#1 · PT-2025-48817 · Meta · React Server Components

Published

2025-12-03

·

Updated

2026-01-13

·

CVE-2025-55182

10

Critical

Base

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions React versions 19.0.0 through 19.2.1 Next.js versions 15.x and 16.x

Description React Server Components (RSC) is affected by a critical remote code execution (RCE) vulnerability (CVE-2025-55182) with a CVSS score of 10.0. This vulnerability stems from unsafe deserialization of HTTP request payloads within Server Function endpoints. Exploitation allows unauthenticated attacke...

More

Exploit

Fix

RCE

DoS

Deserialization of Untrusted Data

1.7 K Posts

8.6 KReposts

9.6 M Audience

#2 · PT-2025-48971 · Meta · React

Published

2025-12-03

·

Updated

2026-01-13

·

CVE-2025-66478

10

High

Base

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Next.js versions 14.3.0-canary.77 and later canaries, 15.x, and 16.x.

Description A critical Remote Code Execution (RCE) vulnerability (CVE-2025-66478) exists in Next.js applications utilizing the App Router. This vulnerability, affecting React Server Components, allows attackers to execute arbitrary code on the server through crafted HTTP requests. Exploitation has been obs...

More

Exploit

Fix

Deserialization of Untrusted Data

329 Posts

2.6 KReposts

2.3 M Audience

#3 · PT-2023-4552 · Winrar · Winrar

Andrey Polovinkin

·

Published

2023-08-15

·

Updated

2026-01-13

·

CVE-2023-38831

7.8

High

Base

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 6.23

Description WinRAR versions prior to 6.23 contain a vulnerability that allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. This occurs because a ZIP archive can include a benign file and a folder with the same name, and the contents of the folder, which may include executable content, are p...

More

Exploit

Fix

RCE

Insufficient Verification of Data Authenticity

285 Posts

1.4 KReposts

7.0 M Audience

#4 · PT-2025-48978 · Anthropic · Claude-Code

Published

2025-12-03

·

Updated

2026-01-13

·

CVE-2025-66032

9.8

Critical

Base

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.93

Description Claude Code is an agentic coding tool. Prior to version 1.0.93, errors in parsing shell commands related to

$IFS

and short CLI flags allowed bypassing the read-only validation, potentially leading to arbitrary code execution. Successful exploitation requires the ability to inject untrusted content into a Claude Code context...

More

Fix

RCE

Command Injection

4 Posts

51Reposts

28.0 K Audience

Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:

1. CVE-2025-29927

📝 Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
📅 Published: 21/03/2025
📈 CVSS: 9.1
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
📣 Mentions: 219
⚠️ Priority: 2
📝 Analysis: Remote attackers can bypass authorization checks within Next.js applications in versions prior to 12.3.5, 13.5.9, 14.2.25, and 15.2.3 due to a vulnerability in the middleware handling. No exploits have been detected yet, but given its high CVSS score, it is considered a priority 2 vulnerability with low EPSS. Secure your applications by preventing external user requests containing the x-middleware-subrequest header from reaching your Next.js application until you can update to a safe version.

2. CVE-2025-4275

📝 A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot.
📅 Published: 11/06/2025
📈 CVSS: 7.8
🧭 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
📣 Mentions: 10
⚠️ Priority: 2
📝 Analysis: A high-severity UEFI code execution vulnerability has been identified in digital signature verification. Attackers can bypass Secure Boot by manipulating NVRAM variables due to improper validation during the process. No known exploits are currently active, making this a priority 2 issue based on high CVSS score but low Exploit Prediction Scale Score (EPSS). Verify affected versions match those described.

3. CVE-2025-38352

📝 In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it wont be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.
📅 Published: 22/07/2025
📈 CVSS: 7.4
🛡️ CISA KEV: True
🧭 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 61
⚠️ Priority: 1+
📝 Analysis: A race condition in Linux kernel's posix-cpu-timers can lead to task reaping issues and potential task synchronization failures. This issue is not critical if CONFIG_POSIX_CPU_TIMERS_TASK_WORK is set, but the fix is still advisable due to potential work failure. Given a high CVSS score and confirmed exploited status (CISA KEV), this is a priority 1+ vulnerability.

4. CVE-2025-8110

📝 Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
📅 Published: 10/12/2025
📈 CVSS: 8.7
🛡️ CISA KEV: True
🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/AU:Y/R:U/V:C
📣 Mentions: 48
⚠️ Priority: 1+
📝 Analysis: A local code execution vulnerability exists due to improper symbolic link handling in the PutContents API of Gogs. This issue is exploitable via network access and has been confirmed in-the-wild. Priority level: 1+ (confirmed exploited)

5. CVE-2025-37164

📝 A remote code execution issue exists in HPE OneView.
📅 Published: 16/12/2025
📈 CVSS: 10
🛡️ CISA KEV: True
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
📣 Mentions: 66
⚠️ Priority: 1+
📝 Analysis: A critical remote code execution issue (CVSS 10) affects HPE OneView, enabling attackers to execute commands remotely without known exploits in the wild. This vulnerability is classified as a priority 1+ due to confirmed exploitation.

6. CVE-2025-46285

📝 An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges.
📅 Published: 12/12/2025
📈 CVSS: 7.8
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 1
⚠️ Priority: 4
📝 Analysis: A integer overflow issue in multiple Apple operating systems enables apps to potentially gain root privileges; no known exploits in the wild, assessed as a priority 4 vulnerability due to low EPSS and CVSS score.

7. CVE-2025-68668

📝 n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds for this issue involve disabling the Code Node by setting the environment variable NODES_EXCLUDE: [\n8n-nodes-base.code\], disabling Python support in the Code node by setting the environment variable N8N_PYTHON_ENABLED=false, which was introduced in n8n version 1.104.0, and configuring n8n to use the task runner based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.
📅 Published: 26/12/2025
📈 CVSS: 9.9
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
📣 Mentions: 21
⚠️ Priority: 2
📝 Analysis: A sandbox bypass vulnerability exists in n8n's Python Code Node from versions 1.0.0 to before 2.0.0, enabling authenticated users to execute arbitrary commands on the host system. Patched in version 2.0.0, workarounds include disabling the Code Node or configuring a task runner based Python sandbox. Despite no known exploits, this vulnerability scores as priority 2 due to high CVSS and low Exploit Prediction Scale Score (EPSS).

8. CVE-2025-69258

📝 A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
📅 Published: 08/01/2026
📈 CVSS: 9.8
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 27
⚠️ Priority: 2
📝 Analysis: A LoadLibraryEX vulnerability exists in Trend Micro Apex Central, allowing unauthenticated remote attackers to execute attacker-supplied code as SYSTEM on affected installations. No confirmed exploits in the wild have been detected, but due to the high CVSS score, it is a priority 2 vulnerability.

9. CVE-2025-66032

📝 Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93.
📅 Published: 03/12/2025
📈 CVSS: 8.7
🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
📣 Mentions: 2
⚠️ Priority: 2
📝 Analysis: Arbitrary code execution vulnerability exists in Claude Code 1.0.92 and lower versions due to shell command parsing errors. Exploitation requires adding untrusted content into a Claude Code context window. CISA KEV: [REDACTED], Priority Score: 2 (high CVSS, low EPSS).

10. CVE-2025-68493

📝 Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.
📅 Published: 11/01/2026
📈 CVSS: 0
🧭 Vector: n/a
📣 Mentions: 17
⚠️ Priority: 4
📝 Analysis: A missing XML validation vulnerability exists in Apache Struts from versions 2.0.0 before 2.2.1 and from 2.2.1 through 6.1.0. Users are advised to upgrade to version 6.1.1 to address this issue. Although no exploits have been detected, the priority is 4 due to its low CVSS score and lack of known in-the-wild activity.

Let us know if you're tracking any of these or if you find any issues with the provided details.

2026-01-13 16:27:02

We've published a new blog post by RyotaK @ryotkak

He discovered 8 methods to bypass safety mechanisms in Claude Code, leading to arbitrary command execution.

