24h | 7d | 30d

CVE-2025-40536

Overview

  • SolarWinds
  • Web Help Desk
28 Jan 2026
Published
28 Jan 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
Pending
KEV

Description

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-40536 - High (8.1)

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • Last hour

CVE-2026-24832

Overview

  • ixray-team
  • ixray-1.6-stcop
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐Ÿ”ด CVE-2026-24832 - Critical (9.8)

Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-14762

Overview

  • AWS
  • AWS SDK for Ruby
17 Dec 2025
Published
17 Dec 2025
Updated
CVSS v3.1
MEDIUM (5.3)
EPSS
0.01%
KEV

Description

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for Ruby to version 1.208.0 or later.

Statistics

  • 1 Post
Last activity: 23 hours ago

Bluesky

Profile picture
Lambda Watchdog @lambdawatchdog.bsky.social
๐Ÿ” Lambda Watchdog detected that CVE-2025-14762 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/362 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-24874

Overview

  • themrdemonized
  • xray-monolith
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
Pending
KEV

Description

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30.

Statistics

  • 2 Posts
Last activity: 19 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐Ÿ”ด CVE-2026-24874 - Critical (9.1)

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 19h ago

CVE-2025-10966

Overview

  • curl
  • curl
07 Nov 2025
Published
10 Nov 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.

Statistics

  • 1 Post
Last activity: 23 hours ago

Bluesky

Profile picture
Lambda Watchdog @lambdawatchdog.bsky.social
๐Ÿ” Lambda Watchdog detected that CVE-2025-10966 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/371 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-59106

Overview

  • dormakaba
  • Access Manager 92xx-k7
26 Jan 2026
Published
27 Jan 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-59106 - High (8.8)

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabi...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-24798

Overview

  • GaijinEntertainment
  • DagorEngine
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine (prog/3rdPartyLibs/miniupnpc modules). This vulnerability is associated with program files upnpreplyparse.C. This issue affects DagorEngine: through dagor_2025_01_15.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture
BaseFortify.eu @basefortify.bsky.social
๐Ÿšจ Critical memory corruption flaw disclosed: CVE-2026-24798 affects Gaijin Entertainmentโ€™s DagorEngine and can lead to crashes or potential code execution due to improper memory buffer restrictions. Full report: basefortify.eu/cve_reports/... #CVE #DagorEngine #GameSecurity ๐ŸŽฎ
  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-24836

Overview

  • dnnsoftware
  • Dnn.Platform
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS v3.1
HIGH (7.7)
EPSS
Pending
KEV

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2026-24836 - High (7.6)

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include script...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-24536

Overview

  • webpushr
  • Webpushr
  • webpushr-web-push-notifications
23 Jan 2026
Published
26 Jan 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2026-24536 - High (7.5)

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through &lt;= 4.38.0.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-41726

Overview

  • Beckhoff Automation
  • Beckhoff.Device.Manager.XAR
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.18%
KEV

Description

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-41726 - High (8.8)

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within pr...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 23h ago
Showing 41 to 50 of 90 CVEs