#1 · PT-2025-48817 · Meta · React Server Components
Published
2025-12-03
·
Updated
2026-01-22
·
CVE-2025-55182
10
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
React versions 19.0.0 through 19.2.1
Next.js versions 15.x and 16.x
Description
React Server Components (RSC) is affected by a critical remote code execution (RCE) vulnerability (CVE-2025-55182) with a CVSS score of 10.0. This vulnerability stems from unsafe deserialization of HTTP request payloads within Server Function endpoints. Exploitation allows unauthenticated attacke...
MoreExploit
Fix
DoS
RCE
Deserialization of Untrusted Data
X.com
1.7 K Posts
8.6 KReposts
9.7 M Audience
Related posts · 2104
EtherRAT leverages the React2Shell exploit (CVE-2025-55182) to deliver a fileless Node.js implant with 5 payloads via Ethereum smart-contract C2, enabling persistent access, crypto-wallet theft, and web server hijacking. #EtherRAT #BlockchainC2
https://t.co/wehcXYSwQG
2025-12-22 05:30:10
⚡️ Cybersecurity Developments in the Last 12 Hours ⚡️
🚨 Microsoft warns CVE-2025-55182 (React2Shell), a critical RCE in React Server Components and Next.js that can be triggered with a single unauthenticated HTTP request.
👾 New SantaStealer MaaS steals browser and crypto‑wallet data in memory, offering affiliate panels and subscription tiers to lower the barrier for attackers.
🔒 AWS security bulletin discloses CVE-2025-14503 in Harmonix on EKS where overly permissive IAM trust policies allow role assumption.
These events underscore the need for coordinated vulnerability management, memory-resident telemetry, and strict IAM trust controls. Our consultancy maps these risks to context-aware detection and prompt-engineered playbooks. Prioritize patching internet-facing assets, deploy in-memory detection, and automate IAM policy validation with prompt-driven detection workflows today.
👉 Contact us if your resilience needs enhancement. We can help assess and strengthen your defenses.
Read more:
https://t.co/TsiYR5VKwW
https://t.co/TsiYR5VKwW
#CyberSecurity #ThreatDetection #Advisory #Malware #CloudSecurity
2025-12-16 08:23:06
The React2shell CVE-2025-55182 has received significant press coverage. This @MiggoSecurity does a great technical analysis & breaks down how the #React2Shell #vulnerability enables #RCE through a complex prototype traversal & deserialization exploit.
https://t.co/bbXAHtIis3
2025-12-15 16:19:03
#2 · PT-2026-3709 · Oracle · Oracle Weblogic Server Proxy Plug-In
Published
2026-01-20
·
Updated
2026-01-22
·
CVE-2026-21962
10
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions
Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in versions 12.2.1.4.0, 14.1.1.0.0 through 14.1.2.0.0
Description
A critical issue exists in Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in for Apache HTTP Server and Microsoft IIS, allowing unauthenticated attackers to compromise the system via HTTP. Successful exploitation can lead to unauthorized creation,...
MoreFix
RCE
Improper Access Control
X.com
17 Posts
130Reposts
59.5 K Audience
Related posts · 18
🚨 CRITICAL: Oracle WebLogic RCE (CVE-2026-21962, CVSS 10.0) allows unauthenticated remote code execution. Affects WebLogic Server Proxy Plug-ins for Apache & IIS. ACTION: Apply Oracle security patches immediately and review proxy configurations. #cybersecurity
2026-01-21 22:06:16
The quoted post is accurate based on my research. CVE-2026-21962 is a real critical vulnerability (CVSS 10.0) in Oracle Fusion Middleware, per Oracle's Jan 2026 patch update and sources like NVD/MITRE. It enables unauthenticated remote compromise via HTTP, allowing data access/modification in affected versions (e.g., 12.2.1.4.0, 14.1.1.0.0). FOFA query validly scans for exposed instances (~5k results claimed). No falsehoods found; patch urgently.
2026-01-21 20:10:44
Oracle HTTP Server vuln CVE-2026-21962:
CWE-284: Improper Access Control
#EUVD:
https://t.co/dWZFtsLYC8
#NVD:
https://t.co/svQJ94vkyu
2026-01-21 19:48:57
#3 · PT-2025-34177 · Apple · Macos Sonoma
Published
2025-08-20
·
Updated
2026-01-22
·
CVE-2025-43300
10
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Apple iOS/iPadOS versions prior to 18.6.2 and 17.7.10
Apple macOS versions prior to Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8
Description
Apple addressed a zero-day vulnerability (CVE-2025-43300) in the ImageIO framework, which could allow attackers to achieve remote code execution (RCE) via a maliciously crafted image file. This vulnerability has been actively explo...
MoreExploit
Fix
DoS
RCE
Memory Corruption
X.com
561 Posts
1.8 KReposts
502.5 M Audience
Related posts · 684
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild.
The vulnerability in question is CVE-2025-43300 (CVSS s...
https://t.co/ybeyeHRyxW
2026-01-11 03:06:44
Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:
-
📝 Windows SMB Client Elevation of Privilege Vulnerability
-
📅 Published: 10/06/2025
-
📈 CVSS: 8.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
-
📣 Mentions: 76
-
⚠️ Priority: 1+
-
📝 Analysis: A Windows SMB Client Elevation of Privilege Vulnerability (CVSS: 8.8) exists, exploitable via network (AV:N). While no known in-the-wild activity has been reported (CISA KEV), the high impact on confidentiality, integrity, and availability (C/I/A:H) warrants a priority 2 status due to its high CVSS score and low Exploitability Estimates Over Time (EPSS).
-
📝 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
-
📅 Published: 21/08/2025
-
📈 CVSS: 0
-
🛡️ CISA KEV: True
-
🧭 Vector: n/a
-
📣 Mentions: 23
-
⚠️ Priority: 1+
-
📝 Analysis: A memory corruption issue exists in macOS and iOS versions listed, stemming from processing malicious image files. While not widely exploited, Apple has reported a targeted attack. Given the potential for sophisticated attacks and the high CVSS score, this vulnerability warrants attention as a priority 2 concern.
-
📝 No description available.
-
📅 Published: 05/10/2025
-
📈 CVSS: 9.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📣 Mentions: 38
-
⚠️ Priority: 1+
-
📝 Analysis: A critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) vulnerability has been identified, with no description available. As of now, no known in-the-wild activity has been reported (CISA KEV). Due to its high severity and currently low exploitability, it is classified as a priority 2 vulnerability.
-
📝 A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory.
-
📅 Published: 08/03/2024
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
⚠️ Priority: 2
-
📝 Analysis: A memory corruption vulnerability in multiple Apple OS versions may lead to system termination or kernel memory write. Exploits unknown, but high impact and exploitability warrant a priority 2 status. The fix is available in specified version updates.
-
📝 A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
-
📅 Published: 03/12/2025
-
📈 CVSS: 10
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-
📣 Mentions: 908
-
⚠️ Priority: 1+
-
📝 Analysis: A critical pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0, specifically in packages react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerability stems from unsafely deserializing HTTP request payloads. This is a confirmed exploited issue, designated as priority 1+.
-
📝 A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
-
📅 Published: 09/12/2025
-
📈 CVSS: 9.1
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
-
📣 Mentions: 11
-
⚠️ Priority: 1+
-
📝 Analysis: Unauthenticated attacker can bypass FortiCloud SSO login authentication via a crafted SAML response message in affected versions of Fortinet FortiOS and related modules. No known exploits detected, but given high CVSS score, it is a priority 2 vulnerability.
-
📝 Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
-
📅 Published: 12/12/2025
-
📈 CVSS: 8.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
-
📣 Mentions: 32
-
⚠️ Priority: 1+
-
📝 Analysis: A memory access flaw in ANGLE component of Google Chrome on Mac (versions prior to 143.0.7499.110) permits remote attackers to perform out-of-bounds attacks via a crafted HTML page, confirmed exploited in the wild. Priority 1+.
-
📝 Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided extra_options parameter and executes it as a command-line argument. Attackers can execute remote commands using the extra_options parameter.. Affected scenarios:Use the built-in bRPC heap profiler service to perform jemalloc memory profiling. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.15.0. 2. Apply this patch ( https://github.com/apache/brpc/pull/3101 ) manually.
-
📅 Published: 16/01/2026
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📣 Mentions: 14
-
⚠️ Priority: 4
-
📝 Analysis: A critical command injection vulnerability has been identified in Apache bRPC (<1.15.0) heap profiler builtin service, affecting scenarios using its built-in bRPC heap profiler service for jemalloc memory profiling. Attackers can execute remote commands through the unvalidated extra_options parameter. Prioritization score is 4, indicating a low CVSS & low EPSS. Upgrade to version 1.15.0 or apply the provided patch (https://github.com/apache/brpc/pull/3101) for mitigation.
