24h | 7d | 30d

CVE-2025-34164

Overview

  • NetSupport Ltd.
  • NetSupport Manager
29 Aug 2025
Published
03 Nov 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.44%
KEV

Description

A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or execute arbitrary code.

Statistics

  • 2 Posts
Last activity: 1 hour ago

Fediverse

Profile picture
buherator @buherator
[RSS] [Blog] Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive

https://code-white.com/blog/2026-01-nsm-rce/

CVE-2025-34164, CVE-2025-34165
  • 0
  • 0
  • 0
  • 1h ago

Bluesky

Profile picture
buherator @buherator.bsky.social
[RSS] [Blog] Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive code-white.com -> CVE-2025-34164, CVE-2025-34165 Original->
  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-64720

Overview

  • pnggroup
  • libpng
24 Nov 2025
Published
25 Nov 2025
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.06%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≀ alpha Γ— 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.

Statistics

  • 2 Posts
Last activity: 11 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Technical Breakdown: ELSA-2026-0251 for #Oracle Linux 7 addresses CVE-2025-64720, a buffer overflow in libpng 1.5.13. The flaw exists in PNG chunk processing. Read more: πŸ‘‰ tinyurl.com/mpskytjr #Security
  • 0
  • 0
  • 0
  • 11h ago
Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
CRITICAL: Patch Java 17 on #Oracle Linux 8 now. New advisory ELSA-2026-0927 fixes RCE vulnerability CVE-2025-64720 and 4 other CVEs. Read more: πŸ‘‰ tinyurl.com/4fk788ms #Security
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-24469

Overview

  • frustratedProton
  • http-server
24 Jan 2026
Published
24 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.02%
KEV

Description

C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to read arbitrary files from the server's filesystem by crafting a malicious HTTP GET request containing ../ sequences. The application fails to sanitize the filename variable derived from the user-controlled URL path, directly concatenating it to the files_directory base path and enabling traversal outside the intended root. No patch was available at the time of publication.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24469 - High (7.5)

C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote att...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-21962

Overview

  • Oracle Corporation
  • Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
20 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.03%
KEV

Description

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in. While the vulnerability is in Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data. Note: Affected version for Weblogic Server Proxy Plug-in for IIS is 12.2.1.4.0 only. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture
OpsMatters @opsmatters.com
The latest update for #ArcticWolf includes "CVE-2026-21962: Maximum-severity Vulnerability in Oracle HTTP Server/WebLogic Proxy Plug-In". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-1257

Overview

  • shazdeh
  • Administrative Shortcodes
24 Jan 2026
Published
24 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.07%
KEV

Description

The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'get_template' shortcode. This is due to insufficient path validation on user-supplied input passed to the get_template_part() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-1257 - High (7.5)

The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'get_template' shortcode. This is due to insufficient path validation on user-supp...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-14321

Overview

  • Mozilla
  • Firefox
09 Dec 2025
Published
11 Dec 2025
Updated
CVSS
Pending
EPSS
0.08%
KEV

Description

Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
πŸ“Œ Firefox WebRTC Encoded Transforms Vulnerability: Use-After-Free via Undetached ArrayBuffer (CVE-2025-14321) https://www.cyberhub.blog/article/18458-firefox-webrtc-encoded-transforms-vulnerability-use-after-free-via-undetached-arraybuffer-cve-2025-14321
  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-56590

Overview

  • Pending
22 Jan 2026
Published
23 Jan 2026
Updated
CVSS
Pending
EPSS
0.05%
KEV

Description

An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2025-56590 - Critical (9.8)

An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-34165

Overview

  • NetSupport Ltd.
  • NetSupport Manager
29 Aug 2025
Published
02 Sep 2025
Updated
CVSS v4.0
HIGH (8.8)
EPSS
0.28%
KEV

Description

A stack-based buffer overflow vulnerability in NetSupport ManagerΒ 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.

Statistics

  • 2 Posts
Last activity: 1 hour ago

Fediverse

Profile picture
buherator @buherator
[RSS] [Blog] Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive

https://code-white.com/blog/2026-01-nsm-rce/

CVE-2025-34164, CVE-2025-34165
  • 0
  • 0
  • 0
  • 1h ago

Bluesky

Profile picture
buherator @buherator.bsky.social
[RSS] [Blog] Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive code-white.com -> CVE-2025-34164, CVE-2025-34165 Original->
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-0911

Overview

  • wpmudev
  • Hustle – Email Marketing, Lead Generation, Optins, Popups
24 Jan 2026
Published
24 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, with a lower-privileged role (e.g., Subscriber-level access and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires an admin to grant Hustle module permissions (or module edit access) to the low-privileged user so they can access the Hustle admin page and obtain the required nonce.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0911 - High (7.5)

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-24399

Overview

  • chattermate
  • chattermate.chat
24 Jan 2026
Published
24 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.01%
KEV

Description

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an <iframe> payload containing a javascript: URI can be processed and executed in the browser context. This allows access to sensitive client-side data such as localStorage tokens and cookies, resulting in client-side injection. This issue has been fixed in version 1.0.9.

Statistics

  • 2 Posts
Last activity: 23 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2026-24399 - Critical (9.3)

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be proces...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 23h ago
Showing 21 to 30 of 30 CVEs