24h | 7d | 30d

Overview

  • JNC
  • IAQS

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.13%

KEV

Description

IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture

🔴 CVE-2026-1364 - Critical (9.8)

IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • FOGProject
  • fogproject

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.03%

KEV

Description

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites and files on the machine running FOG. This appears to be reachable without an authenticated web session when the request includes newService=1. The issue does not have a fixed release version at the time of publication.

Statistics

  • 1 Post

Last activity: 23 hours ago

Fediverse

Profile picture

🟠 CVE-2026-24138 - High (7.5)

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Pending

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck() function in file internal/sbi/processor/access_token.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access token with any arbitrary scope.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture

🔴 CVE-2025-66719 - Critical (9.1)

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck() function in file internal/sbi/processor/access_token.go bypasses all scope validation when the attacker uses a crafted targe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • GPT Academic
  • GPT Academic

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS v3.0
HIGH (8.1)
EPSS
0.36%

KEV

Description

GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS server is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the stream_daas function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27956.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture

🟠 CVE-2026-0762 - High (8.1)

GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS serve...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • chattermate
  • chattermate.chat

24 Jan 2026
Published
24 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
Pending

KEV

Description

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an <iframe> payload containing a javascript: URI can be processed and executed in the browser context. This allows access to sensitive client-side data such as localStorage tokens and cookies, resulting in client-side injection. This issue has been fixed in version 1.0.9.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture

🔴 CVE-2026-24399 - Critical (9.3)

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be proces...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • Last hour

Overview

  • curl
  • curl

08 Jan 2026
Published
16 Jan 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture
🚨 Breaking: 5 cURL vulnerabilities patched in #SUSE Linux Micro 6.2 (CVE-2025-14017, -14524, -14819, -15079, -15224). Includes bearer token leaks & SSH bypasses. Immediate patching required for internet-facing systems. Read more: 👉 tinyurl.com/3jxe3b5b #Security
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Pending

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture

🔴 CVE-2025-67229 - Critical (9.8)

An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • InternationalColorConsortium
  • iccDEV

24 Jan 2026
Published
24 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
Pending

KEV

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture

🟠 CVE-2026-24405 - High (8.8)

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllab...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • Last hour

Overview

  • ALGO
  • 8180 IP Audio Alerter

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS v3.0
HIGH (8.1)
EPSS
0.57%

KEV

Description

ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InformaCast functionality. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28302.

Statistics

  • 2 Posts

Last activity: 20 hours ago

Fediverse

Profile picture

🟠 CVE-2026-0793 - High (8.1)

ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentica...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 20h ago

Overview

  • Apple
  • Container

22 Jan 2026
Published
23 Jan 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames. This issue is addressed in container 0.8.0 and containerization 0.21.0.

Statistics

  • 1 Post

Last activity: 9 hours ago

Fediverse

Profile picture

🟠 CVE-2026-20613 - High (7.8)

The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 9h ago
Showing 71 to 80 of 103 CVEs