-
📝 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
-
📅 Published: 17/12/2025
-
📈 CVSS: 8.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
-
📣 Mentions: 26
-
⚠️ Priority: 1+
-
📝 Analysis: A use-after-free issue in web content processing, potentially leading to arbitrary code execution, has been addressed across multiple Apple platforms. The vulnerability is known to have been exploited in targeted attacks on versions of iOS prior to 26. Given the high CVSS score and confirmed exploitation, this is a priority 1+ issue, requiring immediate action on affected systems matching the specified versions.
10. CVE-2025-54918
-
📝 Windows NTLM Elevation of Privilege Vulnerability
-
📅 Published: 09/09/2025
-
📈 CVSS: 8.8
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
-
📣 Mentions: 50
-
⚠️ Priority: 2
-
📝 Analysis: A critical NTLM elevation of privilege vulnerability (Windows) has been identified, scoring 8.8 on CVSS. The attack vector is local access (AV:L). Although no known exploits are in the wild, given its high impact and severity, it is classified as a priority 2 vulnerability.
Let us know if you're tracking any of these or if you find any issues with the provided details.
2025-10-14 10:04:46
Продолжаем знакомить с наиболее трендовыми уязвимостями и связанными с ними угрозами:
-
Исследователи Cisco обнаружили «сквозные» уязвимости в восьми моделях с открытым кодом LLM, доступных на рынке от таких компаний, как OpenAI, Alibaba, Mistral, Google и др. Неудвительно, ведь после публикации исходного кода эти модели редко обновляются.
-
Cyderes обнаружила уязвимость в Advanced Installer, фреймворке для создания установщиков Windows, которая позволяет злоумышленникам перехватывать механизмы обновления приложений и запускать вредоносный внешний код, если пакеты обновлений не имеют цифровой подписи.
Advanced Installers используется некоторыми крупнейшими мировыми компаниями, такими как Apple, Microsoft, Google и IBM.
-
Исследователи Tenable выявили семь уязвимостей и методов атаки на пользователей ChatGPT. Недостатки позволяют злоумышленникам похищать конфиденциальную информацию из памяти и истории чатов пользователей.
-
Исследователи Zscaler обнаружили уязвимость произвольного доступа к файлам и SSRF (CVE-2025-12058) в платформе искусственного интеллекта Keras.
-
Группа исследователей, связанная с Массачусетским технологическим институтом (MIT), представила достаточно спорный отчет, который вызвал широкие осуждения в инфосеке.
Публика усомнилась в тезисе о том, что ИИ лежит в основе 80% всех современных атак программ-вымогателей.
Известные исследователи и эксперты в области ИБ раскритиковали выводы исследования, назвав их технически необоснованными и вовсе - не более чем попыткой хайпа.
- В свою очередь, Google выкатила свой отчёт в отношении штаммов вредоносного ПО, задействующих ИИ.
Их всего пять, и все они - фактически «шлак». При этом один из пяти в конечном итоге оказался в реальности проектом ученых.
Так что по мнению Google, эра полноценного вредоносного ПО на базе ИИ ещё не наступила, однако разработчики вредоносного ПО все же создают собственные инструменты LLM для весьма специфических целей.
- В отчёте «Threat Labs: Производство 2025» от Netskope подробно описываются новейшие угрозы в сфере ИБ, затрагивающие организации производственной отрасли.
В частности, выделены такие тенденции, как растущая зависимость от облачной инфраструктуры и сложные методы компрометации цепочек поставок, приводящие к сбоям в производственных процессах.
- По данным Palo Alto Networks, злоумышленники использовали уязвимость CVE-2025-21042 для доставки пользователям на Ближнем Востоке шпионского ПО Landfall для Android с помощью специально созданные DNG-изображения и WhatsApp.
Атаки, по всей видимости, были направлены на телефоны Samsung Galaxy, и злоумышленник мог реализовать Landfall с помощью ZeroClick-эксплойта.
Samsung исправила CVE-2025-21042 в апреле, но в сообщении технологического гиганта не упоминается эксплуатация уязвимости в реальных условиях.
В Palo Alto заявили, что атаки Landfall проводились как минимум с июля 2024 года, а CVE-2025-21042 эксплуатировалась как 0-day ещё до выпуска Samsung патчей.
CVE-2025-21042 похожа на CVE-2025-21043, другую уязвимость нулевого дня, недавно исправленную Samsung в той же библиотеке изображений.
За несколько недель до раскрытия информации о CVE-2025-21043 Apple исправила CVE-2025-43300 - похожую уязвимость, которая, как считается, была связана с 0-day WhatsApp (CVE-2025-55177), для доставки шпионского ПО клиентам Apple.
Palo Alto Networks не смогла подтвердить, что цепочка эксплойтов CVE-2025-43300/CVE-2025-55177 использовалась для доставки шпионского ПО Landfall пользователям iOS.
Злоумышленник не атрибутирован и теперь отслеживается как CL-UNK-1054.
2025-09-12 13:20:02
#4 · PT-2025-50118 · Fortinet · Fortiproxy
Published
2025-12-09
·
Updated
2026-01-22
·
CVE-2025-59718
9.8
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Fortinet FortiOS versions 7.0.0 through 7.6.3
Fortinet FortiProxy versions 7.0.0 through 7.6.3
Fortinet FortiSwitchManager versions 7.0.0 through 7.2.6
Fortinet FortiWeb (affected versions not specified)
Description
An improper verification of cryptographic signature flaw exists in Fortinet products, allowing an unauthenticated attacker to bypass FortiCloud SSO login authent...
MoreFix
LPE
RCE
Improper Verification of Cryptographic Signature
X.com
109 Posts
388Reposts
212.2 K Audience
Related posts · 142
The second issue (CVE-2025-59718) is more technical but essentially involved allowing remote attackers to send a forged SAML message and gain full administrative access to the device without needing a password or token (3/13)
2026-01-08 00:20:30
@Fortinet & @Cisco @CiscoSecure in the spotlight this week 🚨: critical auth bypass in FortiCloud SSO/FortiGate (CVE-2025-59718/59719) and serious flaws in FortiWeb WAF and Cisco gear give attackers fast paths to admin access and config theft. Patch and lock down those edge devices now.
#cybersecurity #infosec #CVE #Fortinet #FortiGate #FortiWeb #FortiCloud #Cisco #firewall #ZeroDay #authenticationbypass #networksecurity #EnterpriseSecurity #vulnerability #PatchTuesday #threatintel
Check out the latest article in my newsletter: 🔒 Weekly Cybersecurity Vulnerability Update: December 15–22, 2025 https://t.co/xhivbWcWmg via @LinkedIn
2025-12-22 07:18:18
A significant number of Fortinet devices with FortiCloud SSO enabled are vulnerable to attacks exploiting a critical authentication bypass flaw.
Key Points:
- Over 25,000 IP addresses of FortiCloud SSO devices are exposed online.
- Threat actors are exploiting a critical vulnerability (CVE-2025-59718/CVE-2025-59719) to gain unauthorized admin access.
- The vulnerability allows attackers to download sensitive system configuration files.
- U.S. government agencies have been ordered to patch this vulnerability by December 23rd.
- Previous Fortinet vulnerabilities have been exploited by advanced threat actors.
Recent findings by the internet security watchdog Shadowserver have revealed that more than 25,000 Fortinet devices with FortiCloud SSO enabled are openly exposed online. This alarming discovery comes amid ongoing attacks specifically targeting a critical authentication bypass vulnerability identified as CVE-2025-59718 and CVE-2025-59719. The FortiCloud SSO feature, which facilitates single sign-on capabilities, may not be active unless the devices are registered with Fortinet's FortiCare support service. Despite this, numerous devices are still at risk, as they remain accessible to unauthorized actors on the internet.
Cybersecurity experts, including those from Arctic Wolf and threat researcher Yutaka Sejiyama, highlight that the exploitation of this vulnerability involves the use of maliciously crafted SAML messages to access the web management interface of affected devices. Once an attacker gains admin-level access, they can download critical system configuration files that may contain sensitive information like hashed passwords, firewall policies, and internet-facing services. Given the historical context of Fortinet vulnerabilities being targeted by cybercriminals and espionage groups, organizations using these devices must urgently address this issue to mitigate potential risks and secure their networks as mandated by the Cybersecurity and Infrastructure Security Agency (CISA).
What steps can organizations take to ensure their Fortinet devices are secured against such vulnerabilities?
Learn More: Bleeping Computer
Want to stay updated on the latest cyber threats?
2025-12-20 00:51:20
#5 · PT-2025-24857 · Microsoft · Windows Smb
James Forshaw
+2
·
Published
2025-01-30
·
Updated
2026-01-22
·
CVE-2025-33073
8.8
High
Base
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Microsoft Windows versions prior to the June 2025 security updates
Description
A critical improper access control issue exists in the Windows SMB client. This flaw allows an authenticated attacker to elevate privileges to the SYSTEM level on a network. The vulnerability stems from a weakness in Kerberos authentication relay, enabling attackers to coerce authentication and re...
