🟠 CVE-2025-33219 - High (7.8)

NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33219/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2025-69517 - Critical (9.8)

An issue in Amidaware Inc Tactical RMM v1.3.1 and before allows a remote attacker to execute arbitrary code via the /api/tacticalrmm/apiv3/views.py component

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69517/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

OpenSSL Security Advisory (corrected - added CVE-2026-22795 and CVE-2026-22796) https://groups.google.com/a/openssl.org/g/openssl-project/c/pwBoo9Tac6M #infosec

‼️AISLE Goes 12-for-12 on OpenSSL Vulnerability Detection

CVEs Published: January 27th, 2026

High and Moderate Severity Flaws:

▪️CVE-2025-15467: Stack Buffer Overflow in CMS AuthEnvelopedData Parsing (High): A vulnerability with the potential to enable remote code execution under specific conditions

▪️CVE-2025-11187: PBMAC1 Parameter Validation in PKCS#12 (Moderate): Missing validation that could trigger a stack-based buffer overflow

Low Severity Flaws:

▪️CVE-2025-15468: Crash in QUIC protocol cipher handling
▪️CVE-2025-15469: Silent truncation bug affecting post-quantum signature algorithms (ML-DSA)
▪️CVE-2025-66199: Memory exhaustion via TLS 1.3 certificate compression
▪️CVE-2025-68160: Memory corruption in line-buffering (affects code back to OpenSSL 1.0.2)
▪️CVE-2025-69418: Encryption flaw in OCB mode on hardware-accelerated paths
▪️CVE-2025-69419: Memory corruption in PKCS#12 character encoding
▪️CVE-2025-69420: Crash in TimeStamp Response verification
▪️CVE-2025-69421: Crash in PKCS#12 decryption
▪️CVE-2026-22795: Crash in PKCS#12 parsing
▪️CVE-2026-22796: Crash in PKCS#7 signature verification (affects code back to OpenSSL 1.0.2)

"When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.

Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk."

Writeup: https://aisle.com/blog/aisle-discovered-12-out-of-12-openssl-vulnerabilities

OpenSSL Security Advisory (corrected - added CVE-2026-22795 and CVE-2026-22796) https://groups.google.com/a/openssl.org/g/openssl-project/c/pwBoo9Tac6M #infosec

‼️AISLE Goes 12-for-12 on OpenSSL Vulnerability Detection

CVEs Published: January 27th, 2026

High and Moderate Severity Flaws:

▪️CVE-2025-15467: Stack Buffer Overflow in CMS AuthEnvelopedData Parsing (High): A vulnerability with the potential to enable remote code execution under specific conditions

▪️CVE-2025-11187: PBMAC1 Parameter Validation in PKCS#12 (Moderate): Missing validation that could trigger a stack-based buffer overflow

Low Severity Flaws:

▪️CVE-2025-15468: Crash in QUIC protocol cipher handling
▪️CVE-2025-15469: Silent truncation bug affecting post-quantum signature algorithms (ML-DSA)
▪️CVE-2025-66199: Memory exhaustion via TLS 1.3 certificate compression
▪️CVE-2025-68160: Memory corruption in line-buffering (affects code back to OpenSSL 1.0.2)
▪️CVE-2025-69418: Encryption flaw in OCB mode on hardware-accelerated paths
▪️CVE-2025-69419: Memory corruption in PKCS#12 character encoding
▪️CVE-2025-69420: Crash in TimeStamp Response verification
▪️CVE-2025-69421: Crash in PKCS#12 decryption
▪️CVE-2026-22795: Crash in PKCS#12 parsing
▪️CVE-2026-22796: Crash in PKCS#7 signature verification (affects code back to OpenSSL 1.0.2)

"When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.

Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk."

Writeup: https://aisle.com/blog/aisle-discovered-12-out-of-12-openssl-vulnerabilities

Unveiling the Weaponized Web Shell EncystPHP
https://www.fortinet.com/blog/threat-research/unveiling-the-weaponized-web-shell-encystphp

FortiGuard Labs has discovered a web shell that we named “EncystPHP.” It
features several advanced capabilities, including remote command execution,
persistence mechanisms, and web shell deployment. Incidents were launched in
early December last year and propagated via exploitation of the FreePBX
vulnerability CVE-2025-64328.

Its malicious activity appears to be associated with the hacker group
INJ3CTOR3, first identified in 2020, which targeted CVE-2019-19006. In 2022,
the threat actor shifted its focus to the Elastix system via CVE-2021-45461.
These incidents begin with the exploitation of a FreePBX vulnerability,
followed by the deployment of a PHP web shell in the target environments. We
assess that this campaign represents recent attack activity and behavior
patterns associated with INJ3CTOR3.

Unveiling the Weaponized Web Shell EncystPHP
https://www.fortinet.com/blog/threat-research/unveiling-the-weaponized-web-shell-encystphp

FortiGuard Labs has discovered a web shell that we named “EncystPHP.” It
features several advanced capabilities, including remote command execution,
persistence mechanisms, and web shell deployment. Incidents were launched in
early December last year and propagated via exploitation of the FreePBX
vulnerability CVE-2025-64328.

Its malicious activity appears to be associated with the hacker group
INJ3CTOR3, first identified in 2020, which targeted CVE-2019-19006. In 2022,
the threat actor shifted its focus to the Elastix system via CVE-2021-45461.
These incidents begin with the exploitation of a FreePBX vulnerability,
followed by the deployment of a PHP web shell in the target environments. We
assess that this campaign represents recent attack activity and behavior
patterns associated with INJ3CTOR3.