24h | 7d | 30d

CVE-2025-4319

Overview

  • Birebirsoft Software and Technology Solutions
  • Sufirmam
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.4)
EPSS
Pending
KEV

Description

Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026.Β NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2025-4319 - Critical (9.4)

Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.This issu...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-54388

Overview

  • moby
  • moby
30 Jul 2025
Published
30 Jul 2025
Updated
CVSS v4.0
MEDIUM (5.1)
EPSS
0.00%
KEV

Description

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including those created by Docker. While Docker should automatically recreate these rules, versions before 28.3.3 fail to recreate the specific rules that block external access to containers. This means that after a firewalld reload, containers with ports published to localhost (like 127.0.0.1:8080) become accessible from remote machines that have network routing to the Docker bridge, even though they should only be accessible from the host itself. The vulnerability only affects explicitly published ports - unpublished ports remain protected. This issue is fixed in version 28.3.3.

Statistics

  • 1 Post
Last activity: 8 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical RCE in #SUSE SLES15 SP5 Docker images (CVE-2025-54388). Patching is step 1. Step 2 is building a resilient container security posture. Read more: πŸ‘‰ tinyurl.com/y2c46yva #Security
  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-59719

Overview

  • Fortinet
  • FortiWeb
09 Dec 2025
Published
14 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.08%
KEV

Description

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Statistics

  • 2 Posts
Last activity: 6 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Arctic Wolf observes malicious configuration changes on Fortinet FortiGate devices via SSO accounts
Source: arcticwolf.com/resources/blog/
Arctic Wolf reports a new cluster of automated attacks observed from Jan. 15, 2026, involving unauthorized configuration changes on FortiGate firewalls. The activity includes creation of generic accounts for persistence, VPN access being granted to those accounts, and exfiltration of firewall configurations.
The campaign resembles activity Arctic Wolf disclosed in December 2025, which involved malicious SSO logins to administrator accounts followed by configuration changes and data exfiltration. Arctic Wolf has active detections in place and is alerting affected customers as additional cases are identified.
The activity follows Fortinet’s December advisory on two critical authentication bypass vulnerabilities, CVE-2025-59718 and CVE-2025-59719, which allow unauthenticated SSO access via crafted SAML messages when FortiCloud SSO is enabled. Affected products include FortiOS, FortiWeb, FortiProxy and FortiSwitchManager. It remains unclear whether the latest activity is fully mitigated by the existing patches.

  • 0
  • 0
  • 0
  • 6h ago

Bluesky

Profile picture
Undercode Testing @undercode.bsky.social
Fortigate Firewalls Hacked in Seconds: How Attackers Are Exploiting SSO Flaws to Own Your Network +Β Video Introduction: A critical vulnerability pair in Fortinet FortiGate firewalls (CVE-2025-59718 and CVE-2025-59719) is being actively exploited in automated attacks, allowing threat actors to…
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-1363

Overview

  • JNC
  • IAQS
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.03%
KEV

Description

IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2026-1363 - Critical (9.8)

IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-0710

Overview

  • sipp
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS
Pending
EPSS
0.05%
KEV

Description

A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol (SIP) messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a denial of service. Under specific conditions, it may also allow an attacker to execute unauthorized code, compromising the system's integrity and availability.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-0710 - High (8.4)

A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol (SIP) messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leadi...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-21264

Overview

  • Microsoft
  • Microsoft Account
22 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.06%
KEV

Description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 2 Posts
Last activity: 19 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2026-21264 - Critical (9.3)

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 19h ago

CVE-2026-0770

Overview

  • Langflow
  • Langflow
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
1.15%
KEV

Description

Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the exec_globals parameter provided to the validate endpoint. The issue results from the inclusion of a resource from an untrusted control sphere. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27325.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2026-0770 - Critical (9.8)

Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not r...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-0756

Overview

  • github-kanban-mcp-server
  • github-kanban-mcp-server
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
1.00%
KEV

Description

github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of github-kanban-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the create_issue parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27784.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2026-0756 - Critical (9.8)

github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of github-kanban-mcp-server. Authentication is not required to...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 9h ago

CVE-2025-69908

Overview

  • Pending
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-69908 - High (7.5)

An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-0760

Overview

  • Foundation Agents
  • MetaGPT
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
1.30%
KEV

Description

Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deserialize_message function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28121.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2026-0760 - Critical (9.8)

Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authe...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 8h ago
Showing 71 to 80 of 87 CVEs