MoreExploit
Fix
LPE
RCE
Improper Access Control
X.com
158 Posts
2.1 KReposts
13.9 M Audience
Related posts · 222
Active exploitation of critical Windows SMB flaw CVE-2025-33073 allows remote SYSTEM-level privilege escalation on Windows 10, 11, and Server. CISA mandates patching by Nov 10. #WindowsSMB #PrivilegeEscalation #USA
https://t.co/KpirlXcZkT
2025-10-21 18:11:58
🚨 CVE-2025-33073
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
🎖@cveNotify
2025-10-21 12:56:53
How I Accidentally Found CVE-2025-33073
Presented by: Cameron Stish
Find out about the discovery journey, technical exploitation details, and key lessons on detection, mitigation, and responsible disclosure regarding the CVE-2025-33073. https://t.co/X2QwvtEu3f
2025-09-29 20:28:40
#6 · PT-2026-3785 · Cisco · Cisco Unified Communications Manager Session Management Edition
Published
2026-01-21
·
Updated
2026-01-22
·
CVE-2026-20045
8.2
High
Base
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Name of the Vulnerable Software and Affected Versions
Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance (affected versions not specified)
Description
A flaw exists in Cisco Unified Communications...
MoreRCE
Code Injection
X.com
46 Posts
19Reposts
9.5 K Audience
Related posts · 49
🚨 Cisco Patches Actively Exploited Unified CM Zero-Day RCE (CVE-2026-20045)
Cisco fixed CVE-2026-20045 (CVSS 8.2), an actively exploited unauthenticated RCE in Unified CM and Webex Calling Dedicated Instance caused by improper HTTP input validation, allowing OS command execution and privilege escalation to root via crafted requests to the web management interface. No workaround exists—patch immediately, as CISA added it to the KEV catalog with a Feb 11, 2026 remediation deadline for U.S. federal agencies.
🎯 Target: Global / Cisco Unified Communications & Webex Calling
#️⃣ Category: #Cisco #CVE202620045 #ZeroDay #RCE #UnifiedCM #Webex #KEV #PatchManagement
🔗 URL: https://t.co/rqICd89Mzx
2026-01-22 05:52:13
Cisco released updates for exploited zero-day CVE-2026-20045. Patch immediately, limit exposure, and investigate for compromise. https://t.co/ojk1Zvv4WC #Cybersecurity
2026-01-22 05:26:12
Cisco fixed a critical zero-day (CVE-2026-20045) enabling unauthenticated command execution on affected systems.
#Cisco #Vulnerability #0day #zeroday #CVE #CyberSecurity #CybersecurityNews #threatresq #ThreatResQ
2026-01-22 05:22:13
#7 · PT-2025-26225 · Winrar · Winrar
Marcin Bobryk
·
Published
2025-06-19
·
Updated
2026-01-22
·
CVE-2025-6218
7.8
High
Base
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
WinRAR versions prior to 7.12
Description
WinRAR contains a directory traversal vulnerability (CVE-2025-6218) that allows remote attackers to execute arbitrary code. This is achieved by crafting a malicious archive that, when opened, can write files outside of intended directories, potentially leading to code execution in the context of the current user. Multiple threat acto...
MoreExploit
Fix
RCE
Path traversal
X.com
122 Posts
312Reposts
453.5 K Audience
Related posts · 172
Daily #Gamaredon seen from Ukraine.
'1_11_5_1761_14.01.2026.rar' @abuse_ch
https://t.co/SenYccRRd1
Usual CVE-2025-6218 and 8088 exploit.
@500mk500 https://t.co/br5R0InJCh
2026-01-14 12:08:30
'salary_statistics.rar' seen from Viet Nam @abuse_ch
https://t.co/HyELNalfFL
CVE-2025-6218 and 8088 exploit. https://t.co/KwkEWU1qZf
2026-01-06 14:26:35
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-6218 #RARLAB #WinRAR Path Traversal Vulnerability https://t.co/pAPu0s9XCL
2025-12-22 07:55:16
#8 · PT-2026-2484 · Fortinet · Fortisiem
Published
2026-01-13
·
Updated
2026-01-21
·
CVE-2025-64155
9.8
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Fortinet FortiSIEM versions 6.7.0 through 7.4.0
Description
An improper neutralization of special elements used in an OS command injection vulnerability exists in Fortinet FortiSIEM. This flaw allows unauthenticated attackers to execute unauthorized code or commands via crafted TCP requests. The vulnerability affects the phMonitor service and can lead to remote code executio...
MoreExploit
Fix
LPE
RCE
DoS
OS Command Injection
X.com
94 Posts
396Reposts
207.4 K Audience
Related posts · 103
CVE-2025-64155: In the Wild Exploitation of FortiSIEM for Unauthenticated Root-Level RCE
2026-01-21 12:06:17
🚨 Fortinet FortiSIEM [—] Jan 18, 2026 Comprehensive Security Advisory: Critical Command Injection and Exploitation Risks in Fortinet FortiSIEM (CVE-2025-64155, CVE-2025-25249) Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1... https://t.co/MbmHh7IIKR
2026-01-18 06:01:04
🚨 SecurityWeek Roundup: FortiSIEM RCE Exploited, ServiceNow “BodySnatcher” AI Hijack, Telegram IP Leak Warning
SecurityWeek flags multiple fast-moving threats this week, including active exploitation of Fortinet FortiSIEM unauthenticated RCE (CVE-2025-64155) with public PoC, and the “BodySnatcher” agentic AI hijacking flaw in ServiceNow (CVE-2025-12420) previously patched in Oct 2025. The roundup also notes Telegram’s new warning for proxy links that can expose user IPs, plus other significant developments spanning critical infrastructure targeting and regulatory enforcement actions.
🎯 Target: Global/Enterprise & Critical Infrastructure
#️⃣ Category: #Vulnerability #Exploitation #Fortinet #FortiSIEM #ServiceNow #Telegram #ThreatIntel #CyberSecurity
🔗 URL: https://t.co/FSYD4TLCjy
2026-01-16 16:56:23
#9 · PT-2026-2658 · Microsoft · Windows
Published
2026-01-13
·
Updated
2026-01-22
·
CVE-2026-20805
5.5
Medium
Base
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions
Microsoft Windows versions prior to February 2026
Description
A vulnerability exists in the Desktop Windows Manager component of Windows that allows an attacker to disclose sensitive information locally. This vulnerability, actively exploited in the wild, can leak memory addresses, potentially bypassing Address Space Layout Randomization (ASLR) and strengthening exploit chain...
MoreExploit
Fix
LPE
RCE
Information Disclosure
X.com
88 Posts
83Reposts
93.3 K Audience
Related posts · 95
CISA flagged a Windows DWM vulnerability (CVE-2026-20805) as actively exploited. Federal agencies face mandatory remediation. Enterprise teams: prioritize this patch today.
2026-01-21 15:57:06
CISA flagged a Windows DWM vulnerability (CVE-2026-20805) as actively exploited. Federal agencies face mandatory remediation. Enterprise teams: prioritize this patch today.
2026-01-21 15:57:06
Davos 2026: Global risks escalate, #Cybersecurity takes center stage. Microsoft patched 114 flaws, including one actively exploited (CVE-2026-20805). Urgent action needed to secure systems. Stay vigilant. #AnonNews_irc #Anonymous #News
2026-01-21 01:24:15
#10 · PT-2026-3270 · Vigi Camera
Arko Dhar
+1
·
Published
2026-01-16
·
Updated
2026-01-21
·
CVE-2026-0629
None
Name of the Vulnerable Software and Affected Versions
TP-Link VIGI Cameras (affected versions not specified)
Description
An authentication bypass issue exists in the password recovery feature of the local web interface of TP-Link VIGI cameras. This allows an attacker on the Local Area Network (LAN) to reset the administrator password without verification by manipulating client-side state. Successful exploitation grants the atta...
MoreImproper Authentication
X.com
12 Posts
37Reposts
8.8 K Audience
Related posts · 13
🚨 TP-Link Patches Critical VIGI Camera Flaw Allowing Admin Takeover (CVE-2026-0629)
TP-Link fixed CVE-2026-0629 (CVSS 8.7) impacting 32+ VIGI camera models, where attackers on the same network can bypass authentication in the password-recovery flow and reset the admin password to gain full control. Compromise enables live/recorded video access and can be leveraged for spying and lateral movement inside business networks.
🎯 Target: Global/Enterprise Surveillance (IoT)
#️⃣ Category: #CVE20260629 #TPLink #IoTSecurity #CCTV #Vulnerability #AuthBypass #SurveillanceCameras #PatchNow #Cybersecurity
🔗 URL: https://t.co/i9CAwLeerv
2026-01-21 17:04:18
Security Alert: Authentication Bypass Vulnerability in TP-Link VIGI Cameras (CVE-2026-0629)
2026-01-21 15:16:38
🚨 CVE-2026-0629 (CVSS 8.7): Authentication Bypass in Password Recovery Feature via Local Web App on Multiple VIGI Cameras
Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.
Search by vul.cve Filter 👉 vul.cve="CVE-2026-0629"
ZoomEye Dork 👉 app="TP-Link Management Page"
1.54m+ exposed instances.
