24h | 7d | 30d

CVE-2026-1364

Overview

  • JNC
  • IAQS
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.13%
KEV

Description

IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2026-1364 - Critical (9.8)

IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-24138

Overview

  • FOGProject
  • fogproject
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.03%
KEV

Description

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites and files on the machine running FOG. This appears to be reachable without an authenticated web session when the request includes newService=1. The issue does not have a fixed release version at the time of publication.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24138 - High (7.5)

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-66719

Overview

  • Pending
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck() function in file internal/sbi/processor/access_token.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access token with any arbitrary scope.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-66719 - Critical (9.1)

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck() function in file internal/sbi/processor/access_token.go bypasses all scope validation when the attacker uses a crafted targe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-0762

Overview

  • GPT Academic
  • GPT Academic
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.0
HIGH (8.1)
EPSS
0.36%
KEV

Description

GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS server is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the stream_daas function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27956.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0762 - High (8.1)

GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS serve...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-24399

Overview

  • chattermate
  • chattermate.chat
24 Jan 2026
Published
24 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
Pending
KEV

Description

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an <iframe> payload containing a javascript: URI can be processed and executed in the browser context. This allows access to sensitive client-side data such as localStorage tokens and cookies, resulting in client-side injection. This issue has been fixed in version 1.0.9.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2026-24399 - Critical (9.3)

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be proces...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • Last hour

CVE-2025-14017

Overview

  • curl
  • curl
08 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 Breaking: 5 cURL vulnerabilities patched in #SUSE Linux Micro 6.2 (CVE-2025-14017, -14524, -14819, -15079, -15224). Includes bearer token leaks & SSH bypasses. Immediate patching required for internet-facing systems. Read more: 👉 tinyurl.com/3jxe3b5b #Security
  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-67229

Overview

  • Pending
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-67229 - Critical (9.8)

An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-24405

Overview

  • InternationalColorConsortium
  • iccDEV
24 Jan 2026
Published
24 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24405 - High (8.8)

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllab...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • Last hour

CVE-2026-0793

Overview

  • ALGO
  • 8180 IP Audio Alerter
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.0
HIGH (8.1)
EPSS
0.57%
KEV

Description

ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InformaCast functionality. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28302.

Statistics

  • 2 Posts
Last activity: 20 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0793 - High (8.1)

ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentica...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 20h ago

CVE-2026-20613

Overview

  • Apple
  • Container
22 Jan 2026
Published
23 Jan 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames. This issue is addressed in container 0.8.0 and containerization 0.21.0.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-20613 - High (7.8)

The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 9h ago
Showing 71 to 80 of 103 CVEs