24h | 7d | 30d

CVE-2025-68618

Overview

  • ImageMagick
  • ImageMagick
30 Dec 2025
Published
30 Dec 2025
Updated
CVSS v3.1
MEDIUM (5.3)
EPSS
Pending
KEV

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 SECURITY UPDATE: #openSUSE Tumbleweed patches 3x ImageMagick vulnerabilities (CVE-2025-68618, -68950, -69204). Moderate severity - can lead to DoS/code execution. Read more: 👉 tinyurl.com/8kke5ny9 #Security
  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-68668

Overview

  • n8n-io
  • n8n
26 Dec 2025
Published
05 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.10%
KEV

Description

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds for this issue involve disabling the Code Node by setting the environment variable NODES_EXCLUDE: "[\"n8n-nodes-base.code\"]", disabling Python support in the Code node by setting the environment variable N8N_PYTHON_ENABLED=false, which was introduced in n8n version 1.104.0, and configuring n8n to use the task runner based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.

Statistics

  • 1 Post
Last activity: 4 hours ago

Bluesky

Profile picture
SmarterMSP.com @smartermsp.bsky.social
🚨 A severe #vulnerability, tracked as CVE-2025-68668 with a CVSS score of 9.9, was recently discovered in n8n, an open-source workflow automation platform. Discover tips to secure your environment now: https://bit.ly/49d38m1
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-0719

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • libsoup3
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0719 - High (7.8)

A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-22035

Overview

  • greenshot
  • greenshot
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-22035 - High (7.7)

Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-21875

Overview

  • MacWarrior
  • clipbucket-v5
07 Jan 2026
Published
08 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The obj_id parameter within the POST request to /actions/ajax.php is then used within the user_exists function of the upload/includes/classes/user.class. php file as the $id parameter. It is then used within the count function of the upload/includes/classes/db.class. php file. The $id parameter is concatenated into the query without validation or sanitization, and a user-supplied input like 1' or 1=1-- - can be used to trigger the injection. This issue does not have a fix at the time of publication.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2026-21875 - Critical (9.8)

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST reques...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-56424

Overview

  • Pending
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-56424 - High (7.5)

An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-22255

Overview

  • InternationalColorConsortium
  • iccDEV
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccCLUT::Init()` at `IccProfLib/IccTagLut.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

Statistics

  • 2 Posts
Last activity: 7 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-22255 - High (8.8)

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `C...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 1
  • 7h ago

CVE-2025-67913

Overview

  • Aruba.it Dev
  • Aruba HiSpeed Cache
  • aruba-hispeed-cache
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-67913 - Critical (9.8)

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through &lt; 3.0.3.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-67926

Overview

  • Shahjahan Jewel
  • Fluent Support
  • fluent-support
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through <= 1.10.4.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-67926 - High (8.8)

Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through &lt;= 1.10.4.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-67931

Overview

  • AITpro
  • BulletProof Security
  • bulletproof-security
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through <= 6.9.

Statistics

  • 2 Posts
Last activity: 7 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-67931 - High (7.5)

Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through &lt;= 6.9.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 1
  • 7h ago
Showing 31 to 40 of 90 CVEs