ZoomEye Link: https://t.co/sAd1evYKXl
Refer: https://t.co/XsGcmU1brI
#ZoomEye #NetSec #OSINT #CyberSecurity #TPlinkVuln #RouterSecurity #IoTSecurity #ExposedDevices
2026-01-21 09:10:05
#11 · PT-2025-49099 · Apache · Apache Tika
Tim Allison
·
Published
2025-10-26
·
Updated
2026-01-22
·
CVE-2025-66516
8.4
High
Base
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Apache Tika versions 1.13 through 3.2.1
Apache Tika tika-core versions 1.13 through 3.2.1
Apache Tika tika-pdf-module versions 2.0.0 through 3.2.1
Apache Tika tika-parsers versions 1.13 through 1.28.5
Description
Apache Tika contains a critical XML External Entity (XXE) vulnerability (CVE-2025-66516) with a CVSS score of 10.0. This flaw allows attackers to carry out XXE inje...
MoreExploit
Fix
DoS
RCE
XXE
X.com
73 Posts
124Reposts
63.1 K Audience
Related posts · 107
🚨 Oracle January 2026 CPU Ships 337 Security Fixes Across 30+ Product Families
Oracle’s January 2026 Critical Patch Update delivers 337 patches, including 115 remotely exploitable flaws requiring no authentication and at least one CVSS 10.0 issue (CVE-2025-66516) impacting Oracle Commerce Guided Search. This matters because unpatched, internet-facing Oracle stacks (DB/middleware/comms/financial apps) are high-value targets and CPU releases often trigger rapid scanning and exploit attempts.
🎯 Target: Global/Enterprise IT
#️⃣ Category: #Oracle #CriticalPatchUpdate #CPU #PatchManagement #VulnerabilityManagement #CVSS10 #EnterpriseSecurity #Cybersecurity
🔗 URL: https://t.co/qGnfNFvyid
2026-01-21 14:24:31
🚨 CVE-2025-66516
Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF.
This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways.
First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable.
Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.
🎖@cveNotify
2025-12-30 16:26:53
🚨 CVE-2025-66516
Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF.
This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways.
First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable.
Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.
🎖@cveNotify
2025-12-18 14:56:53
#12 · PT-2025-36882 · Microsoft · Windows
Bryan De Houwer
·
Published
2025-09-09
·
Updated
2026-01-22
·
CVE-2025-54918
8.8
High
Base
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Windows NTLM versions prior to the fix included in CVE-2025-54918
Description
An improper authentication issue exists within Windows NTLM. This flaw allows an authorized attacker to elevate privileges over a network. The vulnerability relates to deficiencies in the authentication procedure of the NTLM protocol. Exploitation may allow a remote attacker to elevate their privil...
MoreFix
LPE
Improper Authentication
X.com
11 Posts
154Reposts
50.7 K Audience
Related posts · 16
Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:
-
📝 Windows SMB Client Elevation of Privilege Vulnerability
-
📅 Published: 10/06/2025
-
📈 CVSS: 8.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
-
📣 Mentions: 76
-
⚠️ Priority: 1+
-
📝 Analysis: A Windows SMB Client Elevation of Privilege Vulnerability (CVSS: 8.8) exists, exploitable via network (AV:N). While no known in-the-wild activity has been reported (CISA KEV), the high impact on confidentiality, integrity, and availability (C/I/A:H) warrants a priority 2 status due to its high CVSS score and low Exploitability Estimates Over Time (EPSS).
-
📝 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
-
📅 Published: 21/08/2025
-
📈 CVSS: 0
-
🛡️ CISA KEV: True
-
🧭 Vector: n/a
-
📣 Mentions: 23
-
⚠️ Priority: 1+
-
📝 Analysis: A memory corruption issue exists in macOS and iOS versions listed, stemming from processing malicious image files. While not widely exploited, Apple has reported a targeted attack. Given the potential for sophisticated attacks and the high CVSS score, this vulnerability warrants attention as a priority 2 concern.
-
📝 No description available.
-
📅 Published: 05/10/2025
-
📈 CVSS: 9.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📣 Mentions: 38
-
⚠️ Priority: 1+
-
📝 Analysis: A critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) vulnerability has been identified, with no description available. As of now, no known in-the-wild activity has been reported (CISA KEV). Due to its high severity and currently low exploitability, it is classified as a priority 2 vulnerability.
-
📝 A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory.
-
📅 Published: 08/03/2024
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
⚠️ Priority: 2
-
📝 Analysis: A memory corruption vulnerability in multiple Apple OS versions may lead to system termination or kernel memory write. Exploits unknown, but high impact and exploitability warrant a priority 2 status. The fix is available in specified version updates.
-
📝 A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
-
📅 Published: 03/12/2025
-
📈 CVSS: 10
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-
📣 Mentions: 908
-
⚠️ Priority: 1+
-
📝 Analysis: A critical pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0, specifically in packages react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerability stems from unsafely deserializing HTTP request payloads. This is a confirmed exploited issue, designated as priority 1+.
-
📝 A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
-
📅 Published: 09/12/2025
-
📈 CVSS: 9.1
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
-
📣 Mentions: 11
-
⚠️ Priority: 1+
-
📝 Analysis: Unauthenticated attacker can bypass FortiCloud SSO login authentication via a crafted SAML response message in affected versions of Fortinet FortiOS and related modules. No known exploits detected, but given high CVSS score, it is a priority 2 vulnerability.
-
📝 Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
-
📅 Published: 12/12/2025
-
📈 CVSS: 8.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
-
📣 Mentions: 32
-
⚠️ Priority: 1+
-
📝 Analysis: A memory access flaw in ANGLE component of Google Chrome on Mac (versions prior to 143.0.7499.110) permits remote attackers to perform out-of-bounds attacks via a crafted HTML page, confirmed exploited in the wild. Priority 1+.
-
📝 Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided extra_options parameter and executes it as a command-line argument. Attackers can execute remote commands using the extra_options parameter.. Affected scenarios:Use the built-in bRPC heap profiler service to perform jemalloc memory profiling. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.15.0. 2. Apply this patch ( https://github.com/apache/brpc/pull/3101 ) manually.
-
📅 Published: 16/01/2026
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📣 Mentions: 14
-
⚠️ Priority: 4
-
📝 Analysis: A critical command injection vulnerability has been identified in Apache bRPC (<1.15.0) heap profiler builtin service, affecting scenarios using its built-in bRPC heap profiler service for jemalloc memory profiling. Attackers can execute remote commands through the unvalidated extra_options parameter. Prioritization score is 4, indicating a low CVSS & low EPSS. Upgrade to version 1.15.0 or apply the provided patch (https://github.com/apache/brpc/pull/3101) for mitigation.
-
📝 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
-
📅 Published: 17/12/2025
-
📈 CVSS: 8.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
-
📣 Mentions: 26
-
⚠️ Priority: 1+
-
📝 Analysis: A use-after-free issue in web content processing, potentially leading to arbitrary code execution, has been addressed across multiple Apple platforms. The vulnerability is known to have been exploited in targeted attacks on versions of iOS prior to 26. Given the high CVSS score and confirmed exploitation, this is a priority 1+ issue, requiring immediate action on affected systems matching the specified versions.
10. CVE-2025-54918
-
📝 Windows NTLM Elevation of Privilege Vulnerability
-
📅 Published: 09/09/2025
-
📈 CVSS: 8.8
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
-
📣 Mentions: 50
-
⚠️ Priority: 2
-
📝 Analysis: A critical NTLM elevation of privilege vulnerability (Windows) has been identified, scoring 8.8 on CVSS. The attack vector is local access (AV:L). Although no known exploits are in the wild, given its high impact and severity, it is classified as a priority 2 vulnerability.
Let us know if you're tracking any of these or if you find any issues with the provided details.
2026-01-22 11:01:49
#exploit
High severity Windows vulnerabilities:
1⃣. CVE-2025-26686:
RCE in Windows 10/11/Srv TCP/IP stack - https://t.co/ks9DLxM6Hu
// leaves sensitive memory unlocked, allowing remote attackers to hijack systems. Exploitable over the network, it risks full compromise. Patch now..
2⃣. CVE-2025-60710:
LPE in Taskhost Windows Tasks - https://t.co/QOBzG92NXn
// Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally
3⃣. CVE-2025-54110:
Windows Kernel Integer Overflow Privilege Escalation - https://t.co/v2BYVahxQS
// high-severity vulnerability in Windows Kernel that arises from improper handling of integer values during memory allocation
4⃣ CVE-2025-54918:
Improper authentication in Windows NTLM- https://t.co/u7IsCV5PRM
// Simulated exploitation and mitigation of CVE-2025-54918 (Win NTLM flaw). Incl. detection scripts, Ansible patching, CI/CD hardening. Demonstrates PrivEsc from low-level access to SYSTEM in hybrid cloud environments
2025-11-13 14:07:49
CVE-2025-54918 fixed this issue in ALWAYS calculating the MIC, even if Type3 is empty
2025-10-30 11:06:24
#13 · PT-2024-19759 · Apple · Macos Sonoma
Xinru Chi
·
Published
2024-03-07
·
Updated
2026-01-22
·
CVE-2024-23265
9.8
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
macOS versions 12.7.4 through 14.4
visionOS version 1.1
iOS versions 16.7.6, 17.4
iPadOS versions 16.7.6, 17.4
watchOS version 10.4
tvOS version 17.4
Description
A memory corruption issue was addressed through improved locking mechanisms. The issue may allow a malicious application to cause unexpected system termination or to write to kernel memory, potentially leading to ke...
