{
"Source": "CVE FEED",
"Title": "CVE-2026-22156 - Apache Apache HTTP Server Unvalidated User Input",
"Content": "CVE ID : CVE-2026-22156
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22156 - Apache Apache HTTP Server Unvalidated User Input",
"Content": "CVE ID : CVE-2026-22156
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22158 - Apache HTTP Server Unvalidated User Input",
"Content": "CVE ID : CVE-2026-22158
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22158 - Apache HTTP Server Unvalidated User Input",
"Content": "CVE ID : CVE-2026-22158
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22159 - Apache HTTP Server HTTP Request Smuggling",
"Content": "CVE ID : CVE-2026-22159
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22159 - Apache HTTP Server HTTP Request Smuggling",
"Content": "CVE ID : CVE-2026-22159
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22160 - Apache HTTP Server Cross-Site Request Forgery",
"Content": "CVE ID : CVE-2026-22160
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22160 - Apache HTTP Server Cross-Site Request Forgery",
"Content": "CVE ID : CVE-2026-22160
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22161 - Apache HTTP Server Cross-Site Request Forgery",
"Content": "CVE ID : CVE-2026-22161
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22161 - Apache HTTP Server Cross-Site Request Forgery",
"Content": "CVE ID : CVE-2026-22161
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22162 - Apache Struts Command Injection",
"Content": "CVE ID : CVE-2026-22162
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22162 - Apache Struts Command Injection",
"Content": "CVE ID : CVE-2026-22162
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22157 - Apache HTTP Server Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2026-22157
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22157 - Apache HTTP Server Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2026-22157
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-69082 - WordPress Arlo theme <= 6.0.3 - cross site scripting (xss) vulnerability",
"Content": "CVE ID : CVE-2025-69082
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through 6.0.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-69082 - WordPress Arlo theme <= 6.0.3 - cross site scripting (xss) vulnerability",
"Content": "CVE ID : CVE-2025-69082
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through 6.0.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-69333 - WordPress JetEngine plugin <= 3.8.1.1 - broken access control vulnerability",
"Content": "CVE ID : CVE-2025-69333
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.8.1.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-69333 - WordPress JetEngine plugin <= 3.8.1.1 - broken access control vulnerability",
"Content": "CVE ID : CVE-2025-69333
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.8.1.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-69344 - WordPress Oneline Lite theme <= 6.6 - broken access control vulnerability",
"Content": "CVE ID : CVE-2025-69344
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Missing Authorization vulnerability in ThemeHunk Oneline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through 6.6.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-69344 - WordPress Oneline Lite theme <= 6.6 - broken access control vulnerability",
"Content": "CVE ID : CVE-2025-69344
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Missing Authorization vulnerability in ThemeHunk Oneline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through 6.6.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22542 - DENIAL OF SERVICE FOR CONCURRENT CONNECTIONS ON TELNET",
"Content": "CVE ID : CVE-2026-22542
Published : Jan. 7, 2026, 3:24 p.m. | 55 minutes ago
Description : An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22542 - DENIAL OF SERVICE FOR CONCURRENT CONNECTIONS ON TELNET",
"Content": "CVE ID : CVE-2026-22542
Published : Jan. 7, 2026, 3:24 p.m. | 55 minutes ago
Description : An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-62327 - HCL DevOps Deploy is susceptible to insufficiently protected credentials",
"Content": "CVE ID : CVE-2025-62327
Published : Jan. 7, 2026, 3:17 p.m. | 1 hour, 1 minute ago
Description : In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-62327 - HCL DevOps Deploy is susceptible to insufficiently protected credentials",
"Content": "CVE ID : CVE-2025-62327
Published : Jan. 7, 2026, 3:17 p.m. | 1 hour, 1 minute ago
Description : In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22540 - DENIAL OF SERVICE VIA ARP PACKETS",
"Content": "CVE ID : CVE-2026-22540
Published : Jan. 7, 2026, 3:15 p.m. | 1 hour, 3 minutes ago
Description : The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22540 - DENIAL OF SERVICE VIA ARP PACKETS",
"Content": "CVE ID : CVE-2026-22540
Published : Jan. 7, 2026, 3:15 p.m. | 1 hour, 3 minutes ago
Description : The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-49335 - WordPress External Media plugin <= 1.0.36 - server side request forgery (ssrf) vulnerability",
"Content": "CVE ID : CVE-2025-49335
Published : Jan. 7, 2026, 3:15 p.m. | 1 hour, 3 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side Request Forgery.This issue affects External Media: from n/a through 1.0.36.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-49335 - WordPress External Media plugin <= 1.0.36 - server side request forgery (ssrf) vulnerability",
