CVE-2025-10911

Overview

libxslt

25 Sep 2025

Published

20 Nov 2025

Updated

CVSS

Pending

EPSS

0.02%

MITRE

KEV

Description

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

Statistics

1 Post

Last activity: 10 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

🚨 #LinuxAdvisory: #SUSE releases critical libxml2 update (2026-0570-1). Patches 5 high-impact CVEs including infinite recursion (CVE-2026-0990) and memory corruption (CVE-2025-10911). Affects: openSUSE Leap 15.5/15.6 & SLE Micro 5.5. Read more: 👉 tinyurl.com/24xa4dky

0
0
0
10h ago

CVE-2026-25157

Overview

openclaw
openclaw

04 Feb 2026

Published

05 Feb 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.01%

MITRE

KEV

Description

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescaped path was interpolated directly into an echo statement, allowing arbitrary command execution on the remote SSH host. The parseSSHTarget function did not validate that SSH target strings could not begin with a dash. An attacker-supplied target like -oProxyCommand=... would be interpreted as an SSH configuration flag rather than a hostname, allowing arbitrary command execution on the local machine. This issue has been patched in version 2026.1.29.

Statistics

1 Post

Last activity: 2 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Akamai~ The OpenClaw AI agent's rapid deployment revealed critical security gaps, proving traditional security controls are a non-negotiable foundation. - IOCs: CVE-2026-25253, CVE-2026-25157 - #AISecurity #OWASP #ThreatIntel

0
0
0
2h ago

CVE-2021-22214

Overview

GitLab
GitLab

08 Jun 2021

Published

03 Aug 2024

Updated

CVSS v3.1

MEDIUM (6.8)

EPSS

93.52%

MITRE

KEV

Description

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited

Statistics

1 Post
1 Interaction

Last activity: 3 hours ago

Fediverse

Darses @darses

Gitlab vulnerability CVE-2021-22175 got added to the CISA KEV. But this vuln is just a more complete patch to CVE-2021-22214. Likewise CVE-2021-39935 covers even more case where the CI Lint function could be used without authentication. In fact, the exploit code identical for all vulnerabilites. CVE-2021-39935 was already on the list, CVE-2021-22175 got added today and CVE-2021-22214 is still missing.

#cybersecurity #vulnerability #circus

1
0
0
3h ago

CVE-2021-39935

Overview

GitLab
GitLab

13 Dec 2021

Published

03 Feb 2026

Updated

CVSS v3.1

MEDIUM (6.8)

EPSS

57.16%

MITRE

KEV

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API

Statistics

1 Post
1 Interaction

Last activity: 3 hours ago

Fediverse

Darses @darses

Gitlab vulnerability CVE-2021-22175 got added to the CISA KEV. But this vuln is just a more complete patch to CVE-2021-22214. Likewise CVE-2021-39935 covers even more case where the CI Lint function could be used without authentication. In fact, the exploit code identical for all vulnerabilites. CVE-2021-39935 was already on the list, CVE-2021-22175 got added today and CVE-2021-22214 is still missing.

#cybersecurity #vulnerability #circus

1
0
0
3h ago

CVE-2025-66614

Overview

Apache Software Foundation
Apache Tomcat

17 Feb 2026

Published

17 Feb 2026

Updated

CVSS

Pending

EPSS

0.02%

MITRE

KEV

Description

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected. Tomcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one of those hosts did not require client certificate authentication but another one did, it was possible for a client to bypass the client certificate authentication by sending different host names in the SNI extension and the HTTP host header field. The vulnerability only applies if client certificate authentication is only enforced at the Connector. It does not apply if client certificate authentication is enforced at the web application. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.

Statistics

2 Posts

Last activity: 15 hours ago

Bluesky

ohhara @shiojiri.com

JVNVU#91658988: Apache Tomcatにおける複数の脆弱性（CVE-2025-66614、CVE-2026-24733、CVE-2026-24734） https://jvn.jp/vu/JVNVU91658988/

0
0
1
15h ago

CVE-2025-65717

Overview

Pending

16 Feb 2026

Published

18 Feb 2026

Updated

CVSS

Pending

EPSS

0.03%

MITRE

KEV

Description

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page.

Statistics

2 Posts

Last activity: 9 hours ago

Fediverse

Jeff Hall - PCIGuru :verified: @jbhall56

The security issues impact Code Runner (CVE-2025-65715), Markdown Preview Enhanced (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned). https://www.bleepingcomputer.com/news/security/flaws-in-popular-vscode-extensions-expose-developers-to-attacks/

0
0
1
9h ago

CVE-2020-7796

Overview

Pending

18 Feb 2020

Published

18 Feb 2026

Updated

CVSS

Pending

EPSS

93.55%

MITRE

KEV

Description

Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.

Statistics

1 Post

Last activity: 18 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Cisa~ CISA added four actively exploited vulnerabilities affecting Microsoft, Zimbra, TeamT5, and Chromium to its KEV catalog, requiring urgent remediation. - IOCs: CVE-2026-2441, CVE-2024-7694, CVE-2020-7796 - #CISA #KEV #PatchNow #ThreatIntel

0
0
0
18h ago

CVE-2025-65716

Overview

Pending

16 Feb 2026

Published

17 Feb 2026

Updated

CVSS

Pending

EPSS

0.05%

MITRE

KEV

Description

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file.

Statistics

2 Posts

Last activity: 9 hours ago

Fediverse

Jeff Hall - PCIGuru :verified: @jbhall56

The security issues impact Code Runner (CVE-2025-65715), Markdown Preview Enhanced (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned). https://www.bleepingcomputer.com/news/security/flaws-in-popular-vscode-extensions-expose-developers-to-attacks/

0
0
1
9h ago

CVE-2025-65715

Overview

Pending

16 Feb 2026

Published

18 Feb 2026

Updated

CVSS

Pending

EPSS

0.02%

MITRE

KEV

Description

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace.

Statistics

2 Posts

Last activity: 9 hours ago

Fediverse

Jeff Hall - PCIGuru :verified: @jbhall56

The security issues impact Code Runner (CVE-2025-65715), Markdown Preview Enhanced (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned). https://www.bleepingcomputer.com/news/security/flaws-in-popular-vscode-extensions-expose-developers-to-attacks/

0
0
1
9h ago