24h | 7d | 30d

CVE-2026-22867

Overview

  • suitenumerique
  • docs
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (8.7)
EPSS
Pending
KEV

Description

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacker with document editing privileges can inject a malicious javascript: URL that executes arbitrary code when other users click on the link. This vulnerability is fixed in 4.4.0.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-22867 - High (8.7)

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a user creates a link to another document within the edito...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-47914

Overview

  • golang.org/x/crypto
  • golang.org/x/crypto/ssh/agent
  • golang.org/x/crypto/ssh/agent
19 Nov 2025
Published
20 Nov 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Statistics

  • 2 Posts
Last activity: 6 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 Security Update: CVE-2025-47914 affects Podman on #openSUSE Leap 15.4 & SUSE Linux Enterprise Micro. CVSS:4.0 score: 6.9. Patch now to prevent SSH-agent panic from out-of-bounds read. Read more: 👉 tinyurl.com/ft8mh9ka #Security
  • 0
  • 0
  • 0
  • 7h ago
Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical Podman security patch: CVE-2025-47914 (moderate severity) affects ssh-agent in #SUSE distributions. Read more: 👉 tinyurl.com/59f97djx #Security
  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-60003

Overview

  • Juniper Networks
  • Junos OS
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer. This issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring: [ protocols bgp ... disable-4byte-as ] Established BGP sessions can be checked by executing: show bgp neighbor <IP address> | match "4 byte AS" This issue affects: Junos OS:  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2; Junos OS Evolved:  * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S5-EVO, * 23.4 versions before 23.4R2-S6-EVO, * 24.2 versions before 24.2R2-S2-EVO, * 24.4 versions before 24.4R2-EVO.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-60003 - High (7.5)

A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

When an affected device receives a BGP u...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-64516

Overview

  • glpi-project
  • glpi
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed in 10.0.21 and 11.0.3.

Statistics

  • 2 Posts
Last activity: 7 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-64516 - High (7.5)

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 7h ago

CVE-2025-36911

Overview

  • Google
  • Android
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture
L'algorisme @lalgorisme.bsky.social
WhisperPair aka CVE-2025-36911 afecta a centenars de milions d'auriculars i altaveus compatibles amb Google Fast Pair de marques com Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech i Google.
  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-66292

Overview

  • donknap
  • dpanel
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
Pending
KEV

Description

DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative backend, this interface can be used to delete files. The vulnerability lies in the Delete function within the app/common/http/controller/attach.go file. The path parameter submitted by the user is directly passed to storage.Local{}.GetSaveRealPath and subsequently to os.Remove without proper sanitization or checking for path traversal characters (../). And the helper function in common/service/storage/local.go uses filepath.Join, which resolves ../ but does not enforce a chroot/jail. This vulnerability is fixed in 1.9.2.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-66292 - High (8.1)

DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-1009

Overview

  • Altium
  • Altium Forum (Altium 365)
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.0)
EPSS
Pending
KEV

Description

A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when other users view the affected post. Successful exploitation allows the attacker’s payload to execute in the context of the victim’s authenticated Altium 365 session, enabling unauthorized access to workspace data, including design files and workspace settings. Exploitation requires user interaction to view a malicious forum post.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2026-1009 - Critical (9)

A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and execu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • Last hour

CVE-2026-22610

Overview

  • angular
  • angular
10 Jan 2026
Published
13 Jan 2026
Updated
CVSS v4.0
HIGH (8.5)
EPSS
0.04%
KEV

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG <script> elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.

Statistics

  • 1 Post
Last activity: 23 hours ago

Bluesky

Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
AngularにXSS(クロスサイトスクリプティング)が可能になる脆弱性(CVE-2026-22610) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security
  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-21905

Overview

  • Juniper Networks
  • Junos OS
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow management process, leading to a Denial of Service (DoS). On SRX Series, and MX Series with MX-SPC3 or MS-MPC service cards, receipt of multiple SIP messages causes the SIP headers to be parsed incorrectly, eventually causing a continuous loop and leading to a watchdog timer expiration, crashing the flowd process on SRX Series and MX Series with MX-SPC3, or mspmand process on MX Series with MS-MPC. This issue only occurs over TCP. SIP messages sent over UDP cannot trigger this issue. This issue affects Junos OS on SRX Series and MX Series with MX-SPC3 and MS-MPC: * all versions before 21.2R3-S10,  * from 21.4 before 21.4R3-S12,  * from 22.4 before 22.4R3-S8,  * from 23.2 before 23.2R2-S5,  * from 23.4 before 23.4R2-S6,  * from 24.2 before 24.2R2-S3,  * from 24.4 before 24.4R2-S1,  * from 25.2 before 25.2R1-S1, 25.2R2.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-21905 - High (7.5)

A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker send...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-21917

Overview

  • Juniper Networks
  • Junos OS
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart. This issue affects Junos OS on SRX Series: * 23.2 versions from 23.2R2-S2 before 23.2R2-S5,  * 23.4 versions from 23.4R2-S1 before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R1-S3, 24.4R2. Earlier versions of Junos are also affected, but no fix is available.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-21917 - High (7.5)

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

If an SRX device c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 2h ago
Showing 51 to 60 of 91 CVEs