We recommend updating to v1.0.93 or later to fix this vulnerability (CVE-2025-66032).

https://t.co/sNu7Z9QoXk

2026-01-12 14:10:18

SECURITY ALERT: CVE-2025-66032 Exploit Fix & Mitigation Guide

Read more: https://t.co/73jszGHeoN #Cybersecurity #CVE https://t.co/P9eSMMwGJP

2025-12-31 14:50:08

#5 · PT-2025-50327 · Gogs · Gogs

Published

2025-10-30

·

Updated

2026-01-13

·

CVE-2025-8110

8.8

High

Base

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.3

Description Gogs, a self-hosted Git service, is affected by a zero-day vulnerability (CVE-2025-8110) that allows for remote code execution (RCE). This flaw is due to improper handling of symbolic links within the

PutContents API

, enabling attackers to bypass previous security measures and overwrite critical files. Over 700 instances have been...

More

Exploit

RCE

DoS

Path traversal

60 Posts

204Reposts

157.6 K Audience

🚨 CISA warns of active exploitation of a high-severity Gogs vulnerability (CVE-2025-8110). The flaw allows remote code execution via path traversal and is already being exploited in the wild. #CyberSecurity #CybersecurityNews Full Story 👉 https://t.co/yxfph3ssKg https://t.co/b43wNws96M

2026-01-13 11:57:59

Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:

1. CVE-2025-29927

📝 Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
📅 Published: 21/03/2025
📈 CVSS: 9.1
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
📣 Mentions: 219
⚠️ Priority: 2
📝 Analysis: Remote attackers can bypass authorization checks within Next.js applications in versions prior to 12.3.5, 13.5.9, 14.2.25, and 15.2.3 due to a vulnerability in the middleware handling. No exploits have been detected yet, but given its high CVSS score, it is considered a priority 2 vulnerability with low EPSS. Secure your applications by preventing external user requests containing the x-middleware-subrequest header from reaching your Next.js application until you can update to a safe version.

2. CVE-2025-4275

📝 A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot.
📅 Published: 11/06/2025
📈 CVSS: 7.8
🧭 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
📣 Mentions: 10
⚠️ Priority: 2
📝 Analysis: A high-severity UEFI code execution vulnerability has been identified in digital signature verification. Attackers can bypass Secure Boot by manipulating NVRAM variables due to improper validation during the process. No known exploits are currently active, making this a priority 2 issue based on high CVSS score but low Exploit Prediction Scale Score (EPSS). Verify affected versions match those described.

3. CVE-2025-38352

📝 In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it wont be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.
📅 Published: 22/07/2025
📈 CVSS: 7.4
🛡️ CISA KEV: True
🧭 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 61
⚠️ Priority: 1+
📝 Analysis: A race condition in Linux kernel's posix-cpu-timers can lead to task reaping issues and potential task synchronization failures. This issue is not critical if CONFIG_POSIX_CPU_TIMERS_TASK_WORK is set, but the fix is still advisable due to potential work failure. Given a high CVSS score and confirmed exploited status (CISA KEV), this is a priority 1+ vulnerability.

4. CVE-2025-8110

📝 Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
📅 Published: 10/12/2025
📈 CVSS: 8.7
🛡️ CISA KEV: True
🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/AU:Y/R:U/V:C
📣 Mentions: 48
⚠️ Priority: 1+
📝 Analysis: A local code execution vulnerability exists due to improper symbolic link handling in the PutContents API of Gogs. This issue is exploitable via network access and has been confirmed in-the-wild. Priority level: 1+ (confirmed exploited)

5. CVE-2025-37164

📝 A remote code execution issue exists in HPE OneView.
📅 Published: 16/12/2025
📈 CVSS: 10
🛡️ CISA KEV: True
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
📣 Mentions: 66
⚠️ Priority: 1+
📝 Analysis: A critical remote code execution issue (CVSS 10) affects HPE OneView, enabling attackers to execute commands remotely without known exploits in the wild. This vulnerability is classified as a priority 1+ due to confirmed exploitation.

6. CVE-2025-46285

📝 An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges.
📅 Published: 12/12/2025
📈 CVSS: 7.8
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 1
⚠️ Priority: 4
📝 Analysis: A integer overflow issue in multiple Apple operating systems enables apps to potentially gain root privileges; no known exploits in the wild, assessed as a priority 4 vulnerability due to low EPSS and CVSS score.

7. CVE-2025-68668

📝 n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds for this issue involve disabling the Code Node by setting the environment variable NODES_EXCLUDE: [\n8n-nodes-base.code\], disabling Python support in the Code node by setting the environment variable N8N_PYTHON_ENABLED=false, which was introduced in n8n version 1.104.0, and configuring n8n to use the task runner based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.
📅 Published: 26/12/2025
📈 CVSS: 9.9
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
📣 Mentions: 21
⚠️ Priority: 2
📝 Analysis: A sandbox bypass vulnerability exists in n8n's Python Code Node from versions 1.0.0 to before 2.0.0, enabling authenticated users to execute arbitrary commands on the host system. Patched in version 2.0.0, workarounds include disabling the Code Node or configuring a task runner based Python sandbox. Despite no known exploits, this vulnerability scores as priority 2 due to high CVSS and low Exploit Prediction Scale Score (EPSS).

8. CVE-2025-69258

📝 A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
📅 Published: 08/01/2026
📈 CVSS: 9.8
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 27
⚠️ Priority: 2
📝 Analysis: A LoadLibraryEX vulnerability exists in Trend Micro Apex Central, allowing unauthenticated remote attackers to execute attacker-supplied code as SYSTEM on affected installations. No confirmed exploits in the wild have been detected, but due to the high CVSS score, it is a priority 2 vulnerability.

9. CVE-2025-66032

📝 Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93.
📅 Published: 03/12/2025
📈 CVSS: 8.7
🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
📣 Mentions: 2
⚠️ Priority: 2
📝 Analysis: Arbitrary code execution vulnerability exists in Claude Code 1.0.92 and lower versions due to shell command parsing errors. Exploitation requires adding untrusted content into a Claude Code context window. CISA KEV: [REDACTED], Priority Score: 2 (high CVSS, low EPSS).

10. CVE-2025-68493

📝 Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.
📅 Published: 11/01/2026
📈 CVSS: 0
🧭 Vector: n/a
📣 Mentions: 17
⚠️ Priority: 4
📝 Analysis: A missing XML validation vulnerability exists in Apache Struts from versions 2.0.0 before 2.2.1 and from 2.2.1 through 6.1.0. Users are advised to upgrade to version 6.1.1 to address this issue. Although no exploits have been detected, the priority is 4 due to its low CVSS score and lack of known in-the-wild activity.

Let us know if you're tracking any of these or if you find any issues with the provided details.

2026-01-13 11:05:49

🚨 Critical Gogs Vulnerability #CVE-2025-8110, Actively Exploited, CISA Warns

https://t.co/R8Sf8UtSNi

2026-01-13 08:35:51

#6 · PT-2026-1662 · N8N · N8N

Dorattias

·

Published

2026-01-07

·

Updated

2026-01-13

·

CVE-2026-21858

10

Critical

Base

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.121.0

Description n8n is an open-source workflow automation platform vulnerable to a critical issue allowing unauthenticated remote code execution (RCE). This flaw, dubbed “Ni8mare” (CVE-2026-21858), stems from a content-type confusion vulnerability in the handling of webhooks and form-based workflows. Attackers can exploit this to read arbitrary file...

More

Exploit

Fix

RCE

122 Posts

511Reposts

197.5 K Audience

Threat actors are exploiting the "Ni8mare" vulnerability (CVE-2026-21858) in n8n instances to gain control, exposing sensitive data and enabling further compromise. This puts organizations at risk of data theft and complete system takeover. Organizations must immediately upgrade n8n instances to version 1.121.0 or later to prevent remote, unauthenticated attackers from gaining control. ⚠️ #CyberNewsLive

https://t.co/qPmddjij35

2026-01-13 00:14:17

Начнем год с Ni8mare и лабораторной 😈

Мы уже писали о n8n в прошлом году. Но пока отдыхали, в сети появился новый эксплойт на уязвимость — CVE-2026-21858. Она связана с путаницей типов, которая позволяет переопределить внутреннее состояние и может привести к чтению или исполнению произвольных файлов.

🫡 Подобнее об уязвимости При HTTP-запросе n8n смотрит заголовок Content-Type и решает, как распарсить тело запроса.

