CVE-2025-14235

Overview

Canon Inc.
Satera LBP670C Series

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

Pending

MITRE

KEV

Description

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Statistics

1 Post

Last activity: 8 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-14235 - Critical (9.8)

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Sa...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14235/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
8h ago

CVE-2025-70744

Overview

Pending

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Statistics

1 Post

Last activity: 17 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-70744 - High (7.5)

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70744/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
17h ago

CVE-2025-14237

Overview

Canon Inc.
Satera LBP670C Series

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

Pending

MITRE

KEV

Description

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Statistics

3 Posts

Last activity: 8 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-14237 - Critical (9.8)

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14237/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
2
8h ago

CVE-2025-25249

Overview

Fortinet
FortiSwitchManager

13 Jan 2026

Published

16 Jan 2026

Updated

CVSS v3.1

HIGH (7.4)

EPSS

0.02%

MITRE

KEV

Description

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.16, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets

Statistics

1 Post

Last activity: 7 hours ago

Bluesky

OpsMatters @opsmatters.com

The latest update for #ArcticWolf includes "CVE-2025-64155: FortiSIEM Remote Unauthenticated Command Injection Vulnerability" and "CVE-2025-25249: Remote Code Execution Vulnerability in FortiOS and FortiSwitchManager". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl

0
0
0
7h ago

CVE-2025-33183

Overview

NVIDIA
NVIDIA Isaac-GR00T N1.5

18 Nov 2025

Published

18 Nov 2025

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.02%

MITRE

KEV

Description

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Statistics

1 Post

Last activity: 16 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Trendmicro~ Trend Micro's new ÆSIR AI platform has discovered 21 critical zero-day vulnerabilities in foundational AI infrastructure from NVIDIA, Tencent, and others. - IOCs: CVE-2025-23296, CVE-2025-33183, CVE-2025-33184 - #0day #AI #ThreatIntel

0
0
0
16h ago

CVE-2025-36934

Overview

Google
Android

11 Dec 2025

Published

15 Jan 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

1 Post

Last activity: 13 hours ago

Fediverse

Emory @emory

RE: https://hachyderm.io/@evacide/115900663566563599

Vulnerability introduced by AI-enhanced media processing.

• Attackers can leverage tiny memory corruption windows
• Media decoder memory layouts present consistent security vulnerabilities

thank you 🙇🏻 @evacide for this high-quality explainer with references:

1. CVE-2025-49415
2. CVE-2025-54957
3. CVE-2025-36934
4. Dolby Digital (DD) and Dolby Digital Plus (DD+) audio formats
5. ETSI audio format specification

this isn't over imo. #infosec

0
0
0
13h ago

CVE-2025-23296

Overview

NVIDIA
NVIDIA Isaac-GR00T N1

13 Aug 2025

Published

13 Aug 2025

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.02%

MITRE

KEV

Description

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Statistics

1 Post

Last activity: 16 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Trendmicro~ Trend Micro's new ÆSIR AI platform has discovered 21 critical zero-day vulnerabilities in foundational AI infrastructure from NVIDIA, Tencent, and others. - IOCs: CVE-2025-23296, CVE-2025-33183, CVE-2025-33184 - #0day #AI #ThreatIntel

0
0
0
16h ago

CVE-2025-49415

Overview

Fastw3b LLC
FW Gallery
fw-gallery

17 Jun 2025

Published

26 Jun 2025

Updated

CVSS v3.1

HIGH (8.6)

EPSS

0.06%

MITRE

KEV

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Gallery allows Path Traversal. This issue affects FW Gallery: from n/a through 8.0.0.

Statistics

1 Post

Last activity: 13 hours ago

Fediverse

Emory @emory

RE: https://hachyderm.io/@evacide/115900663566563599

Vulnerability introduced by AI-enhanced media processing.

• Attackers can leverage tiny memory corruption windows
• Media decoder memory layouts present consistent security vulnerabilities

thank you 🙇🏻 @evacide for this high-quality explainer with references:

1. CVE-2025-49415
2. CVE-2025-54957
3. CVE-2025-36934
4. Dolby Digital (DD) and Dolby Digital Plus (DD+) audio formats
5. ETSI audio format specification

this isn't over imo. #infosec

0
0
0
13h ago

CVE-2025-33184

Overview

NVIDIA
NVIDIA Isaac-GR00T N1.5

18 Nov 2025

Published

19 Nov 2025

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.02%

MITRE

KEV

Description

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Statistics

1 Post

Last activity: 16 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Trendmicro~ Trend Micro's new ÆSIR AI platform has discovered 21 critical zero-day vulnerabilities in foundational AI infrastructure from NVIDIA, Tencent, and others. - IOCs: CVE-2025-23296, CVE-2025-33183, CVE-2025-33184 - #0day #AI #ThreatIntel

0
0
0
16h ago

CVE-2026-22642

Overview

SICK AG
Incoming Goods Suite

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS v3.1

MEDIUM (4.2)

EPSS

Pending

MITRE

KEV

Description

An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL