Overview
Description
Statistics
- 1 Post
Fediverse
🟠 CVE-2025-57155 - High (7.5)
NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-57155/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
- Solvera Software Services Trade Inc.
- Teknoera
Description
Statistics
- 1 Post
Fediverse
🟠 CVE-2025-10855 - High (7.5)
Authorization Bypass Through User-Controlled Key vulnerability in Solvera Software Services Trade Inc. Teknoera allows Exploitation of Trusted Identifiers.This issue affects Teknoera: through 01102025.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10855/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
- vllm-project
- vllm
Description
Statistics
- 1 Post
Fediverse
🟠 CVE-2026-22807 - High (8.8)
vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face `auto_map` dynamic modules during model resolution without gating on `trust_remote_code`, all...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22807/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
- appsmithorg
- appsmith
Description
Statistics
- 1 Post
Fediverse
🔴 CVE-2026-24042 - Critical (9.4)
Appsmith is a platform to build admin panels, internal tools, and dashboards. In versions 1.94 and below, publicly accessible apps allow unauthenticated users to execute unpublished (edit-mode) actions by sending viewMode=false (or omitting it) to...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24042/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
Description
Statistics
- 1 Post
Fediverse
🟠 CVE-2025-13878 - High (7.5)
Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.
This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13878/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
- lxsmnsyc
- seroval
Description
Statistics
- 1 Post
Fediverse
🟠 CVE-2026-24006 - High (7.5)
Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0
and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Sero...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24006/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
- gristlabs
- grist-core
Description
Statistics
- 1 Post
Fediverse
🔴 CVE-2026-24002 - Critical (9)
Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, bu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
Description
Statistics
- 1 Post
Fediverse
🟠 CVE-2025-57156 - High (7.5)
NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-57156/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
Description
Statistics
- 1 Post
Fediverse
🟠 CVE-2025-70651 - High (7.5)
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70651/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Overview
- Fortinet
- FortiWeb
Description
Statistics
- 2 Posts
Fediverse
Si vous administrez des FortiGate/FortiOS : des admins signalent un contournement du patch de la vulnérabilité critique CVE-2025-59718 (FortiCloud SSO https://fortiguard.fortinet.com/psirt/FG-IR-25-647 ) → compromission possible même sur des firewalls « patchés » (ex. 7.4.9/7.4.10).
( https://www.reddit.com/r/fortinet/comments/1qibdcb/possible_new_sso_exploit_cve202559718_on_749/ )
Préreq : “Allow administrative login using FortiCloud SSO” activé (souvent après enregistrement FortiCare).
Mitigation : désactiver admin-forticloud-sso-login + restreindre l’accès admin + vérifier logs/nouveaux comptes.
Chaîne d'exploitation: CVE-2025-59718 (+ CVE-2025-59719 côté FortiWeb) ➡️ envoi de messages SAML forgés ➡️ bypass de vérification de signature ➡️ accès admin non autorisé.
[Références]
"Fortinet admins report patched FortiGate firewalls getting hacked"
👇
https://www.bleepingcomputer.com/news/security/fortinet-admins-report-patched-fortigate-firewalls-getting-hacked/