24h | 7d | 30d

CVE-2025-67822

Overview

  • Pending
15 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.26%
KEV

Description

A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to gain unauthorized access to user or admin accounts in the system.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-67822 - Critical (9.4)

A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanism...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-67077

Overview

  • Pending
15 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-67077 - High (8.8)

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-67823

Overview

  • Pending
15 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction where the email channel is enabled. This could allow an attacker to execute arbitrary scripts in the victim's browser or desktop client application.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-67823 - High (8.2)

A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input va...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-20965

Overview

  • Microsoft
  • Windows Admin Center in Azure Portal
13 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.04%
KEV

Description

Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
📌 Critical Token Validation Flaw in Azure Windows Admin Center Enables Tenant-Wide Remote Code Execution (CVE-2026-20965) https://www.cyberhub.blog/article/18181-critical-token-validation-flaw-in-azure-windows-admin-center-enables-tenant-wide-remote-code-execution-cve-2026-20965
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-0863

Overview

  • n8n
18 Jan 2026
Published
18 Jan 2026
Updated
CVSS v3.1
HIGH (8.5)
EPSS
Pending
KEV

Description

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode. If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.

Statistics

  • 3 Posts
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0863 - High (8.5)

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system.

The vulnerability can be exploited via the Code ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 2
  • 5h ago

CVE-2025-20393

Overview

  • Cisco
  • Cisco Secure Email
17 Dec 2025
Published
15 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
4.13%
KEV

Description

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture
キタきつね @kitafox.bsky.social
Cisco、ゼロデイ攻撃で悪用されたAsyncOSの脆弱性(CVE-2025-20393)を修正 Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) #HelpNetSecurity (Jan 16) www.helpnetsecurity.com/2026/01/16/c...
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-21444

Overview

  • stefanberger
  • libtpms
02 Jan 2026
Published
05 Jan 2026
Updated
CVSS v3.1
MEDIUM (5.5)
EPSS
0.00%
KEV

Description

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. Version 0.10.2 fixes the issue. No known workarounds are available.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT: #Fedora 43 libtpms update fixes CVE-2026-21444 - cryptographic IV flaw in VM TPM emulation. Read more: 👉 tinyurl.com/mr2a3tu8 #Security
  • 0
  • 0
  • 0
  • 9h ago
Showing 1 to 7 of 7 CVEs