— Если ожидается multipart/form-data, то n8n должен вызывать безопасный парсер загрузки файлов.

— Вообще путаница типов возникает, когда злоумышленник подменяет MIME type на application/json или что-то другое. И из-за ошибки Content-Type Confusion вызывается обычный парсер тела (parseBody()), который присваивает данные напрямую в req.body без проверки и защиты. То есть вызовется обычный парсер тела запроса вместо парсера загрузки файла. Это позволяет читать произвольный файл в функции prepareFormReturnItem для webhook через: returnItem.binary![fileCount++] = await context.nodeHelpers.copyBinaryFile( file.filepath, file.originalFilename, file.mimetype );

🫡 Пример json { "files": { "test": { "filepath": "/etc/passwd" } } }

А вот и лабораторная. 1️⃣ Скачайте в комментариях файл docker-compose, который необходимо запустить через docker-compose up. 2️⃣ Настройте Workflow, как показано на скриншоте 1.
3️⃣ Отправьте произвольный файл. 4️⃣ Перехватите запрос, например в Burp Suite. 5️⃣ Измените его тип и содержимое. 6️⃣ Отправьте измененный запрос.

Уязвимость может быть использована как часть RCE-цепочки.

Получите данные авторизации через чтение фалов CVE-2026–21858.
Выполните удаленный код через CVE-2025–68613.

🫡 Как защищаться

В настройках Workflow настроить авторизацию для формы.
Блокировать запросы к форме загрузки файлов с типом application/json.
Обновиться.

2026-01-12 09:26:28

Ni8mare - Unauthenticated Remote Code Execution in n8n (CVE-2026-21858) https://t.co/pCaN80EZp5

2026-01-10 11:18:07

#7 · PT-2025-52530 · N8N · N8N

Fatihhcelik

·

Published

2025-12-19

·

Updated

2026-01-13

·

CVE-2025-68613

9.9

Critical

Base

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions n8n versions 0.211.0 through 1.120.3 n8n versions prior to 1.120.4 n8n versions prior to 1.121.1 n8n versions prior to 1.122.0

Description n8n, an open source workflow automation platform, is affected by a critical Remote Code Execution (RCE) vulnerability (CVE-2025-68613) with a CVSS score of 9.9. This flaw stems from insufficient isolation in the expression evaluation syst...

More

Exploit

Fix

LPE

RCE

111 Posts

1.2 KReposts

652.0 K Audience

#8 · PT-2025-26225 · Winrar · Winrar

Marcin Bobryk

·

Published

2025-06-19

·

Updated

2026-01-13

·

CVE-2025-6218

7.8

High

Base

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.12

Description WinRAR contains a directory traversal vulnerability (CVE-2025-6218) that allows remote attackers to execute arbitrary code on affected systems. This occurs due to improper handling of file paths within archive files, enabling a crafted file path to traverse to unintended directories. User interaction is required, as the target must o...

More

Exploit

Fix

RCE

Path traversal

117 Posts

306Reposts

448.6 K Audience

#9 · PT-2025-30384 · Linux · Linux Kernel

Published

2025-07-22

·

Updated

2026-01-13

·

CVE-2025-38352

7.4

High

Base

AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions

Linux kernel versions prior to 6.1.153-1~deb11u1 Linux kernel versions 5.10.244-1 Linux kernel versions prior to 5.10.244-1 Linux kernel (affected versions not specified)

Description

The Linux kernel contains vulnerabilities that may lead to privilege escalation, denial of service, or information leaks. The kernel packages contain the core of any Linux operating system. A...

More

Exploit

Fix

LPE

Race Condition

Time Of Check To Time Of Use

86 Posts

477Reposts

689.9 K Audience

Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:

1. CVE-2025-29927

📝 Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
📅 Published: 21/03/2025
📈 CVSS: 9.1
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
📣 Mentions: 219
⚠️ Priority: 2
📝 Analysis: Remote attackers can bypass authorization checks within Next.js applications in versions prior to 12.3.5, 13.5.9, 14.2.25, and 15.2.3 due to a vulnerability in the middleware handling. No exploits have been detected yet, but given its high CVSS score, it is considered a priority 2 vulnerability with low EPSS. Secure your applications by preventing external user requests containing the x-middleware-subrequest header from reaching your Next.js application until you can update to a safe version.

2. CVE-2025-4275

📝 A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot.
📅 Published: 11/06/2025
📈 CVSS: 7.8
🧭 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
📣 Mentions: 10
⚠️ Priority: 2
📝 Analysis: A high-severity UEFI code execution vulnerability has been identified in digital signature verification. Attackers can bypass Secure Boot by manipulating NVRAM variables due to improper validation during the process. No known exploits are currently active, making this a priority 2 issue based on high CVSS score but low Exploit Prediction Scale Score (EPSS). Verify affected versions match those described.

3. CVE-2025-38352

📝 In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it wont be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.
📅 Published: 22/07/2025
📈 CVSS: 7.4
🛡️ CISA KEV: True
🧭 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 61
⚠️ Priority: 1+
📝 Analysis: A race condition in Linux kernel's posix-cpu-timers can lead to task reaping issues and potential task synchronization failures. This issue is not critical if CONFIG_POSIX_CPU_TIMERS_TASK_WORK is set, but the fix is still advisable due to potential work failure. Given a high CVSS score and confirmed exploited status (CISA KEV), this is a priority 1+ vulnerability.

4. CVE-2025-8110

📝 Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
📅 Published: 10/12/2025
📈 CVSS: 8.7
🛡️ CISA KEV: True
🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/AU:Y/R:U/V:C
📣 Mentions: 48
⚠️ Priority: 1+
📝 Analysis: A local code execution vulnerability exists due to improper symbolic link handling in the PutContents API of Gogs. This issue is exploitable via network access and has been confirmed in-the-wild. Priority level: 1+ (confirmed exploited)

5. CVE-2025-37164

📝 A remote code execution issue exists in HPE OneView.
📅 Published: 16/12/2025
📈 CVSS: 10
🛡️ CISA KEV: True
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
📣 Mentions: 66
⚠️ Priority: 1+
📝 Analysis: A critical remote code execution issue (CVSS 10) affects HPE OneView, enabling attackers to execute commands remotely without known exploits in the wild. This vulnerability is classified as a priority 1+ due to confirmed exploitation.

6. CVE-2025-46285

📝 An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges.
📅 Published: 12/12/2025
📈 CVSS: 7.8
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 1
⚠️ Priority: 4
📝 Analysis: A integer overflow issue in multiple Apple operating systems enables apps to potentially gain root privileges; no known exploits in the wild, assessed as a priority 4 vulnerability due to low EPSS and CVSS score.

7. CVE-2025-68668

📝 n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds for this issue involve disabling the Code Node by setting the environment variable NODES_EXCLUDE: [\n8n-nodes-base.code\], disabling Python support in the Code node by setting the environment variable N8N_PYTHON_ENABLED=false, which was introduced in n8n version 1.104.0, and configuring n8n to use the task runner based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.
📅 Published: 26/12/2025
📈 CVSS: 9.9
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
📣 Mentions: 21
⚠️ Priority: 2
📝 Analysis: A sandbox bypass vulnerability exists in n8n's Python Code Node from versions 1.0.0 to before 2.0.0, enabling authenticated users to execute arbitrary commands on the host system. Patched in version 2.0.0, workarounds include disabling the Code Node or configuring a task runner based Python sandbox. Despite no known exploits, this vulnerability scores as priority 2 due to high CVSS and low Exploit Prediction Scale Score (EPSS).

8. CVE-2025-69258

📝 A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
📅 Published: 08/01/2026
📈 CVSS: 9.8
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 27
⚠️ Priority: 2
📝 Analysis: A LoadLibraryEX vulnerability exists in Trend Micro Apex Central, allowing unauthenticated remote attackers to execute attacker-supplied code as SYSTEM on affected installations. No confirmed exploits in the wild have been detected, but due to the high CVSS score, it is a priority 2 vulnerability.