MoreFix
LPE
Memory Corruption
Resource Exhaustion
X.com
6 Posts
80Reposts
77.4 K Audience
Related posts · 11
Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:
-
📝 Windows SMB Client Elevation of Privilege Vulnerability
-
📅 Published: 10/06/2025
-
📈 CVSS: 8.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
-
📣 Mentions: 76
-
⚠️ Priority: 1+
-
📝 Analysis: A Windows SMB Client Elevation of Privilege Vulnerability (CVSS: 8.8) exists, exploitable via network (AV:N). While no known in-the-wild activity has been reported (CISA KEV), the high impact on confidentiality, integrity, and availability (C/I/A:H) warrants a priority 2 status due to its high CVSS score and low Exploitability Estimates Over Time (EPSS).
-
📝 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
-
📅 Published: 21/08/2025
-
📈 CVSS: 0
-
🛡️ CISA KEV: True
-
🧭 Vector: n/a
-
📣 Mentions: 23
-
⚠️ Priority: 1+
-
📝 Analysis: A memory corruption issue exists in macOS and iOS versions listed, stemming from processing malicious image files. While not widely exploited, Apple has reported a targeted attack. Given the potential for sophisticated attacks and the high CVSS score, this vulnerability warrants attention as a priority 2 concern.
-
📝 No description available.
-
📅 Published: 05/10/2025
-
📈 CVSS: 9.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📣 Mentions: 38
-
⚠️ Priority: 1+
-
📝 Analysis: A critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) vulnerability has been identified, with no description available. As of now, no known in-the-wild activity has been reported (CISA KEV). Due to its high severity and currently low exploitability, it is classified as a priority 2 vulnerability.
-
📝 A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory.
-
📅 Published: 08/03/2024
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
⚠️ Priority: 2
-
📝 Analysis: A memory corruption vulnerability in multiple Apple OS versions may lead to system termination or kernel memory write. Exploits unknown, but high impact and exploitability warrant a priority 2 status. The fix is available in specified version updates.
-
📝 A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
-
📅 Published: 03/12/2025
-
📈 CVSS: 10
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-
📣 Mentions: 908
-
⚠️ Priority: 1+
-
📝 Analysis: A critical pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0, specifically in packages react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerability stems from unsafely deserializing HTTP request payloads. This is a confirmed exploited issue, designated as priority 1+.
-
📝 A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
-
📅 Published: 09/12/2025
-
📈 CVSS: 9.1
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
-
📣 Mentions: 11
-
⚠️ Priority: 1+
-
📝 Analysis: Unauthenticated attacker can bypass FortiCloud SSO login authentication via a crafted SAML response message in affected versions of Fortinet FortiOS and related modules. No known exploits detected, but given high CVSS score, it is a priority 2 vulnerability.
-
📝 Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
-
📅 Published: 12/12/2025
-
📈 CVSS: 8.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
-
📣 Mentions: 32
-
⚠️ Priority: 1+
-
📝 Analysis: A memory access flaw in ANGLE component of Google Chrome on Mac (versions prior to 143.0.7499.110) permits remote attackers to perform out-of-bounds attacks via a crafted HTML page, confirmed exploited in the wild. Priority 1+.
-
📝 Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided extra_options parameter and executes it as a command-line argument. Attackers can execute remote commands using the extra_options parameter.. Affected scenarios:Use the built-in bRPC heap profiler service to perform jemalloc memory profiling. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.15.0. 2. Apply this patch ( https://github.com/apache/brpc/pull/3101 ) manually.
-
📅 Published: 16/01/2026
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📣 Mentions: 14
-
⚠️ Priority: 4
-
📝 Analysis: A critical command injection vulnerability has been identified in Apache bRPC (<1.15.0) heap profiler builtin service, affecting scenarios using its built-in bRPC heap profiler service for jemalloc memory profiling. Attackers can execute remote commands through the unvalidated extra_options parameter. Prioritization score is 4, indicating a low CVSS & low EPSS. Upgrade to version 1.15.0 or apply the provided patch (https://github.com/apache/brpc/pull/3101) for mitigation.
-
📝 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
-
📅 Published: 17/12/2025
-
📈 CVSS: 8.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
-
📣 Mentions: 26
-
⚠️ Priority: 1+
-
📝 Analysis: A use-after-free issue in web content processing, potentially leading to arbitrary code execution, has been addressed across multiple Apple platforms. The vulnerability is known to have been exploited in targeted attacks on versions of iOS prior to 26. Given the high CVSS score and confirmed exploitation, this is a priority 1+ issue, requiring immediate action on affected systems matching the specified versions.
10. CVE-2025-54918
-
📝 Windows NTLM Elevation of Privilege Vulnerability
-
📅 Published: 09/09/2025
-
📈 CVSS: 8.8
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
-
📣 Mentions: 50
-
⚠️ Priority: 2
-
📝 Analysis: A critical NTLM elevation of privilege vulnerability (Windows) has been identified, scoring 8.8 on CVSS. The attack vector is local access (AV:L). Although no known exploits are in the wild, given its high impact and severity, it is classified as a priority 2 vulnerability.
Let us know if you're tracking any of these or if you find any issues with the provided details.
2026-01-22 11:01:49
A missing lock in a kernel driver is indistinguishable from valid code, until it crashes. We tracked down the fix for CVE-2024-23265 to see how Apple resolved a race condition in AppleDiskImages2.
https://t.co/r9gvxluQFt
See how we used Ghidra to locate the specific instruction changes that mitigated this memory corruption vulnerability. The interesting part isn’t the “fix”, it’s where it shows up.
👀 Don’t skim this one. That instruction change matters.
2026-01-21 15:03:38
Patch Diffing CVE-2024-23265: An iOS Kernel Memory Corruption Vulnerability - @8kSec https://t.co/vqMawNrKiv
2025-10-23 20:15:41
#14 · PT-2026-3321 · Mcpjam Inspector
C2An1
·
Published
2026-01-16
·
Updated
2026-01-22
·
CVE-2026-23744
9.8
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
MCPJam inspector versions 1.4.2 and earlier
Description
MCPJam inspector, a local-first development platform for MCP servers, contains a remote code execution (RCE) issue. An attacker can send a crafted HTTP request to trigger the installation of an MCP server, leading to RCE. The application, by default, listens on all interfaces (0.0.0.0) instead of localhost, enabling rem...
MoreExploit
Fix
RCE
Missing Authentication
X.com
9 Posts
19Reposts
6.8 K Audience
Related posts · 9
‼️CVE-2026-23744: Versions 1.4.2 and earlier of MCPJam inspector are vulnerable to remote code execution (RCE)
CVSS: 9.8
CVE Published: January 16th, 2026
PoC/Exploit Published: January 20th, 2026
GitHub PoC: https://t.co/UYHEAu9wrv
Advisory: https://t.co/R6nnZ7CQQJ
MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.
2026-01-22 00:50:41
CVE-2026-23744 #cve #RCE #mcp
MCPJam inspector is the local-first development platform for MCP servers. The Latest version Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE.
https://t.co/uAQ9GCOIrF
2026-01-19 07:43:56
The
mcpjam/inspector2026-01-17 14:23:33
#15 · PT-2026-3756 · Gnu · Inetutils
Carlos Cortes Alvarez
+1
·
Published
2026-01-21
·
Updated
2026-01-22
·
CVE-2026-24061
9.8
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
GNU Inetutils versions through 2.7
Description
The
MoretelnetdUSERtelnetdUSER="-f root"Fix
Argument Injection
X.com
10 Posts
5Reposts
3.2 K Audience
Related posts · 12
- Une faille critique offrant un accès total : La vulnérabilité CVE-2026-24061 (score de gravité 9,8/10) touche le service
(versions GNU InetUtils 1.9.3 à 2.7). Elle permet à un attaquant de contourner l'authentification et de prendre le contrôle du serveur avec les droits administrateur (root), une brèche présente dans le code depuis 2015.telnetd - Une menace active sans correctif officiel : La situation est d'autant plus dangereuse qu'un code d'exploitation est publiquement disponible pour les pirates, alors qu'aucun patch de sécurité n'a encore été publié par les développeurs pour corriger le problème.
- La nécessité d'abandonner Telnet : Le CERT-FR insiste sur le fait que ce protocole obsolète et non chiffré ne doit pas être exposé sur Internet. La recommandation immédiate est de désactiver le service au profit de SSH (port 22) ou, à défaut, de restreindre drastiquement l'accès via une liste blanche d'IP.
https://next.ink/220541/telnet-une-faille-triviale-vieille-de-10-ans-permet-de-se-connecter-en-root/
2026-01-22 10:08:30
CVE-2026-24061
GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
The telnetd server invokes /usr/bin/login (normally running as root)
passing the value of the USER environment variable received from the
client as the last parameter.
