24h | 7d | 30d

CVE-2025-68960

Overview

  • Huawei
  • HarmonyOS
14 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
HIGH (8.4)
EPSS
0.01%
KEV

Description

Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-68960 - High (8.4)

Multi-thread race condition vulnerability in the video framework module.
Impact: Successful exploitation of this vulnerability may affect availability.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 10h ago

CVE-2025-11669

Overview

  • Zohocorp
  • ManageEngine PAM360
13 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.01%
KEV

Description

Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-11669 - High (8.1)

Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-49844

Overview

  • redis
  • redis
03 Oct 2025
Published
04 Nov 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
5.97%
KEV

Description

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture
cR0w @cR0w

Redis Lua vuln impacts BIG-IP Next and no patches are available.

my.f5.com/manage/s/article/K00

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 0
  • 0
  • Last hour

CVE-2026-20957

Overview

  • Microsoft
  • Office Online Server
13 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.05%
KEV

Description

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Statistics

  • 2 Posts
Last activity: 19 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-20957 - High (7.8)

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 19h ago

CVE-2026-21268

Overview

  • Adobe
  • Dreamweaver Desktop
13 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.04%
KEV

Description

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.

Statistics

  • 2 Posts
Last activity: 18 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-21268 - High (8.6)

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 18h ago

CVE-2026-21305

Overview

  • Adobe
  • Substance3D - Painter
13 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-21305 - High (7.8)

Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-68955

Overview

  • Huawei
  • HarmonyOS
14 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
HIGH (8.0)
EPSS
0.00%
KEV

Description

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-68955 - High (8)

Multi-thread race condition vulnerability in the card framework module.
Impact: Successful exploitation of this vulnerability may affect availability.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 10h ago

CVE-2025-14301

Overview

  • woosaai
  • Integration Opvius AI for WooCommerce
14 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.09%
KEV

Description

The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `process_table_bulk_actions()` function processing user-supplied file paths without authentication checks, nonce verification, or path validation. This makes it possible for unauthenticated attackers to delete or download arbitrary files on the server via the `wsaw-log[]` POST parameter, which can be leveraged to delete critical files like `wp-config.php` or read sensitive configuration files.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-14301 - Critical (9.8)

The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `process_table_bulk_actions()` function processing user-supplied file paths without auth...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-3568

Overview

  • Webkul
  • Krayin CRM
14 Apr 2025
Published
14 Apr 2025
Updated
CVSS v4.0
MEDIUM (5.1)
EPSS
0.02%
KEV

Description

A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor prepares a fix for the next major release and explains that he does not think therefore that this should qualify for a CVE.

Statistics

  • 1 Post
Last activity: 8 hours ago

Bluesky

Profile picture
Undercode Testing @undercode.bsky.social
The One JavaScript Line That Hacks Admins: Dissecting CVE-2025-3568 + Video Introduction: A recently disclosed vulnerability, CVE-2025-3568, demonstrates the devastating potential of chaining a seemingly minor Cross-Site Scripting (XSS) flaw into a full administrative account takeover. This…
  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-21275

Overview

  • Adobe
  • InDesign Desktop
13 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-21275 - High (7.8)

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 18h ago
Showing 71 to 80 of 126 CVEs