24h | 7d | 30d

CVE-2009-0556

Overview

  • Pending
03 Apr 2009
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
76.76%
KEV

Description

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."

Statistics

  • 2 Posts
Last activity: 6 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

๐Ÿšจ CISA adds two vulnerabilities to the KEV Catalog

darkwebinformer.com/cisa-kev-c

CVE-2009-0556: Microsoft Office PowerPoint Code Injection Vulnerability

CVSS: 9.3

CVE-2025-37164: Hewlett Packard Enterprise OneView Code Injection Vulnerability

CVSS: 10

  • 0
  • 0
  • 0
  • 20h ago

Bluesky

Profile picture
Sami Laiho @samilaiho.com
CISA Adds Two Known Exploited Vulnerabilities to Catalog URL: www.cisa.gov/news-events/... Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 10.0 CVEs: CVE-2009-0556, CVE-2025-37164
  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-66913

Overview

  • Pending
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than CVE-2025-10770.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐Ÿ”ด CVE-2025-66913 - Critical (9.8)

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute a...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-63611

Overview

  • Pending
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). When an administrator opens the complaint, injected HTML/JavaScript executes in the admin's browser.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-63611 - High (8.7)

Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=)...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-68717

Overview

  • Pending
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user's active session to retrieve sensitive configuration data or execute privileged actions without authentication.

Statistics

  • 3 Posts
Last activity: 13 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐Ÿ”ด CVE-2025-68717 - Critical (9.4)

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This des...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 2
  • 13h ago

CVE-2025-69194

Overview

  • wget2
09 Jan 2026
Published
09 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the userโ€™s environment.

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
๐Ÿšจ Security Update: #openSUSE Tumbleweed Patch NOW for libwget4 (CVE-2025-69194, CVE-2025-69195). Affects wget2. Moderate severity, but don't delay. Read more: ๐Ÿ‘‰ tinyurl.com/3vs9dhmu #Security
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-69195

Overview

  • wget2
09 Jan 2026
Published
09 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities.

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
๐Ÿšจ Security Update: #openSUSE Tumbleweed Patch NOW for libwget4 (CVE-2025-69194, CVE-2025-69195). Affects wget2. Moderate severity, but don't delay. Read more: ๐Ÿ‘‰ tinyurl.com/3vs9dhmu #Security
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-67089

Overview

  • Pending
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands with root privileges

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 19 hours ago

Fediverse

Profile picture
cR0w @cR0w

GL-iNet

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667 @Viss

  • 1
  • 1
  • 0
  • 19h ago

CVE-2025-67091

Overview

  • Pending
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API calls to manage packages. The vulnerable code uses shell redirection to create a lock file in the world-writable /tmp directory.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 19 hours ago

Fediverse

Profile picture
cR0w @cR0w

GL-iNet

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667 @Viss

  • 1
  • 1
  • 0
  • 19h ago

CVE-2025-67090

Overview

  • Pending
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (`/cgi-bin/luci`). An unauthenticated attacker on the local network can perform unlimited password attempts against the admin interface.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 19 hours ago

Fediverse

Profile picture
cR0w @cR0w

GL-iNet

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667 @Viss

  • 1
  • 1
  • 0
  • 19h ago

CVE-2025-54068

Overview

  • livewire
  • livewire
17 Jul 2025
Published
17 Jul 2025
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.10%
KEV

Description

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture
Mynameisv @mynameisv.bsky.social
C'est un beau dรฉbut d'annรฉe pour la FrenchTech avec : ๐Ÿ’ฅ Vulns CVE-2026-21858 et CVE-2025-68613 n8n par @chocapikk.bsky.social ๐Ÿ’ฅ Vuln Livewire CVE-2025-54068* par @w0rty.bsky.social et @remsio.bsky.social Bravo ร  vous ๐ŸŽ‰ et bonne annรฉe 2026 ๐Ÿ˜„ *allez.... fin 2025 c'est presque dรฉbut 2026 ๐Ÿ˜…
  • 0
  • 0
  • 0
  • 1h ago
Showing 71 to 80 of 86 CVEs