CVE-2026-22265

Overview

roxy-wi
roxy-wi

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

Pending

MITRE

KEV

Description

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py line 87, where the grep parameter is used twice - once sanitized and once raw. This vulnerability is fixed in 8.2.8.2.

Statistics

1 Post

Last activity: 9 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-22265 - High (7.5)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22265/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
9h ago

CVE-2026-0830

Overview

AWS
Kiro IDE

09 Jan 2026

Published

09 Jan 2026

Updated

CVSS v4.0

HIGH (8.4)

EPSS

0.04%

MITRE

KEV

Description

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version.

Statistics

1 Post

Last activity: 13 hours ago

Bluesky

Eyal Estrin ☁️ @eyalestrin.bsky.social

CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper #patchmanagement

0
0
0
13h ago

CVE-2025-14235

Overview

Canon Inc.
Satera LBP670C Series

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

Pending

MITRE

KEV

Description

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Statistics

1 Post

Last activity: 2 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-14235 - Critical (9.8)

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Sa...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14235/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
2h ago

CVE-2025-70744

Overview

Pending

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Statistics

1 Post

Last activity: 11 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-70744 - High (7.5)

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70744/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
11h ago

CVE-2025-14237

Overview

Canon Inc.
Satera LBP670C Series

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

Pending

MITRE

KEV

Description

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Statistics

3 Posts

Last activity: 2 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-14237 - Critical (9.8)

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14237/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
2
2h ago

CVE-2025-25249

Overview

Fortinet
FortiSwitchManager

13 Jan 2026

Published

14 Jan 2026

Updated

CVSS v3.1

HIGH (7.4)

EPSS

0.02%

MITRE

KEV

Description

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.16, FortiSASE 25.2.b, FortiSASE 25.1.a.2, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets

Statistics

1 Post

Last activity: 1 hour ago

Bluesky

OpsMatters @opsmatters.com

The latest update for #ArcticWolf includes "CVE-2025-64155: FortiSIEM Remote Unauthenticated Command Injection Vulnerability" and "CVE-2025-25249: Remote Code Execution Vulnerability in FortiOS and FortiSwitchManager". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl

0
0
0
1h ago

CVE-2025-33183

Overview

NVIDIA
NVIDIA Isaac-GR00T N1.5

18 Nov 2025

Published

18 Nov 2025

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.02%

MITRE

KEV

Description

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Statistics

1 Post

Last activity: 9 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Trendmicro~ Trend Micro's new ÆSIR AI platform has discovered 21 critical zero-day vulnerabilities in foundational AI infrastructure from NVIDIA, Tencent, and others. - IOCs: CVE-2025-23296, CVE-2025-33183, CVE-2025-33184 - #0day #AI #ThreatIntel

0
0
0
9h ago

CVE-2025-36934

Overview

Google
Android

11 Dec 2025

Published

15 Jan 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

1 Post

Last activity: 7 hours ago

Fediverse

Emory @emory

RE: https://hachyderm.io/@evacide/115900663566563599

Vulnerability introduced by AI-enhanced media processing.

• Attackers can leverage tiny memory corruption windows
• Media decoder memory layouts present consistent security vulnerabilities

thank you 🙇🏻 @evacide for this high-quality explainer with references:

1. CVE-2025-49415
2. CVE-2025-54957
3. CVE-2025-36934
4. Dolby Digital (DD) and Dolby Digital Plus (DD+) audio formats
5. ETSI audio format specification

this isn't over imo. #infosec

0
0
0
7h ago

CVE-2025-23296

Overview

NVIDIA
NVIDIA Isaac-GR00T N1

13 Aug 2025

Published

13 Aug 2025

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.02%

MITRE

KEV

Description

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Statistics

1 Post

Last activity: 9 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Trendmicro~ Trend Micro's new ÆSIR AI platform has discovered 21 critical zero-day vulnerabilities in foundational AI infrastructure from NVIDIA, Tencent, and others. - IOCs: CVE-2025-23296, CVE-2025-33183, CVE-2025-33184 - #0day #AI #ThreatIntel

0
0
0
9h ago

CVE-2025-49415

Overview

Fastw3b LLC
FW Gallery
fw-gallery

17 Jun 2025

Published

26 Jun 2025

Updated

CVSS v3.1

HIGH (8.6)

EPSS

0.06%

MITRE

KEV

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Gallery allows Path Traversal. This issue affects FW Gallery: from n/a through 8.0.0.

Statistics

1 Post

Last activity: 7 hours ago

Fediverse

Emory @emory

RE: https://hachyderm.io/@evacide/115900663566563599

Vulnerability introduced by AI-enhanced media processing.

• Attackers can leverage tiny memory corruption windows
• Media decoder memory layouts present consistent security vulnerabilities

thank you 🙇🏻 @evacide for this high-quality explainer with references:

1. CVE-2025-49415
2. CVE-2025-54957
3. CVE-2025-36934
4. Dolby Digital (DD) and Dolby Digital Plus (DD+) audio formats
5. ETSI audio format specification

this isn't over imo. #infosec

0
0
0
7h ago