9. CVE-2025-66032

📝 Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93.
📅 Published: 03/12/2025
📈 CVSS: 8.7
🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
📣 Mentions: 2
⚠️ Priority: 2
📝 Analysis: Arbitrary code execution vulnerability exists in Claude Code 1.0.92 and lower versions due to shell command parsing errors. Exploitation requires adding untrusted content into a Claude Code context window. CISA KEV: [REDACTED], Priority Score: 2 (high CVSS, low EPSS).

10. CVE-2025-68493

📝 Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.
📅 Published: 11/01/2026
📈 CVSS: 0
🧭 Vector: n/a
📣 Mentions: 17
⚠️ Priority: 4
📝 Analysis: A missing XML validation vulnerability exists in Apache Struts from versions 2.0.0 before 2.2.1 and from 2.2.1 through 6.1.0. Users are advised to upgrade to version 6.1.1 to address this issue. Although no exploits have been detected, the priority is 4 due to its low CVSS score and lack of known in-the-wild activity.

Let us know if you're tracking any of these or if you find any issues with the provided details.

2026-01-13 03:01:16

#PoC #Exploit Released for #Android/#Linux Kernel Vulnerability CVE-2025-38352 https://t.co/aLTYN7Cl4o #cve #vulnerability #CyberSecurity

2026-01-10 16:10:20

Android/Linux CVE-2025-38352 https://t.co/icnjsylB9K

2026-01-08 14:06:43

#10 · PT-2025-17927 · Craft · Craft

Nicolas Bourras

+2

·

Published

2025-04-25

·

Updated

2026-01-12

·

CVE-2025-32432

10

Critical

Base

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Craft versions 3.0.0-RC1 through 3.9.14 Craft versions 4.0.0-RC1 through 4.14.14 Craft versions 5.0.0-RC1 through 5.6.16

Description Craft CMS is vulnerable to remote code execution. This is a high-impact, low-complexity issue. The Mimo intrusion set has been observed exploiting this vulnerability to deploy webshells, loaders, and proxyware, including the XMRig cryptominer a...

More

Exploit

Fix

RCE

Code Injection

109 Posts

192Reposts

886.1 K Audience

Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:

1. CVE-2025-68664

📝 LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChains dumps() and dumpd() functions. The functions do not escape dictionaries with lc keys when serializing free-form dictionaries. The lc key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.
📅 Published: 23/12/2025
📈 CVSS: 9.3
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
📣 Mentions: 10
⚠️ Priority: 2
📝 Analysis: A deserialization injection vulnerability exists in LangChain (versions <0.3.81 and 1.2.5), allowing attackers to bypass internal object recognition during deserialization. No confirmed exploits in the wild, but given high CVSS score, this is a priority 2 issue with low EPSS.

2. CVE-2025-3248

📝 Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
📅 Published: 07/04/2025
📈 CVSS: 9.8
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 134
📝 Analysis: Code injection vulnerability found in Langflow versions below 1.3.0, affecting the /api/v1/validate/code endpoint. No exploits detected in the wild yet, but high severity due to potential for arbitrary code execution. This is a priority 2 issue with high CVSS score and low EPSS.

3. CVE-2025-29927

📝 Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
📅 Published: 21/03/2025
📈 CVSS: 9.1
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
📣 Mentions: 196
📝 Analysis: Remote attackers can bypass authorization checks within Next.js applications (versions prior to 12.3.5, 13.5.9, 14.2.25, and 15.2.3) due to a vulnerability in the middleware. Despite no confirmed exploits, the high CVSS score places this as a priority 2 issue given its low EPSS. Implement safeguards to prevent external user requests containing the x-middleware-subrequest header from reaching your Next.js application if updating is infeasible.

4. CVE-2025-32432

📝 Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.
📅 Published: 25/04/2025
📈 CVSS: 10
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
📣 Mentions: 44
📝 Analysis: A critical Remote Code Execution (RCE) vulnerability exists in Craft CMS versions 3.0.0-RC1 to < 3.9.15, 4.0.0-RC1 to < 4.14.15, and 5.0.0-RC1 to < 5.6.17. The issue has been patched in the indicated versions. Priority level: 2 (High CVSS & Low Exploitability Potential Score). Confirmed exploits not detected yet.

5. CVE-2025-38001

📝 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF. To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u
📅 Published: 06/06/2025
📈 CVSS: 0
🧭 Vector: n/a
📣 Mentions: 12
📝 Analysis: A UAF vulnerability has been identified in Linux kernel's net_sched when utilizing HFSC with NETEM. The patch (141d3439) can be bypassed, causing a UAF under specific conditions involving TBF and low rates. To mitigate, explicitly check for class presence during hfsc_enqueue if the HFSC_RSC flag is set. Currently, this vulnerability has low exploitability and activity in the wild (CISA KEV: Priority 4).

6. CVE-2025-68613

📝 n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
📅 Published: 19/12/2025
📈 CVSS: 10
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
📣 Mentions: 3
📝 Analysis: A critical Remote Code Execution (RCE) vulnerability affects versions of n8n starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0. Successful exploitation can lead to full compromise of the affected instance. Upgrade to patched versions or temporarily limit workflow creation/editing permissions and deploy in a hardened environment. This vulnerability is priority 2 according to CISA KEV due to high CVSS but low Exploitability Score.

7. CVE-2025-14847

📝 Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.
📅 Published: 19/12/2025
📈 CVSS: 8.7
🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
📣 Mentions: 5
📝 Analysis: Unauthenticated client can read uninitialized heap memory due to mismatched length fields in Zlib compressed protocol headers; this issue affects various versions of MongoDB Server. Despite high CVSS score, exploitation has not been observed in the wild, making it a priority 2 vulnerability.

8. CVE-2025-54068

📝 Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.
📅 Published: 17/07/2025
📈 CVSS: 9.2
🧭 Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
📣 Mentions: 5
📝 Analysis: Unauthenticated attackers can achieve remote command execution in Livewire v3 up to v3.6.3 due to improper hydration of component property updates. This issue is unique to Livewire v3 and does not affect prior major versions. Exploitation occurs without authentication or user interaction. Patch available in v3.6.4; upgrade recommended. Known exploit activity low, priority 2.

9. CVE-2023-52163

📝 Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
📅 Published: 03/02/2025
📈 CVSS: 8.8
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 120
📝 Analysis: Command Injection vulnerability in Digiever DS-2105 Pro (3.1.0.71-11) devices allows remote attackers to execute commands. Although no longer supported, confirmed exploitation has occurred, making this a priority 1+ issue.

10. CVE-2025-55183

📝 An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.
📅 Published: 11/12/2025
📈 CVSS: 5.3
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
📣 Mentions: 32
📝 Analysis: Information leak vulnerability found in specific React Server Components versions (19.0.0-19.2.1). Specific HTTP requests can expose server function source code due to unsafeguarded arguments. No known exploits in the wild, but priority is 4 (low CVSS & low EPSS). Affected packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack.

Let us know if you're tracking any of these or if you find any issues with the provided details.

2025-12-25 11:04:53

⚠️ Критическая уязвимость в Yii 2 Framework (CVE-2024-58136)

В апреле 2025 года в популярном PHP-фреймворке Yii 2 была раскрыта критическая уязвимость CVE-2024-58136 с базовым баллом CVSS 9.0, активно используемая в реальных атаках начиная с февраля 2025 года.

Уязвимость представляет собой регрессию ранее исправленной CVE-2024-4990 и затрагивает механизм прикрепления поведений (behaviors) к компонентам через обработку class array key.

Проблема возникает в магическом методе set() класса yii\base\Component при обработке свойств, начинающихся с префикса "as ". Злоумышленник может обойти патч CVE-2024-4990, добавив свойство "class" с ссылкой на легитимный Behavior класс, что позволяет инстанцировать произвольные объекты и достичь удаленного выполнения кода (RCE).

🎯 Условия эксплуатации: • Приложение должно принимать пользовательский ввод в формате JSON. • Наличие эндпоинтов, обрабатывающих параметры с префиксом "as ". • Доступность классов для инстанцирования в контексте приложения

💥 Активная эксплуатация: Уязвимость активно эксплуатируется в реальных атаках с февраля 2025 года, особенно в связке с CVE-2025-32432 для компрометации CraftCMS-инсталляций, о чем ранее сообщали специалисты СайберОК.

