24h | 7d | 30d

Overview

  • Pending

08 Jan 2026
Published
08 Jan 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (`/cgi-bin/luci`). An unauthenticated attacker on the local network can perform unlimited password attempts against the admin interface.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 21 hours ago

Overview

  • livewire
  • livewire

17 Jul 2025
Published
17 Jul 2025
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.10%

KEV

Description

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 4 hours ago

Bluesky

Profile picture
C'est un beau début d'année pour la FrenchTech avec : 💥 Vulns CVE-2026-21858 et CVE-2025-68613 n8n par @chocapikk.bsky.social 💥 Vuln Livewire CVE-2025-54068* par @w0rty.bsky.social et @remsio.bsky.social Bravo à vous 🎉 et bonne année 2026 😄 *allez.... fin 2025 c'est presque début 2026 😅
  • 0
  • 1
  • 0
  • 4h ago

Overview

  • ESXi

04 Mar 2025
Published
21 Oct 2025
Updated

CVSS v3.1
HIGH (7.1)
EPSS
3.96%

Description

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

Statistics

  • 2 Posts

Last activity: Last hour

Fediverse

Profile picture

The three bugs, tracked as CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226, and named ESXicape, allow privileged attackers to execute arbitrary code and escape the VM to compromise the hypervisor itself. securityweek.com/exploit-for-v

  • 0
  • 0
  • 1
  • Last hour

Overview

  • VMware ESXi

04 Mar 2025
Published
21 Oct 2025
Updated

CVSS v3.1
HIGH (8.2)
EPSS
4.19%

Description

VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

Statistics

  • 2 Posts

Last activity: Last hour

Fediverse

Profile picture

The three bugs, tracked as CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226, and named ESXicape, allow privileged attackers to execute arbitrary code and escape the VM to compromise the hypervisor itself. securityweek.com/exploit-for-v

  • 0
  • 0
  • 1
  • Last hour

Overview

  • Trend Micro, Inc.
  • Trend Micro Apex Central

08 Jan 2026
Published
08 Jan 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.09%

KEV

Description

A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture
Trend Micro Apex Central: Vulnerabilità RCE con CVSS 9.8 Vulnerabilità Critica RCE Apex Central è, per molte aziende, il cuore silenzioso della sicurezza. È la console che governa... www.aiutocomputerhelp.it?p=16524 #Apex_Central #CVE_2025_69258 #CVE_2025_69259 #CVE_2025_69260 #news #Vulnerabilità
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Trend Micro, Inc.
  • Trend Micro Apex Central

08 Jan 2026
Published
08 Jan 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.09%

KEV

Description

A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability..

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture
Trend Micro Apex Central: Vulnerabilità RCE con CVSS 9.8 Vulnerabilità Critica RCE Apex Central è, per molte aziende, il cuore silenzioso della sicurezza. È la console che governa... www.aiutocomputerhelp.it?p=16524 #Apex_Central #CVE_2025_69258 #CVE_2025_69259 #CVE_2025_69260 #news #Vulnerabilità
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • VMware
  • ESXi

04 Mar 2025
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
51.47%

Description

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Statistics

  • 2 Posts

Last activity: Last hour

Fediverse

Profile picture

The three bugs, tracked as CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226, and named ESXicape, allow privileged attackers to execute arbitrary code and escape the VM to compromise the hypervisor itself. securityweek.com/exploit-for-v

  • 0
  • 0
  • 1
  • Last hour

Overview

  • curl
  • curl

08 Jan 2026
Published
08 Jan 2026
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 22 hours ago

Overview

  • curl
  • curl

08 Jan 2026
Published
08 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 22 hours ago

Overview

  • curl
  • curl

08 Jan 2026
Published
08 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 22 hours ago
Showing 71 to 80 of 82 CVEs