24h | 7d | 30d

CVE-2025-20393

Overview

  • Cisco
  • Cisco Secure Email
17 Dec 2025
Published
15 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
6.44%
KEV

Description

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
Anonymous :verified: @youranonnewsirc

Here's a brief on the latest global, tech, and cybersecurity news from the last 24 hours:

Global: Uganda's Yoweri Museveni was declared winner of the presidential election. Over 100 people have died in torrential rains and floods across Southern Africa.

Tech: OpenAI is reportedly considering introducing ads to ChatGPT. Google filed to appeal a decision in its search monopoly case, and new generative AI features are rolling out for Gmail.

Cybersecurity: Cisco patched a zero-day vulnerability (CVE-2025-20393) exploited by a China-linked APT (Jan 16). A new PayPal phishing scam uses verified invoices with fake support numbers, and the GhostPoster browser malware, active for five years, was exposed.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-53690

Overview

  • Sitecore
  • Experience Manager (XM)
03 Sep 2025
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.0)
EPSS
10.18%
KEV

Description

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

A China-linked hacker group, UAT-8837, has been exploiting a Sitecore zero-day vulnerability (CVE-2025-53690) for initial access to North American critical infrastructure. The group, active since at least 2025, focuses on obtaining credentials and network information using various open-source and living-off-the-land tools.
bleepingcomputer.com/news/secu

  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-21900

Overview

  • nasa
  • CryptoLib
10 Jan 2026
Published
13 Jan 2026
Updated
CVSS v4.0
HIGH (8.2)
EPSS
0.06%
KEV

Description

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in cryptography_encrypt() occurs when parsing JSON metadata from KMC server responses. The flawed strtok iteration pattern uses ptr + strlen(ptr) + 1 which reads one byte past allocated buffer boundaries when processing short or malformed metadata strings. This issue has been patched in version 1.4.3.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
geeknik @geeknik

CVE-2026-21900: NASA’s own crypto lib leaks heap memory like a cracked spacesuit—because strtok(ptr+strlen+1) is apparently flight-ready code.
redpacketsecurity.com/cisa-vul

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-0861

Overview

  • The GNU C Library
  • glibc
14 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 13 hours ago

Fediverse

Profile picture
Xerz 💗 @xerz

tbh, CVE-2026-0915 does require the sysadmin to do something extremely weird, so: okay I guess

nevertheless, it’s very much a C-specific issue

…and then there’s CVE-2026-0861

  • 1
  • 0
  • 0
  • 13h ago

CVE-2026-22695

Overview

  • pnggroup
  • libpng
12 Jan 2026
Published
13 Jan 2026
Updated
CVSS v3.1
MEDIUM (6.1)
EPSS
0.01%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 CRITICAL: Mageia 9 libpng vulnerabilities CVE-2026-22695 & CVE-2026-22801 allow heap buffer over-read attacks. MGASA-2026-0010 patch now available. Read more: 👉 tinyurl.com/52x7w749 #Security
  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-22801

Overview

  • pnggroup
  • libpng
12 Jan 2026
Published
13 Jan 2026
Updated
CVSS v3.1
MEDIUM (6.8)
EPSS
0.01%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 CRITICAL: Mageia 9 libpng vulnerabilities CVE-2026-22695 & CVE-2026-22801 allow heap buffer over-read attacks. MGASA-2026-0010 patch now available. Read more: 👉 tinyurl.com/52x7w749 #Security
  • 0
  • 0
  • 0
  • 21h ago
Showing 11 to 16 of 16 CVEs