24h | 7d | 30d

CVE-2025-13062

Overview

  • divisupreme
  • Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitization while being accepted as a valid JSON file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-13062 - High (8.8)

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass san...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • Last hour

CVE-2024-52615

Overview

  • avahi
21 Nov 2024
Published
11 Nov 2025
Updated
CVSS
Pending
EPSS
0.07%
KEV

Description

A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
#SUSE Security Advisory: Avahi DNS Spoofing Vulnerability Patched #SUSE has addressed CVE-2024-52615, a DNS spoofing vulnerability in the Avahi service discovery implementation with security update SUSE-SU-2026:20027-1. Read more: 👉 tinyurl.com/z9y769nu #Security
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-0712

Overview

  • SICK AG
  • Incoming Goods Suite
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (7.6)
EPSS
Pending
KEV

Description

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0712 - High (7.6)

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XS...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-56225

Overview

  • Pending
09 Jan 2026
Published
12 Jan 2026
Updated
CVSS
Pending
EPSS
0.05%
KEV

Description

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
ðŸšĻ Critical #openSUSE Tumbleweed patch alert! CVE-2025-56225 - a severe buffer overflow in fluidsynth (ALSA-utils). Remote code execution risk. Read more: 👉 tinyurl.com/bara7m7y #Security
  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-66293

Overview

  • pnggroup
  • libpng
03 Dec 2025
Published
04 Dec 2025
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.08%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

Statistics

  • 1 Post
Last activity: 20 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
ðŸšĻ CVE-2025-66293 PATCHED for #Ubuntu. Critical RCE flaw in libpng library demands immediate action. Read more: 👉 tinyurl.com/29ybrwke #Security
  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-11224

Overview

  • GitLab
  • GitLab
14 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (7.7)
EPSS
0.02%
KEV

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-11224 - High (7.7)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-0830

Overview

  • AWS
  • Kiro IDE
09 Jan 2026
Published
09 Jan 2026
Updated
CVSS v4.0
HIGH (8.4)
EPSS
0.04%
KEV

Description

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture
Eyal Estrin ☁ïļ @eyalestrin.bsky.social
CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper #patchmanagement
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-22643

Overview

  • SICK AG
  • Incoming Goods Suite
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (8.3)
EPSS
Pending
KEV

Description

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-22643 - High (8.3)

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • Last hour

CVE-2026-22638

Overview

  • SICK AG
  • Incoming Goods Suite
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (8.3)
EPSS
Pending
KEV

Description

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF. The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-22638 - High (8.3)

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. T...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • Last hour

CVE-2025-46817

Overview

  • redis
  • redis
03 Oct 2025
Published
03 Oct 2025
Updated
CVSS v3.1
HIGH (7.0)
EPSS
22.69%
KEV

Description

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
ðŸšĻ Attention System Admins & DevOps Professionals! ðŸšĻA critical vulnerability (CVE-2025-46817) has been found in #Valkey, the high-performance Redis fork, impacting #SUSE Linux Enterprise Server 15. Read more: 👉 tinyurl.com/47ywwc8v #Security
  • 0
  • 0
  • 0
  • 2h ago
Showing 31 to 40 of 74 CVEs