CVE-2025-67645

Overview

openemr
openemr

27 Jan 2026

Published

27 Jan 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

Pending

MITRE

KEV

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters (pubpid / pid) to reference another user’s record; the server accepts the modified IDs and applies the changes to that other user’s profile. This allows one user to alter another user’s profile data (name, contact info, etc.), and could enable account takeover. Version 7.0.4 fixes the issue.

Statistics

1 Post

Last activity: 10 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-67645 - High (8.8)

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request paramet...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67645/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
10h ago

CVE-2025-40554

Overview

SolarWinds
Web Help Desk

28 Jan 2026

Published

28 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

Pending

MITRE

KEV

Description

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

Statistics

1 Post

Last activity: 1 hour ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-40554 - Critical (9.8)

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40554/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
1h ago

CVE-2026-23881

Overview

kyverno
kyverno

27 Jan 2026

Published

27 Jan 2026

Updated

CVSS v3.1

HIGH (7.7)

EPSS

Pending

MITRE

KEV

Description

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially amplify string data through context variables. Versions 1.16.3 and 1.15.3 contain a patch for the vulnerability.

Statistics

1 Post

Last activity: 17 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-23881 - High (7.7)

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23881/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
17h ago

CVE-2026-1470

Overview

n8n

27 Jan 2026

Published

27 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.9)

EPSS

Pending

MITRE

KEV

Description

n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.

Statistics

1 Post

Last activity: 20 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-1470 - Critical (9.9)

n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficie...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1470/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
20h ago

CVE-2025-14733

Overview

WatchGuard
Fireware OS

19 Dec 2025

Published

20 Dec 2025

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

40.66%

MITRE

KEV

Description

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.5 and 2025.1 up to and including 2025.1.3.

Statistics

1 Post

Last activity: 6 hours ago

Bluesky

OpsMatters @opsmatters.com

The latest update for #CyCognito includes "Domain-to-IP Volatility at Scale: A Study of 4 Million Enterprise Domains" and "Emerging Threat: CVE-2025-14733 – Authentication Bypass Vulnerability". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X

0
0
0
6h ago

CVE-2026-0702

Overview

wpcreatix
VidShop – Shoppable Videos for WooCommerce

28 Jan 2026

Published

28 Jan 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

Pending

MITRE

KEV

Description

The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Statistics

1 Post

Last activity: 1 hour ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-0702 - High (7.5)

The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0702/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
1h ago

CVE-2026-24840

Overview

Dokploy
dokploy

28 Jan 2026

Published

28 Jan 2026

Updated

CVSS v3.1

HIGH (8.0)

EPSS

Pending

MITRE

KEV

Description

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line 154) uses a hardcoded password when creating the database container. This means that nearly all Dokploy installations use the same database credentials and could be compromised. Version 0.26.6 contains a patch for the issue.

Statistics

1 Post

Last activity: 9 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-24840 - High (8)

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line 154) uses a hardcoded password when creating th...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24840/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
9h ago

CVE-2025-10148

Overview

curl
curl

12 Sep 2025

Published

18 Nov 2025

Updated

CVSS

Pending

EPSS

0.10%

MITRE

KEV

Description

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.

Statistics

1 Post

Last activity: 23 hours ago

Bluesky

Lambda Watchdog @lambdawatchdog.bsky.social

🔍 Lambda Watchdog detected that CVE-2025-10148 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/370 #AWS #Lambda #Security #CVE #DevOps #SecOps

0
0
0
23h ago

CVE-2026-24524

Overview

Essekia
Tablesome
tablesome

23 Jan 2026

Published

26 Jan 2026

Updated

CVSS

Pending

EPSS

0.03%

MITRE

KEV

Description

Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.2.

Statistics

1 Post

Last activity: 19 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-24524 - High (8.1)

Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.2.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24524/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
19h ago

CVE-2025-62507

Overview

redis
redis

04 Nov 2025

Published

06 Nov 2025

Updated

CVSS v4.0

HIGH (7.7)

EPSS

0.10%

MITRE

KEV

Description

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

Statistics

1 Post

Last activity: 19 hours ago

Bluesky

Checkmarx Zero @checkmarxzero.bsky.social

Due to detailed #exploit guidance in the wild, the priority of patching this #Redis XACKDEL #vulnerability increased this week. CVE-2025-62507 buff.ly/NJvVjvS ‼️ if you haven't yet upgraded your Redis installs, you should increase the priority of that. #CVE #ApplicationSecurity #ProductSecurity

0
0
0
19h ago