No Result
View All Result
No Result
View All Result
No Result
View All Result

Live CVE Feed

Share on FacebookShare on Twitter

Live CVE Feed

Curated from global sources like ENISA EUVD and CVE Details

  • CVE-2025-55704 - Brother Industries, Ltd. Multi-Function Printer (MFP) Log Disclosure Vulnerability

    CVE ID : CVE-2025-55704Published : Jan. 29, 2026, 4:15 a.m. | 40 minutes agoDescription : Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may allow an attacker to obtain the logs of the affected product and obtain sensitive information within the logs.Severity: 6.9 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-53869 - Brother MFP SSL/TLS Certificate Validation Vulnerability

    CVE ID : CVE-2025-53869Published : Jan. 29, 2026, 4:15 a.m. | 40 minutes agoDescription : Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates.Severity: 6.3 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-25067 - SmarterTools SmarterMail < Build 9518 Unauthenticated background-of-the-day Path Coercion

    CVE ID : CVE-2026-25067Published : Jan. 29, 2026, 3:38 a.m. | 1 hour, 17 minutes agoDescription : SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows UNC paths to be resolved, causing the SmarterMail service to initiate outbound SMB authentication attempts to attacker-controlled hosts. This can be abused for credential coercion, NTLM relay attacks, and unauthorized network authentication.Severity: 6.9 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-1552 - SEMCMS SEMCMS_Info.php sql injection

    CVE ID : CVE-2026-1552Published : Jan. 29, 2026, 1:16 a.m. | 3 hours, 39 minutes agoDescription : A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Severity: 6.5 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-1551 - itsourcecode School Management System controller.php sql injection

    CVE ID : CVE-2026-1551Published : Jan. 29, 2026, 12:16 a.m. | 4 hours, 39 minutes agoDescription : A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.Severity: 6.5 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-15344 - Tanium addressed a SQL injection vulnerability in Asset.

    CVE ID : CVE-2025-15344Published : Jan. 29, 2026, 12:16 a.m. | 4 hours, 39 minutes agoDescription : Tanium addressed a SQL injection vulnerability in Asset.Severity: 6.3 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-1550 - PHPGurukul Hospital Management System Admin Dashboard adminviews.py improper authorization

    CVE ID : CVE-2026-1550Published : Jan. 28, 2026, 11:15 p.m. | 5 hours, 40 minutes agoDescription : A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.Severity: 6.5 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-24897 - Authenticated Remote Code Execution via Arbitrary File Upload

    CVE ID : CVE-2026-24897Published : Jan. 28, 2026, 11:15 p.m. | 5 hours, 40 minutes agoDescription : Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the public web root, an attacker can upload and execute arbitrary code on the server, resulting in remote code execution (RCE). This vulnerability allows a low-privileged user to fully compromise the affected Erugo instance. Version 0.2.15 fixes the issue.Severity: 10.0 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-1548 - Totolink A7000R cstecgi.cgi CloudACMunualUpdateUserdata command injection

    CVE ID : CVE-2026-1548Published : Jan. 28, 2026, 11:15 p.m. | 5 hours, 40 minutes agoDescription : A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit has been published and may be used.Severity: 6.5 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-1549 - jishenghua jshERP PluginController uploadPluginConfigFile path traversal

    CVE ID : CVE-2026-1549Published : Jan. 28, 2026, 11:15 p.m. | 5 hours, 40 minutes agoDescription : A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.Severity: 5.3 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • High-Severity IDOR Flaw Lets Admins Hijack TP-Link Omada Owner Accounts
    on January 29, 2026 at 3:13 am

    High-Severity IDOR Flaw Lets Admins Hijack TP-Link Omada Owner Accounts TP-Link has issued a security advisory regarding multiple vulnerabilities discovered in its Omada Controller software, a popular centralized management platform for business networking. The most sever ... Read more Published Date: Jan 29, 2026 (47 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-24858 CVE-2025-9522 CVE-2025-9521 CVE-2025-9520 CVE-2025-14756 CVE-2026-21509 CVE-2026-20045 CVE-2026-0629 CVE-2025-6542

  • Safety Broken: PyTorch “Safe” Mode Bypassed by Critical RCE Flaw
    on January 29, 2026 at 2:58 am

