CVE Alert: CVE-2026-1222 - BROWAN COMMUNICATIONS - PrismX MX100 AP controller - https://www.redpacketsecurity.com/cve-alert-cve-2026-1222-browan-communications-prismx-mx100-ap-controller/
#OSINT #ThreatIntel #CyberSecurity #cve-2026-1222 #browan-communications #prismx-mx100-ap-controller
๐ด CVE-2025-14533 - Critical (9.8)
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This...
๐ https://www.thehackerwire.com/vulnerability/CVE-2025-14533/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ด CVE-2025-14533 - Critical (9.8)
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers t...
๐ https://www.thehackerwire.com/vulnerability/CVE-2025-14533/
Everyone that manages security reports for Open Source projects have been getting a higher workload because of AI. Both real reports and just slop - reports including vulnerabilities in code that doesn't exist. For some, this is becoming a denial of service attack, with developers having to spend valuable, and in some cases unpaid, time to sort out what's real and may be a vulnerability.
Jarek Potiuk, member of The Apache Software Foundation will talk about this on the GVIP Summit Wednesday Jan 28th in Brussels. We still have a few seats available - but hurry up to register!
#OT #Advisory VDE-2025-107
Endress+Hauser: Multiple products affected by Qualcomm vulnerabilities
Multiple vulnerabilities in a Qualcomm component have been reported in a closed-source report. This component is an integral part of the radio chip found in several Endress+Hauser products.
#CVE CVE-2022-33259, CVE-2022-33211, CVE-2022-25740, CVE-2022-25729, CVE-2022-25678, CVE-2020-3686, CVE-2020-11170, CVE-2019-2320, CVE-2019-2303, CVE-2019-14062, CVE-2019-10612, CVE-2019-10609, CVE-2019-10586, CVE-2019-10516, CVE-2019-10511, CVE-2019-10500, CVE-2019-10487, CVE-2020-3670, CVE-2020-3634, CVE-2020-11190, CVE-2020-11189, CVE-2020-11188, CVE-2020-11171, CVE-2020-11166, CVE-2020-11144, CVE-2019-14033, CVE-2019-14020, CVE-2019-14019, CVE-2019-14011, CVE-2019-10577, CVE-2019-10554, CVE-2019-10553, CVE-2019-10552, CVE-2020-11269, CVE-2020-11177, CVE-2022-25698, CVE-2022-25697, CVE-2022-25695, CVE-2023-21625, CVE-2022-33235, CVE-2022-33229, CVE-2022-33228, CVE-2022-33222, CVE-2022-25747, CVE-2022-25738, CVE-2022-25732, CVE-2022-25730, CVE-2022-25728, CVE-2022-25726, CVE-2020-11251, CVE-2020-11191, CVE-2020-3624, CVE-2020-3622, CVE-2020-11204, CVE-2020-11178, CVE-2019-14094, CVE-2019-14077, CVE-2019-14076, CVE-2019-14074, CVE-2019-14071, CVE-2019-14066, CVE-2019-14065, CVE-2019-14056, CVE-2019-14050, CVE-2019-14030, CVE-2019-14015, CVE-2019-14000, CVE-2019-13999, CVE-2019-13998, CVE-2019-13995, CVE-2019-13994, CVE-2019-10628, CVE-2019-10615, CVE-2019-10527, CVE-2022-33304, CVE-2022-33238, CVE-2022-33223, CVE-2022-33213, CVE-2022-25739, CVE-2022-25737, CVE-2022-25735, CVE-2022-25734, CVE-2022-25733, CVE-2022-25731, CVE-2022-25702, CVE-2021-30273, CVE-2020-11226, CVE-2020-11145, CVE-2019-2337, CVE-2019-2335, CVE-2019-14022, CVE-2019-10485, CVE-2019-14101, CVE-2019-14043, CVE-2019-14042, CVE-2019-10574, CVE-2019-14119, CVE-2019-10482, CVE-2020-3644, CVE-2020-3643, CVE-2020-3621, CVE-2020-3620, CVE-2019-2295, CVE-2019-14115, CVE-2019-14067, CVE-2019-14007, CVE-2019-10513, CVE-2020-11293
https://certvde.com/en/advisories/vde-2025-107/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-107.json
#OT #Advisory VDE-2025-106
Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server
On an instance of TwinCAT 3 HMI Server running on a device an authenticated administrator can inject arbitrary content into the custom CSS field which is persisted on the device and later returned via the login page and error page.
#CVE CVE-2025-41768
https://certvde.com/en/advisories/vde-2025-106/
#CSAF https://beckhoff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-106.json
๐ด CVE-2026-1221 - Critical (9.8)
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware.
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-1221/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ด CVE-2026-1221 - Critical (9.8)
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware.
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-1221/
CVE Alert: CVE-2026-1192 - Tosei - Online Store Management System ใใใๅบ่็ฎก็ใทในใใ - https://www.redpacketsecurity.com/cve-alert-cve-2026-1192-tosei-online-store-management-system/
#OSINT #ThreatIntel #CyberSecurity #cve-2026-1192 #tosei #online-store-management-system
CVE Alert: CVE-2025-14977 - dokaninc - Dokan: AI Powered WooCommerce Multivendor Marketplace Solution โ Build Your Own Amazon, eBay, Etsy - https://www.redpacketsecurity.com/cve-alert-cve-2025-14977-dokaninc-dokan-ai-powered-woocommerce-multivendor-marketplace-solution-build-your-own-amazon-ebay-etsy/
#OSINT #ThreatIntel #CyberSecurity #cve-2025-14977 #dokaninc #dokan-ai-powered-woocommerce-multivendor-marketplace-solution-build-your-own-amazon-ebay-etsy
CVE Alert: CVE-2026-1202 - n/a - CRMEB - https://www.redpacketsecurity.com/cve-alert-cve-2026-1202-n-a-crmeb/
#OSINT #ThreatIntel #CyberSecurity #cve-2026-1202 #n-a #crmeb
๐ CVE-2025-14977 - High (8.1)
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution โ Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.2.4 via the `/wp-json/dokan/v1/sett...
๐ https://www.thehackerwire.com/vulnerability/CVE-2025-14977/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2025-14977 - High (8.1)
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution โ Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.2.4 via the `/wp-json/dokan/v1/settings` REST API endpoint due to missing validation ...
๐ https://www.thehackerwire.com/vulnerability/CVE-2025-14977/
๐ CVE-2026-23949 - High (8.6)
jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract ...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-23949/
๐ CVE-2026-23950 - High (8.8)
node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensit...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-23950/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-23949 - High (8.6)
jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0....
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-23949/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-23876 - High (8.1)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write contr...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-23876/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-23950 - High (8.8)
node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it h...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-23950/
๐ CVE-2026-23949 - High (8.6)
jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract ...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-23949/
๐ CVE-2026-23876 - High (8.1)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when pro...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-23876/
