24h | 7d | 30d

CVE-2025-56590

Overview

  • Pending
22 Jan 2026
Published
23 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2025-56590 - Critical (9.8)

An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-15348

Overview

  • Anritsu
  • ShockLine
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.0
HIGH (7.8)
EPSS
0.21%
KEV

Description

Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CHX files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27833.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-15348 - High (7.8)

Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is requ...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 21h ago

CVE-2025-15351

Overview

  • Anritsu
  • VectorStar
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.0
HIGH (7.8)
EPSS
0.21%
KEV

Description

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CHX files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27040.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-15351 - High (7.8)

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is re...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-15349

Overview

  • Anritsu
  • ShockLine
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.0
HIGH (7.5)
EPSS
0.09%
KEV

Description

Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Anritsu ShockLine. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SCPI component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27315.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-15349 - High (7.5)

Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Anritsu ShockLine. Authentication is not required to exploit thi...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-56005

Overview

  • Pending
20 Jan 2026
Published
23 Jan 2026
Updated
CVSS
Pending
EPSS
0.28%
KEV

Description

An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because `pickle` allows execution of embedded code via `__reduce__()`, an attacker can achieve code execution by passing a malicious pickle file. The parameter is not mentioned in official documentation or the GitHub repository, yet it is active in the PyPI version. This introduces a stealthy backdoor and persistence risk.

Statistics

  • 2 Posts
Last activity: 14 hours ago

Fediverse

Profile picture
buherator @buherator
CVE-2025-56005 - If you pass untrusted data in the `run_this_code` parameter of bar() of library foo then untrusted code gets executed. This is a vulnerability, because it's not documented that `run_this_code` will run code.

Developer resigned:
https://github.com/dabeaz/ply/commit/9d7c40099e23ff78f9d86ef69a26c1e8a83e706a

#cve #slop #FOSS
  • 0
  • 0
  • 1
  • 14h ago

CVE-2025-12084

Overview

  • Python Software Foundation
  • CPython
03 Dec 2025
Published
14 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.3)
EPSS
0.12%
KEV

Description

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2025-12084 impacts python in 14 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/384 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-3248

Overview

  • langflow-ai
  • langflow
07 Apr 2025
Published
29 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
91.42%
KEV

Description

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture
OpsMatters @opsmatters.com
The latest update for #Indusface includes "CVE-2025-3248: Critical Langflow Unauthenticated Remote Code Execution Vulnerability" and "How to Sell Premium Web Security Retainers". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-1201

Overview

  • Hubitat
  • Elevation C3
22 Jan 2026
Published
23 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
0.04%
KEV

Description

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
theHastyOne @ahasty

A write up of the 9.4 vuln in #hubitat (CVE-2026-1201) is available on the ostrich lab site. ostrichlab.io/research-blog/?p

If you have a hubitat please update. If you like this kind of research please follow!

#homeautomation #smarthome #cybersecurity #cybersec #CVE

  • 0
  • 0
  • 0
  • 9h ago

CVE-2025-41244

Overview

  • VMware
  • VCF operations
29 Sep 2025
Published
04 Nov 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.68%
KEV

Description

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.Β A malicious local actor with non-administrative privileges having access to a VM with VMware ToolsΒ installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 CRITICAL: CVE-2025-41244 affects open-vm-tools on #SUSE Linux Enterprise Server 16.0 (CVSS: 8.5). Local privilege escalation vulnerability requiring immediate patching. Read more: πŸ‘‰ tinyurl.com/3h9ve98w #Security
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-0758

Overview

  • mcp-server-siri-shortcuts
  • mcp-server-siri-shortcuts
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.0
HIGH (7.8)
EPSS
0.05%
KEV

Description

mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of mcp-server-siri-shortcuts. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the shortcutName parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-27910.

Statistics

  • 2 Posts
Last activity: 23 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0758 - High (7.8)

mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of mcp-server-siri-shortcuts. An attacker must first obtain the...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 23h ago
Showing 31 to 40 of 78 CVEs