24h | 7d | 30d

Overview

  • TP-Link Systems Inc.
  • Archer BE400

07 Jan 2026
Published
07 Jan 2026
Updated

CVSS v4.0
HIGH (7.1)
EPSS
0.02%

KEV

Description

A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allowsΒ  an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture

CyRC Discovers Critical WLAN Vulnerabilities in ASUS and TP-Link Routers (CVE-2025-14631) | Black Duck Blog #devopsish blackduck.com/blog/cyrc-discov

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Apache Software Foundation
  • Apache Airflow
  • apache-airflow

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed. Users are recommended to upgrade to 3.1.6 or later, which fixes this issue

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture

🟠 CVE-2025-68675 - High (7.5)

In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatic...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • pyasn1
  • pyasn1

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

Statistics

  • 1 Post

Last activity: 9 hours ago

Fediverse

Profile picture

🟠 CVE-2026-23490 - High (7.5)

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Microsoft
  • Microsoft Power Apps

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS v3.1
HIGH (8.0)
EPSS
Pending

KEV

Description

Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture

🟠 CVE-2026-20960 - High (8)

Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • TheLibrarian
  • TheLibrarian.io

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. The vendor has fixed the vulnerability in all versions of TheLibrarian.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture

🟠 CVE-2026-0612 - High (7.5)

The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. Th...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • AVEVA
  • Process Optimization

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.01%

KEV

Description

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.

Statistics

  • 2 Posts

Last activity: 11 hours ago

Fediverse

Profile picture

🟠 CVE-2025-65118 - High (8.8)

The vulnerability, if exploited, could allow an authenticated miscreant
(OS Standard User) to trick Process Optimization services into loading
arbitrary code and escalate privileges to OS System, potentially
resulting in complete compromise of ...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 11h ago

Overview

  • OpenAgentPlatform
  • Dive

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.7)
EPSS
Pending

KEV

Description

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the victim’s machine. This vulnerability is fixed in 0.13.0.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture

πŸ”΄ CVE-2026-23523 - Critical (9.6)

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lea...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • zalando
  • skipper

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
Pending

KEV

Description

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration inline allows these user to create a script that is able to read the filesystem accessible to the skipper process and if the user has access to read the logs, they an read skipper secrets. This vulnerability is fixed in 0.23.0.

Statistics

  • 2 Posts

Last activity: 8 hours ago

Fediverse

Profile picture

🟠 CVE-2026-23742 - High (8.8)

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for e...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 8h ago

Overview

  • Fortinet
  • FortiSIEM

05 Feb 2024
Published
14 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.7)
EPSS
91.25%

KEV

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via viaΒ crafted API requests.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture
πŸ“Œ Hackers Actively Exploiting Critical Fortinet FortiSIEM Vulnerability (CVE-2024-23108) https://www.cyberhub.blog/article/18104-hackers-actively-exploiting-critical-fortinet-fortisiem-vulnerability-cve-2024-23108
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • TOA Corporation
  • Multiple Network Cameras TRIFORA 3 series

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS v3.0
HIGH (8.8)
EPSS
0.23%

KEV

Description

OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low("monitoring user") or higher privilege to execute an arbitrary OS command.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture

🟠 CVE-2026-20759 - High (8.8)

OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low("monitoring user") or higher privilege to execute an arbitrary OS command.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago
Showing 31 to 40 of 63 CVEs