24h | 7d | 30d

Overview

  • roxy-wi
  • roxy-wi

15 Jan 2026
Published
15 Jan 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.19%

KEV

Description

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py line 87, where the grep parameter is used twice - once sanitized and once raw. This vulnerability is fixed in 8.2.8.2.

Statistics

  • 1 Post

Last activity: 23 hours ago

Fediverse

Profile picture

🟠 CVE-2026-22265 - High (7.5)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Canon Inc.
  • Satera LBP670C Series

15 Jan 2026
Published
16 Jan 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.07%

KEV

Description

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture

🔴 CVE-2025-14235 - Critical (9.8)

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Sa...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Canon Inc.
  • Satera LBP670C Series

15 Jan 2026
Published
16 Jan 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.07%

KEV

Description

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Statistics

  • 3 Posts

Last activity: 15 hours ago

Fediverse

Profile picture

🔴 CVE-2025-14237 - Critical (9.8)

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 2
  • 15h ago

Overview

  • Microsoft
  • Windows Admin Center in Azure Portal

13 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.04%

KEV

Description

Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post

Last activity: 23 hours ago

Fediverse

Profile picture

Cymulate Research Labs discovered a critical vulnerability, CVE-2026-20965, in Azure Windows Admin Center (WAC) that allows an attacker with local administrator access on one machine to achieve tenant-wide Remote Code Execution (RCE). Microsoft has released version 0.70.00 of the Windows Admin Center Azure Extension to patch this flaw, which stems from improper token validation in the Azure AD Single Sign-On implementation.
cymulate.com/blog/cve-2026-209

  • 0
  • 0
  • 0
  • 23h ago

Overview

  • redis
  • redis

04 Nov 2025
Published
06 Nov 2025
Updated

CVSS v4.0
HIGH (7.7)
EPSS
0.28%

KEV

Description

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture
剖析和利用 CVE-2025-62507:Redis 中的遠程代碼執行漏洞
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Fortinet
  • FortiSwitchManager

13 Jan 2026
Published
16 Jan 2026
Updated

CVSS v3.1
HIGH (7.4)
EPSS
0.02%

KEV

Description

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.16, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture
The latest update for #ArcticWolf includes "CVE-2025-64155: FortiSIEM Remote Unauthenticated Command Injection Vulnerability" and "CVE-2025-25249: Remote Code Execution Vulnerability in FortiOS and FortiSwitchManager". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Fortinet
  • FortiSIEM

12 Aug 2025
Published
16 Aug 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
26.27%

KEV

Description

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture
FortiSIEMに未認証RCEのクリティカル脆弱性、PoC公開で悪用リスクが急上昇(CVE-2025-64155/CVE-2025-25256) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • NVIDIA
  • NVIDIA Isaac-GR00T N1.5

18 Nov 2025
Published
18 Nov 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture
~Trendmicro~ Trend Micro's new ÆSIR AI platform has discovered 21 critical zero-day vulnerabilities in foundational AI infrastructure from NVIDIA, Tencent, and others. - IOCs: CVE-2025-23296, CVE-2025-33183, CVE-2025-33184 - #0day #AI #ThreatIntel
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Google
  • Android

11 Dec 2025
Published
15 Jan 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture

RE: hachyderm.io/@evacide/11590066

Vulnerability introduced by AI-enhanced media processing.

• Attackers can leverage tiny memory corruption windows
• Media decoder memory layouts present consistent security vulnerabilities

thank you 🙇🏻 @evacide for this high-quality explainer with references:

1. CVE-2025-49415
2. CVE-2025-54957
3. CVE-2025-36934
4. Dolby Digital (DD) and Dolby Digital Plus (DD+) audio formats
5. ETSI audio format specification

this isn't over imo. #infosec

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • NVIDIA
  • NVIDIA Isaac-GR00T N1

13 Aug 2025
Published
13 Aug 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture
~Trendmicro~ Trend Micro's new ÆSIR AI platform has discovered 21 critical zero-day vulnerabilities in foundational AI infrastructure from NVIDIA, Tencent, and others. - IOCs: CVE-2025-23296, CVE-2025-33183, CVE-2025-33184 - #0day #AI #ThreatIntel
  • 0
  • 0
  • 0
  • 23h ago
Showing 71 to 80 of 83 CVEs