2026-01-22
2026-01-22 17:15Z
HIGH

CVE-2025-50004 — Deserialization: of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-50004

Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through <= 4.10.1. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-01-22
2026-01-22 17:15Z
HIGH

CVE-2025-50003 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-50003

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Amuli amuli allows PHP Local File Inclusion.This issue affects Amuli: from n/a through <= 2.3.0. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-22
2026-01-22 17:15Z
CRIT

CVE-2025-50002 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-50002

Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: from n/a through <= 1.1.2. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-01-22
2026-01-22 17:15Z
HIGH

CVE-2025-49994 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49994

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Athens athens allows PHP Local File Inclusion.This issue affects Athens: from n/a through <= 1.1.6. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-22
2026-01-22 17:15Z
CRIT

CVE-2025-49055 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49055

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2026-01-22
2026-01-22 17:15Z
HIGH

CVE-2025-49050 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49050

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-01-22
2026-01-22 17:15Z
HIGH

CVE-2025-49049 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49049

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZoomIt DZS Video Gallery dzs-videogallery allows SQL Injection.This issue affects DZS Video Gallery: from n/a through <= 12.39. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-01-22
2026-01-22 17:15Z
HIGH

CVE-2025-47474 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47474

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ninetheme Anarkali anarkali allows PHP Local File Inclusion.This issue affects Anarkali: from n/a through <= 1.0.9. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-22
2026-01-22 16:16Z
HIGH

CVE-2026-24009 — Docling Docling-core: A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24009

Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version 2.48.4, specifically only if the application uses pyyaml prior to version 5.4 and invokes `docling_core.types.doc.DoclingDocument.load_from_yaml()` passing it untrusted YAML data. T CVSSv3.1 8.1 (HIGH)

CWECWE 502VNDDoclingTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-22
2026-01-22 13:16Z
HIGH

CVE-2025-10856 — Upload: Teknoera allows File Content Injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-10856

Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows File Content Injection. This issue affects Teknoera: through 01102025. CVSSv3.1 8.1 (HIGH) · EPSS 5th percentile

CWECWE 434TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-22
2026-01-22 10:16Z
HIGH

CVE-2025-4764 — Aida Hotel_guest_hotspot: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-4764

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection. This issue affects Hotel Guest Hotspot: through 22012026.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.0 (HIGH) · EPSS 7th percentile

CWECWE 89VNDAidaTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-01-22
2026-01-22 04:58Z
HIGH

Pwn2Own Automotive 2026 - Day Two Results

Zero Day Initiative·thezdi.com0day

Pwn2Own Automotive 2026 Day Two concluded with 29 unique 0-day vulnerabilities disclosed across automotive infotainment systems, EV chargers, and embedded platforms, awarding $439,250 USD. Cumulative event totals reached $955,750 USD across 66 unique 0-days, with command injection, buffer overflows, and authentication bypasses dominating the attack surface. Fuzzware.io maintains the Master of Pwn lead heading into the final competition day.

TACTA0004TACTA0002SRFNetwork ApplianceTYPResearchTYPNewsSTGPrivescSTGExecutionEXPPrivilege Escalation
78
Edit Score
2026-01-22
2026-01-22 00:27Z
CRIT

Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass)

watchTowr Labs·labs.watchtowr.comCVE-2025-52691in the wild

watchTowr Labs disclosed WT-2026-0001, a critical authentication bypass in SmarterTools SmarterMail allowing unauthenticated attackers to reset the system administrator password via the /api/v1/auth/force-reset-password endpoint. The vulnerability chains directly to RCE through built-in admin functionality for executing OS commands via volume mount configuration. The vulnerability was patched in version 9511 (January 15, 2026), but is already being actively exploited in the wild within days of patch release, indicating attackers performed patch diffing to reconstruct the vulnerability.

SRFApplicationTACTA0004TACTA0001SRFWebVNDSmartertoolsTYPWriteupTYPVulnerabilitySTGPrivesc
92
Edit Score
2026-01-22
2026-01-22 00:00Z
CRIT

Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware

Trend Micro Research·trendmicro.comin the wild

EmEditor's official download page was compromised in late December 2025 to distribute trojanized installers delivering multistage PowerShell-based malware. The malware disables ETW logging, steals credentials from Windows Credential Manager, performs system fingerprinting, and exfiltrates data to a C&C server; geofencing patterns suggest Russian or CIS-origin threat actors. Active exploitation has already occurred with multiple confirmed infections prior to vendor disclosure.