    Safety Broken: PyTorch “Safe” Mode Bypassed by Critical RCE Flaw The development team behind PyTorch, the backbone of modern deep learning and AI research, has patched a high-severity vulnerability that breaks the trust of its most security-conscious feature. Track ... Read more Published Date: Jan 29, 2026 (1 hour, 1 minute ago) Vulnerabilities has been mentioned in this article. CVE-2026-24765 CVE-2026-24747 CVE-2026-24858 CVE-2026-21509 CVE-2026-20045 CVE-2025-32434 CVE-2024-5480

  • CVE-2026-24765: PHPUnit Vulnerability Exposes CI/CD Pipelines to RCE
    on January 29, 2026 at 2:48 am

    CVE-2026-24765: PHPUnit Vulnerability Exposes CI/CD Pipelines to RCE The maintainers of PHPUnit, the industry-standard testing framework for PHP, have released a critical security update to address a high-severity vulnerability that turns the testing process itself int ... Read more Published Date: Jan 29, 2026 (1 hour, 11 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-24765 CVE-2026-24858 CVE-2026-21509 CVE-2026-20045

  • CVE-2026-24002: Critical Sandbox Escape Turns Grist Spreadsheets into RCE Weapons
    on January 29, 2026 at 2:30 am

    CVE-2026-24002: Critical Sandbox Escape Turns Grist Spreadsheets into RCE Weapons A seemingly innocent spreadsheet formula could be the key to compromising entire organizations, thanks to a critical vulnerability uncovered by Cyera Research Labs in Grist-Core. The flaw, tracked as ... Read more Published Date: Jan 29, 2026 (1 hour, 29 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-23830 CVE-2026-24765 CVE-2026-24858 CVE-2025-14988 CVE-2026-21509 CVE-2026-0994 CVE-2026-24002 CVE-2026-20045 CVE-2026-0695 CVE-2025-61937 CVE-2026-22864 CVE-2026-22863 CVE-2025-37186 CVE-2025-52691 CVE-2025-68668 CVE-2025-37164 CVE-2025-59396 CVE-2025-61787 CVE-2025-58384 CVE-2025-8088 CVE-2025-1316 CVE-2023-28445

  • The “Zeroplayer” Arsenal: WinRAR Flaw CVE-2025-8088 Weaponized by Spies
    on January 29, 2026 at 1:58 am

    The “Zeroplayer” Arsenal: WinRAR Flaw CVE-2025-8088 Weaponized by Spies Timeline of notable observed exploitation | Image: GTIG A critical vulnerability in one of the world’s most popular file archivers has become a favorite weapon for government spies and cybercriminals ... Read more Published Date: Jan 29, 2026 (2 hours, 1 minute ago) Vulnerabilities has been mentioned in this article. CVE-2026-24858 CVE-2026-21509 CVE-2026-24002 CVE-2026-20045 CVE-2025-8088

  • Dissecting CVE-2026-22709: The Zombie Exploit in Node.js vm2
    on January 29, 2026 at 1:36 am

    Dissecting CVE-2026-22709: The Zombie Exploit in Node.js vm2 January 29, 2026CVE-2026-22709 represents a critical sandbox escape vulnerability in the widely used vm2 Node.js library, allowing attackers to achieve remote code execution (RCE) on host systems.This ... Read more Published Date: Jan 29, 2026 (2 hours, 23 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-24858 CVE-2026-22709

  • CVE-2026-23830: Critical SandboxJS Flaw (CVSS 10) Allows Total Sandbox Escape
    on January 29, 2026 at 12:22 am

    CVE-2026-23830: Critical SandboxJS Flaw (CVSS 10) Allows Total Sandbox Escape A perfect storm of missing checks has led to a maximum-severity vulnerability in SandboxJS, a library designed to safely execute untrusted JavaScript code. Tracked as CVE-2026-23830, the flaw carries ... Read more Published Date: Jan 29, 2026 (3 hours, 37 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-23830 CVE-2026-24858 CVE-2025-14988 CVE-2026-21509 CVE-2026-0994 CVE-2026-20045 CVE-2026-0695 CVE-2025-61937 CVE-2025-37186 CVE-2025-52691 CVE-2025-37164 CVE-2025-59396 CVE-2025-58384 CVE-2025-47154 CVE-2025-1316

  • CVE-2025-14988: Critical 9.8 Vulnerability hits ibaPDA Industrial Software
    on January 29, 2026 at 12:16 am

