24h | 7d | 30d

CVE-2026-21682

Overview

  • InternationalColorConsortium
  • iccDEV
07 Jan 2026
Published
07 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow in `CIccXmlArrayType::ParseText()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-21682 - High (8.8)

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow in `CIccXmlArrayTyp...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-47552

Overview

  • Digital zoom studio
  • DZS Video Gallery
07 Jan 2026
Published
07 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-47552 - Critical (9.8)

Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 21h ago

CVE-2025-47339

Overview

  • Qualcomm, Inc.
  • Snapdragon
06 Jan 2026
Published
07 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

Memory corruption while deinitializing a HDCP session.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-47339 - High (7.8)

Memory corruption while deinitializing a HDCP session.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-67859

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
Anderson Nascimento @andersonc0d3

TLP: Polkit Authentication Bypass in Profiles Daemon in Version 1.9.0 (CVE-2025-67859)

security.opensuse.org/2026/01/

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-66786

Overview

  • Pending
07 Jan 2026
Published
07 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack.

Statistics

  • 2 Posts
Last activity: 18 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-66786 - High (7.5)

OpenAirInterface CN5G AMF&lt;=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF&#039;s SBI interface to launch a denial-of-service attack.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 1
  • 18h ago

CVE-2025-69080

Overview

  • JanStudio
  • Gecko
07 Jan 2026
Published
07 Jan 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
Pending
KEV

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JanStudio Gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through 1.9.8.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-69080 - High (8.1)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JanStudio Gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through 1.9.8.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 21h ago

CVE-2025-47380

Overview

  • Qualcomm, Inc.
  • Snapdragon
06 Jan 2026
Published
07 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

Memory corruption while preprocessing IOCTLs in sensors.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-47380 - High (7.8)

Memory corruption while preprocessing IOCTLs in sensors.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-1868

Overview

  • Famatech Corp
  • Advanced IP Scanner
03 Mar 2025
Published
03 Mar 2025
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.05%
KEV

Description

Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. This vulnerability can be exploited by intercepting network traffic to a legitimate server or by setting up a fake server, in both local and remote scenarios. This exposure is relevant for both HTTP/HTTPS and SMB protocols.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture
Packet Storm News @packetstorm.bsky.social
CVE-2025-1868 Unpatched: Advanced IP Scanner Still Silently Exposing NTLM During Scans 9 Months Later https://packetstorm.news/news/view/39999 #news
  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-65606

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

A security flaw in the discontinued Totolink EX200 wireless range extender (CVE-2025-65606) allows attackers to gain full system access by triggering an unauthenticated Telnet service with root privileges. Exploitation requires authenticated access to the device's web management interface, and no patch is available, necessitating device replacement and network access restrictions.
securityweek.com/vulnerability

  • 0
  • 0
  • 0
  • 21h ago

CVE-2025-67366

Overview

  • Pending
07 Jan 2026
Published
07 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "read_content" tool. This vulnerability arises from improper symlink handling in the path validation mechanism: the resolvePath function checks path validity before resolving symlinks, while fs.readFile resolves symlinks automatically during file access. This allows attackers to bypass directory restrictions by leveraging symlinks within the allowed directory that point to external files, enabling unauthorized access to files outside the intended operational scope.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-67366 - High (7.5)

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "read_content" tool. This vulnerability arises from imprope...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 16h ago
Showing 71 to 80 of 98 CVEs