CVE-2025-40552

Overview

SolarWinds
Web Help Desk

28 Jan 2026

Published

28 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

Pending

MITRE

KEV

Description

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.

Statistics

1 Post

Last activity: 1 hour ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-40552 - Critical (9.8)

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40552/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
1h ago

CVE-2025-61727

Overview

Go standard library
crypto/x509
crypto/x509

03 Dec 2025

Published

03 Dec 2025

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

Statistics

1 Post

Last activity: 23 hours ago

Bluesky

Lambda Watchdog @lambdawatchdog.bsky.social

🔍 Lambda Watchdog detected that CVE-2025-61727 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/357 #AWS #Lambda #Security #CVE #DevOps #SecOps

0
0
0
23h ago

CVE-2026-24841

Overview

Dokploy
dokploy

28 Jan 2026

Published

28 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.9)

EPSS

Pending

MITRE

KEV

Description

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint `/docker-container-terminal`. The `containerId` and `activeWay` parameters are directly interpolated into shell commands without sanitization, allowing authenticated attackers to execute arbitrary commands on the host server. Version 0.26.6 fixes the issue.

Statistics

1 Post

Last activity: 9 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-24841 - Critical (9.9)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint `/docker-container-terminal`. The `containerId` and `activeWay` parameter...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24841/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
9h ago

CVE-2025-40553

Overview

SolarWinds
Web Help Desk

28 Jan 2026

Published

28 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

Pending

MITRE

KEV

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Statistics

1 Post

Last activity: 1 hour ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-40553 - Critical (9.8)

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without au...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40553/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
1h ago

CVE-2024-11053

Overview

curl
curl

11 Dec 2024

Published

03 Nov 2025

Updated

CVSS

Pending

EPSS

1.03%

MITRE

KEV

Description

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

Statistics

1 Post

Last activity: 23 hours ago

Bluesky

Lambda Watchdog @lambdawatchdog.bsky.social

🔍 Lambda Watchdog detected that CVE-2024-11053 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/368 #AWS #Lambda #Security #CVE #DevOps #SecOps

0
0
0
23h ago

CVE-2026-24770

Overview

infiniflow
ragflow

27 Jan 2026

Published

27 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

Pending

MITRE

KEV

Description

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading to Remote Code Execution) via a malicious ZIP archive. The MinerUParser class retrieves and extracts ZIP files from an external source (mineru_server_url). The extraction logic in `_extract_zip_no_root` fails to sanitize filenames within the ZIP archive. Commit 64c75d558e4a17a4a48953b4c201526431d8338f contains a patch for the issue.

Statistics

1 Post

Last activity: 12 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-24770 - Critical (9.8)

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24770/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
12h ago

CVE-2026-24875

Overview

yoyofr
modizer

27 Jan 2026

Published

27 Jan 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

Pending

MITRE

KEV

Description

Integer Overflow or Wraparound vulnerability in yoyofr modizer.This issue affects modizer: before 4.1.1.

Statistics

1 Post

Last activity: 19 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-24875 - High (7.8)

Integer Overflow or Wraparound vulnerability in yoyofr modizer.This issue affects modizer: before 4.1.1.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24875/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
19h ago

CVE-2026-24838

Overview

dnnsoftware
Dnn.Platform

27 Jan 2026

Published

27 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

Pending

MITRE

KEV

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

Statistics

2 Posts

Last activity: 9 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-24838 - Critical (9.1)

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24838/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
1
9h ago

CVE-2026-22260

Overview

OISF
suricata

27 Jan 2026

Published

27 Jan 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

Pending

MITRE

KEV

Description

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for `request-body-limit` and `response-body-limit`.

Statistics

1 Post

Last activity: 17 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-22260 - High (7.5)

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for `request-body-limit` and `respo...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22260/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
17h ago

CVE-2026-22258

Overview

OISF
suricata

27 Jan 2026

Published

27 Jan 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

Pending

MITRE

KEV

Description

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over UDP, it is believed that DCERPC over TCP and SMB are also vulnerable. DCERPC/TCP in the default configuration should not be vulnerable as the default stream depth is limited to 1MiB. Versions 8.0.3 and 7.0.14 contain a patch. Some workarounds are available. For DCERPC/UDP, disable the parser. For DCERPC/TCP, the `stream.reassembly.depth` setting will limit the amount of data that can be buffered. For DCERPC/SMB, the `stream.reassembly.depth` can be used as well, but is set to unlimited by default. Imposing a limit here may lead to loss of visibility in SMB.

Statistics

1 Post

Last activity: 17 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-22258 - High (7.5)

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22258/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
17h ago