"Content": "CVE ID : CVE-2025-49335
Published : Jan. 7, 2026, 3:15 p.m. | 1 hour, 3 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side Request Forgery.This issue affects External Media: from n/a through 1.0.36.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22541 - DENIAL OF SERVICE VIA ICMP PACKETS",
"Content": "CVE ID : CVE-2026-22541
Published : Jan. 7, 2026, 3:12 p.m. | 1 hour, 6 minutes ago
Description : The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22541 - DENIAL OF SERVICE VIA ICMP PACKETS",
"Content": "CVE ID : CVE-2026-22541
Published : Jan. 7, 2026, 3:12 p.m. | 1 hour, 6 minutes ago
Description : The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-21680 - iccDEV has Null Pointer Dereference in CIccProfile::CheckTagTypes()",
"Content": "CVE ID : CVE-2026-21680
Published : Jan. 7, 2026, 5:50 p.m. | 35 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer dereference vulnerability. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-21680 - iccDEV has Null Pointer Dereference in CIccProfile::CheckTagTypes()",
"Content": "CVE ID : CVE-2026-21680
Published : Jan. 7, 2026, 5:50 p.m. | 35 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer dereference vulnerability. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-0669 - Path Traversal vulnerability in CSS extension on certain web servers",
"Content": "CVE ID : CVE-2026-0669
Published : Jan. 7, 2026, 5:46 p.m. | 38 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-0669 - Path Traversal vulnerability in CSS extension on certain web servers",
"Content": "CVE ID : CVE-2026-0669
Published : Jan. 7, 2026, 5:46 p.m. | 38 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-0668 - VisualData extension: Regular Expression Denial of Service (ReDoS) via crafted user input",
"Content": "CVE ID : CVE-2026-0668
Published : Jan. 7, 2026, 5:36 p.m. | 49 minutes ago
Description : Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-0668 - VisualData extension: Regular Expression Denial of Service (ReDoS) via crafted user input",
"Content": "CVE ID : CVE-2026-0668
Published : Jan. 7, 2026, 5:36 p.m. | 49 minutes ago
Description : Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-66560 - Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write",
"Content": "CVE ID : CVE-2025-66560
Published : Jan. 7, 2026, 5:33 p.m. | 52 minutes ago
Description : Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the associated worker thread is never released and becomes permanently blocked. Under sustained or repeated occurrences, this can exhaust the available worker threads, leading to degraded performance, or complete unavailability of the application. This issue has been patched in versions 3.31.0, 3.27.2, and 3.20.5. A workaround involves implementing a health check that monitors the status and saturation of the worker thread pool to detect abnormal thread retention early.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-66560 - Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write",
"Content": "CVE ID : CVE-2025-66560
Published : Jan. 7, 2026, 5:33 p.m. | 52 minutes ago
Description : Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the associated worker thread is never released and becomes permanently blocked. Under sustained or repeated occurrences, this can exhaust the available worker threads, leading to degraded performance, or complete unavailability of the application. This issue has been patched in versions 3.31.0, 3.27.2, and 3.20.5. A workaround involves implementing a health check that monitors the status and saturation of the worker thread pool to detect abnormal thread retention early.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-61782 - Open Redirect in OpenCTI's SAML Authentication Flow",
"Content": "CVE ID : CVE-2025-61782
Published : Jan. 7, 2026, 5:28 p.m. | 56 minutes ago
Description : OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML authentication endpoint (/auth/saml/callback). By manipulating the RelayState parameter, an attacker can force the server to issue a 302 redirect to any external URL, enabling phishing, credential theft, and arbitrary site redirection. This issue has been patched in version 6.8.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-61782 - Open Redirect in OpenCTI's SAML Authentication Flow",
"Content": "CVE ID : CVE-2025-61782
Published : Jan. 7, 2026, 5:28 p.m. | 56 minutes ago
Description : OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML authentication endpoint (/auth/saml/callback). By manipulating the RelayState parameter, an attacker can force the server to issue a 302 redirect to any external URL, enabling phishing, credential theft, and arbitrary site redirection. This issue has been patched in version 6.8.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-58441 - Knowage is vulnerable to blind server-side request forgery (SSRF)",
"Content": "CVE ID : CVE-2025-58441
Published : Jan. 7, 2026, 5:16 p.m. | 1 hour, 8 minutes ago
Description : Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker should be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-58441 - Knowage is vulnerable to blind server-side request forgery (SSRF)",
"Content": "CVE ID : CVE-2025-58441
Published : Jan. 7, 2026, 5:16 p.m. | 1 hour, 8 minutes ago
Description : Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker should be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