CVE-2025-8110

Overview

Gogs
Gogs
Gogs

10 Dec 2025

Published

13 Jan 2026

Updated

CVSS v4.0

HIGH (8.7)

EPSS

0.04%

MITRE

KEV

Description

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

Statistics

5 Posts
2 Interactions

Last activity: 7 hours ago

Fediverse

cR0w @cR0w

Remember that Gogs ../ last month? It's now in the KEV Catalog.

http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-8110

0
2
0
17h ago

Dark Web Informer :verified_paw: @DarkWebInformer

❗️CISA has added 1 vulnerability to the KEV Catalog:

CVE-2025-8110: Gogs Path Traversal Vulnerability

https://darkwebinformer.com/cisa-kev-catalog/

0
0
0
15h ago

Anonymous :verified: @youranonnewsirc

Latest global tech and cybersecurity news (Jan 12-13, 2026):

The World Economic Forum's 'Global Cybersecurity Outlook 2026' highlights AI, geopolitics, and cyber-fraud as key shapers of risk, with fraud now surpassing ransomware as a top concern. CISA added a Gogs Path Traversal vulnerability (CVE-2025-8110) to its Known Exploited Vulnerabilities Catalog due to active exploitation. A critical vulnerability (CVE-2026-21858) was found in the n8n workflow automation platform, affecting thousands of systems. In technology, Google removed some medical AI Overviews following "alarming" results.

#News #Anonymous #AnonNews_irc

0
0
0
8h ago

Bluesky

piggo @pigondrugs.bsky.social

~Cisa~ CISA added the actively exploited Gogs path traversal vulnerability (CVE-2025-8110) to its KEV catalog. - IOCs: CVE-2025-8110 - #CVE20258110 #Gogs #ThreatIntel

0
0
0
15h ago

CrowdCyber @crowdcyber.bsky.social

CISA “Must-Patch” Alert: Critical Gogs Exploit CVE-2025-8110 Active in Wild

0
0
0
7h ago

CVE-2026-21858

Overview

n8n-io
n8n

07 Jan 2026

Published

12 Jan 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

2.70%

MITRE

KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

6 Posts
7 Interactions

Last activity: Last hour

Fediverse

Stefan Beyer @sbeyer

Die erste Ausgabe von 60 Sekunden Cyber beschäftigt sich mit dem aktuellen ESA-Hack, der Situation Taiwans, CVE-2026-21858 und dem Schlag gegen Black Axe.

https://www.60-sekunden-cyber.de/kw2-2026/

#cyber #cybersicherheit #itsicherheit #news

0
0
0
11h ago

Anonymous :verified: @youranonnewsirc

Latest global tech and cybersecurity news (Jan 12-13, 2026):

The World Economic Forum's 'Global Cybersecurity Outlook 2026' highlights AI, geopolitics, and cyber-fraud as key shapers of risk, with fraud now surpassing ransomware as a top concern. CISA added a Gogs Path Traversal vulnerability (CVE-2025-8110) to its Known Exploited Vulnerabilities Catalog due to active exploitation. A critical vulnerability (CVE-2026-21858) was found in the n8n workflow automation platform, affecting thousands of systems. In technology, Google removed some medical AI Overviews following "alarming" results.

#News #Anonymous #AnonNews_irc

0
0
0
8h ago

CERT-Bund @certbund

CERT-Bund benachrichtigt seit dem 09.01.2026 deutsche Netzbetreiber zu im Internet exponierten veraltete Instanzen der Open-Source Workflow-Automatisierungsplattform n8n, die noch für mindestens eine der kritischen Schwachstellen CVE-2025-68613, CVE-2025-68668, CVE-2026-21858 oder CVE-2026-21877 verwundbar sind.

Aktuell sind uns rund 24.000 n8n-Systeme bei deutschen Netzbetreibern bekannt, von denen ca. 13.800 (58%) noch verwundbar sind.

3
3
0
Last hour

Bluesky

Kevin Poireault @leekthehack.bsky.social

👀 VulnWatch Monday: CVE-2026-21858 🔓 aka "Ni8mare" A security researcher reported a critical vulnerability in popular AI workflow automation platform n8n that could enable adversaries to compromise enterprise secrets. 📰 www.infosecurity-magazine.com/news/maximum...

0
0
0
16h ago

OpsMatters @opsmatters.com

The latest update for #ArcticWolf includes "CVE-2025-69258: Trend Micro Apex Central Remote Code Execution Vulnerability" and "CVE-2026-21858: Critical Unauthenticated File Access Vulnerability in n8n 'Ni8mare'". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl

0
0
0
8h ago

The Shadowserver Foundation @shadowserver.bsky.social

You can also track different scan results for recent n8n vulns (not just CVE-2026-21858 but also CVE-2025-68668, CVE-2025-68613, CVE-2026-21877) on Dashboard: dashboard.shadowserver.org/statistics/c... dashboard.shadowserver.org/statistics/c...

0
1
0
18h ago

CVE-2025-68493

Overview

Apache Software Foundation
Apache Struts
com.opensymphony:xwork

11 Jan 2026

Published

12 Jan 2026

Updated

CVSS

Pending

EPSS

0.04%

MITRE

KEV

Description

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Statistics

4 Posts

Last activity: 14 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-68493 - High (8.1)

Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68493/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
20h ago

geeknik @geeknik

CVE-2025-68493 turns your XML config into a confession booth: one malicious entity and the server doxxes itself. Patch to 6.1.1 or keep streaming internal secrets to the outside like it’s reality TV.
https://gbhackers.com/critical-apache-struts-2-flaw/

0
0
1
14h ago

Bluesky

キタきつね @kitafox.bsky.social

XMLトラップ：Struts 2の重大な欠陥CVE-2025-68493がデータを公開 The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data #DailyCyberSecurity (Jan 12) securityonline.info/the-xml-trap...

