{
"Source": "CVE FEED",
"Title": "CVE-2025-70161 - EDIMAX BR-6208AC Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-70161
Published : Jan. 9, 2026, 5:15 p.m. | 2 hours, 10 minutes ago
Description : EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-70161 - EDIMAX BR-6208AC Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-70161
Published : Jan. 9, 2026, 5:15 p.m. | 2 hours, 10 minutes ago
Description : EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-67004 - CouchCMS Directory Traversal Information Disclosure",
"Content": "CVE ID : CVE-2025-67004
Published : Jan. 9, 2026, 5:15 p.m. | 2 hours, 10 minutes ago
Description : An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-67004 - CouchCMS Directory Traversal Information Disclosure",
"Content": "CVE ID : CVE-2025-67004
Published : Jan. 9, 2026, 5:15 p.m. | 2 hours, 10 minutes ago
Description : An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-69425 - Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded Tokens RCE",
"Content": "CVE ID : CVE-2025-69425
Published : Jan. 9, 2026, 5:15 p.m. | 2 hours, 10 minutes ago
Description : The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication tokens and execute arbitrary OS commands with root privileges, resulting in complete system compromise.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-69425 - Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded Tokens RCE",
"Content": "CVE ID : CVE-2025-69425
Published : Jan. 9, 2026, 5:15 p.m. | 2 hours, 10 minutes ago
Description : The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication tokens and execute arbitrary OS commands with root privileges, resulting in complete system compromise.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-46645 - Dell PowerProtect Data Domain DD OS OS Command Injection",
"Content": "CVE ID : CVE-2025-46645
Published : Jan. 9, 2026, 5:15 p.m. | 2 hours, 10 minutes ago
Description : Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-46645 - Dell PowerProtect Data Domain DD OS OS Command Injection",
"Content": "CVE ID : CVE-2025-46645
Published : Jan. 9, 2026, 5:15 p.m. | 2 hours, 10 minutes ago
Description : Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-66744 - Yonyou YonBIP Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-66744
Published : Jan. 9, 2026, 5:15 p.m. | 2 hours, 10 minutes ago
Description : In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-66744 - Yonyou YonBIP Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-66744
Published : Jan. 9, 2026, 5:15 p.m. | 2 hours, 10 minutes ago
Description : In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper",
"Content": "CVE ID : CVE-2026-0830
Published : Jan. 9, 2026, 9:10 p.m. | 17 minutes ago
Description : Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces.
To mitigate, users should update to version 0.6.18.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper",
"Content": "CVE ID : CVE-2026-0830
Published : Jan. 9, 2026, 9:10 p.m. | 17 minutes ago
Description : Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces.
To mitigate, users should update to version 0.6.18.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-67811 - Area9 Rhapsode SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-67811
Published : Jan. 9, 2026, 8:15 p.m. | 1 hour, 11 minutes ago
Description : Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4 and beyond.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-67811 - Area9 Rhapsode SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-67811
Published : Jan. 9, 2026, 8:15 p.m. | 1 hour, 11 minutes ago
Description : Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4 and beyond.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-66715 - Axtion ODISSAAS ODIS DLL Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-66715
Published : Jan. 9, 2026, 8:15 p.m. | 1 hour, 11 minutes ago
Description : A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-66715 - Axtion ODISSAAS ODIS DLL Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-66715
Published : Jan. 9, 2026, 8:15 p.m. | 1 hour, 11 minutes ago
Description : A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-67810 - Area9 Rhapsode File Inclusion Vulnerability",
"Content": "CVE ID : CVE-2025-67810
Published : Jan. 9, 2026, 8:15 p.m. | 1 hour, 11 minutes ago
Description : In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further versions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-67810 - Area9 Rhapsode File Inclusion Vulnerability",
"Content": "CVE ID : CVE-2025-67810
Published : Jan. 9, 2026, 8:15 p.m. | 1 hour, 11 minutes ago
Description : In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further versions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-67070 - Intelbras CFTV IP NVD 9032 R Ftd V2: Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-67070
Published : Jan. 9, 2026, 7:16 p.m. | 2 hours, 11 minutes ago
Description : A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password recovery process. This results in the ability to change the admin password and gain full access to the administrative panel.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-67070 - Intelbras CFTV IP NVD 9032 R Ftd V2: Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-67070
Published : Jan. 9, 2026, 7:16 p.m. | 2 hours, 11 minutes ago
Description : A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password recovery process. This results in the ability to change the admin password and gain full access to the administrative panel.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-15501 - Sangfor Operation and Maintenance Management System getCmd WriterHandle.getCmd os command injection",
"Content": "CVE ID : CVE-2025-15501
Published : Jan. 9, 2026, 11:15 p.m. | 14 minutes ago
Description : A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-15501 - Sangfor Operation and Maintenance Management System getCmd WriterHandle.getCmd os command injection",
"Content": "CVE ID : CVE-2025-15501
Published : Jan. 9, 2026, 11:15 p.m. | 14 minutes ago
Description : A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22584 - Salesforce Uni2TS Code Injection Vulnerability",
"Content": "CVE ID : CVE-2026-22584
Published : Jan. 9, 2026, 10:16 p.m. | 1 hour, 14 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22584 - Salesforce Uni2TS Code Injection Vulnerability",
"Content": "CVE ID : CVE-2026-22584
Published : Jan. 9, 2026, 10:16 p.m. | 1 hour, 14 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-62487 - Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.",
"Content": "CVE ID : CVE-2025-62487
Published : Jan. 9, 2026, 10:16 p.m. | 1 hour, 14 minutes ago
Description : ### Details
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts (e.g. other dossiers and presentations).
