2026-01-13
2026-01-13 14:16Z
CRIT

CVE-2026-0881 — Mozilla Firefox: Sandbox escape in the Messaging System component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-0881

Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147. CVSSv3.1 10.0 (CRITICAL)

CWECWE 284CWECWE 693VNDMozillaTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-01-13
2026-01-13 14:16Z
HIGH

CVE-2026-0880 — Mozilla Firefox: Sandbox escape due to integer overflow in the Graphics component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-0880

Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. CVSSv3.1 8.8 (HIGH)

CWECWE 190VNDMozillaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-01-13
2026-01-13 14:16Z
CRIT

CVE-2026-0879 — Mozilla Firefox: Sandbox escape due to incorrect boundary conditions in the Graphics component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-0879

Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-01-13
2026-01-13 14:16Z
HIGH

CVE-2026-0878 — Mozilla Firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-0878

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. CVSSv3.1 8.0 (HIGH)

CWECWE 20CWECWE 119VNDMozillaTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-01-13
2026-01-13 14:16Z
HIGH

CVE-2026-0877 — Mozilla Firefox: Mitigation bypass in the DOM: Security component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-0877

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. CVSSv3.1 8.1 (HIGH)

CWECWE 693VNDMozillaVNDMitigationTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-13
2026-01-13 12:00Z
HIGH

Lack of isolation in agentic browsers resurfaces old vulnerabilities

Trail of Bits·blog.trailofbits.com

Trail of Bits disclosed a systematic security analysis of agentic browsers (AI-integrated browsers), demonstrating how inadequate isolation between AI agents, user data, and web origins enables prompt injection, data exfiltration, and session hijacking attacks. The researchers identified four trust zone violation classes (INJECTION, CTX_IN, REV_CTX_IN, CTX_OUT) and demonstrated real-world exploits including false information injection, credential theft via magic links, cross-site data leaks, and persistent history pollution across multiple unnamed vendors who declined coordinated disclosure.

TACTA0001TACTA0002TACTA0006TACTA0007TACTA0009SRFBrowserSRFAiTYPResearch
82
Edit Score
2026-01-12
2026-01-12 23:15Z
HIGH

CVE-2026-22805 — Metabase Metabase: Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22805

Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in 55.13, 56.3, and 57.1. CVSSv3.1 8.6 (HIGH)

CWECWE 918VNDMetabaseTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-01-12
2026-01-12 22:16Z
CRIT

CVE-2025-29329 — Sagemcom F\@st_3686_firmware: Buffer Overflow in the ippprint (Internet Printing Protocol) service in Sagemcom F@st 3686 MAGYAR_4.121.0

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-29329

Buffer Overflow in the ippprint (Internet Printing Protocol) service in Sagemcom F@st 3686 MAGYAR_4.121.0 allows remote attacker to execute arbitrary code by sending a crafted HTTP request. CVSSv3.1 9.8 (CRITICAL) · EPSS 64th percentile

CWECWE 120VNDBufferVNDSagemcomTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-01-12
2026-01-12 19:16Z
HIGH

CVE-2026-22771 — Envoyproxy Gateway: Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22771

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communicate with the control plane and gain access to all secrets that are used by Envoy proxy, e.g. TLS private keys and credentials used for downstream and upstream communication. This vulne CVSSv3.1 8.8 (HIGH)

CWECWE 94VNDEnvoyproxyVNDEnvoyTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-01-12
2026-01-12 17:15Z
CRIT

CVE-2025-63314 — Ddsn Cm3_acora_cms: A static password reset token in the password reset function of DDSN Interactive Acora

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-63314

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack. CVSSv3.1 10.0 (CRITICAL) · EPSS 21th percentile

CWECWE 640VNDDdsnTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-01-12
2026-01-12 15:16Z
CRIT

CVE-2025-65552 — D3dsecurity Zx-g12_firmware: D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-65552

D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message authentication, or anti-replay protection, allowing an attacker within RF range to record valid alarm/control frames and replay them to trigger false alarms. CVSSv3.1 9.8 (CRITICAL) · EPSS 32th percentile

CWECWE 294VNDD3dsecurityVNDD3dTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-01-12
2026-01-12 09:15Z
HIGH

CVE-2025-14279 — Lfprojects Mlflow: versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-14279

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attacker can query, update, and delete experiments via the affected endpoints, leading to potential data exfiltration, destruction, or manipulation. The issue is resolved in version 3.5 CVSSv3.1 8.1 (HIGH)

CWECWE 346VNDMlflowVNDLfprojectsTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-12
2026-01-12 00:00Z
HIGH

Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response

Trend Micro Research·trendmicro.com

Trend Micro documented a multi-stage AsyncRAT campaign leveraging Cloudflare's free-tier TryCloudflare tunneling service and legitimate Python distributions to evade detection. The attack chain begins with phishing emails containing double-extension .pdf.url files hosted on Dropbox, progresses through WebDAV-mounted payload delivery, and culminates in code injection into explorer.exe via Python-executed shellcode. The campaign demonstrates sophisticated abuse of trusted infrastructure (Cloudflare, Python.org, Windows built-ins) to establish persistent remote access.