    CVE-2025-14988: Critical 9.8 Vulnerability hits ibaPDA Industrial Software A critical security vulnerability has been identified in ibaPDA, a core data acquisition system used in industrial environments to monitor and analyze process data. Tracked as CVE-2025-14988, the flaw ... Read more Published Date: Jan 29, 2026 (3 hours, 43 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-23830 CVE-2026-24858 CVE-2025-14988 CVE-2026-21509 CVE-2026-0994 CVE-2026-20045 CVE-2026-0695 CVE-2025-61937 CVE-2025-37186 CVE-2025-52691 CVE-2025-37164 CVE-2025-59396 CVE-2025-58384 CVE-2025-1316

  • Malicious Open Source Software Packages Neared 500,000 in 2025
    on January 28, 2026 at 8:35 pm

    Malicious Open Source Software Packages Neared 500,000 in 2025 Malicious open source software packages have become a critical problem threatening the software supply chain. That’s one of the major takeaways of a new report titled “State of the Software Supply Cha ... Read more Published Date: Jan 28, 2026 (7 hours, 24 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-55182 CVE-2024-37079 CVE-2024-3094

  • Everybody is WinRAR phishing, dropping RATs as fast as lightning
    on January 28, 2026 at 6:59 pm

    Everybody is WinRAR phishing, dropping RATs as fast as lightning Come one, come all. Everyone from Russian and Chinese government goons to financially motivated miscreants is exploiting a long-since-patched WinRAR vuln to bring you infostealers and Remote Access Tr ... Read more Published Date: Jan 28, 2026 (9 hours ago) Vulnerabilities has been mentioned in this article. CVE-2025-8088

  • New sandbox escape flaw exposes n8n instances to RCE attacks
    on January 28, 2026 at 5:46 pm

    New sandbox escape flaw exposes n8n instances to RCE attacks Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host. Iden ... Read more Published Date: Jan 28, 2026 (10 hours, 13 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-1470 CVE-2026-0863 CVE-2026-21858

  • CVE-2025-40551: SolarWinds WebHelpDesk RCE Deep-Dive and Indicators of Compromise
    on January 28, 2026 at 4:49 pm

    CVE-2025-40551: SolarWinds WebHelpDesk RCE Deep-Dive and Indicators of Compromise Let us know your cookie preferences Reddit uses cookies and similar technologies to: Keep the website operational and running properly Prevent fraud and abuse Monitor site usage and performance metric ... Read more Published Date: Jan 28, 2026 (11 hours, 10 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-40551

  • Fortinet unearths another critical bug as SSO accounts borked post-patch
    on January 28, 2026 at 4:30 pm

    Fortinet unearths another critical bug as SSO accounts borked post-patch Things aren't over yet for Fortinet customers – the security shop has disclosed yet another critical FortiCloud SSO vulnerability. Those hoping for a reprieve following last week's patch pantomime are ... Read more Published Date: Jan 28, 2026 (11 hours, 30 minutes ago) Vulnerabilities has been mentioned in this article.

  • TP-Link Archer Vulnerability Let Attackers Take Control Over the Router
    on January 28, 2026 at 4:15 pm

    TP-Link Archer Vulnerability Let Attackers Take Control Over the Router A critical security advisory has been released for a command injection vulnerability affecting the Archer MR600 v5 router. The flaw, tracked as CVE-2025-14756, enables authenticated attackers to execu ... Read more Published Date: Jan 28, 2026 (11 hours, 44 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-14756

  • Gemini MCP Tool 0-day Vulnerability Allows Remote Attackers to Execute Arbitrary Code
    on January 28, 2026 at 4:06 pm

    Gemini MCP Tool 0-day Vulnerability Allows Remote Attackers to Execute Arbitrary Code A critical zero‑day vulnerability in Gemini MCP Tool exposes users to remote code execution (RCE) attacks without any authentication. Tracked as ZDI‑26‑021 / ZDI‑CAN‑27783 and assigned CVE‑2026‑0755, ... Read more Published Date: Jan 28, 2026 (11 hours, 54 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-0755

  • SolarWinds waarschuwt voor kritieke kwetsbaarheden in Web Help Desk
    on January 28, 2026 at 4:02 pm

