2026-01-30
2026-01-30 21:15Z
HIGH

CVE-2025-24293 — Active: The default allowed list contains three methods allow for the circumvention of the safe

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-24293

# Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where arbitrary user supplied input is accepted as valid transformation methods or parameters. Impact ------ Th CVSSv3.1 8.1 (HIGH)

CWECWE 94CWECWE 77CWECWE 88VNDActiveTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-30
2026-01-30 17:00Z
HIGH

Weaponizing Whitelists: An Azure Blob Storage Mythic C2 Profile

SpecterOps·specterops.io

SpecterOps released azureBlob, a new Mythic C2 profile that leverages Azure Blob Storage for command and control communications. The technique exploits common firewall whitelisting of *.blob.core.windows.net—a broad exception carved out in deployment guides from vendors like Citrix and Parallels—to establish C2 channels in mature enterprise environments with restrictive egress controls. The implementation includes container-scoped SAS tokens to limit blast radius if an agent is compromised, and integrates with the Medusa agent with a reference Python implementation (Pegasus) for validation.

SRFApplicationTACTA0005SRFCloudTACTA0011VNDMicrosoftVNDMythicTYPResearchTYPTechnique
78
Edit Score
2026-01-30
2026-01-30 16:16Z
HIGH

CVE-2025-4686 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-4686

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment allows SQL Injection. This issue affects Online Exam and Assessment: through 30012026.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.6 (HIGH) · EPSS 17th percentile

CWECWE 89TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-01-30
2026-01-30 16:15Z
CRIT

Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340)

watchTowr Labs·labs.watchtowr.comCVE-2026-1281CVE-2026-1340in the wild0day

watchTowr Labs disclosed two pre-auth RCE vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) affecting the /mifs/c/appstore endpoint. The vulnerabilities stem from unsafe Bash script handling of user-controlled input passed via Apache RewriteMap directives, exploitable through arithmetic expansion and command substitution. Both CVEs are actively exploited in the wild and patched only via temporary RPM workarounds until Q1 2026.

SRFApplicationTACTA0001TACTA0002SRFNetworkVNDIvantiTYPWriteupTYPExploitTYPVulnerability
9.8
CVSS v3.1
95
Edit Score
2026-01-30
2026-01-30 09:15Z
HIGH

CVE-2025-1395 — Generation: HeyGarson allows Fuzzing for application mapping.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-1395

Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping. This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing process but did not respond in any way. CVSSv3.1 8.2 (HIGH) · EPSS 5th percentile

CWECWE 209VNDGenerationTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-01-30
2026-01-30 08:00Z
CRIT

Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529

Project Zero·googleprojectzero.blogspot.comCVE-2024-54529CVE-2025-31235

Project Zero published a detailed exploit writeup for CVE-2024-54529, a type confusion vulnerability in macOS CoreAudio's coreaudiod daemon. The exploit chains heap spray via property lists, uninitialized memory in ngne objects, process restart timing, and ROP gadgets to achieve arbitrary code execution with coreaudiod privileges. Full proof-of-concept code and custom instrumentation tools are open-sourced.

SRFOsTACTA0004TACTA0005VNDAppleTYPWriteupTYPExploitSTGPrivescSTGExecution
95
Edit Score
2026-01-30
2026-01-30 05:25Z
INFO

v1.6.9

Sliver releases·github.com

Sliver v1.6.9 released with feature additions including certificate database management, edit command, and notifications feature. This is a routine tool update with 358 commits since the previous v1.6.8 release.

VNDBishop FoxTYPTool
35
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-01-29
2026-01-29 22:15Z
CRIT

CVE-2026-1340 — Ivanti Endpoint_manager_mobile: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDIvantiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-01-29
2026-01-29 21:52Z
INFO

Volatility 3 2.27.0

Volatility3 releases·github.com

Volatility 3 2.27.0 released with new windows.pebmasquerade plugin, improvements to linux.malfind, linux.lsof, and windows.vadyarascan, plus enhanced arrow/parquet format rendering. Known issues affect Windows 11 image handling and arrow/parquet support in the Windows binary.

SRFOsVNDVolatilityTYPToolSTGDiscovery
35
Edit Score
2026-01-29
2026-01-29 20:16Z
CRIT

CVE-2025-69929 — N3uron Web_user_interface: An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-69929

An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format CVSSv3.1 9.8 (CRITICAL) · EPSS 33th percentile

CWECWE 327VNDN3uronTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-01-29
2026-01-29 17:53Z
INFO

v2.9.0

AzureHound releases·github.com

AzureHound v2.9.0 released with incremental feature additions including User-Agent customization, Jira transfer capability, and fixes to Azure RM device owner collection and Entra ID user logon timestamp tracking. This is a routine tool update with no security vulnerabilities disclosed.