On deployments configured with CBAC, the front-end would present a security picker dialog to set the security level on the uploads, thereby mitigating the issue.
On deployments without a CBAC configuration, no security picker dialog appears, leading to a security level of CUSTOM with no markings or datasets selected. The resulting markings and groups for the file uploads thus will be only those added by the โDefault authorization rulesโ defined in the Auth Chooser configuration. On most environments, it is expected that the โDefault authorization rules" only add the Everyone group.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-62487 - Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.",
"Content": "CVE ID : CVE-2025-62487
Published : Jan. 9, 2026, 10:16 p.m. | 1 hour, 14 minutes ago
Description : ### Details
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts (e.g. other dossiers and presentations).
On deployments configured with CBAC, the front-end would present a security picker dialog to set the security level on the uploads, thereby mitigating the issue.
On deployments without a CBAC configuration, no security picker dialog appears, leading to a security level of CUSTOM with no markings or datasets selected. The resulting markings and groups for the file uploads thus will be only those added by the โDefault authorization rulesโ defined in the Auth Chooser configuration. On most environments, it is expected that the โDefault authorization rules" only add the Everyone group.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-15500 - Sangfor Operation and Maintenance Management System HTTP POST Request getHis os command injection",
"Content": "CVE ID : CVE-2025-15500
Published : Jan. 9, 2026, 10:15 p.m. | 1 hour, 14 minutes ago
Description : A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-15500 - Sangfor Operation and Maintenance Management System HTTP POST Request getHis os command injection",
"Content": "CVE ID : CVE-2025-15500
Published : Jan. 9, 2026, 10:15 p.m. | 1 hour, 14 minutes ago
Description : A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-46286 - Apple iOS Face ID Passcode Validation Logic Vulnerability",
"Content": "CVE ID : CVE-2025-46286
Published : Jan. 9, 2026, 10:15 p.m. | 1 hour, 14 minutes ago
Description : A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-46286 - Apple iOS Face ID Passcode Validation Logic Vulnerability",
"Content": "CVE ID : CVE-2025-46286
Published : Jan. 9, 2026, 10:15 p.m. | 1 hour, 14 minutes ago
Description : A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-46297 - "macOS App Sandbox File Access Vulnerability"",
"Content": "CVE ID : CVE-2025-46297
Published : Jan. 9, 2026, 10:15 p.m. | 1 hour, 14 minutes ago
Description : A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected files within an App Sandbox container.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-46297 - "macOS App Sandbox File Access Vulnerability"",
"Content": "CVE ID : CVE-2025-46297
Published : Jan. 9, 2026, 10:15 p.m. | 1 hour, 14 minutes ago
Description : A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected files within an App Sandbox container.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-46298 - Apple Safari Web Content Crash Vulnerability",
"Content": "CVE ID : CVE-2025-46298
Published : Jan. 9, 2026, 10:15 p.m. | 1 hour, 14 minutes ago
Description : The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-46298 - Apple Safari Web Content Crash Vulnerability",
"Content": "CVE ID : CVE-2025-46298
Published : Jan. 9, 2026, 10:15 p.m. | 1 hour, 14 minutes ago
Description : The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-46299 - Apple Safari Memory Initialization Information Disclosure",
"Content": "CVE ID : CVE-2025-46299
Published : Jan. 9, 2026, 10:15 p.m. | 1 hour, 14 minutes ago
Description : A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may disclose internal states of the app.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-46299 - Apple Safari Memory Initialization Information Disclosure",
"Content": "CVE ID : CVE-2025-46299
Published : Jan. 9, 2026, 10:15 p.m. | 1 hour, 14 minutes ago
Description : A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may disclose internal states of the app.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-15499 - Sangfor Operation and Maintenance Management System VersionController.java uploadCN os command injection",
"Content": "CVE ID : CVE-2025-15499
Published : Jan. 9, 2026, 10:15 p.m. | 1 hour, 14 minutes ago
Description : A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of the argument filename leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-15499 - Sangfor Operation and Maintenance Management System VersionController.java uploadCN os command injection",
"Content": "CVE ID : CVE-2025-15499
Published : Jan. 9, 2026, 10:15 p.m. | 1 hour, 14 minutes ago
Description : A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of the argument filename leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-51626 - Pss Sale SQL Injection",
"Content": "CVE ID : CVE-2025-51626
Published : Jan. 9, 2026, 9:16 p.m. | 2 hours, 14 minutes ago
Description : SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancel_order.php endpoint.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-51626 - Pss Sale SQL Injection",
"Content": "CVE ID : CVE-2025-51626
Published : Jan. 9, 2026, 9:16 p.m. | 2 hours, 14 minutes ago
Description : SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancel_order.php endpoint.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-60538 - Shiori Login Page Brute Force Vulnerability",
"Content": "CVE ID : CVE-2025-60538
Published : Jan. 9, 2026, 9:16 p.m. | 2 hours, 14 minutes ago
Description : A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-60538 - Shiori Login Page Brute Force Vulnerability",
"Content": "CVE ID : CVE-2025-60538
Published : Jan. 9, 2026, 9:16 p.m. | 2 hours, 14 minutes ago
Description : A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น