24h | 7d | 30d

CVE-2025-68973

Overview

  • GnuPG
  • GnuPG
28 Dec 2025
Published
02 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.01%
KEV

Description

In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)

Statistics

  • 2 Posts
Last activity: 7 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical security analysis published: #GnuPG vulnerability CVE-2025-68973 exposes fundamental challenges in legacy Linux system maintenance. Read more: 👉 tinyurl.com/5bc7t8hp #Ubuntu #Security
  • 0
  • 0
  • 0
  • 9h ago
Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical security patch required for #Ubuntu users. A severe vulnerability in GnuPG (CVE-2025-68973 / USN-7946-1) has been disclosed. Read more: 👉 tinyurl.com/375s5vjs #Security
  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-14598

Overview

  • BeeS Software Solutions
  • BET ePortal
09 Jan 2026
Published
09 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend database.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-14598 - Critical (9.8)

BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend database.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-0625

Overview

  • D-Link
  • DSL-2640B
05 Jan 2026
Published
08 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.36%
KEV

Description

Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DNS settings without valid credentials, enabling DNS hijacking (“DNSChanger”) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the "GhostDNS" malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates. Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC).

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
JF_0x01 @jfreeg.bsky.social
Critical flaw (CVE-2026-0625) in legacy D-Link DSL routers is under active exploitation. The vulnerability allows remote code execution via command injection due to improper sanitization in "dnscfg.cgi". Affected devices are EoL and unpatchable, posing risks. Upgrade devices.
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-20029

Overview

  • Cisco
  • Cisco Identity Services Engine Software
07 Jan 2026
Published
07 Jan 2026
Updated
CVSS v3.1
MEDIUM (4.9)
EPSS
0.03%
KEV

Description

A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.  This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators. To exploit this vulnerability, the attacker must have valid administrative credentials.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture
ohhara @shiojiri.com
Cisco ISEの脆弱性についてシスコが注意喚起、エクスプロイトコードが出回る:CVE-2026-20029 | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43338/
  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-56425

Overview

  • Pending
08 Jan 2026
Published
09 Jan 2026
Updated
CVSS
Pending
EPSS
0.05%
KEV

Description

An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10.10, in the AppConnector component version 11.0.0.183 and earlier of enaio 11.0, and in the AppConnctor component version 11.10.0.183 and earlier of enaio 11.10. The vulnerability allows authenticated remote attackers to inject arbitrary SMTP commands via crafted input to the /osrest/api/organization/sendmail endpoint

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-56425 - Critical (9.1)

An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10.10, in the AppConnector component version 11.0.0.183 and earlier of enaio 11.0, and in the AppConnctor component version 11.10.0.183 and earlier of e...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-14741

Overview

  • shabti
  • Frontend Admin by DynamiApps
09 Jan 2026
Published
09 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.07%
KEV

Description

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'delete_object' function in all versions up to, and including, 3.28.25. This makes it possible for unauthenticated attackers to delete arbitrary posts, pages, products, taxonomy terms, and user accounts.

Statistics

  • 3 Posts
Last activity: 4 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-14741 - Critical (9.1)

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'delete_object' function in all versions up to, and including, 3.2...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 2
  • 4h ago

CVE-2025-7072

Overview

  • KAON
  • CG3000T
09 Jan 2026
Published
09 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.21%
KEV

Description

The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text (shared across all routers of this model) that an unauthenticated remote attacker could use to execute commands with root privileges. This vulnerability has been fixed in firmware version: 1.00.67 for CG3000TC and 1.00.27 for CG3000T.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture
cR0w @cR0w

Hardcoded creds in KAON routers but it doesn't say what those creds are.

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-67936

Overview

  • Mikado-Themes
  • Curly
  • curly
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through < 3.3.

Statistics

  • 2 Posts
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-67936 - High (8.1)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through &lt; 3.3.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 1
  • 2h ago

CVE-2025-67925

Overview

  • zozothemes
  • Corpkit
  • corpkit
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Corpkit corpkit allows PHP Local File Inclusion.This issue affects Corpkit: from n/a through <= 2.0.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-67925 - High (8.1)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Corpkit corpkit allows PHP Local File Inclusion.This issue affects Corpkit: from n/a through &lt;= 2.0.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-13761

Overview

  • GitLab
  • GitLab
09 Jan 2026
Published
09 Jan 2026
Updated
CVSS v3.1
HIGH (8.0)
EPSS
0.04%
KEV

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially crafted webpage.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-13761 - High (8)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 4h ago
Showing 31 to 40 of 87 CVEs