CVE-2025-52025

Overview

Pending

23 Jan 2026

Published

26 Jan 2026

Updated

CVSS

Pending

EPSS

0.00%

MITRE

KEV

Description

An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows an attacker to inject and execute arbitrary SQL code by submitting crafted input in the id parameter, leading to unauthorized data access or modification.

Statistics

1 Post

Last activity: 5 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-52025 - Critical (9.4)

An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without pro...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52025/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
5h ago

CVE-2026-22583

Overview

Salesforce
Marketing Cloud Engagement

24 Jan 2026

Published

26 Jan 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

Statistics

1 Post

Last activity: 5 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-22583 - Critical (9.8)

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engageme...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22583/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
5h ago

CVE-2025-52024

Overview

Pending

23 Jan 2026

Published

26 Jan 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services, each with an HTML form for submitting test input. These panels are intended for developer use, but are accessible in production environments with no authentication or session validation. This grants any external actor the ability to discover, test, and execute API endpoints that perform critical functions including but not limited to user transaction retrieval, credit adjustments, POS actions, and internal data queries.

Statistics

1 Post

Last activity: 5 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-52024 - Critical (9.4)

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52024/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
5h ago

CVE-2026-0761

Overview

Foundation Agents
MetaGPT

23 Jan 2026

Published

23 Jan 2026

Updated

CVSS v3.0

CRITICAL (9.8)

EPSS

1.39%

MITRE

KEV

Description

Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the actionoutput_str_to_mapping function. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28124.

Statistics

1 Post

Last activity: 22 hours ago

Fediverse

CyberNetsecIO @netsecio

📰 Trend Micro Details New RCE Flaw in MetaGPT (CVE-2026-0761)

Trend Micro details a new high-severity RCE vulnerability (CVE-2026-0761) in Foundation Agents MetaGPT. ⚠️ The flaw can be exploited over HTTP for initial access or lateral movement. Patch and scan systems now! #CVE #RCE #Vulnerability

🔗 https://cyber.netsecops.io/articles/trend-micro-details-new-rce-exploit-for-metagpt-cve-2026-0761/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
0
0
22h ago

CVE-2026-1428

Overview

WellChoose
Single Sign-On Portal System

26 Jan 2026

Published

26 Jan 2026

Updated

CVSS v4.0

HIGH (8.7)

EPSS

0.29%

MITRE

KEV

Description

Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

Statistics

1 Post

Last activity: 14 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-1428 - High (8.8)

Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1428/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
14h ago

CVE-2026-22582

Overview

Salesforce
Marketing Cloud Engagement

24 Jan 2026

Published

26 Jan 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

Statistics

2 Posts

Last activity: 4 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-22582 - Critical (9.8)

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagemen...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22582/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
1
4h ago

CVE-2026-22709

Overview

patriksimek
vm2

26 Jan 2026

Published

26 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

Pending

MITRE

KEV

Description

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of `localPromise.prototype.then` is sanitized, but `globalPromise.prototype.then` is not sanitized. The return value of async functions is `globalPromise` object. Version 3.10.2 fixes the issue.

Statistics

1 Post

Last activity: 1 hour ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-22709 - Critical (9.8)

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setu...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22709/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
1h ago

CVE-2026-0988

Overview

Red Hat
Red Hat Enterprise Linux 10
bootc

21 Jan 2026

Published

21 Jan 2026

Updated

CVSS

Pending

EPSS

0.04%

MITRE

KEV

Description

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

Statistics

1 Post

Last activity: 11 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

Thread: Critical patch for #Fedora devs. CVE-2026-0988 affects mingw-glib2. Integer overflow in g_buffered_input_stream_peek() leads to DoS. Windows binaries built on Fedora could be vulnerable. Read more: 👉 tinyurl.com/3dha57wh #Security

0
0
0
11h ago

CVE-2026-22585

Overview

Salesforce
Marketing Cloud Engagement

24 Jan 2026

Published

26 Jan 2026

Updated

CVSS

Pending

EPSS

0.00%

MITRE

KEV

Description

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

Statistics

2 Posts

Last activity: 4 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-22585 - Critical (9.8)

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Mani...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22585/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
1
4h ago

CVE-2026-22693

Overview

harfbuzz
harfbuzz

10 Jan 2026

Published

12 Jan 2026

Updated

CVSS v3.1

MEDIUM (5.3)

EPSS

0.05%

MITRE

KEV

Description

HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault. This issue has been patched in version 12.3.0.

Statistics

1 Post

Last activity: 13 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

🔐 Critical patch for #Fedora 42: Advisory FEDORA-2026-2301995d0a addresses CVE-2026-22693, a null pointer dereference flaw in mingw-harfbuzz. Read more: 👉 tinyurl.com/42kp999p #Security

0
0
0
13h ago