SRFApplicationTACTA0005TACTA0001TACTA0002TACTA0007SRFSupply ChainTACTA0010VNDEmeditor
82
Edit Score
2026-01-21
2026-01-21 22:15Z
HIGH

CVE-2026-22822 — External-secrets External_secrets_operator: External Secrets Operator reads information from a third-party service and automatically injects the values

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22822

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the `getSecretKey` template function, while introduced for senhasegura Devops Secrets Management (DSM) provider, has the ability to fetch secrets cross-namespaces with the roleBinding of the external-secrets controller, bypassing our security mechanisms. This function was completely removed i CVSSv3.1 8.8 (HIGH)

CWECWE 863VNDExternal SecretsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-01-21
2026-01-21 22:15Z
HIGH

CVE-2026-22807 — Vllm Vllm: An attacker who can influence the model repo/path (local directory or remote Hugging Face

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22807

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face `auto_map` dynamic modules during model resolution without gating on `trust_remote_code`, allowing attacker-controlled Python code in a model repo/path to execute at server startup. An attacker who can influence the model repo/path (local directory or remote Hugging Face repo) can achieve arbitrary code execution on the vLLM CVSSv3.1 8.8 (HIGH)

CWECWE 94VNDVllmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-01-21
2026-01-21 18:16Z
HIGH

CVE-2026-0834 — Tp-link Archer_ax53_firmware: Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-0834

Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031, Archer C20 v5 <EU_V5_2 CVSSv3.1 8.8 (HIGH)

CWECWE 290VNDTp LinkVNDLogicTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-01-21
2026-01-21 17:00Z
CRIT

Task Failed Successfully – Microsoft’s “Immediate” Retirement of MDT

SpecterOps·specterops.io

SpecterOps researcher Garrett Foster disclosed critical vulnerabilities in Microsoft Deployment Toolkit (MDT) that enable unauthenticated credential theft and lateral movement. Rather than patch the issues, Microsoft chose to retire MDT entirely as of January 6, 2026, leaving enterprises with unpatched systems. The attack chain combines unauthenticated WDS/PXE discovery, XXE injection in the MDT monitoring service, and authentication coercion to extract privileged service account credentials.

SRFOsTACTA0001SRFNetworkTACTA0006VNDMicrosoftTYPResearchTYPVulnerabilitySTGInitial Access
92
Edit Score
2026-01-21
2026-01-21 04:03Z
CRIT

Pwn2Own Automotive 2026 - Day One Results

Zero Day Initiative·thezdi.com0day

Pwn2Own Automotive 2026 Day One concluded with 37 unique 0-days disclosed across automotive infotainment systems, EV chargers, and Tesla components. Researchers exploited memory corruption vulnerabilities (stack/heap overflows, out-of-bounds writes), authentication bypasses, hardcoded credentials, and command injection flaws to achieve root-level code execution and charging signal manipulation. Total prize pool awarded: $516,500 USD.

SRFApplicationTACTA0004TACTA0002OSLinuxVNDTeslaVNDKenwoodVNDAlpitronicVNDAutel
92
Edit Score
2026-01-20
2026-01-20 21:16Z
CRIT

CVE-2025-55130 — Nodejs Node.js: A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission m CVSSv3.1 9.1 (CRITICAL)

CWECWE 289CWECWE 281TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-01-20
2026-01-20 19:15Z
CRIT

CVE-2025-56005 — Dabeaz Ply: An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-56005

An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because `pickle` allows execution of embedded code via `__reduce__()`, an attacker can achieve code execution by passing a malicious pickle file. The parameter is not mentioned in official documentation or the Gi CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDDabeazTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-01-20
2026-01-20 17:00Z
HIGH

Updates to the MSSQLHound OpenGraph Collector for BloodHound

SpecterOps·specterops.ioCVE-2025-49758

SpecterOps released updates to MSSQLHound, a BloodHound OpenGraph collector that now detects NTLM relay attack susceptibility by scanning for Extended Protection for Authentication (EPA) settings on MSSQL servers. The tool also identifies CVE-2025-49758, a privilege escalation flaw allowing ALTER ANY LOGIN permission holders to change passwords for securityadmin principals without knowing the old password, enabling server compromise. New BloodHound Cypher queries enable visualization of attack paths from domain principals to MSSQL compromise.

SRFApplicationTACTA0007SRFIdentityTACTA0008VNDMicrosoftVNDSpecteropsTYPResearchTYPTool
78
Edit Score
2026-01-20
2026-01-20 01:15Z
HIGH

CVE-2026-23950 — Isaacs Tar: node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-23950

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be processed in parallel. This bypasses the library's internal concurrency safeguards CVSSv3.1 8.8 (HIGH)

CWECWE 352CWECWE 367CWECWE 176VNDIsaacsVNDTarTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-01-20
2026-01-20 01:15Z
HIGH

CVE-2026-23876 — Imagemagick Imagemagick: Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-23876

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipeli CVSSv3.1 8.1 (HIGH)

CWECWE 787CWECWE 122CWECWE 190VNDImagemagickTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-19
2026-01-19 18:16Z
CRIT

CVE-2026-23884 — Freerdp Freerdp: A malicious server can trigger a client‑side use after free, causing a crash (DoS)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-23884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDFreerdpTYPVulnerability
9.8
CVSS v3.1
99
Edit Score