‼️ Рекомендации: • Немедленно обновите Yii 2 до версии 2.0.52 или более поздней. • Проверьте логи приложения на подозрительные запросы с параметрами "as ". • Реализуйте дополнительную валидацию входных данных JSON. • Ограничьте доступные для инстанцирования классы в конфигурации приложения • Рассмотрите временное отключение динамического прикрепления поведений.

🔎 Фреймворк Yii 2 широко используется в корпоративных веб-приложениях. В подтверждение этому, на просторах Рунета СКИПА фиксирует около 5 тысяч уникальных инсталляций этого ПО.

Несмотря на то, что потенциально уязвимые версии ПО обнаружены на 45% хостов, в связи с дополнительными условиями, которые необходимы для успешной эксплуатации, мы оцениваем, что реально уязвимых сервисов существенно меньше.

2025-06-02 07:11:02

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware https://t.co/rTWjgv4E0f via @TheHackersNews

2025-05-28 21:58:18

#11 · PT-2025-53686 · Smartertools · Smartermail

Chua Meng Han

·

Published

2025-12-29

·

Updated

2026-01-12

·

CVE-2025-52691

10

Critical

Base

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SmarterMail versions prior to Build 9413 SmarterMail version 9406 SmarterMail versions prior to Build 9406 SmarterMail versions prior to October 9, 2025

Description A critical vulnerability exists in SmarterMail that allows unauthenticated attackers to upload arbitrary files to any location on the mail server. Successful exploitation could lead to remote code execution (RCE)...

More

Exploit

Fix

RCE

Unrestricted File Upload

67 Posts

146Reposts

85.6 K Audience

#12 · PT-2025-51738 · Hewlett Packard · Hpe Oneview

Published

2025-12-16

·

Updated

2026-01-13

·

CVE-2025-37164

10

Critical

Base

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HPE OneView versions prior to 11.00 HPE OneView versions 5.20 through 10.20

Description HPE OneView contains a remote code execution issue that allows unauthenticated attackers to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2025-37164, has a CVSS score of 10.0 and is actively being exploited. The vulnerability stems from improper input handl...

More

Exploit

Fix

RCE

Code Injection

79 Posts

189Reposts

97.6 K Audience

#13 · PT-2026-1121 · @Adonisjs/Bodyparser

Wodzen

·

Published

2026-01-02

·

Updated

2026-01-13

·

CVE-2026-21440

9.4

High

Base

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions AdonisJS versions through 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6

Description A Path Traversal vulnerability exists in the AdonisJS multipart file handling process. This flaw allows a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. The vulnerability is present in the

@adonisjs/bodyparser

package. Exploitation inv...

More

Exploit

Fix

RCE

Path traversal

22 Posts

105Reposts

35.8 K Audience

#14 · PT-2026-1915 · Apache · Apache Struts

Published

2026-01-11

·

Updated

2026-01-13

·

CVE-2025-68493

8.1

High

Base

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 6.1.0

Description A missing XML validation issue exists in Apache Struts. This flaw, related to the XWork component, allows attackers to exploit external entity processing to read sensitive files, potentially trigger Server-Side Request Forgery (SSRF), or cause a denial-of-service. The issue affects Java web applications utilizing Apache...

More

Fix

DoS

13 Posts

29Reposts

7.7 K Audience

Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:

1. CVE-2025-29927

📝 Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
📅 Published: 21/03/2025
📈 CVSS: 9.1
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
📣 Mentions: 219
⚠️ Priority: 2
📝 Analysis: Remote attackers can bypass authorization checks within Next.js applications in versions prior to 12.3.5, 13.5.9, 14.2.25, and 15.2.3 due to a vulnerability in the middleware handling. No exploits have been detected yet, but given its high CVSS score, it is considered a priority 2 vulnerability with low EPSS. Secure your applications by preventing external user requests containing the x-middleware-subrequest header from reaching your Next.js application until you can update to a safe version.

2. CVE-2025-4275

📝 A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot.
📅 Published: 11/06/2025
📈 CVSS: 7.8
🧭 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
📣 Mentions: 10
⚠️ Priority: 2
📝 Analysis: A high-severity UEFI code execution vulnerability has been identified in digital signature verification. Attackers can bypass Secure Boot by manipulating NVRAM variables due to improper validation during the process. No known exploits are currently active, making this a priority 2 issue based on high CVSS score but low Exploit Prediction Scale Score (EPSS). Verify affected versions match those described.

3. CVE-2025-38352

📝 In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it wont be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.
📅 Published: 22/07/2025
📈 CVSS: 7.4
🛡️ CISA KEV: True
🧭 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 61
⚠️ Priority: 1+
📝 Analysis: A race condition in Linux kernel's posix-cpu-timers can lead to task reaping issues and potential task synchronization failures. This issue is not critical if CONFIG_POSIX_CPU_TIMERS_TASK_WORK is set, but the fix is still advisable due to potential work failure. Given a high CVSS score and confirmed exploited status (CISA KEV), this is a priority 1+ vulnerability.

4. CVE-2025-8110

📝 Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
📅 Published: 10/12/2025
📈 CVSS: 8.7
🛡️ CISA KEV: True
🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/AU:Y/R:U/V:C
📣 Mentions: 48
⚠️ Priority: 1+
📝 Analysis: A local code execution vulnerability exists due to improper symbolic link handling in the PutContents API of Gogs. This issue is exploitable via network access and has been confirmed in-the-wild. Priority level: 1+ (confirmed exploited)

5. CVE-2025-37164

📝 A remote code execution issue exists in HPE OneView.
📅 Published: 16/12/2025
📈 CVSS: 10
🛡️ CISA KEV: True
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
📣 Mentions: 66
⚠️ Priority: 1+
📝 Analysis: A critical remote code execution issue (CVSS 10) affects HPE OneView, enabling attackers to execute commands remotely without known exploits in the wild. This vulnerability is classified as a priority 1+ due to confirmed exploitation.

6. CVE-2025-46285

📝 An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges.
📅 Published: 12/12/2025
📈 CVSS: 7.8
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 1
⚠️ Priority: 4
📝 Analysis: A integer overflow issue in multiple Apple operating systems enables apps to potentially gain root privileges; no known exploits in the wild, assessed as a priority 4 vulnerability due to low EPSS and CVSS score.

7. CVE-2025-68668

📝 n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds for this issue involve disabling the Code Node by setting the environment variable NODES_EXCLUDE: [\n8n-nodes-base.code\], disabling Python support in the Code node by setting the environment variable N8N_PYTHON_ENABLED=false, which was introduced in n8n version 1.104.0, and configuring n8n to use the task runner based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.
📅 Published: 26/12/2025
📈 CVSS: 9.9
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
📣 Mentions: 21
⚠️ Priority: 2
📝 Analysis: A sandbox bypass vulnerability exists in n8n's Python Code Node from versions 1.0.0 to before 2.0.0, enabling authenticated users to execute arbitrary commands on the host system. Patched in version 2.0.0, workarounds include disabling the Code Node or configuring a task runner based Python sandbox. Despite no known exploits, this vulnerability scores as priority 2 due to high CVSS and low Exploit Prediction Scale Score (EPSS).

8. CVE-2025-69258

📝 A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
📅 Published: 08/01/2026
📈 CVSS: 9.8
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 27
⚠️ Priority: 2
📝 Analysis: A LoadLibraryEX vulnerability exists in Trend Micro Apex Central, allowing unauthenticated remote attackers to execute attacker-supplied code as SYSTEM on affected installations. No confirmed exploits in the wild have been detected, but due to the high CVSS score, it is a priority 2 vulnerability.

9. CVE-2025-66032

📝 Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93.
📅 Published: 03/12/2025
📈 CVSS: 8.7
🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
📣 Mentions: 2
⚠️ Priority: 2
📝 Analysis: Arbitrary code execution vulnerability exists in Claude Code 1.0.92 and lower versions due to shell command parsing errors. Exploitation requires adding untrusted content into a Claude Code context window. CISA KEV: [REDACTED], Priority Score: 2 (high CVSS, low EPSS).