TACTA0007SRFIdentitySRFCloudVNDMicrosoftVNDSpecteropsTYPToolTECT1526
35
Edit Score
2026-01-29
2026-01-29 15:16Z
HIGH

CVE-2020-37004 — Ultimate: The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-37004

The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can exploit the /frontend/get_article_suggestion/ endpoint by crafting malicious search parameters to progressively guess and retrieve user credentials through boolean-based inference techniques. CVSSv3.1 8.2 (HIGH) · EPSS 15th percentile

CWECWE 89VNDUltimateTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-01-29
2026-01-29 15:16Z
CRIT

CVE-2020-37002 — Ajenti: 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-37002

Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port. CVSSv3.1 9.8 (CRITICAL) · EPSS 68th percentile

CWECWE 78VNDAjentiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-01-29
2026-01-29 14:08Z
CRIT

kernel-exploit-factory — Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and conf

kernel-exploit-factory is a curated repository of 37 Linux kernel CVE exploits with working proof-of-concept code, detailed writeups, and pre-configured QEMU debug environments. Each exploit includes vulnerability analysis, protection bypass techniques (KASLR/SMEP/SMAP), and privilege escalation chains spanning from 2015 to 2025, covering heap overflows, use-after-free, integer overflows, and eBPF verifier bypasses.

SRFOsTACTA0004TACTA0005OSLinuxTYPResearchTYPToolTYPWriteupSTGPrivesc
92
Edit Score
2026-01-29
2026-01-29 12:16Z
HIGH

CVE-2025-7016 — Akinsoft Qr_menu: QR Menu allows Authentication Abuse.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-7016

Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse. This issue affects QR Menu: before s1.05.12. CVSSv3.1 8.0 (HIGH) · EPSS 27th percentile

CWECWE 284VNDAccessVNDAkinsoftTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-01-29
2026-01-29 12:00Z
HIGH

Building cryptographic agility into Sigstore

Trail of Bits·blog.trailofbits.com

Trail of Bits published research on introducing cryptographic agility into Sigstore, the open-source software signing ecosystem. The work addresses the problem of signature obsolescence by implementing a centralized algorithm registry, updating Rekor and Fulcio to accept configurable algorithm restrictions, and integrating algorithm selection into Cosign—while avoiding in-band algorithm signaling vulnerabilities through predefined algorithm suites and out-of-band negotiation.

SRFApplicationTACTA0040SRFSupply ChainVNDSigstoreVNDTrail Of BitsTYPResearchTYPTechnique
76
Edit Score
2026-01-29
2026-01-29 07:30Z
HIGH

Meet IClickFix: a widespread WordPress-targeting framework using the ClickFix tactic

Sekoia.io·sekoia.ioin the wild

Sekoia TDR identified IClickFix, a widespread malware distribution framework active since December 2024 that compromises WordPress sites via watering hole attacks to deliver the ClickFix social engineering lure. The framework has infected over 3,800 WordPress sites across 82 countries, using a Traffic Distribution System (YOURLS) to filter traffic and deliver NetSupport RAT through multi-stage JavaScript payloads and obfuscated PowerShell commands. The operator has continuously evolved the framework throughout 2025, refining lures, adding delivery stages, and expanding infrastructure to evade detection.

SRFApplicationTACTA0005TACTA0001TACTA0002SRFWebTACTA0003VNDNetsupportVNDWordpress
78
Edit Score
2026-01-29
2026-01-29 04:30Z
INFO

v1.6.8

Sliver releases·github.com

Sliver v1.6.8 released with minor bug fixes and feature updates including SGN fixes, general updates, website CSS corrections, and configuration YAML enhancements. No security vulnerabilities or breaking changes documented in the release notes.

SRFOsVNDBishop FoxTYPTool
25
Edit Score
2026-01-28
2026-01-28 16:16Z
CRIT

CVE-2025-61140 — Dchester Jsonpath: The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-61140

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502CWECWE 1321VNDDchesterTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-01-28
2026-01-28 12:15Z
HIGH

CVE-2026-0844 — Simple: The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-0844

The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profile_save_field' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update. CVSSv3.1 8.8 (HIGH)

CWECWE 284VNDSimpleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-01-28
2026-01-28 10:17Z
INFO

v3.7.0

Nuclei releases·github.com

Nuclei v3.7.0 released with new features including CDP endpoint configuration for headless mode control and RSYNC module support. Release includes multiple bug fixes addressing race conditions, segfaults, logging issues, and template variable handling.

SRFApplicationVNDProjectdiscoveryTYPTool
45
Edit Score
2026-01-28
2026-01-28 05:21Z
INFO

v1.6.7

Sliver releases·github.com

Sliver v1.6.7 released with minor feature additions including website info functionality, SQLite pragma configuration updates, and readline/console dependency upgrades. No security fixes or vulnerability disclosures in this release.

SRFOsVNDBishop FoxTYPTool
25
Edit Score
2026-01-28
2026-01-28 01:16Z
HIGH

CVE-2026-24842 — Isaacs Tar: This mismatch allows an attacker to craft a malicious TAR archive that bypasses path

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24842

node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue. CVSSv3.1 8.2 (HIGH)

CWECWE 22CWECWE 59VNDIsaacsVNDTarTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-01-27
2026-01-27 22:15Z
HIGH

CVE-2026-24747 — Linuxfoundation Pytorch: Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24747

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue. CVSSv3.1 8.8 (HIGH)

CWECWE 94CWECWE 502VNDLinuxfoundationVNDPytorchTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-01-27
2026-01-27 20:16Z
CRIT

CVE-2026-24858 — Fortinet Fortianalyzer: An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24858in the wild

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, F CVSSv3.1 9.8 (CRITICAL) · EPSS 90th percentile

CWECWE 288VNDFortinetTYPVulnerabilitySTAitw exploited
9.8
CVSS v3.1
100
Edit Score