Lightnews — Scholar-powered news

TheHackerWire

@thehackerwire.bsky.social

🟠 CVE-2025-64091 - High (8.6)

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration o...

https://www.thehackerwire.com/vulnerability/CVE-2025-64091/

#infosec #cybersecurity #CVE #vulnerability #security

January 9, 2026 at 2:21 PM

TheHackerWire

@thehackerwire.bsky.social

🔴 CVE-2025-64090 - Critical (10)

This vulnerability allows authenticated attackers to execute commands via the hostname of the dev...

https://www.thehackerwire.com/vulnerability/CVE-2025-64090/

#infosec #cybersecurity #CVE #vulnerability #security

January 9, 2026 at 2:21 PM

TheHackerWire

@thehackerwire.bsky.social

🟠 CVE-2025-9222 - High (8.7)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, ...

https://www.thehackerwire.com/vulnerability/CVE-2025-9222/

#infosec #cybersecurity #CVE #vulnerability #security

January 9, 2026 at 2:21 PM

TheHackerWire

@thehackerwire.bsky.social

🔴 CVE-2025-61246 - Critical (9.8)

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action....

https://www.thehackerwire.com/vulnerability/CVE-2025-61246/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 10:25 PM

TheHackerWire

@thehackerwire.bsky.social

🟠 CVE-2025-15464 - High (7.5)

Exported Activity allows external applications to gain application context and directly launch Gm...

https://www.thehackerwire.com/vulnerability/CVE-2025-15464/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 10:24 PM

TheHackerWire

@thehackerwire.bsky.social

🔴 CVE-2025-61246 - Critical (9.8)

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action....

https://www.thehackerwire.com/vulnerability/CVE-2025-61246/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 10:23 PM

TheHackerWire

@thehackerwire.bsky.social

🟠 CVE-2025-15464 - High (7.5)

Exported Activity allows external applications to gain application context and directly launch Gm...

https://www.thehackerwire.com/vulnerability/CVE-2025-15464/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 10:23 PM

TheHackerWire

@thehackerwire.bsky.social

🟠 CVE-2025-68719 - High (8.8)

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any use...

https://www.thehackerwire.com/vulnerability/CVE-2025-68719/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 10:01 PM

TheHackerWire

@thehackerwire.bsky.social

🔴 CVE-2025-68717 - Critical (9.4)

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session valid...

https://www.thehackerwire.com/vulnerability/CVE-2025-68717/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 10:01 PM

TheHackerWire

@thehackerwire.bsky.social

🟠 CVE-2025-68716 - High (8.4)

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the...

https://www.thehackerwire.com/vulnerability/CVE-2025-68716/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 10:01 PM

TheHackerWire

@thehackerwire.bsky.social

🟠 CVE-2025-68719 - High (8.8)

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any use...

https://www.thehackerwire.com/vulnerability/CVE-2025-68719/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 10:00 PM

TheHackerWire

@thehackerwire.bsky.social

🔴 CVE-2025-68717 - Critical (9.4)

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session valid...

https://www.thehackerwire.com/vulnerability/CVE-2025-68717/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 10:00 PM

TheHackerWire

@thehackerwire.bsky.social

🟠 CVE-2025-68716 - High (8.4)

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the...

https://www.thehackerwire.com/vulnerability/CVE-2025-68716/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 10:00 PM

TheHackerWire

@thehackerwire.bsky.social

🔴 CVE-2025-66916 - Critical (9.4)

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflo...

https://www.thehackerwire.com/vulnerability/CVE-2025-66916/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 8:31 PM

TheHackerWire

@thehackerwire.bsky.social

🔴 CVE-2025-66913 - Critical (9.8)

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-control...

https://www.thehackerwire.com/vulnerability/CVE-2025-66913/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 8:31 PM

TheHackerWire

@thehackerwire.bsky.social

🟠 CVE-2025-50334 - High (7.5)

An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service vi...

https://www.thehackerwire.com/vulnerability/CVE-2025-50334/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 8:02 PM

TheHackerWire

@thehackerwire.bsky.social

🔴 CVE-2025-59470 - Critical (9)

This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgre...

https://www.thehackerwire.com/vulnerability/CVE-2025-59470/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 8:01 PM

TheHackerWire

@thehackerwire.bsky.social

🔴 CVE-2025-59469 - Critical (9)

This vulnerability allows a Backup or Tape Operator to write files as root.

https://www.thehackerwire.com/vulnerability/CVE-2025-59469/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 8:01 PM

TheHackerWire

@thehackerwire.bsky.social

🟠 CVE-2026-22230 - High (7.6)

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTT...

https://www.thehackerwire.com/vulnerability/CVE-2026-22230/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 7:51 PM

TheHackerWire

@thehackerwire.bsky.social

🔴 CVE-2025-67325 - Critical (9.8)

Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows...

https://www.thehackerwire.com/vulnerability/CVE-2025-67325/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 7:51 PM

TheHackerWire

@thehackerwire.bsky.social

🟠 CVE-2025-65518 - High (7.5)

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) conditi...

https://www.thehackerwire.com/vulnerability/CVE-2025-65518/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 7:41 PM

TheHackerWire

@thehackerwire.bsky.social

🟠 CVE-2026-22257 - High (8.8)

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generates ...

https://www.thehackerwire.com/vulnerability/CVE-2026-22257/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 7:41 PM

TheHackerWire

@thehackerwire.bsky.social

🟠 CVE-2026-22256 - High (8.8)

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generate a...

https://www.thehackerwire.com/vulnerability/CVE-2026-22256/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 7:41 PM

TheHackerWire

@thehackerwire.bsky.social

🟠 CVE-2025-65518 - High (7.5)

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) conditi...

https://www.thehackerwire.com/vulnerability/CVE-2025-65518/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 7:40 PM

TheHackerWire

@thehackerwire.bsky.social

🟠 CVE-2026-22257 - High (8.8)

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generates ...

https://www.thehackerwire.com/vulnerability/CVE-2026-22257/

#infosec #cybersecurity #CVE #vulnerability #security

January 8, 2026 at 7:40 PM

Add to Home Screen

Light up
your news

Add to Home Screen

Light upyour news

Sign in to Lightnews

Sign up to start reading

Connect Bluesky

Connect with Bluesky

Light up
your news