10. CVE-2025-68493

📝 Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.
📅 Published: 11/01/2026
📈 CVSS: 0
🧭 Vector: n/a
📣 Mentions: 17
⚠️ Priority: 4
📝 Analysis: A missing XML validation vulnerability exists in Apache Struts from versions 2.0.0 before 2.2.1 and from 2.2.1 through 6.1.0. Users are advised to upgrade to version 6.1.1 to address this issue. Although no exploits have been detected, the priority is 4 due to its low CVSS score and lack of known in-the-wild activity.

Let us know if you're tracking any of these or if you find any issues with the provided details.

2026-01-13 16:27:02

Apache Struts External Entity (XXE) Injection Vulnerability S2-069 (CVE-2025-68493) - Security Boulevard https://t.co/1My3IACIyW

2026-01-13 10:02:56

CVE-2025-68493 turns your XML config into a confession booth: one malicious entity and the server doxxes itself. Patch to 6.1.1 or keep streaming internal secrets to the outside like it’s reality TV. https://t.co/pKCdTy85Xu

2026-01-12 21:05:12

#15 · PT-2026-1936 · Trend Micro · Trend Micro Apex Central

Published

2026-01-08

·

Updated

2026-01-13

·

CVE-2025-69258

9.8

Critical

Base

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Apex Central versions prior to 7190

Description A LoadLibraryEX vulnerability exists in Trend Micro Apex Central that could allow an unauthenticated remote attacker to load a malicious Dynamic Link Library (DLL) into a key executable, specifically

MsgReceiver.exe

. Successful exploitation leads to the execution of attacker-supplied code with SYSTEM-level privile...

More

Fix

RCE

DoS

Buffer Overflow

Origin Validation Error

Authentication Bypass by Spoofing

45 Posts

45Reposts

18.9 K Audience

#16 · PT-2025-53605 · Pyodide · Pyodide

Berkdedekarginoglu

+1

·

Published

2025-12-24

·

Updated

2026-01-13

·

CVE-2025-68668

9.9

Critical

Base

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions n8n versions 1.0.0 through 1.111.0

Description n8n, an open-source workflow automation platform, contains a sandbox bypass vulnerability in the Python Code Node that utilizes Pyodide. An authenticated user with the ability to create or modify workflows can exploit this flaw to execute arbitrary commands on the host system, with the same privileges as the n8n process. This vu...

More

Fix

RCE

Protection Mechanism Failure

48 Posts

135Reposts

58.8 K Audience

Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:

1. CVE-2025-29927

📝 Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
📅 Published: 21/03/2025
📈 CVSS: 9.1
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
📣 Mentions: 219
⚠️ Priority: 2
📝 Analysis: Remote attackers can bypass authorization checks within Next.js applications in versions prior to 12.3.5, 13.5.9, 14.2.25, and 15.2.3 due to a vulnerability in the middleware handling. No exploits have been detected yet, but given its high CVSS score, it is considered a priority 2 vulnerability with low EPSS. Secure your applications by preventing external user requests containing the x-middleware-subrequest header from reaching your Next.js application until you can update to a safe version.

2. CVE-2025-4275

📝 A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot.
📅 Published: 11/06/2025
📈 CVSS: 7.8
🧭 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
📣 Mentions: 10
⚠️ Priority: 2
📝 Analysis: A high-severity UEFI code execution vulnerability has been identified in digital signature verification. Attackers can bypass Secure Boot by manipulating NVRAM variables due to improper validation during the process. No known exploits are currently active, making this a priority 2 issue based on high CVSS score but low Exploit Prediction Scale Score (EPSS). Verify affected versions match those described.

3. CVE-2025-38352

📝 In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it wont be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.
📅 Published: 22/07/2025
📈 CVSS: 7.4
🛡️ CISA KEV: True
🧭 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 61
⚠️ Priority: 1+
📝 Analysis: A race condition in Linux kernel's posix-cpu-timers can lead to task reaping issues and potential task synchronization failures. This issue is not critical if CONFIG_POSIX_CPU_TIMERS_TASK_WORK is set, but the fix is still advisable due to potential work failure. Given a high CVSS score and confirmed exploited status (CISA KEV), this is a priority 1+ vulnerability.

4. CVE-2025-8110

📝 Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
📅 Published: 10/12/2025
📈 CVSS: 8.7
🛡️ CISA KEV: True
🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/AU:Y/R:U/V:C
📣 Mentions: 48
⚠️ Priority: 1+
📝 Analysis: A local code execution vulnerability exists due to improper symbolic link handling in the PutContents API of Gogs. This issue is exploitable via network access and has been confirmed in-the-wild. Priority level: 1+ (confirmed exploited)

5. CVE-2025-37164

📝 A remote code execution issue exists in HPE OneView.
📅 Published: 16/12/2025
📈 CVSS: 10
🛡️ CISA KEV: True
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
📣 Mentions: 66
⚠️ Priority: 1+
📝 Analysis: A critical remote code execution issue (CVSS 10) affects HPE OneView, enabling attackers to execute commands remotely without known exploits in the wild. This vulnerability is classified as a priority 1+ due to confirmed exploitation.

6. CVE-2025-46285

📝 An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges.
📅 Published: 12/12/2025
📈 CVSS: 7.8
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 1
⚠️ Priority: 4
📝 Analysis: A integer overflow issue in multiple Apple operating systems enables apps to potentially gain root privileges; no known exploits in the wild, assessed as a priority 4 vulnerability due to low EPSS and CVSS score.

7. CVE-2025-68668

📝 n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds for this issue involve disabling the Code Node by setting the environment variable NODES_EXCLUDE: [\n8n-nodes-base.code\], disabling Python support in the Code node by setting the environment variable N8N_PYTHON_ENABLED=false, which was introduced in n8n version 1.104.0, and configuring n8n to use the task runner based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.
📅 Published: 26/12/2025
📈 CVSS: 9.9
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
📣 Mentions: 21
⚠️ Priority: 2
📝 Analysis: A sandbox bypass vulnerability exists in n8n's Python Code Node from versions 1.0.0 to before 2.0.0, enabling authenticated users to execute arbitrary commands on the host system. Patched in version 2.0.0, workarounds include disabling the Code Node or configuring a task runner based Python sandbox. Despite no known exploits, this vulnerability scores as priority 2 due to high CVSS and low Exploit Prediction Scale Score (EPSS).

8. CVE-2025-69258

📝 A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
📅 Published: 08/01/2026
📈 CVSS: 9.8
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
📣 Mentions: 27
⚠️ Priority: 2
📝 Analysis: A LoadLibraryEX vulnerability exists in Trend Micro Apex Central, allowing unauthenticated remote attackers to execute attacker-supplied code as SYSTEM on affected installations. No confirmed exploits in the wild have been detected, but due to the high CVSS score, it is a priority 2 vulnerability.

9. CVE-2025-66032

📝 Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93.
📅 Published: 03/12/2025
📈 CVSS: 8.7
🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
📣 Mentions: 2
⚠️ Priority: 2
📝 Analysis: Arbitrary code execution vulnerability exists in Claude Code 1.0.92 and lower versions due to shell command parsing errors. Exploitation requires adding untrusted content into a Claude Code context window. CISA KEV: [REDACTED], Priority Score: 2 (high CVSS, low EPSS).

10. CVE-2025-68493

📝 Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.
📅 Published: 11/01/2026
📈 CVSS: 0
🧭 Vector: n/a
📣 Mentions: 17
⚠️ Priority: 4
📝 Analysis: A missing XML validation vulnerability exists in Apache Struts from versions 2.0.0 before 2.2.1 and from 2.2.1 through 6.1.0. Users are advised to upgrade to version 6.1.1 to address this issue. Although no exploits have been detected, the priority is 4 due to its low CVSS score and lack of known in-the-wild activity.

Let us know if you're tracking any of these or if you find any issues with the provided details.

2026-01-13 16:27:02

Warning: Critical Sandbox Bypass in #n8n! #CVE-2025-68668 CVSS: 9.9. Authenticated users can execute arbitrary commands on host system via Python Code Node. #Patch #Patch #Patch

2026-01-09 14:43:20

🚨 CVE-2025-68668 — n8n RCE (CVSS 9.9) 🚨

Automation tools are the new crown jewels.