    SolarWinds waarschuwt voor kritieke kwetsbaarheden in Web Help Desk Softwarebedrijf SolarWinds waarschuwt voor verschillende kritieke kwetsbaarheden in Web Help Desk waardoor ongeauthenticeerde aanvallers systemen op afstand kunnen overnemen. Ook bevat de software har ... Read more Published Date: Jan 28, 2026 (11 hours, 57 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-40554 CVE-2025-40553 CVE-2025-40551 CVE-2025-40537 CVE-2024-28987 CVE-2024-28986

  • Hackers Still Using Patched WinRAR Flaw for Malware Drops, Warns Google
    on January 28, 2026 at 3:49 pm

    Hackers Still Using Patched WinRAR Flaw for Malware Drops, Warns Google The Google Threat Intelligence Group (GTIG) warns that nation-state actors and financially motivated threat actors are exploiting a flaw in WinRAR. Known as CVE-2025-8088, this vulnerability allows ha ... Read more Published Date: Jan 28, 2026 (12 hours, 11 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-8088

  • WinRAR vulnerability still a go-to tool for hackers, Mandiant warns
    on January 28, 2026 at 2:57 pm

    WinRAR vulnerability still a go-to tool for hackers, Mandiant warns State-sponsored hackers and financially motivated attackers continue leveraging a critical WinRAR vulnerability (CVE-2025-8088) that’s been fixed over half a year ago. CVE-2025-8088 is a path traversa ... Read more Published Date: Jan 28, 2026 (13 hours, 2 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-24858 CVE-2026-21509 CVE-2025-8088

  • SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
    on January 28, 2026 at 2:39 pm

    SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software. The authentication bypass secu ... Read more Published Date: Jan 28, 2026 (13 hours, 21 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-40554 CVE-2025-40553 CVE-2025-40552 CVE-2025-40551 CVE-2025-40537 CVE-2025-26399 CVE-2024-28988 CVE-2024-28986

  • Check Point Harmony SASE Windows Client Vulnerability Enables Privilege Escalation
    on January 28, 2026 at 2:35 pm

    Check Point Harmony SASE Windows Client Vulnerability Enables Privilege Escalation A critical privilege-escalation vulnerability has been discovered in Check Point’s Harmony SASE (Secure Access Service Edge) Windows client software, affecting versions prior to 12.2. Tracked as CVE-2 ... Read more Published Date: Jan 28, 2026 (13 hours, 25 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-24858 CVE-2025-9142

  • Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution
    on January 28, 2026 at 2:01 pm

    Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating s ... Read more Published Date: Jan 28, 2026 (13 hours, 59 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-22709 CVE-2026-20045 CVE-2024-37079 CVE-2023-37903 CVE-2023-37466 CVE-2023-32314 CVE-2023-30547 CVE-2023-29199 CVE-2023-29017 CVE-2022-36067

  • Micropatches Released for Microsoft Office Security Feature Bypass Vulnerability (CVE-2026-21509)
    on January 28, 2026 at 1:42 pm

    Micropatches Released for Microsoft Office Security Feature Bypass Vulnerability (CVE-2026-21509) Two days ago, Microsoft released an emergency update for Microsoft Office, resolving CVE-2026-21509, a vulnerability in Office that was found to be exploited in the wild. Microsoft's advisory initiall ... Read more Published Date: Jan 28, 2026 (14 hours, 18 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21509

  • Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
    on January 28, 2026 at 12:43 pm

    Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution. The weaknesses, d ... Read more Published Date: Jan 28, 2026 (15 hours, 17 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-1470 CVE-2026-20045 CVE-2026-0863 CVE-2026-21858 CVE-2024-37079

  • Chrome Security Update Patches Background Fetch API Vulnerability
    on January 28, 2026 at 10:59 am

    Chrome Security Update Patches Background Fetch API Vulnerability Chrome versions 144.0.7559.109 and 144.0.7559.110 have been released to the stable channel, addressing a critical security vulnerability in the Background Fetch API. The update is rolling out across W ... Read more Published Date: Jan 28, 2026 (17 hours, 1 minute ago) Vulnerabilities has been mentioned in this article. CVE-2026-1504 CVE-2026-24858

  • Thunderbird dicht lek dat aanvaller inhoud versleutelde e-mail laat stelen
    on January 28, 2026 at 10:30 am

