24h | 7d | 30d

Overview

  • Huawei
  • HarmonyOS

14 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
HIGH (8.4)
EPSS
0.01%

KEV

Description

Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Statistics

  • 1 Post

Last activity: 10 hours ago

Fediverse

Profile picture

🟠 CVE-2025-68960 - High (8.4)

Multi-thread race condition vulnerability in the video framework module.
Impact: Successful exploitation of this vulnerability may affect availability.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Zohocorp
  • ManageEngine PAM360

13 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.01%

KEV

Description

Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.

Statistics

  • 1 Post

Last activity: 23 hours ago

Fediverse

Profile picture

🟠 CVE-2025-11669 - High (8.1)

Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago

Overview

  • redis
  • redis

03 Oct 2025
Published
04 Nov 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
5.97%

KEV

Description

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture

Redis Lua vuln impacts BIG-IP Next and no patches are available.

my.f5.com/manage/s/article/K00

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 0
  • 0
  • Last hour

Overview

  • Microsoft
  • Office Online Server

13 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.05%

KEV

Description

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Statistics

  • 2 Posts

Last activity: 19 hours ago

Fediverse

Profile picture

🟠 CVE-2026-20957 - High (7.8)

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 19h ago

Overview

  • Adobe
  • Dreamweaver Desktop

13 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
HIGH (8.6)
EPSS
0.04%

KEV

Description

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.

Statistics

  • 2 Posts

Last activity: 18 hours ago

Fediverse

Profile picture

🟠 CVE-2026-21268 - High (8.6)

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 18h ago

Overview

  • Adobe
  • Substance3D - Painter

13 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture

🟠 CVE-2026-21305 - High (7.8)

Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Huawei
  • HarmonyOS

14 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
HIGH (8.0)
EPSS
0.00%

KEV

Description

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Statistics

  • 1 Post

Last activity: 10 hours ago

Fediverse

Profile picture

🟠 CVE-2025-68955 - High (8)

Multi-thread race condition vulnerability in the card framework module.
Impact: Successful exploitation of this vulnerability may affect availability.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • woosaai
  • Integration Opvius AI for WooCommerce

14 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.09%

KEV

Description

The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `process_table_bulk_actions()` function processing user-supplied file paths without authentication checks, nonce verification, or path validation. This makes it possible for unauthenticated attackers to delete or download arbitrary files on the server via the `wsaw-log[]` POST parameter, which can be leveraged to delete critical files like `wp-config.php` or read sensitive configuration files.

Statistics

  • 1 Post

Last activity: 7 hours ago

Fediverse

Profile picture

🔴 CVE-2025-14301 - Critical (9.8)

The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `process_table_bulk_actions()` function processing user-supplied file paths without auth...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Webkul
  • Krayin CRM

14 Apr 2025
Published
14 Apr 2025
Updated

CVSS v4.0
MEDIUM (5.1)
EPSS
0.02%

KEV

Description

A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor prepares a fix for the next major release and explains that he does not think therefore that this should qualify for a CVE.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture
The One JavaScript Line That Hacks Admins: Dissecting CVE-2025-3568 + Video Introduction: A recently disclosed vulnerability, CVE-2025-3568, demonstrates the devastating potential of chaining a seemingly minor Cross-Site Scripting (XSS) flaw into a full administrative account takeover. This…
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Adobe
  • InDesign Desktop

13 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture

🟠 CVE-2026-21275 - High (7.8)

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 18h ago
Showing 71 to 80 of 126 CVEs