24h | 7d | 30d

Overview

  • Pending

23 Jan 2026
Published
26 Jan 2026
Updated

CVSS
Pending
EPSS
0.00%

KEV

Description

An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows an attacker to inject and execute arbitrary SQL code by submitting crafted input in the id parameter, leading to unauthorized data access or modification.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture

🔴 CVE-2025-52025 - Critical (9.4)

An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without pro...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Salesforce
  • Marketing Cloud Engagement

24 Jan 2026
Published
26 Jan 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture

🔴 CVE-2026-22583 - Critical (9.8)

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engageme...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Pending

23 Jan 2026
Published
26 Jan 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services, each with an HTML form for submitting test input. These panels are intended for developer use, but are accessible in production environments with no authentication or session validation. This grants any external actor the ability to discover, test, and execute API endpoints that perform critical functions including but not limited to user transaction retrieval, credit adjustments, POS actions, and internal data queries.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture

🔴 CVE-2025-52024 - Critical (9.4)

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Foundation Agents
  • MetaGPT

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS v3.0
CRITICAL (9.8)
EPSS
1.39%

KEV

Description

Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the actionoutput_str_to_mapping function. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28124.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture

📰 Trend Micro Details New RCE Flaw in MetaGPT (CVE-2026-0761)

Trend Micro details a new high-severity RCE vulnerability (CVE-2026-0761) in Foundation Agents MetaGPT. ⚠️ The flaw can be exploited over HTTP for initial access or lateral movement. Patch and scan systems now! #CVE #RCE #Vulnerability

🔗 cyber.netsecops.io/articles/tr

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • WellChoose
  • Single Sign-On Portal System

26 Jan 2026
Published
26 Jan 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.29%

KEV

Description

Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture

🟠 CVE-2026-1428 - High (8.8)

Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Salesforce
  • Marketing Cloud Engagement

24 Jan 2026
Published
26 Jan 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

Statistics

  • 2 Posts

Last activity: 4 hours ago

Fediverse

Profile picture

🔴 CVE-2026-22582 - Critical (9.8)

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagemen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 4h ago

Overview

  • patriksimek
  • vm2

26 Jan 2026
Published
26 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of `localPromise.prototype.then` is sanitized, but `globalPromise.prototype.then` is not sanitized. The return value of async functions is `globalPromise` object. Version 3.10.2 fixes the issue.

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture

🔴 CVE-2026-22709 - Critical (9.8)

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • bootc

21 Jan 2026
Published
21 Jan 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture
Thread: Critical patch for #Fedora devs. CVE-2026-0988 affects mingw-glib2. Integer overflow in g_buffered_input_stream_peek() leads to DoS. Windows binaries built on Fedora could be vulnerable. Read more: 👉 tinyurl.com/3dha57wh #Security
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Salesforce
  • Marketing Cloud Engagement

24 Jan 2026
Published
26 Jan 2026
Updated

CVSS
Pending
EPSS
0.00%

KEV

Description

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

Statistics

  • 2 Posts

Last activity: 4 hours ago

Fediverse

Profile picture

🔴 CVE-2026-22585 - Critical (9.8)

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Mani...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 4h ago

Overview

  • harfbuzz
  • harfbuzz

10 Jan 2026
Published
12 Jan 2026
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
0.05%

KEV

Description

HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault. This issue has been patched in version 12.3.0.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture
🔐 Critical patch for #Fedora 42: Advisory FEDORA-2026-2301995d0a addresses CVE-2026-22693, a null pointer dereference flaw in mingw-harfbuzz. Read more: 👉 tinyurl.com/42kp999p #Security
  • 0
  • 0
  • 0
  • 13h ago
Showing 31 to 40 of 51 CVEs