24h | 7d | 30d

CVE-2025-57283

Overview

  • Pending
28 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.11%
KEV

Description

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-57283 - High (7.8)

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-14472

Overview

  • Drupal
  • Acquia Content Hub
28 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-14472 - High (8.1)

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 10h ago

CVE-2025-69517

Overview

  • Pending
28 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.05%
KEV

Description

An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agent_id parameter accepts up to 255 characters and is improperly sanitized using DOMPurify.sanitize() with the html: true option enabled, which fails to adequately filter HTML input. The injected HTML is rendered in the Tactical RMM management panel when an administrator attempts to remove or shut down the affected agent, potentially leading to client-side attacks such as UI manipulation or phishing. NOTE: the Supplier's position is that this has incorrect information.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2025-69517 - Critical (9.8)

An issue in Amidaware Inc Tactical RMM v1.3.1 and before allows a remote attacker to execute arbitrary code via the /api/tacticalrmm/apiv3/views.py component

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-7713

Overview

  • Global Interactive Design Media Software Inc.
  • Content Management System (CMS)
29 Jan 2026
Published
29 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows XSS Through HTTP Headers.This issue affects Content Management System (CMS): through 21072025.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-7713 - High (7.5)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows XSS Through HTTP Headers.This issue affects Content M...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-68160

Overview

  • OpenSSL
  • OpenSSL
27 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 #SUSE #OpenSSL 1.1 Security Update Alert! 🚨 Patch now: SUSE-SU-2026:0331-1 fixes 7 flaws (CVSS up to 6.2). Includes heap OOB write (CVE-2025-68160) & multiple ASN.1 type validation issues. Read more: πŸ‘‰ tinyurl.com/2ke7dauh #Security
  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-13837

Overview

  • Python Software Foundation
  • CPython
01 Dec 2025
Published
07 Jan 2026
Updated
CVSS v4.0
LOW (2.1)
EPSS
0.02%
KEV

Description

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical Python 3.11 patch for #SUSE/#openSUSE. Fixes CVE-2025-12084 (DoS), CVE-2025-13836 (HTTP attack), CVE-2025-13837 (OOM). Patch now: zypper patch. Read more: πŸ‘‰ tinyurl.com/cfmna2d6 #Security
  • 0
  • 0
  • 0
  • 17h ago

CVE-2019-19006

Overview

  • Pending
21 Nov 2019
Published
05 Aug 2024
Updated
CVSS
Pending
EPSS
2.14%
KEV

Description

Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Unveiling the Weaponized Web Shell EncystPHP
fortinet.com/blog/threat-resea

FortiGuard Labs has discovered a web shell that we named β€œEncystPHP.” It
features several advanced capabilities, including remote command execution,
persistence mechanisms, and web shell deployment. Incidents were launched in
early December last year and propagated via exploitation of the FreePBX
vulnerability CVE-2025-64328.

Its malicious activity appears to be associated with the hacker group
INJ3CTOR3, first identified in 2020, which targeted CVE-2019-19006. In 2022,
the threat actor shifted its focus to the Elastix system via CVE-2021-45461.
These incidents begin with the exploitation of a FreePBX vulnerability,
followed by the deployment of a PHP web shell in the target environments. We
assess that this campaign represents recent attack activity and behavior
patterns associated with INJ3CTOR3.

  • 0
  • 0
  • 0
  • 14h ago

CVE-2021-45461

Overview

  • Pending
22 Dec 2021
Published
04 Aug 2024
Updated
CVSS
Pending
EPSS
3.73%
KEV

Description

FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Unveiling the Weaponized Web Shell EncystPHP
fortinet.com/blog/threat-resea

FortiGuard Labs has discovered a web shell that we named β€œEncystPHP.” It
features several advanced capabilities, including remote command execution,
persistence mechanisms, and web shell deployment. Incidents were launched in
early December last year and propagated via exploitation of the FreePBX
vulnerability CVE-2025-64328.

Its malicious activity appears to be associated with the hacker group
INJ3CTOR3, first identified in 2020, which targeted CVE-2019-19006. In 2022,
the threat actor shifted its focus to the Elastix system via CVE-2021-45461.
These incidents begin with the exploitation of a FreePBX vulnerability,
followed by the deployment of a PHP web shell in the target environments. We
assess that this campaign represents recent attack activity and behavior
patterns associated with INJ3CTOR3.

  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-13836

Overview

  • Python Software Foundation
  • CPython
01 Dec 2025
Published
26 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.3)
EPSS
0.10%
KEV

Description

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical Python 3.11 patch for #SUSE/#openSUSE. Fixes CVE-2025-12084 (DoS), CVE-2025-13836 (HTTP attack), CVE-2025-13837 (OOM). Patch now: zypper patch. Read more: πŸ‘‰ tinyurl.com/cfmna2d6 #Security
  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-12084

Overview

  • Python Software Foundation
  • CPython
03 Dec 2025
Published
26 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.3)
EPSS
0.09%
KEV

Description

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical Python 3.11 patch for #SUSE/#openSUSE. Fixes CVE-2025-12084 (DoS), CVE-2025-13836 (HTTP attack), CVE-2025-13837 (OOM). Patch now: zypper patch. Read more: πŸ‘‰ tinyurl.com/cfmna2d6 #Security
  • 0
  • 0
  • 0
  • 17h ago
Showing 61 to 70 of 70 CVEs