If the client supply a carefully crafted USER environment value being
the string "-f root", and passes the telnet(1) -a or --login parameter
to send this USER environment to the server, the client will be
automatically logged in as root bypassing normal authentication
processes.
This happens because the telnetd server do not sanitize the USER
environment variable before passing it on to login(1), and login(1)
uses the -f parameter to by-pass normal authentication.
2026-01-22 02:14:35
CVE-2026-24061: Telnet Strikes Back: GNU Inetutils Root Authentication Bypass
A critical argument injection vulnerability in GNU Inetutils telnetd allows unauthenticated remote attackers to gain full root access by manipulating the USER environment va...
2026-01-22 00:29:13
#16 · PT-2025-12769 · Zhijiantianya · Ruoyi-Vue-Pro
Uglory
·
Published
2025-03-25
·
Updated
2026-01-21
·
CVE-2025-2742
8.1
High
Base
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Name of the Vulnerable Software and Affected Versions
zhijiantianya ruoyi-vue-pro version 2.4.1
Description
A critical issue exists in zhijiantianya ruoyi-vue-pro 2.4.1 related to path traversal. The issue resides in the file
More/admin-api/mp/material/upload-permanentFileExploit
LPE
RCE
Path traversal
X.com
2 Posts
0Reposts
55.2 K Audience
Related posts · 7
WAPPD daemon proxies network requests to kernel ioctl handlers. Your LPE becomes RCE when userland services bridge attacker input straight to kernel interfaces. @hyprdude shows with CVE-2025-2742 why local privesc matters on IoT too.
2026-01-21 17:30:25
🚨 CVE-2025-2742
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. This vulnerability affects unknown code of the file /admin-api/mp/material/upload-permanent of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
2025-07-15 13:27:02
🚨 CVE-2025-2742
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. This vulnerability affects unknown code of the file /admin-api/mp/material/upload-permanent of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
2025-07-08 18:56:52
#17 · PT-2026-3865 · Vllm · Vllm
Arthurgervais
+1
·
Published
2026-01-21
·
Updated
2026-01-22
·
CVE-2026-22807
8.8
High
Base
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
vLLM versions 0.10.1 through 0.13.x
Description
vLLM is an inference and serving engine for large language models (LLMs). Versions starting from 0.10.1 and prior to 0.14.0 load Hugging Face
Moreauto maptrust remote codeExploit
Fix
RCE
Code Injection
X.com
7 Posts
0Reposts
644 Audience
Related posts · 7
CVE-2026-22807
Remote Code Execution in vLLM Versions 0.10.1 to 0.14.0 via Model Loading
2026-01-22 00:29:45
[CVE-2026-22807: HIGH] vLLM engine for large language models had a vulnerability allowing arbitrary code execution pre-version 0.14.0. Ensure to update to version 0.14.0 to fix this critical issue.#cve,CVE-2026-22807,#cybersecurity https://t.co/P18CmGOq4h https://t.co/Ww424CzTVV
2026-01-22 00:09:33
CVE-2026-22807 - vLLM Hugging Face auto_map deserialization allows RCE in AI inference systems.
Check version:
python -c "import vllm; print(vllm.version)"
Upgrade to v0.14.0+ if between 0.10.1-0.13.x #AIRisk
2026-01-21 22:29:04
#18 · PT-2026-3570 · Zoom · Zoom Node Multimedia Routers
Published
2026-01-20
·
Updated
2026-01-21
·
CVE-2026-22844
9.9
Critical
Base
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Zoom Node Multimedia Routers (MMRs) versions prior to 5.2.1716.0
Description
A command injection flaw exists in Zoom Node Multimedia Routers (MMRs). This allows a meeting participant with network access to execute arbitrary code remotely on the MMR without user interaction. Compromised MMR infrastructure could lead to data theft, service disruption, and full control of on-pr...
MoreFix
RCE
OS Command Injection
X.com
14 Posts
0Reposts
1.2 K Audience
Related posts · 15
🚨 Zoom Patches Critical RCE in Node MMR (CVE-2026-22844) as GitLab Fixes 2FA Bypass + DoS Bugs
Zoom fixed a CVSS 9.9 command-injection flaw (CVE-2026-22844) that could let meeting participants achieve remote code execution on Zoom Node Multimedia Routers (MMRs) in hybrid/meeting-connector deployments, while GitLab patched a 2FA bypass (CVE-2026-0723) and multiple DoS issues across CE/EE. Immediate upgrades reduce the risk of infrastructure compromise and service disruption in enterprise collaboration and DevOps environments.
🎯 Target: Global/Enterprise Collaboration & DevOps
#️⃣ Category: #Zoom #GitLab #CVE202622844 #CVE20260723 #RCE #2FABypass #DoS #PatchNow #VulnerabilityManagement #Cybersecurity
🔗 URL: https://t.co/5QEFlBorpR
2026-01-21 16:59:57
🚨 Critical Zoom RCE vulnerability
A newly disclosed command-injection flaw in Zoom (CVE-2026-22844) allows remote code execution via media relay components. This is being treated as high severity.
2026-01-21 16:42:13
Zoom has patched a critical bug (CVE-2026-22844, CVSS 9.9) in its Node Multimedia Routers that could let a meeting participant run code on the server. Users of Zoom Node Meetings, Hybrid, and Meeting Connector should update MMR modules to version 5.2.1716.0.
2026-01-21 16:31:41
#19 · PT-2026-3792 · Laravel · Laravel Reverb
M0H4Mmad
·
Published
2026-01-21
·
Updated
2026-01-22
·
CVE-2026-23524
9.8
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Laravel Reverb versions 1.6.3 and below
Description
Laravel Reverb, a real-time WebSocket communication backend for Laravel applications, is susceptible to Remote Code Execution (RCE). This occurs because the software passes data from the Redis channel directly into PHP’s
Moreunserialize()Exploit
Fix
RCE
Deserialization of Untrusted Data
X.com
6 Posts
0Reposts
312 Audience
Related posts · 6
CVE-2026-23524 - Laravel Reverb (v1.6.3 & below) passes untrusted Redis channel data creating security risk
Check: composer show laravel/reverb | grep versions
Source: https://t.co/yuhYsYVItw
2026-01-22 02:42:32
[CVE-2026-23524: CRITICAL] Beware of Laravel Reverb v1.6.3 & below! A Remote Code Execution vulnerability can occur due to Redis channel data handling. Upgrade to v1.7.0 ASAP or implement workarounds.#cve,CVE-2026-23524,#cybersecurity https://t.co/8jvUXHQJZd https://t.co/cgOu5OjlXR
2026-01-22 00:09:23
CVE-2026-23524 Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel d… https://t.co/mHGtIJaaGe
2026-01-21 23:21:33
#20 · PT-2026-3759 · Imagemagick
Published
2026-01-01
·
Updated
2026-01-22
·
CVE-2026-23952
6.5
Medium
Base
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions
ImageMagick versions 7.x through 14.10.1
Description
ImageMagick is software used for editing and manipulating digital images. A flaw exists in the MSL (Magick Scripting Language) parser when processing
More<comment>Exploit
Fix
DoS
RCE
NULL Pointer Dereference
X.com
3 Posts
0Reposts
204 Audience
Related posts · 3
CVE-2026-23952 - ImageMagick NULL pointer dereference in versions ≤14.10.1. DoS/potential RCE via crafted images.
Check: convert --version
Source: @CVEnew
2026-01-22 02:42:15
CVE-2026-23952
NULL Pointer Dereference in ImageMagick MSL Parser Affecting Versions 14.10.1 and Below
2026-01-22 01:51:08
CVE-2026-23952 ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerabilit… https://t.co/JjUlaOBEYb
2026-01-22 01:50:30
#21 · PT-2026-3863 · 5Ire · 5Ire
C2An1
·
Published
2026-01-21
·
Updated
2026-01-21
·
CVE-2026-22792
9.6
Critical
Base
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
5ire versions prior to 0.15.3
Description
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, unsafe HTML rendering allows untrusted HTML, including on* event attributes, to execute within the renderer context. An attacker can inject an
More<img onerror=...>Exploit
Fix
RCE
Improper Encoding or Escaping of Output
X.com
4 Posts
0Reposts
223 Audience
Related posts · 4
🔴 CVE-2026-22792 - Critical
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML (including o...
2026-01-21 21:51:04
CVE-2026-22792 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrus… https://t.co/wt3s4T7oRr
2026-01-21 21:44:49
[CVE-2026-22792: CRITICAL] Update to 5ire version 0.15.3 to fix a security flaw allowing remote code execution via HTML injection. Stay protected by applying the latest cyber security updates.#cve,CVE-2026-22792,#cybersecurity https://t.co/EaneikKjxd https://t.co/M0MwQHwAY6
2026-01-21 21:39:13
#22 · PT-2026-3887 · Sumatrapdf
Published
2026-01-22
·
Updated
2026-01-22
·
CVE-2026-23951
5.5
Medium
Base
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions
SumatraPDF (affected versions not specified)
Description
SumatraPDF, a multi-format reader for Windows, contains an off-by-one error in the validation code that triggers with exactly two records. This error causes an integer underflow in the size calculation within the
MorePalmDbReader::GetRecordExploit
RCE
Out of bounds Read
Integer Underflow
X.com
3 Posts
0Reposts
211 Audience
Related posts · 3
CVE-2026-23951 - SumatraPDF off-by-one buffer overflow affects all versions on Windows. RCE possible via malicious PDFs.
