord?id=CVE-2025-

(Edit: original post is gone, but this is the CVE mentioned in it.)

  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-64720

Overview

  • pnggroup
  • libpng
24 Nov 2025
Published
25 Nov 2025
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.07%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2025-64720 impacts libpng in 7 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/367 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 9h ago

CVE-2025-14087

Overview

  • GNOME
  • glib
  • glib
10 Dec 2025
Published
06 Jan 2026
Updated
CVSS
Pending
EPSS
0.26%
KEV

Description

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2025-14087 impacts glib2 in 7 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/365 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 9h ago

CVE-2025-15001

Overview

  • fsylum
  • FS Registration Password
06 Jan 2026
Published
06 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.07%
KEV

Description

The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-15001 - Critical (9.8)

The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their p...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 16h ago
Showing 31 to 40 of 89 CVEs