CVE-2026-22265

Overview

roxy-wi
roxy-wi

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.19%

MITRE

KEV

Description

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py line 87, where the grep parameter is used twice - once sanitized and once raw. This vulnerability is fixed in 8.2.8.2.

Statistics

1 Post

Last activity: 23 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-22265 - High (7.5)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22265/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
23h ago

CVE-2025-14235

Overview

Canon Inc.
Satera LBP670C Series

15 Jan 2026

Published

16 Jan 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.07%

MITRE

KEV

Description

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Statistics

1 Post

Last activity: 15 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-14235 - Critical (9.8)

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Sa...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14235/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
15h ago

CVE-2025-14237

Overview

Canon Inc.
Satera LBP670C Series

15 Jan 2026

Published

16 Jan 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.07%

MITRE

KEV

Description

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Statistics

3 Posts

Last activity: 15 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-14237 - Critical (9.8)

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14237/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
2
15h ago

CVE-2026-20965

Overview

Microsoft
Windows Admin Center in Azure Portal

13 Jan 2026

Published

14 Jan 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.04%

MITRE

KEV

Description

Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.

Statistics

1 Post

Last activity: 23 hours ago

Fediverse

ekiledjian @edwardk

Cymulate Research Labs discovered a critical vulnerability, CVE-2026-20965, in Azure Windows Admin Center (WAC) that allows an attacker with local administrator access on one machine to achieve tenant-wide Remote Code Execution (RCE). Microsoft has released version 0.70.00 of the Windows Admin Center Azure Extension to patch this flaw, which stems from improper token validation in the Azure AD Single Sign-On implementation.
https://cymulate.com/blog/cve-2026-20965-azure-windows-admin-center-tenant-wide-rce/

0
0
0
23h ago

CVE-2025-62507

Overview

redis
redis

04 Nov 2025

Published

06 Nov 2025

Updated

CVSS v4.0

HIGH (7.7)

EPSS

0.28%

MITRE

KEV

Description

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

Statistics

1 Post

Last activity: Last hour

Bluesky

今日視界 @g0rosato.bsky.social

剖析和利用 CVE-2025-62507：Redis 中的遠程代碼執行漏洞

0
0
0
Last hour

CVE-2025-25249

Overview

Fortinet
FortiSwitchManager

13 Jan 2026

Published

16 Jan 2026

Updated

CVSS v3.1

HIGH (7.4)

EPSS

0.02%

MITRE

KEV

Description

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.16, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets

Statistics

1 Post

Last activity: 15 hours ago

Bluesky

OpsMatters @opsmatters.com

The latest update for #ArcticWolf includes "CVE-2025-64155: FortiSIEM Remote Unauthenticated Command Injection Vulnerability" and "CVE-2025-25249: Remote Code Execution Vulnerability in FortiOS and FortiSwitchManager". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl

0
0
0
15h ago

CVE-2025-25256

Overview

Fortinet
FortiSIEM

12 Aug 2025

Published

16 Aug 2025

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

26.27%

MITRE

KEV

Description

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.

Statistics

1 Post

Last activity: 16 hours ago

Bluesky

セキュリティ対策Lab @securitylab-jp.bsky.social

FortiSIEMに未認証RCEのクリティカル脆弱性、PoC公開で悪用リスクが急上昇(CVE-2025-64155／CVE-2025-25256) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security

0
0
0
16h ago

CVE-2025-33183

Overview

NVIDIA
NVIDIA Isaac-GR00T N1.5

18 Nov 2025

Published

18 Nov 2025

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.02%

MITRE

KEV

Description

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Statistics

1 Post

Last activity: 23 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Trendmicro~ Trend Micro's new ÆSIR AI platform has discovered 21 critical zero-day vulnerabilities in foundational AI infrastructure from NVIDIA, Tencent, and others. - IOCs: CVE-2025-23296, CVE-2025-33183, CVE-2025-33184 - #0day #AI #ThreatIntel

0
0
0
23h ago

CVE-2025-36934

Overview

Google
Android

11 Dec 2025

Published

15 Jan 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

1 Post

Last activity: 21 hours ago

Fediverse

Emory @emory

RE: https://hachyderm.io/@evacide/115900663566563599

Vulnerability introduced by AI-enhanced media processing.

• Attackers can leverage tiny memory corruption windows
• Media decoder memory layouts present consistent security vulnerabilities

thank you 🙇🏻 @evacide for this high-quality explainer with references:

1. CVE-2025-49415
2. CVE-2025-54957
3. CVE-2025-36934
4. Dolby Digital (DD) and Dolby Digital Plus (DD+) audio formats
5. ETSI audio format specification

this isn't over imo. #infosec

0
0
0
21h ago

CVE-2025-23296

Overview

NVIDIA
NVIDIA Isaac-GR00T N1

13 Aug 2025

Published

13 Aug 2025

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.02%

MITRE

KEV

Description

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Statistics

1 Post

Last activity: 23 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Trendmicro~ Trend Micro's new ÆSIR AI platform has discovered 21 critical zero-day vulnerabilities in foundational AI infrastructure from NVIDIA, Tencent, and others. - IOCs: CVE-2025-23296, CVE-2025-33183, CVE-2025-33184 - #0day #AI #ThreatIntel

0
0
0
23h ago