Check: Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall* | Select DisplayName,DisplayVersion | Where {$_.DisplayName -like "SumatraPDF"}
Source: @CVEnew
2026-01-22 02:42:12
CVE-2026-23951
Off-by-One Integer Underflow in SumatraPDF Mobi File Parsing
2026-01-22 02:01:19
CVE-2026-23951 SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an… https://t.co/J2rDyJSkJl
2026-01-22 01:50:31
#23 · PT-2026-3548 · WordPress · Advanced Custom Fields: Extended
Andrea Bocchetti
·
Published
2026-01-20
·
Updated
2026-01-21
·
CVE-2025-14533
9.8
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Advanced Custom Fields: Extended versions up to and including 0.9.2.1
Description
The Advanced Custom Fields: Extended plugin for WordPress contains a privilege escalation issue. The
Moreinsert userFix
LPE
Improper Privilege Management
X.com
14 Posts
0Reposts
1.1 K Audience
Related posts · 14
🚨 Critical vulnerability in ACF Extended plugin (CVE-2025-14533) allows unauthenticated attackers to register as admins on 100,000+ WordPress sites. Sites using this plugin are at risk. Update immediately!
Read more: https://t.co/ZrAMTRJqxp
2026-01-21 21:01:50
CVE-2025-14533: Critical WordPress Plugin Lapse Puts Over 100,000 Sites at Risk
2026-01-21 14:56:15
#WordPress: 100,000+ WordPress-powered Sites Affected by Privilege Escalation #Vulnerability CVE-2025-14533 in Advanced Custom Fields: Extended WordPress Plugin:
👇 https://t.co/t7FhU5N8vD
2026-01-21 13:18:38
#24 · PT-2026-3515 · Chainlit · Chainlit
Gal Zaban
+1
·
Published
2026-01-19
·
Updated
2026-01-22
·
CVE-2026-22218
None
Name of the Vulnerable Software and Affected Versions
Chainlit versions prior to 2.9.4
Description
Chainlit versions prior to 2.9.4 have an arbitrary file read issue in the
More/project/elementchainlitKeyExploit
Fix
Path traversal
X.com
10 Posts
0Reposts
669 Audience
Related posts · 11
Chainlit AI framework has two critical flaws (CVE-2026-22218 & CVE-2026-22219) allowing file read and SSRF attacks, risking data theft and lateral movement in organizations. Fixed in v2.9.4. #ChainlitFlaws #DataLeak #USA
https://t.co/EQmxyn2Cx4
2026-01-22 02:30:12
Two critical vulnerabilities in the Chainlit AI framework (CVE-2026-22218 & CVE-2026-22219) expose sensitive environment variables and enable SSRF attacks on servers, risking data leaks and full system takeovers. #ChainlitRisk #AIFlaws
https://t.co/rYmiYQ9lXV
2026-01-21 23:30:12
🚨 Chainlit Critical Bugs Enable Data Leaks and Potential Cloud Takeover
Two critical Chainlit flaws—CVE-2026-22218 (arbitrary file read) and CVE-2026-22219 (SSRF)—can leak sensitive environment variables (API keys, credentials, cloud secrets) and enable token forgery for account takeover, especially on internet-facing deployments. Chainlit patched the issues in v2.9.4, making rapid upgrades essential for organizations running AI chatbot infrastructure.
🎯 Target: Global / AI Applications & Enterprise Cloud
#️⃣ Category: #Chainlit #Vulnerability #CVE202622218 #CVE202622219 #SSRF #AI #CloudSecurity #AppSec
🔗 URL: https://t.co/CJbyXJC2HL
2026-01-21 21:05:28
#25 · PT-2026-3516 · Chainlit · Chainlit
Gal Zaban
+1
·
Published
2026-01-19
·
Updated
2026-01-22
·
CVE-2026-22219
None
Name of the Vulnerable Software and Affected Versions
Chainlit versions prior to 2.9.4
Description
Chainlit versions prior to 2.9.4 have a server-side request forgery (SSRF) issue in the
More/project/elementurlExploit
Fix
SSRF
X.com
9 Posts
0Reposts
615 Audience
Related posts · 10
Chainlit AI framework has two critical flaws (CVE-2026-22218 & CVE-2026-22219) allowing file read and SSRF attacks, risking data theft and lateral movement in organizations. Fixed in v2.9.4. #ChainlitFlaws #DataLeak #USA
https://t.co/EQmxyn2Cx4
2026-01-22 02:30:12
🚨 Chainlit AI Framework Bugs Enable File Theft and Cloud Environment Breach
Two high-severity Chainlit flaws (CVE-2026-22218 file read + CVE-2026-22219 SSRF) can expose sensitive files and leak cloud secrets (API keys/tokens), enabling attackers to pivot into enterprise cloud environments and potentially take over accounts. Organizations should upgrade Chainlit immediately (v2.9.4+) and treat internet-exposed AI apps as high-risk targets.
🎯 Target: Global / AI Applications & Cloud Environments
#️⃣ Category: #Chainlit #Vulnerability #CVE202622218 #CVE202622219 #SSRF #CloudSecurity #AI #AppSec
🔗 URL: https://t.co/G01FB0smHF
2026-01-21 23:35:23
Two critical vulnerabilities in the Chainlit AI framework (CVE-2026-22218 & CVE-2026-22219) expose sensitive environment variables and enable SSRF attacks on servers, risking data leaks and full system takeovers. #ChainlitRisk #AIFlaws
https://t.co/rYmiYQ9lXV
2026-01-21 23:30:12
#26 · PT-2026-3766 · Gitlab · Gitlab Ce/Ee
Published
2026-01-21
·
Updated
2026-01-22
·
CVE-2026-0723
None
Name of the Vulnerable Software and Affected Versions
GitLab versions prior to 18.6.4
GitLab versions prior to 18.7.2
GitLab versions prior to 18.8.2
Description
A security issue exists in GitLab’s authentication services that allows attackers with knowledge of a target’s account ID to bypass two-factor authentication. This bypass is due to an unchecked return value. The vulnerability also includes two denial-of-service flaws....
MoreX.com
8 Posts
6Reposts
1.4 K Audience
Related posts · 9
GitLab has released critical security updates addressing a high-severity two-factor authentication (2FA) bypass vulnerability, CVE-2026-0723, in its Community and Enterprise editions. This flaw allows attackers who obtain a user’s username and password to bypass 2FA protections by submitting forged device responses during login. The vulnerability is part of five total fixes, three of which are classified as high severity. If exploited, it could enable full account takeover, enabling adversaries to access, modify, or delete sensitive code repositories. GitLab warns that compromised code in developer accounts could lead to supply chain attacks, as seen in the Shai-Hulud worm incident, where a hacked npm account facilitated malware distribution. Attackers might also access cloud secrets stored in repositories, granting further access to infrastructure platforms like AWS or Azure.
The 2FA bypass highlights a critical limitation in authentication systems: while multifactor authentication adds a verification layer, it is not inherently infallible. Experts emphasize that 2FA mitigates risks like brute-force attacks but cannot fully prevent breaches if credentials are stolen through phishing or social engineering. For instance, session hijacking techniques—where attackers steal active session cookies—can bypass 2FA entirely without needing to forge device responses. Even advanced solutions like hardware tokens (e.g., YubiKeys) are not immune to flaws, as they are designed for human interaction and may introduce vulnerabilities over time. The incident underscores the importance of combining 2FA with additional safeguards, such as monitoring for suspicious login activity, enforcing strict access controls, and educating users about phishing threats. Organizations must also recognize that security is a layered effort; no single control can fully eliminate risk.
The broader lesson here is that authentication systems must evolve alongside attacker tactics. Two-factor authentication remains a foundational security measure, but its effectiveness depends on implementation quality and complementary strategies. For example, adaptive authentication systems can analyze login patterns (e.g., location, device, time) to flag anomalies, while multi-factor authentication (MFA) adds multiple verification steps. However, these measures do not eliminate the need for user vigilance or infrastructure hardening. The GitLab vulnerability serves as a reminder that even well-regarded security controls require continuous evaluation and updates. Developers and administrators should prioritize patching known vulnerabilities promptly and adopt a zero-trust architecture to minimize the impact of potential breaches.
https://t.co/BUTDIOrOfn
#GitLabSecurity #2FABypass #CVE20260723 #CyberSecurity #SupplyChainAttack
#CVE20260723 #CVE202513927 #CVE202513928 #CVE202513335 #GitLabSecurity
2026-01-22 00:23:18
🚨 Zoom Patches Critical RCE in Node MMR (CVE-2026-22844) as GitLab Fixes 2FA Bypass + DoS Bugs
Zoom fixed a CVSS 9.9 command-injection flaw (CVE-2026-22844) that could let meeting participants achieve remote code execution on Zoom Node Multimedia Routers (MMRs) in hybrid/meeting-connector deployments, while GitLab patched a 2FA bypass (CVE-2026-0723) and multiple DoS issues across CE/EE. Immediate upgrades reduce the risk of infrastructure compromise and service disruption in enterprise collaboration and DevOps environments.
