24h | 7d | 30d

CVE-2025-59106

Overview

  • dormakaba
  • Access Manager 92xx-k7
26 Jan 2026
Published
27 Jan 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-59106 - High (8.8)

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-24798

Overview

  • GaijinEntertainment
  • DagorEngine
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine (prog/3rdPartyLibs/miniupnpc modules). This vulnerability is associated with program files upnpreplyparse.C. This issue affects DagorEngine: through dagor_2025_01_15.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture
BaseFortify.eu @basefortify.bsky.social
🚨 Critical memory corruption flaw disclosed: CVE-2026-24798 affects Gaijin Entertainment’s DagorEngine and can lead to crashes or potential code execution due to improper memory buffer restrictions. Full report: basefortify.eu/cve_reports/... #CVE #DagorEngine #GameSecurity 🎮
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-24836

Overview

  • dnnsoftware
  • Dnn.Platform
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS v3.1
HIGH (7.7)
EPSS
Pending
KEV

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24836 - High (7.6)

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include script...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-24873

Overview

  • Rinnegatamante
  • lpp-vita
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.This issue affects lpp-vita: before lpp-vita r6.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24873 - High (7.8)

Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.This issue affects lpp-vita: before lpp-vita r6.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-24741

Overview

  • C4illin
  • ConvertX
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
Pending
KEV

Description

ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the `POST /delete` endpoint uses a user-controlled `filename` value to construct a filesystem path and deletes it via `unlink` without sufficient validation. By supplying path traversal sequences (e.g., `../`), an attacker can delete arbitrary files outside the intended uploads directory, limited only by the permissions of the server process. Version 0.17.0 fixes the issue.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24741 - High (8.1)

ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the `POST /delete` endpoint uses a user-controlled `filename` value to construct a filesystem path and deletes it via `unlink` without sufficient validation. By supplying...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-24747

Overview

  • pytorch
  • pytorch
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24747 - High (8.8)

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., w...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-24831

Overview

  • ixray-team
  • ixray-1.6-stcop
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

Statistics

  • 2 Posts
Last activity: 20 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24831 - High (7.5)

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 20h ago

CVE-2025-12556

Overview

  • IDIS
  • ICM Viewer
06 Nov 2025
Published
06 Nov 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.11%
KEV

Description

An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.

Statistics

  • 1 Post
Last activity: 18 hours ago

Bluesky

Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 CVE-2025-12556 : exécution de code en « 1 clic » dans IDIS Cloud Manager Viewer (Windows) 📝 Selon Team82, une faille critique dans IDIS Cloud Man… https://cyberveille.ch/posts/2026-01-27-cve-2025-12556-execution-de-code-en-1-clic-dans-idis-cloud-manager-viewer-windows/ #CVE_2025_12556 #Cyberveille
  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-0994

Overview

  • Python
  • Protobuf
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v4.0
HIGH (8.2)
EPSS
0.02%
KEV

Description

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture
キタきつね @kitafox.bsky.social
Google プロトコル バッファに重大な DoS 脆弱性 (CVE-2026-0994) が発生 High-Severity DoS Flaw Hits Google Protocol Buffers (CVE-2026-0994) #DailyCyberSecurity (Jan 27) securityonline.info/high-severit...
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-24783

Overview

  • script3
  • soroban-fixed-point-math
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the `mulDiv(x, y, z)` function incorrectly handled cases where both the intermediate product $x * y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was negative, the final result must also be negative, neglecting the sign of $z$. This resulted in rounding being applied in the wrong direction for cases where both $x * y$ and $z$ were negative. The functions most at risk are `fixed_div_floor` and `fixed_div_ceil`, as they often use non-constant numbers as the divisor $z$ in `mulDiv`. This error is present in all signed `FixedPoint` and `SorobanFixedPoint` implementations, including `i64`, `i128`, and `I256`. Versions 1.3.1 and 1.4.1 contain a patch. No known workarounds for this issue are available.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24783 - High (7.5)

soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the `mulDiv(x, y, z)` function incorrectly handled cases where both the intermediate product $x * y$ and the divisor $z$ were negative....

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago
Showing 41 to 50 of 85 CVEs