    Thunderbird dicht lek dat aanvaller inhoud versleutelde e-mail laat stelen De makers van e-mailclient Thunderbird hebben een beveiligingsupdate uitgebracht wegens een kwetsbaarheid waardoor een aanvaller de inhoud van versleutelde e-mail kan stelen. De Duitse overheid stelt ... Read more Published Date: Jan 28, 2026 (17 hours, 30 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-0818

severity high

  • CVE-2026-24897 - Authenticated Remote Code Execution via Arbitrary File Upload

    CVE ID : CVE-2026-24897Published : Jan. 28, 2026, 11:15 p.m. | 4 hours, 54 minutes agoDescription : Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the public web root, an attacker can upload and execute arbitrary code on the server, resulting in remote code execution (RCE). This vulnerability allows a low-privileged user to fully compromise the affected Erugo instance. Version 0.2.15 fixes the issue.Severity: 10.0 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-24835 - Podman Desktop Extension System Vulnerable to Authentication Bypass

    CVE ID : CVE-2026-24835Published : Jan. 28, 2026, 9:16 p.m. | 6 hours, 54 minutes agoDescription : Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to completely circumvent permission checks and gain unauthorized access to all authentication sessions. The `isAccessAllowed()` function unconditionally returns `true`, enabling malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization. This vulnerability affects all versions of Podman Desktop. Version 1.25.1 contains a patch for the issue.Severity: 8.8 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-24769 - NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload

    CVE ID : CVE-2026-24769Published : Jan. 28, 2026, 9:16 p.m. | 6 hours, 54 minutes agoDescription : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a stored cross-site scripting (XSS) vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated users can upload malicious SVG files containing embedded JavaScript, which are later rendered inline and executed in the browsers of other users who view the attachment. Because the malicious payload is stored server-side and executed under the application’s origin, successful exploitation can lead to account compromise, data exfiltration and unauthorized actions performed on behalf of affected users. Version 0.301.0 patches the issue.Severity: 8.5 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-0750 - Payment bypass in Commerce Paybox

    CVE ID : CVE-2026-0750Published : Jan. 28, 2026, 7:16 p.m. | 8 hours, 54 minutes agoDescription : Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5.Severity: 8.7 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-24772 - OpenProject has SSRF and CSWSH in Hocuspocus Synchronization Server

    CVE ID : CVE-2026-24772Published : Jan. 28, 2026, 7:16 p.m. | 8 hours, 54 minutes agoDescription : OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a shared secret only known to the synchronization server. The frontend hands this encrypted token and the backend URL over to the synchronization server to check user's ability to work on the document and perform intermittent saves while editing. The synchronization server does not properly validate the backend URL and sends a request with the decrypted authentication token to the endpoint that was given to the server. An attacker could use this vulnerability to decrypt a token that he intercepted by other means to gain an access token to interact with OpenProject on the victim's behalf. This vulnerability was introduced with OpenProject 17.0.0 and was fixed in 17.0.2. As a workaround, disable the collaboration feature via Settings -> Documents -> Real time collaboration -> Disable. Additionally the `hocuspocus` container should also be disabled.Severity: 8.9 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-57792 - SQL Injection Vulnerability in Explorance Blue

    CVE ID : CVE-2025-57792Published : Jan. 28, 2026, 6:16 p.m. | 9 hours, 53 minutes agoDescription : Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The issue is exploitable without authentication, significantly raising the risk.Severity: 10.0 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-57793 - SQL Injection Vulnerability in Explorance Blue

    CVE ID : CVE-2025-57793Published : Jan. 28, 2026, 6:16 p.m. | 9 hours, 53 minutes agoDescription : Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly elevating the risk.Severity: 8.6 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-57794 - Unrestricted File Upload Vulnerability in Explorance Blue

    CVE ID : CVE-2025-57794Published : Jan. 28, 2026, 6:16 p.m. | 9 hours, 53 minutes agoDescription : Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables remote code execution under default configurations.Severity: 9.1 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-57795 - Unauthenticated Remote File Download in Explorance Blue

    CVE ID : CVE-2025-57795Published : Jan. 28, 2026, 6:16 p.m. | 9 hours, 53 minutes agoDescription : Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution.Severity: 9.9 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2020-36973 - PDW File Browser 1.3 - Remote Code Execution

    CVE ID : CVE-2020-36973Published : Jan. 28, 2026, 6:16 p.m. | 9 hours, 53 minutes agoDescription : PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path traversal techniques.Severity: 8.7 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

    NEWS Events

    No Result
    View All Result

    © 2025 Sumtrix – Your source for the latest in Cybersecurity, AI, and Tech News.

    Our website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.