Attack chain: 1️⃣ Low-priv n8n access 2️⃣ Malicious workflow abuse 3️⃣ OS command execution 4️⃣ Secrets + cloud takeover

#CyberSecurity #CVE #Pentesting #RCE #n8n #AppSec #CloudSecurity #Threat

2026-01-09 13:17:21

#17 · PT-2026-1583 · N8N · N8N

Theolelasseux

·

Published

2026-01-07

·

Updated

2026-01-13

·

CVE-2026-21877

9.9

Critical

Base

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.121.3 n8n versions 0.123.0 through 1.121.2

Description n8n, an open source workflow automation platform, contains a critical authenticated Remote Code Execution (RCE) flaw (CVE-2026-21877). A successful exploit allows an authenticated user to execute untrusted code, potentially leading to a full compromise of the instance, including connected systems...

More

Fix

RCE

Unrestricted File Upload

Code Injection

43 Posts

191Reposts

182.8 K Audience

#18 · PT-2024-2206 · Adobe · Coldfusion

Published

2024-03-12

·

Updated

2026-01-12

·

CVE-2024-20767

7.4

High

Base

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions 2023.6 and 2021.12 and earlier

Description Adobe ColdFusion is affected by an Improper Access Control issue. This flaw allows an unauthenticated attacker to gain access to sensitive files and perform arbitrary file system read and write operations. Exploitation does not require user interaction, but requires the admin panel to be exposed to the inte...

More

Exploit

Fix

Improper Access Control

48 Posts

206Reposts

1.1 M Audience

#19 · PT-2026-2158 · Zlib · Zlib

Ron Edgerson

·

Published

2026-01-07

·

Updated

2026-01-12

·

CVE-2026-22184

None

Name of the Vulnerable Software and Affected Versions zlib versions up to and including 1.3.1.2

Description zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the

untgz

utility. The

TGZfname()

function uses an unbounded

strcpy()

call to copy an attacker-supplied archive name from

argv[]

into a fixed-size 1024-byte static global buffer without validating the length. Providing an archive name ex...

More

Exploit

Fix

RCE

DoS

Buffer Overflow

9 Posts

6Reposts

4.2 K Audience

#20 · PT-2026-1937 · Trend Micro · Trend Micro Apex Central

Published

2026-01-08

·

Updated

2026-01-12

·

CVE-2025-69259

7.5

High

Base

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Apex Central (affected versions not specified)

Description A flaw exists in Trend Micro Apex Central that could allow a remote attacker to cause a denial-of-service condition. Authentication is not required to exploit this issue. The issue is due to an unchecked NULL return value.

Recommendations At the moment, there is no information about a newer version t...

More

DoS

Buffer Overflow

Origin Validation Error

8 Posts

2Reposts

3.0 K Audience

‼️Trend Micro Apex Central Multiple Vulnerabilities

CVE:

CVE-2025-69258 (CVSS: 9.8) CVE-2025-69259 (CVSS: 7.5) CVE-2025-69260 (CVSS: 7.5)

CWE: CWE-1285, CWE-306, CWE-641

PoC/Writeup: https://t.co/9Wm90tTf8I

Disclosure Date: January 7. 2026

Disclosure: https://t.co/34ZDX2OaRT

2026-01-12 19:06:21

Hackers act fast. They can use new bugs within hours. One missed update can cause a big breach. Here are this week’s most serious security flaws. Check them, fix what matters first, and stay protected.

This week’s list includes — CVE-2026-21858, CVE-2026-21877, CVE-2025-68668 (n8n), CVE-2025-69258, CVE-2025-69259, CVE-2025-69260 (Trend Micro Apex Central), CVE-2026-20029 (Cisco Identity Services Engine), CVE-2025-66209, CVE-2025-66210, CVE-2025-66211, CVE-2025-66212, CVE-2025-66213, CVE-2025-64419, CVE-2025-64420, CVE-2025-64424, CVE-2025-59156, CVE-2025-59157, CVE-2025-59158 (Coolify), CVE-2025-59470 (Veeam Backup & Replication), CVE-2026-0625 (D-Link DSL gateway routers), CVE-2025-65606 (TOTOLINK EX200), CVE-2026-21440 (@adonisjs/bodyparser), CVE-2025-68428 (jsPDF), CVE-2025-69194 (GNU Wget2), CVE-2025-43530 (Apple macOS Tahoe), CVE-2025-54957 (Google Android), CVE-2025-14026 (Forcepoint One DLP Client), CVE-2025-66398 (Signal K Server), CVE-2026-21483 (listmonk), CVE-2025-34468 (libcoap), CVE-2026-0628 (Google Chrome), CVE-2025-67859 (Linux TLP), CVE-2025-9222, CVE-2025-13761, CVE-2025-13772 (GitLab CE/EE), CVE-2025-12543 (Undertow HTTP server core), CVE-2025-14598 (BeeS Examination Tool), CVE-2026-21876 (OWASP Core Rule Set), CVE-2026-22688 (Tencent WeKnora), CVE-2025-61686 (@react-router/node, @remix-run/node, and @remix-run/deno), and CVE-2025-54322 (Xspeeder SXZOS).

2026-01-12 13:52:37

Trend Micro fixed a remote code execution in Apex Central https://t.co/KFpdO9yXE1 "Trend Micro patched three flaws (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console after Tenable disclosed details and PoC code."

2026-01-09 21:57:06

#21 · PT-2026-1938 · Trend Micro · Trend Micro Apex Central

Published

2026-01-08

·

Updated

2026-01-12

·

CVE-2025-69260

7.5

High

Base

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Apex Central (affected versions not specified)

Description A message out-of-bounds read issue exists in Trend Micro Apex Central. This could allow a remote attacker to create a denial-of-service condition on affected systems. Authentication is not required to exploit this issue.

Recommendations At the moment, there is no information about a newer version tha...

More

DoS

Buffer Overflow

Origin Validation Error

4 Posts

2Reposts

2.6 K Audience

‼️Trend Micro Apex Central Multiple Vulnerabilities

CVE:

CVE-2025-69258 (CVSS: 9.8) CVE-2025-69259 (CVSS: 7.5) CVE-2025-69260 (CVSS: 7.5)

CWE: CWE-1285, CWE-306, CWE-641

PoC/Writeup: https://t.co/9Wm90tTf8I

Disclosure Date: January 7. 2026

Disclosure: https://t.co/34ZDX2OaRT

2026-01-12 19:06:21

Hackers act fast. They can use new bugs within hours. One missed update can cause a big breach. Here are this week’s most serious security flaws. Check them, fix what matters first, and stay protected.

This week’s list includes — CVE-2026-21858, CVE-2026-21877, CVE-2025-68668 (n8n), CVE-2025-69258, CVE-2025-69259, CVE-2025-69260 (Trend Micro Apex Central), CVE-2026-20029 (Cisco Identity Services Engine), CVE-2025-66209, CVE-2025-66210, CVE-2025-66211, CVE-2025-66212, CVE-2025-66213, CVE-2025-64419, CVE-2025-64420, CVE-2025-64424, CVE-2025-59156, CVE-2025-59157, CVE-2025-59158 (Coolify), CVE-2025-59470 (Veeam Backup & Replication), CVE-2026-0625 (D-Link DSL gateway routers), CVE-2025-65606 (TOTOLINK EX200), CVE-2026-21440 (@adonisjs/bodyparser), CVE-2025-68428 (jsPDF), CVE-2025-69194 (GNU Wget2), CVE-2025-43530 (Apple macOS Tahoe), CVE-2025-54957 (Google Android), CVE-2025-14026 (Forcepoint One DLP Client), CVE-2025-66398 (Signal K Server), CVE-2026-21483 (listmonk), CVE-2025-34468 (libcoap), CVE-2026-0628 (Google Chrome), CVE-2025-67859 (Linux TLP), CVE-2025-9222, CVE-2025-13761, CVE-2025-13772 (GitLab CE/EE), CVE-2025-12543 (Undertow HTTP server core), CVE-2025-14598 (BeeS Examination Tool), CVE-2026-21876 (OWASP Core Rule Set), CVE-2026-22688 (Tencent WeKnora), CVE-2025-61686 (@react-router/node, @remix-run/node, and @remix-run/deno), and CVE-2025-54322 (Xspeeder SXZOS).

