@vulnerability-lookup.social.circl.lu.ap.brid.gy
This account shares a variety of activities, including comments and bundles, related to events on the vulnerability.circl.lu community. [bridged from https://social.circl.lu/@vulnerability_lookup on the fediverse by https://fed.brid.gy/ ]
A new bundle, Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2.4465, has been published on Vulnerability-Lookup:
http://vulnerability.circl.lu/bundle/08c1bcc5-abc2-4fd7-8a14-32dffe5c9afc
#VulnerabilityLookup #Vulnerability #Cybersecurity #bot
A new bundle, Lantronix EDS3000PS and EDS5000, has been published on Vulnerability-Lookup:
http://vulnerability.circl.lu/bundle/49b900ec-633f-4111-a614-2dc8b0b77752
#VulnerabilityLookup #Vulnerability #Cybersecurity #bot
A new bundle, TEST, has been published on Vulnerability-Lookup:
http://vulnerability.circl.lu/bundle/5818564d-731c-4ac5-8747-6d9f7b7a740a
#VulnerabilityLookup #Vulnerability #Cybersecurity #bot
A new bundle, Cisco Catalyst SD-WAN Vulnerabilities, has been published on Vulnerability-Lookup:
http://vulnerability.circl.lu/bundle/b24f0b20-207c-4881-af91-eb1d15b224ba
#VulnerabilityLookup #Vulnerability #Cybersecurity #bot
A new bundle, IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability, has been published on Vulnerability-Lookup:
http://vulnerability.circl.lu/bundle/7ce61e2c-9493-44fb-8892-81a7187f8142
#VulnerabilityLookup #Vulnerability #Cybersecurity #bot
A new bundle, MajorDoMo Revisited: What I Missed in 2023, has been published on Vulnerability-Lookup:
http://vulnerability.circl.lu/bundle/42521e67-5c8d-4b16-a114-e0db686c91a7
#VulnerabilityLookup #Vulnerability #Cybersecurity #bot
A new bundle, TP-Link Systems Inc. VIGI Series IP Camera, has been published on Vulnerability-Lookup:
http://vulnerability.circl.lu/bundle/e651be34-b4db-4d9d-a746-15699bfe7264
#VulnerabilityLookup #Vulnerability #Cybersecurity #bot
Vulnerability CVE-2026-21509 has received a comment on Vulnerability-Lookup:
UAC-0001 (APT28) carries out cyberattacks against Ukraine and EU countries using the exploit CVE-2026-21509
http://vulnerability.circl.lu/comment/10eccd79-ce3d-4273-b399-d535e160f2c9
#VulnerabilityLookup [โฆ]
A new bundle, Ivanti EPMM, has been published on Vulnerability-Lookup:
http://vulnerability.circl.lu/bundle/b6451050-d58c-4bfb-8ea2-a433b2c89297
#VulnerabilityLookup #Vulnerability #Cybersecurity #bot
Vulnerability CVE-2026-1281 has received a comment on Vulnerability-Lookup:
Detection of EPMM devices
http://vulnerability.circl.lu/comment/76b43bdc-eede-4898-9809-5183c53c0d0f
#VulnerabilityLookup #Vulnerability #Cybersecurity #bot
Vulnerability cve-2026-1340 has received a comment on Vulnerability-Lookup:
EPMM Nmap detection.