SRFOsTACTA0005TACTA0001TACTA0002SRFWebTACTA0003VNDMicrosoftVNDCloudflare
72
Edit Score
2026-01-11
2026-01-11 13:15Z
HIGH

CVE-2025-68493 — Apache Struts: Missing XML Validation vulnerability in Apache Struts, Apache Struts.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-68493

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue. CVSSv3.1 8.1 (HIGH)

CWECWE 611CWECWE 112VNDApacheTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-10
2026-01-10 03:15Z
HIGH

CVE-2026-22029 — Shopify Remix-run\/react: In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22029

React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if CVSSv3.1 8.0 (HIGH) · EPSS 3th percentile

CWECWE 79VNDReactVNDShopifyTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-01-10
2026-01-10 03:15Z
HIGH

CVE-2026-21884 — Shopify React-router: and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's <ScrollRestoration>

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-21884

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's <ScrollRestoration> API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. There is no impact if server-side rendering in Framework Mode is disabled, or if Declarativ CVSSv3.1 8.2 (HIGH)

CWECWE 79VNDReactVNDShopifyTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-01-10
2026-01-10 03:15Z
CRIT

CVE-2025-61686 — Shopify React-router\/node: In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-61686

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage() is being used from @react-router/node (or @remix-run/node/@remix-run/deno in Remix v2) with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the attack wou CVSSv3.1 9.1 (CRITICAL) · EPSS 96th percentile

CWECWE 22VNDReactVNDShopifyTYPVulnerability
9.1
CVSS v3.1
100
Edit Score
2026-01-09
2026-01-09 15:00Z
INFO

Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part Two

Zero Day Initiative·thezdi.com

Zero Day Initiative publishes part two of an attack surface analysis of the Kenwood DNR1007XR in-vehicle infotainment (IVI) head unit, detailing potential vulnerability vectors across USB, SD card, Bluetooth, WiFi, Android Auto/CarPlay, and Kenwood companion apps. The research identifies complex file format parsing (audio/video), undocumented Bluetooth services, open network ports (SSH, custom services on 7000/8086/8888), and image handling in the Kenwood Portal app as primary research targets.

SRFHardwareVNDKenwoodTYPResearchTYPWriteupSTGInitial AccessSTGRecon
68
Edit Score
2026-01-09
2026-01-09 10:15Z
HIGH

CVE-2025-9222 — Gitlab Gitlab: has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-9222

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown. CVSSv3.1 8.7 (HIGH)

CWECWE 79VNDGitlabTYPVulnerability
8.7
CVSS v3.1
94
Edit Score
2026-01-09
2026-01-09 10:15Z
HIGH

CVE-2025-13761 — Gitlab Gitlab: has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-13761

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially crafted webpage. CVSSv3.1 8.0 (HIGH)

CWECWE 79VNDGitlabTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-01-09
2026-01-09 07:16Z
CRIT

CVE-2025-70974 — Fastjson: Depending on the behavior of those methods, there may be JNDI injection with an

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-70974

Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload located elsewhere in that JSON document. This was exploited in the wild in 2023 through 2025. NOTE: this issue exists because of an incomplete fix for CVE-2017-18349. CVSSv3.1 10.0 (CRITICAL) · EPSS 43th percentile

CWECWE 829VNDFastjsonTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-01-09
2026-01-09 07:16Z
CRIT

CVE-2025-14736 — Frontend: The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-14736

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.29. This is due to insufficient validation of user-supplied role values in the 'validate_value', 'pre_update_value', and 'get_fields_display' functions. This makes it possible for unauthenticated attackers to register as administrators and gain complete control of the site, granted they can access a user registration form containing a Role fie CVSSv3.1 9.8 (CRITICAL)

CWECWE 269VNDFrontendTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-01-08
2026-01-08 18:28Z
CRIT

Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691)

watchTowr Labs·labs.watchtowr.comCVE-2025-52691in the wild

SmarterTools SmarterMail contains a pre-authentication arbitrary file write vulnerability (CVE-2025-52691, CVSS 10.0) in the /api/upload endpoint. An unauthenticated attacker can exploit path traversal in the deserialized guid parameter to write arbitrary files (including webshells) to web-accessible directories, achieving unauthenticated RCE. The vulnerability was silently patched in build 9413 (October 2025) but not disclosed until late December 2025, creating a 2.5-month window of exposure.

SRFApplicationTACTA0001TACTA0002SRFWebVNDSmartertoolsTYPWriteupTYPVulnerabilitySTGExecution
92
Edit Score
2026-01-08
2026-01-08 14:15Z
CRIT

CVE-2026-21876 — Owasp Owasp_modsecurity_core_rule_set: The OWASP core rule set (CRS) is a set of generic attack detection rules

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-21876

The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, CVSSv3.1 9.3 (CRITICAL)

CWECWE 794VNDOwaspTYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2026-01-08
2026-01-08 13:22Z
CRIT

AirBorne-PoC — poc for CVE-2025-24252 & CVE-2025-24132

GitHub · recent CVE PoCs·github.comGITHUB POCCVE-2025-24252CVE-2025-24132

AirBorne-PoC is a public exploit framework targeting two critical vulnerabilities in Apple's AirPlay service: CVE-2025-24252 (mDNS crash via malformed packet) and CVE-2025-24132 (heap overflow leading to RCE). The framework provides working reverse shell payloads with optional persistence via .bashrc injection, supporting bash, Python, and PowerShell shells across multiple platforms.

SRFOsTACTA0004TACTA0002SRFNetworkTACTA0003VNDAppleTYPWriteupTYPExploit
92
Edit Score