24h | 7d | 30d

Overview

  • NVIDIA
  • GeForce

28 Jan 2026
Published
29 Jan 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.00%

KEV

Description

NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture

🟠 CVE-2025-33219 - High (7.8)

NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Pending

28 Jan 2026
Published
29 Jan 2026
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

An issue in Amidaware Inc Tactical RMM v1.3.1 and before allows a remote attacker to execute arbitrary code via the /api/tacticalrmm/apiv3/views.py component

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture

🔴 CVE-2025-69517 - Critical (9.8)

An issue in Amidaware Inc Tactical RMM v1.3.1 and before allows a remote attacker to execute arbitrary code via the /api/tacticalrmm/apiv3/views.py component

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • Last hour

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
27 Jan 2026
Updated

CVSS
Pending
EPSS
0.07%

KEV

Description

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

Statistics

  • 3 Posts
  • 3 Interactions

Last activity: 17 hours ago

Fediverse

Profile picture

OpenSSL Security Advisory (corrected - added CVE-2026-22795 and CVE-2026-22796) groups.google.com/a/openssl.or #infosec

  • 2
  • 0
  • 1
  • 19h ago
Profile picture

‼️AISLE Goes 12-for-12 on OpenSSL Vulnerability Detection

CVEs Published: January 27th, 2026

High and Moderate Severity Flaws:

▪️CVE-2025-15467: Stack Buffer Overflow in CMS AuthEnvelopedData Parsing (High): A vulnerability with the potential to enable remote code execution under specific conditions

▪️CVE-2025-11187: PBMAC1 Parameter Validation in PKCS#12 (Moderate): Missing validation that could trigger a stack-based buffer overflow

Low Severity Flaws:

▪️CVE-2025-15468: Crash in QUIC protocol cipher handling
▪️CVE-2025-15469: Silent truncation bug affecting post-quantum signature algorithms (ML-DSA)
▪️CVE-2025-66199: Memory exhaustion via TLS 1.3 certificate compression
▪️CVE-2025-68160: Memory corruption in line-buffering (affects code back to OpenSSL 1.0.2)
▪️CVE-2025-69418: Encryption flaw in OCB mode on hardware-accelerated paths
▪️CVE-2025-69419: Memory corruption in PKCS#12 character encoding
▪️CVE-2025-69420: Crash in TimeStamp Response verification
▪️CVE-2025-69421: Crash in PKCS#12 decryption
▪️CVE-2026-22795: Crash in PKCS#12 parsing
▪️CVE-2026-22796: Crash in PKCS#7 signature verification (affects code back to OpenSSL 1.0.2)

"When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.

Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk."

Writeup: aisle.com/blog/aisle-discovere

  • 0
  • 1
  • 0
  • 17h ago

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
27 Jan 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.

Statistics

  • 3 Posts
  • 3 Interactions

Last activity: 17 hours ago

Fediverse

Profile picture

OpenSSL Security Advisory (corrected - added CVE-2026-22795 and CVE-2026-22796) groups.google.com/a/openssl.or #infosec

  • 2
  • 0
  • 1
  • 19h ago
Profile picture

‼️AISLE Goes 12-for-12 on OpenSSL Vulnerability Detection

CVEs Published: January 27th, 2026

High and Moderate Severity Flaws:

▪️CVE-2025-15467: Stack Buffer Overflow in CMS AuthEnvelopedData Parsing (High): A vulnerability with the potential to enable remote code execution under specific conditions

▪️CVE-2025-11187: PBMAC1 Parameter Validation in PKCS#12 (Moderate): Missing validation that could trigger a stack-based buffer overflow

Low Severity Flaws:

▪️CVE-2025-15468: Crash in QUIC protocol cipher handling
▪️CVE-2025-15469: Silent truncation bug affecting post-quantum signature algorithms (ML-DSA)
▪️CVE-2025-66199: Memory exhaustion via TLS 1.3 certificate compression
▪️CVE-2025-68160: Memory corruption in line-buffering (affects code back to OpenSSL 1.0.2)
▪️CVE-2025-69418: Encryption flaw in OCB mode on hardware-accelerated paths
▪️CVE-2025-69419: Memory corruption in PKCS#12 character encoding
▪️CVE-2025-69420: Crash in TimeStamp Response verification
▪️CVE-2025-69421: Crash in PKCS#12 decryption
▪️CVE-2026-22795: Crash in PKCS#12 parsing
▪️CVE-2026-22796: Crash in PKCS#7 signature verification (affects code back to OpenSSL 1.0.2)

"When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.

Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk."

Writeup: aisle.com/blog/aisle-discovere

  • 0
  • 1
  • 0
  • 17h ago

Overview

  • Pending

22 Dec 2021
Published
04 Aug 2024
Updated

CVSS
Pending
EPSS
3.73%

KEV

Description

FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture

Unveiling the Weaponized Web Shell EncystPHP
fortinet.com/blog/threat-resea

FortiGuard Labs has discovered a web shell that we named “EncystPHP.” It
features several advanced capabilities, including remote command execution,
persistence mechanisms, and web shell deployment. Incidents were launched in
early December last year and propagated via exploitation of the FreePBX
vulnerability CVE-2025-64328.

Its malicious activity appears to be associated with the hacker group
INJ3CTOR3, first identified in 2020, which targeted CVE-2019-19006. In 2022,
the threat actor shifted its focus to the Elastix system via CVE-2021-45461.
These incidents begin with the exploitation of a FreePBX vulnerability,
followed by the deployment of a PHP web shell in the target environments. We
assess that this campaign represents recent attack activity and behavior
patterns associated with INJ3CTOR3.

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Python Software Foundation
  • CPython

03 Dec 2025
Published
26 Jan 2026
Updated

CVSS v4.0
MEDIUM (6.3)
EPSS
0.09%

KEV

Description

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture
Critical Python 3.11 patch for #SUSE/#openSUSE. Fixes CVE-2025-12084 (DoS), CVE-2025-13836 (HTTP attack), CVE-2025-13837 (OOM). Patch now: zypper patch. Read more: 👉 tinyurl.com/cfmna2d6 #Security
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Pending

21 Nov 2019
Published
05 Aug 2024
Updated

CVSS
Pending
EPSS
2.14%

KEV

Description

Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture

Unveiling the Weaponized Web Shell EncystPHP
fortinet.com/blog/threat-resea

FortiGuard Labs has discovered a web shell that we named “EncystPHP.” It
features several advanced capabilities, including remote command execution,
persistence mechanisms, and web shell deployment. Incidents were launched in
early December last year and propagated via exploitation of the FreePBX
vulnerability CVE-2025-64328.

Its malicious activity appears to be associated with the hacker group
INJ3CTOR3, first identified in 2020, which targeted CVE-2019-19006. In 2022,
the threat actor shifted its focus to the Elastix system via CVE-2021-45461.
These incidents begin with the exploitation of a FreePBX vulnerability,
followed by the deployment of a PHP web shell in the target environments. We
assess that this campaign represents recent attack activity and behavior
patterns associated with INJ3CTOR3.

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Python Software Foundation
  • CPython

01 Dec 2025
Published
26 Jan 2026
Updated

CVSS v4.0
MEDIUM (6.3)
EPSS
0.10%

KEV

Description

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture
Critical Python 3.11 patch for #SUSE/#openSUSE. Fixes CVE-2025-12084 (DoS), CVE-2025-13836 (HTTP attack), CVE-2025-13837 (OOM). Patch now: zypper patch. Read more: 👉 tinyurl.com/cfmna2d6 #Security
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Python Software Foundation
  • CPython

01 Dec 2025
Published
07 Jan 2026
Updated

CVSS v4.0
LOW (2.1)
EPSS
0.02%

KEV

Description

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture
Critical Python 3.11 patch for #SUSE/#openSUSE. Fixes CVE-2025-12084 (DoS), CVE-2025-13836 (HTTP attack), CVE-2025-13837 (OOM). Patch now: zypper patch. Read more: 👉 tinyurl.com/cfmna2d6 #Security
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • GnuPG
  • GnuPG

27 Jan 2026
Published
28 Jan 2026
Updated

CVSS v3.1
LOW (3.7)
EPSS
0.01%

KEV

Description

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture
SIOSセキュリティブログを更新しました。 GnuPGの脆弱性(High: CVE-2026-24881, CVE-2026-24882, Low: CVE-2026-24883) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #gnupg #gpg security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 18h ago
Showing 71 to 80 of 89 CVEs