0
0
0
14h ago

CVE-2025-38352

Overview

Linux
Linux

22 Jul 2025

Published

07 Jan 2026

Updated

CVSS

Pending

EPSS

0.25%

MITRE

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.

Statistics

1 Post
24 Interactions

Last activity: 17 hours ago

Fediverse

Dark Web Informer :verified_paw: @DarkWebInformer

❗️Chronomaly: Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable Linux kernels v5.10.x.

GitHub: https://github.com/farazsth98/chronomaly

13
11
0
17h ago

CVE-2025-32432

Overview

craftcms
cms

25 Apr 2025

Published

29 Apr 2025

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

75.24%

MITRE

KEV

Description

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.

Statistics

2 Posts
1 Interaction

Last activity: 21 hours ago

Fediverse

Alexandre Borges @alexandreborges

CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS:

https://www.opswat.com/blog/cve-2025-32432-unauthenticated-remote-code-execution-in-craft-cms

#exploitation #cms #vulnerability #cybersecurity #informationsecurity #cve

1
0
0
21h ago

Bluesky

Alexandre Borges @alexandreborges.bsky.social

CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS: www.opswat.com/blog/cve-202... #exploitation #cms #vulnerability #cybersecurity #informationsecurity #cve

0
0
0
21h ago

CVE-2026-22184

Overview

zlib software
zlib

07 Jan 2026

Published

12 Jan 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.08%

MITRE

KEV

Description

zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption, denial of service, and potentially code execution depending on compiler, build flags, architecture, and memory layout. The overflow occurs prior to any archive parsing or validation.

Statistics

2 Posts

Last activity: 10 hours ago

Bluesky

キタきつね @kitafox.bsky.social

CVE-2026-22184 (CVSS 9.3): 重大なzlibの欠陥により、グローバルバッファオーバーフローが発生する可能性があります CVE-2026-22184 (CVSS 9.3): Critical zlib Flaw Opens Door to Global Buffer Overflow #DailyCyberSecurity (Jan 12) securityonline.info/cve-2026-221...

0
0
0
14h ago

セキュリティ対策Lab @securitylab-jp.bsky.social

zlibに深刻な脆弱性(CVE-2026-22184) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security

0
0
0
10h ago

CVE-2026-22812

Overview

anomalyco
opencode

12 Jan 2026

Published

12 Jan 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

Pending

MITRE

KEV

Description

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

Statistics

2 Posts

Last activity: Last hour

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-22812 - High (8.8)

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22812/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
11h ago

Bluesky

BaseFortify.eu @basefortify.bsky.social

🚨 A critical flaw in the AI coding agent OpenCode allowed websites to execute arbitrary code on developer machines — no clicks required. We break down CVE-2026-22812 and why this matters beyond OpenCode: 👉 basefortify.eu/posts/2026/0... #cybersecurity #AI #CVE #infosec #OpenCode

0
0
0
Last hour

CVE-2025-56225

Overview

Pending

09 Jan 2026

Published

12 Jan 2026

Updated

CVSS

Pending

EPSS

0.02%

MITRE

KEV

Description

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.

Statistics

2 Posts

Last activity: 16 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-56225 - High (7.5)

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-56225/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
16h ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

Security Advisory for Music Professionals #Fedora 43 has released a critical patch for MuseScore (CVE-2025-56225) addressing a FluidSynth denial-of-service vulnerability triggered through malformed MIDI files. Read more: 👉 tinyurl.com/59rwmw39

0
0
0
22h ago

CVE-2026-0501

Overview

SAP_SE
SAP S/4HANA Private Cloud and On-Premise (Financials � General Ledger)

13 Jan 2026

Published

13 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.9)

EPSS

Pending

MITRE

KEV

Description

Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity, and availability of the application.

Statistics

2 Posts

Last activity: 2 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-0501 - Critical (9.9)

Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0501/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
7h ago

Bluesky

BaseFortify.eu @basefortify.bsky.social

🚨 CVE of the Day: CVE-2026-0501 Critical SQL injection in SAP S/4HANA (Private Cloud & On-Premise) allows authenticated users to read, modify, or delete backend financial data. 🔍 Full report: basefortify.eu/cve_reports/... #CVE #SAP #S4HANA #SQLi 🚨

0
0
0
2h ago

CVE-2025-41717

Overview

Phoenix Contact
TC ROUTER 3002T-3G

13 Jan 2026

Published

13 Jan 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

Pending

MITRE

KEV

Description

An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation ('Code Injection’).

Statistics

2 Posts

Last activity: 3 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-41717 - High (8.8)

An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity d...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41717/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
3h ago

CERT@VDE @certvde

#OT #Advisory VDE-2025-073
Phoenix Contact: Security Advisory for TC ROUTER and CLOUD CLIENT Industrial mobile network routers

A code injection vulnerability at the upload-config endpoint in the firmware of TC ROUTER and CLOUD CLIENT Industrial Mobile network routers has been discovered that can be exploited by an high privileged attacker.
#CVE CVE-2025-41717

https://certvde.com/en/advisories/vde-2025-073/

#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-073.json

0
0
0
3h ago