🎯 Target: Global/Enterprise Collaboration & DevOps
#️⃣ Category: #Zoom #GitLab #CVE202622844 #CVE20260723 #RCE #2FABypass #DoS #PatchNow #VulnerabilityManagement #Cybersecurity
🔗 URL: https://t.co/5QEFlBorpR
2026-01-21 16:59:57
GitLab has patched critical vulnerabilities, including a high-severity two-factor authentication bypass and denial-of-service flaws affecting its software platform.
Key Points:
- A vulnerability allows attackers to bypass two-factor authentication using known account IDs.
- Two high-severity denial-of-service flaws could allow unauthenticated attackers to disrupt service.
- GitLab has released updated versions of its Community and Enterprise Editions to address these issues.
GitLab has identified a significant security vulnerability tracked as CVE-2026-0723 that affects both its Community Edition (CE) and Enterprise Edition (EE). This flaw stems from an unchecked return value in GitLab's authentication services, allowing attackers who are aware of a victim's account ID to circumvent two-factor authentication. This means that individuals with prior credentials can gain unauthorized access, which poses a serious risk to user accounts and data integrity.
In addition to the 2FA bypass vulnerability, GitLab also fixed two high-severity denial-of-service (DoS) flaws that could enable attackers to trigger service disruptions remotely. The first flaw allows unauthenticated access to exploit API endpoint vulnerabilities, while the second involves sending malformed authentication data. To mitigate these risks, GitLab has urged all users to promptly upgrade to the newly released versions 18.8.2, 18.7.2, and 18.6.4, which contain essential security patches. With more than 30 million registered users, including major companies, the urgency of this update is critical to safeguarding users against potential exploitation.
What steps do you take to ensure your two-factor authentication remains secure?
Learn More: Bleeping Computer
Want to stay updated on the latest cyber threats?
2026-01-21 16:45:24
#27 · PT-2026-2761 · Microsoft · Windows Admin Center
Ben Zamir
+2
·
Published
2026-01-13
·
Updated
2026-01-21
·
CVE-2026-20965
7.5
High
Base
AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Windows Admin Center versions prior to 0.70.00
Description
An improper verification of cryptographic signatures in Windows Admin Center can allow an attacker with local administrator access to elevate privileges. The issue involves a token validation flaw that could lead to tenant-wide remote code execution (RCE) in Azure Windows Admin Center. An attacker can bypass authenti...
MoreFix
RCE
Improper Verification of Cryptographic Signature
X.com
7 Posts
4Reposts
2.4 K Audience
Related posts · 9
En el artículo, se abordan los detalles de la vulnerabilidad CVE-2026-20965, que afecta al Azure Windows Admin Center. La Descripción de la vulnerabilidad revela que permite la ejecución remota de código (RCE) a nivel de inquilino, lo que podría comprometer la seguridad de múltiples entornos. En la sección de Análisis, se discuten las implicaciones de esta vulnerabilidad, incluyendo cómo los atacantes podrían explotarla para obtener acceso no autorizado a sistemas críticos. Finalmente, en las Conclusiones, se enfatiza la importancia de aplicar parches y mantener actualizadas las configuraciones de seguridad para mitigar los riesgos asociados. Esta vulnerabilidad subraya la necesidad de una vigilancia constante en la seguridad de las infraestructuras en la nube. [https://cymulate.com/blog/cve-2026-20965-azure-windows-admin-center-tenant-wide-rce/]
2026-01-21 21:15:52
CVE-2026-20965 Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center https://t.co/TISHkue36p
2026-01-21 10:32:52
CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center https://t.co/UFc27kYr7Q #azure
2026-01-18 08:25:34
#28 · PT-2026-3885 · Opencryptoki
Published
2026-01-22
·
Updated
2026-01-22
·
CVE-2026-23893
6.8
Medium
Base
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
Name of the Vulnerable Software and Affected Versions
openCryptoki versions 2.3.2 and above
Description
openCryptoki is a PKCS#11 library for Linux and AIX. Versions 2.3.2 and above are susceptible to symlink-following when operating in privileged contexts. A user belonging to the token-group can redirect file operations to arbitrary filesystem locations by creating symlinks in group-writable token directories, potentially lead...
MoreExploit
LPE
Link Following
X.com
3 Posts
0Reposts
283 Audience
Related posts · 3
CVE-2026-23893 - openCryptoki PKCS#11 library symlink vulnerability affects Linux/AIX versions 2.3.2+. Privilege escalation risk in containers.
Check: dpkg -l | grep opencryptoki
Source: @CVEnew
2026-01-22 02:42:10
CVE-2026-23893
Privilege Escalation in openCryptoki via Symlink Manipulation on Token Directories
2026-01-22 02:21:39
CVE-2026-23893 openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged cont… https://t.co/2xcuRcxc3A
2026-01-22 01:50:31
#29 · PT-2025-51936 · Git-Mcp-Server
Yardenporat
·
Published
2025-12-17
·
Updated
2026-01-21
·
CVE-2025-68143
None
Name of the Vulnerable Software and Affected Versions
mcp-server-git versions prior to 2025.9.25
mcp-server-git versions prior to 2025.12.18
Description
The Model Context Protocol Servers, a collection of reference implementations for the model context protocol (MCP), contains a flaw in the
Moregit initFix
RCE
Path traversal
X.com
8 Posts
0Reposts
631 Audience
Related posts · 9
🚨 Anthropic Patches Critical Flaws in Git MCP Server Enabling File Access and Potential RCE
Security researchers disclosed three high-severity issues in Anthropic’s mcp-server-git (CVE-2025-68143/68144/68145) that can be chained with the Filesystem MCP server to bypass path validation and inject arguments, potentially enabling unauthorized file access and code execution in default deployments. Organizations using MCP tooling should update immediately and treat prompt-injection as a real execution pathway for agent-connected developer infrastructure.
🎯 Target: Global / AI Developer Tooling (MCP Servers)
#️⃣ Category: #Anthropic #MCP #Git #Vulnerability #RCE #PromptInjection #DevSecOps #AppSec
🔗 URL: https://t.co/r65Rj7xY2l
2026-01-21 20:58:57
Critical flaws in Anthropic's mcp-server-git (CVE-2025-68143, CVE-2025-68144) expose AI-powered IDEs to prompt injection attacks. Attackers can trick models into unauthorized file access or RCE. Update to version 2025.12.18 immediately.
Read more: https://t.co/5KEscf2FRw
#CyberSecurity #Infosec #AI
2026-01-21 12:47:00
🚨 Anthropic Git MCP Server Flaws Enable Prompt-Injection RCE and File Access (“Chain of Tool Abuse”)
Cyata found three vulnerabilities in Anthropic’s official Git MCP server (CVE-2025-68143/68144/68145) where attacker-controlled arguments via prompt injection (e.g., malicious README/issues/webpages) can trigger arbitrary code execution and unauthorized file read/delete actions. Anthropic fixed the issues in mcp-server-git v2025.12.18, highlighting how insecure MCP tool validation can turn “AI context manipulation” into real system compromise.
🎯 Target: Global/AI Developer Tools
#️⃣ Category: #Anthropic #MCP #Git #PromptInjection #RCE #CVE #AISecurity #DevSecOps #SupplyChainSecurity #Cybersecurity
🔗 URL: https://t.co/WeqNGgJUeF
2026-01-21 12:46:15
#30 · PT-2025-44224 · Smci · X12Stw-F
Binarly Inc
·
Published
2025-10-28
·
Updated
2026-01-21
·
CVE-2025-12006
7.2
High
Base
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Supermicro BMC firmware on Supermicro MBD-X12STW-F (affected versions not specified)
Description
An issue exists in the firmware validation logic of Supermicro BMC firmware. An attacker can potentially update the system firmware using a specially crafted image.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vuln...
MoreImproper Verification of Cryptographic Signature
X.com
6 Posts
12Reposts
9.8 K Audience
Related posts · 6
On my way to @DistrictCon with new firmware update verification bypass on Supermicro BMCs (previously "fixed").
NEW: CVE-2025-12006 & CVE-2025-12007) @ant_av7 👏
Backstory:
Ghost in the Controller
https://t.co/fNLy7eU03Y
Broken Trust
https://t.co/3AL1gRhT0B
Stay tuned!
2026-01-21 19:37:21
CVE-2025-12006
Supermicro BMC Firmware Validation Bypass Vulnerability i...
Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
2026-01-16 17:58:16
CVE-2025-12006 There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially craf… https://t.co/4f0kTvebjX
2026-01-16 11:34:59