2026-01-12 13:52:37

Trend Micro fixed a remote code execution in Apex Central https://t.co/KFpdO9yXE1 "Trend Micro patched three flaws (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console after Tenable disclosed details and PoC code."

2026-01-09 21:57:06

#22 · PT-2025-44571 · Remix Run · React Router

Published

2025-10-30

·

Updated

2026-01-13

·

CVE-2025-61686

9.1

Critical

Base

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions React Router versions 7.0.0 through 7.9.3 @remix-run/deno versions prior to 2.17.2 @remix-run/node versions prior to 2.17.2

Description The software contains a flaw in the

createFileSessionStorage()

function when used with unsigned cookies. This allows attackers to manipulate session cookies to perform directory traversal, potentially enabling read and write access to file...

More

Fix

DoS

Path traversal

14 Posts

5Reposts

2.7 K Audience

#23 · PT-2026-1342 · Jspdf · Jspdf

Published

2026-01-05

·

Updated

2026-01-12

·

CVE-2025-68428

None

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.0.0

Description jsPDF, a JavaScript library for generating PDFs, contains a critical flaw in its Node.js builds. Prior to version 4.0.0, the

loadFile

,

addImage

,

html

, and

addFont

methods are susceptible to local file inclusion and path traversal. This allows an attacker to retrieve the contents of arbitrary files from the system where the No...

More

Fix

21 Posts

43Reposts

20.9 K Audience

#24 · PT-2026-2030 · Kiro Ide · Kiro Ide

Published

2026-01-09

·

Updated

2026-01-12

·

CVE-2026-0830

7.8

High

Base

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kiro IDE versions prior to 0.6.18

Description Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper. This occurs when opening maliciously crafted workspaces. The issue involves the processing of workspace folder names, potentially leading to the execution of unintended commands.

**Recommendati...

More

Fix

RCE

OS Command Injection

5 Posts

4Reposts

2.6 K Audience

#25 · PT-2026-1814 · Advantech · Advantech Iot Products

Published

2026-01-12

·

Updated

2026-01-12

·

CVE-2025-52694

10

Critical

Base

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech IoT products (affected versions not specified)

Description Successful exploitation of a SQL injection issue could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet. A SQL injection is a code injection technique that exploits a security weakness in the application's software. This...

More

RCE

SQL injection

5 Posts

0Reposts

640 Audience

#26 · PT-2026-2305 · Servicenow · Servicenow Ai Platform

Published

2026-01-12

·

Updated

2026-01-13

·

CVE-2025-12420

None

Name of the Vulnerable Software and Affected Versions ServiceNow AI Platform (affected versions not specified)

Description A flaw exists in the ServiceNow AI Platform that allows an unauthenticated user to impersonate another user and perform actions with the impersonated user's permissions. This is due to an IDOR (Insecure Direct Object Reference) pattern.

Recommendations Apply the security update deployed in October 2025...

More

Fix

LPE

Information Disclosure

8 Posts

8Reposts

925 Audience

#27 · PT-2026-1960 · Gitlab · Gitlab Ce/Ee

Published

2026-01-08

·

Updated

2026-01-12

·

CVE-2025-9222

8.7

High

Base

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.2.2 through 18.5.4 GitLab CE/EE versions 18.6.0 through 18.6.2 GitLab CE/EE versions 18.7.0 through 18.7.0

Description An issue exists in GitLab CE/EE that allows an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown. This is due to improper input neutralization, enabling script injection.

**Recommendati...

More

Exploit

Fix

XSS

7 Posts

1Reposts

577 Audience

#28 · PT-2026-2183 · Librechat · Librechat

Retpoline

·

Published

2026-01-10

·

Updated

2026-01-12

·

CVE-2026-22252

9.1

Critical

Base

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.2-rc2

Description LibreChat’s MCP stdio transport does not validate commands, allowing authenticated users to execute shell commands as root inside the container through a single API request. The vulnerable component is the MCP stdio transport. The API endpoint used for exploitation is not specified. The variable

command

is likely involved i...

More

Fix

RCE

Improper Authorization

6 Posts

0Reposts

349 Audience

#29 · PT-2026-2042 · Code Projects · Online Music Site

Yeliuyun

·

Published

2026-01-12

·

Updated

2026-01-12

·

CVE-2026-0852

7.3

High

Base

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0

Description A security flaw exists in code-projects Online Music Site 1.0. The issue involves a SQL injection impacting an unknown function within the file

/Administrator/PHP/AdminUpdateUser.php

. Manipulation of the

ID

argument allows for remote execution of the attack. The exploit has been publicly released and may be used for...

More

Exploit

SQL injection

Special Elements Injection

2 Posts

1Reposts

361 Audience

#30 · PT-2026-2037 · Utt 进取 520W

Guotingting

·

Published

2026-01-01

·

Updated

2026-01-11

·

CVE-2026-0841

8.8

High

Base

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 UTT 512W (affected versions not specified)

Description A flaw exists in the

strcpy()

function within the software. This issue stems from insufficient input validation during buffer copying, specifically when handling the

importpictureurl

argument. Successful exploitation allows a remote attacker to trigger a buffer overflow. The vulnerabi...

More

Exploit

Buffer Overflow

5 Posts

0Reposts

1.2 K Audience

#1 · PT-2025-48817 · Meta · React Server Components

CVE-2025-55182

Related posts · 2070

#2 · PT-2025-48971 · Meta · React

CVE-2025-66478

Related posts · 426

#3 · PT-2023-4552 · Winrar · Winrar

CVE-2023-38831

Related posts · 426

#4 · PT-2025-48978 · Anthropic · Claude-Code

CVE-2025-66032

Related posts · 7

#5 · PT-2025-50327 · Gogs · Gogs

CVE-2025-8110

Related posts · 83

#6 · PT-2026-1662 · N8N · N8N

CVE-2026-21858

Related posts · 164

#7 · PT-2025-52530 · N8N · N8N

CVE-2025-68613

Related posts · 161

#8 · PT-2025-26225 · Winrar · Winrar

CVE-2025-6218

Related posts · 167

#9 · PT-2025-30384 · Linux · Linux Kernel

CVE-2025-38352

Related posts · 115

#10 · PT-2025-17927 · Craft · Craft

CVE-2025-32432

Related posts · 140

#11 · PT-2025-53686 · Smartertools · Smartermail

CVE-2025-52691

Related posts · 86

#12 · PT-2025-51738 · Hewlett Packard · Hpe Oneview

CVE-2025-37164

Related posts · 108

#13 · PT-2026-1121 · @Adonisjs/Bodyparser

CVE-2026-21440

Related posts · 30

#14 · PT-2026-1915 · Apache · Apache Struts

CVE-2025-68493

Related posts · 19

#15 · PT-2026-1936 · Trend Micro · Trend Micro Apex Central

CVE-2025-69258

Related posts · 54

#16 · PT-2025-53605 · Pyodide · Pyodide

CVE-2025-68668

Related posts · 64

#17 · PT-2026-1583 · N8N · N8N

CVE-2026-21877

Related posts · 50

#18 · PT-2024-2206 · Adobe · Coldfusion

CVE-2024-20767

Related posts · 64

#19 · PT-2026-2158 · Zlib · Zlib

CVE-2026-22184

Related posts · 12

#20 · PT-2026-1937 · Trend Micro · Trend Micro Apex Central

CVE-2025-69259

Related posts · 11

#21 · PT-2026-1938 · Trend Micro · Trend Micro Apex Central

CVE-2025-69260

Related posts · 7

#22 · PT-2025-44571 · Remix Run · React Router

CVE-2025-61686

Related posts · 15

#23 · PT-2026-1342 · Jspdf · Jspdf

CVE-2025-68428

Related posts · 25

#24 · PT-2026-2030 · Kiro Ide · Kiro Ide

CVE-2026-0830

Related posts · 6

#25 · PT-2026-1814 · Advantech · Advantech Iot Products

CVE-2025-52694

Related posts · 8

#26 · PT-2026-2305 · Servicenow · Servicenow Ai Platform

CVE-2025-12420

Related posts · 9

#27 · PT-2026-1960 · Gitlab · Gitlab Ce/Ee

CVE-2025-9222