http://vulnerability.circl.lu/comment/2e861f18-01e0-44ba-a7a4-2249e2e5efcf
#VulnerabilityLookup #Vulnerability #Cybersecurity #bot
A new bundle, General Graboids: Worms and Remote Code Execution in Command & Conquer, has been published on Vulnerability-Lookup:
http://vulnerability.circl.lu/bundle/822f8677-7cc7-44e9-8414-329e2be8aaf1
#VulnerabilityLookup #Vulnerability #Cybersecurity #bot
A new bundle, OpenSSL Security Advisory [27th January 2026], has been published on Vulnerability-Lookup:
http://vulnerability.circl.lu/bundle/d647957e-5a47-4523-9e9b-00e9f18ef11e
#VulnerabilityLookup #Vulnerability #Cybersecurity #bot
A new bundle, Vulnerabilities in multiple telnet implementation, has been published on Vulnerability-Lookup:
http://vulnerability.circl.lu/bundle/1e1a5c92-386f-4bce-a79d-a0850f3526dd
#VulnerabilityLookup #Vulnerability #Cybersecurity #bot
A new bundle, The GNU C Library version 2.43 is now available, has been published on Vulnerability-Lookup:
http://vulnerability.circl.lu/bundle/78ee0d13-7969-4870-8b23-a096918b6dc4
#VulnerabilityLookup #Vulnerability #Cybersecurity #bot
๐จ CVE-2019-25296
๐ VLAI Score: Critical (confidence: 0.99)
๐ฆ๏ธ Product: WP Cost Estimation & Payment Forms Builder
๐ข Vendor: loopus
๐
Published: 2026-01-08 02:21
๐ The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type [โฆ]
๐จ CVE-2019-25295
๐ VLAI Score: High (confidence: 0.87)
๐ฆ๏ธ Product: WP Cost Estimation & Payment Forms Builder
๐ข Vendor: loopus
๐
Published: 2026-01-08 01:50
๐ The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the [โฆ]
๐จ CVE-2026-21880
๐ VLAI Score: High (confidence: 0.64)
๐ฆ๏ธ Product: kanboard
๐ข Vendor: kanboard
๐
Published: 2026-01-08 00:59
๐ Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication [โฆ]
๐จ CVE-2026-21883
๐ VLAI Score: Critical (confidence: 0.64)
๐ฆ๏ธ Product: bokeh
๐ข Vendor: bokeh
๐
Published: 2026-01-08 01:20
๐ Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist (e.g., dashboard.corp), an [โฆ]
๐จ CVE-2026-21877
๐ VLAI Score: Critical (confidence: 0.55)
๐ฆ๏ธ Product: n8n
๐ข Vendor: n8n-io
๐
Published: 2026-01-08 00:39
๐ n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service [โฆ]
๐จ CVE-2026-21868
๐ VLAI Score: High (confidence: 0.50)
๐ฆ๏ธ Product: flagForge
๐ข Vendor: FlagForgeCTF
๐
Published: 2026-01-08 00:26
๐ Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of Service (ReDoS) vulnerability in the user profile [โฆ]
๐จ CVE-2026-21858
๐ VLAI Score: High (confidence: 0.91)
๐ฆ๏ธ Product: n8n
๐ข Vendor: n8n-io
๐
Published: 2026-01-07 23:57
๐ n8n is an open source workflow automation platform. Versions below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based [โฆ]
๐จ CVE-2026-21875
๐ VLAI Score: High (confidence: 0.89)
๐ฆ๏ธ Product: clipbucket-v5
๐ข Vendor: MacWarrior
๐
Published: 2026-01-07 23:52
๐ ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add comment [โฆ]
๐จ CVE-2026-21869
๐ VLAI Score: Medium (confidence: 0.64)
๐ฆ๏ธ Product: llama.cpp
๐ข Vendor: ggml-org
๐
Published: 2026-01-07T23:37:59.886Z
๐ llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the [โฆ]
๐จ CVE-2025-15346
๐ VLAI Score: High (confidence: 0.39)
๐ฆ๏ธ Product: wolfSSL-py
๐ข Vendor: wolfSSL
๐
Published: 2026-01-07T23:32:11.146Z
๐ A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be [โฆ]
๐จ CVE-2026-21695
๐ VLAI Score: High (0.48)
๐ฆ๏ธ Product: titra
๐ข Vendor: kromitgmbh
๐
Published: 2026-01-07T23:19:01.616Z
๐ Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject [โฆ]
๐จ CVE-2017-20215
๐ VLAI Score: High (0.96)
๐ฆ๏ธ Product: FLIR Thermal Camera FC-S/PT
๐ข Vendor: FLIR Systems, Inc.
๐
Published: 2026-01-07T23:09:56.314Z
๐ FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to [โฆ]
๐จ CVE-2017-20212
๐ VLAI Score: High (0.99)
๐ฆ๏ธ Product: FLIR Thermal Camera F/FC/PT/D
๐ข Vendor: FLIR Systems, Inc.
๐
Published: 2026-01-07T23:09:54.925Z
๐ FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated [โฆ]
๐จ CVE-2017-20216
๐ VLAI Score: Critical (0.99)
๐ฆ๏ธ Product: FLIR Thermal Camera PT-Series
๐ข Vendor: FLIR Systems, Inc.
๐
Published: 2026-01-07T23:09:56.761Z
๐ FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in [โฆ]
๐จ CVE-2026-21694
๐ VLAI Score: High (0.68)
๐ฆ๏ธ Product: titra
๐ข Vendor: kromitgmbh
๐
Published: 2026-01-07T23:10:48.362Z
๐ Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in [โฆ]