##
Updated at UTC 2026-07-04T07:46:25.696163
| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-12252 | 7.8 | 0.00% | 2 | 0 | 2026-07-04T02:16:23.603000 | In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (Stanfo | |
| CVE-2025-71380 | 8.8 | 0.00% | 2 | 0 | 2026-07-04T02:16:23.477000 | The Execute Command node in n8n allows authenticated users to execute arbitrary | |
| CVE-2025-71375 | 8.1 | 0.00% | 2 | 0 | 2026-07-04T02:16:23.347000 | picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in fun | |
| CVE-2025-71373 | 8.1 | 0.00% | 2 | 0 | 2026-07-04T02:16:23.220000 | picklescan before 0.0.33 fails to detect operator.methodcaller function calls in | |
| CVE-2025-71372 | 8.1 | 0.00% | 2 | 0 | 2026-07-04T02:16:23.097000 | Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef | |
| CVE-2025-71356 | 8.1 | 0.00% | 2 | 0 | 2026-07-04T02:16:22.063000 | picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symboli | |
| CVE-2026-14605 | 7.8 | 0.00% | 2 | 0 | 2026-07-03T21:31:36 | A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulner | |
| CVE-2026-58426 | 9.6 | 0.00% | 2 | 0 | 2026-07-03T21:17:05.770000 | Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository art | |
| CVE-2026-57986 | 7.5 | 0.00% | 1 | 0 | 2026-07-03T21:17:01.780000 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacke | |
| CVE-2026-57984 | 7.5 | 0.00% | 1 | 0 | 2026-07-03T21:17:01.550000 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacke | |
| CVE-2026-14606 | 7.8 | 0.00% | 2 | 0 | 2026-07-03T20:16:52.237000 | A security flaw has been discovered in RT-Thread up to 5.0.2. Affected by this i | |
| CVE-2026-46331 | 7.8 | 0.26% | 2 | 9 | 2026-07-03T15:32:59 | In the Linux kernel, the following vulnerability has been resolved: net/sched: | |
| CVE-2026-14459 | 8.8 | 0.00% | 2 | 1 | 2026-07-03T15:31:59 | Improper neutralization of argument delimiters in a command ('argument injection | |
| CVE-2026-49815 | 7.2 | 0.00% | 1 | 0 | 2026-07-03T15:16:32.720000 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release ver | |
| CVE-2026-14460 | 8.8 | 0.00% | 2 | 1 | 2026-07-03T15:16:32.367000 | Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Rese | |
| CVE-2026-13341 | 7.4 | 0.00% | 3 | 0 | 2026-07-03T12:31:51 | A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server p | |
| CVE-2026-14544 | 9.8 | 0.00% | 2 | 0 | 2026-07-03T09:31:35 | A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnera | |
| CVE-2026-9725 | 9.1 | 0.00% | 1 | 0 | 2026-07-03T06:32:11 | The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress | |
| CVE-2026-14432 | 8.8 | 0.25% | 1 | 0 | 2026-07-03T04:17:51.457000 | Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote at | |
| CVE-2026-14428 | 8.3 | 0.26% | 1 | 0 | 2026-07-03T04:17:50.907000 | Insufficient validation of untrusted input in Dawn in Google Chrome on Android p | |
| CVE-2026-14426 | 7.5 | 0.22% | 1 | 0 | 2026-07-03T04:17:50.543000 | Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote at | |
| CVE-2026-14424 | 9.6 | 0.21% | 1 | 0 | 2026-07-03T04:17:50.160000 | Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a | |
| CVE-2026-14420 | 9.6 | 0.25% | 1 | 0 | 2026-07-03T04:17:49.127000 | Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 all | |
| CVE-2026-14416 | 9.6 | 0.24% | 1 | 0 | 2026-07-03T04:17:48.653000 | Out of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a rem | |
| CVE-2026-14398 | 9.6 | 0.21% | 1 | 0 | 2026-07-03T04:17:44.787000 | Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote | |
| CVE-2026-13368 | None | 0.00% | 2 | 0 | 2026-07-03T00:31:57 | WatchGuard Fireware OS contains a race condition leading to a use-after-free vul | |
| CVE-2026-54998 | 8.8 | 0.00% | 1 | 0 | 2026-07-03T00:31:57 | Incorrect authorization in Microsoft Exchange Online allows an authorized attack | |
| CVE-2026-45499 | 9.9 | 0.00% | 1 | 0 | 2026-07-03T00:31:53 | Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker | |
| CVE-2026-13768 | 10.0 | 0.00% | 1 | 1 | 2026-07-03T00:16:52.270000 | Gardyn devices expose a privileged iothubowner key. Access to this key will allo | |
| CVE-2026-57100 | 9.9 | 0.00% | 1 | 0 | 2026-07-02T23:16:51.267000 | Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (Sync | |
| CVE-2026-41106 | 9.3 | 0.00% | 1 | 0 | 2026-07-02T23:16:50.867000 | Url redirection to untrusted site ('open redirect') in M365 Copilot allows an un | |
| CVE-2026-57517 | 9.8 | 0.59% | 1 | 0 | 2026-07-02T21:33:17 | Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability | |
| CVE-2026-58460 | 7.7 | 0.14% | 1 | 0 | 2026-07-02T21:16:57.080000 | react-native-receive-sharing-intent contains a path traversal vulnerability that | |
| CVE-2026-52830 | 9.4 | 0.42% | 1 | 0 | 2026-07-02T20:38:51 | ## Summary fast-mcp-telegram validates HTTP Bearer tokens by joining the raw to | |
| CVE-2026-59099 | 9.1 | 0.36% | 1 | 0 | 2026-07-02T20:17:08.240000 | Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that al | |
| CVE-2026-12537 | 7.8 | 0.13% | 1 | 0 | 2026-07-02T19:46:27.890000 | Improper Neutralization used in an OS Command in the container launcher in Googl | |
| CVE-2026-55957 | 7.3 | 0.43% | 1 | 0 | 2026-07-02T19:01:45.887000 | Missing Critical Step in Authentication vulnerability in Apache Tomcat when the | |
| CVE-2026-14191 | 7.8 | 0.29% | 2 | 0 | 2026-07-02T18:45:21.210000 | An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in | |
| CVE-2026-44941 | 8.4 | 0.49% | 1 | 0 | 2026-07-02T18:36:28 | A relative path traversal in the "keyhint" option in repomd.xml parsing of libzy | |
| CVE-2026-14430 | 8.8 | 0.29% | 1 | 0 | 2026-07-02T18:36:25 | Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote | |
| CVE-2026-58455 | 9.8 | 1.19% | 1 | 0 | 2026-07-02T17:42:23.640000 | Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulne | |
| CVE-2026-10134 | 10.0 | 0.31% | 2 | 0 | 2026-07-02T17:03:09.633000 | IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret ava | |
| CVE-2026-55112 | 7.5 | 0.19% | 1 | 0 | 2026-07-02T16:54:47.880000 | A malicious actor with access to the network and low privileges and under certai | |
| CVE-2026-56842 | 7.5 | 0.19% | 1 | 0 | 2026-07-02T16:54:47.880000 | A malicious actor with access to the network and under certain conditions could | |
| CVE-2026-56004 | 8.8 | 0.38% | 1 | 0 | 2026-07-02T15:32:20 | A shellcode injection in the mercurial handler of the obs tar_scm source service | |
| CVE-2026-56841 | 8.8 | 0.24% | 1 | 0 | 2026-07-02T15:32:20 | A malicious actor with access to the network and low privileges could exploit an | |
| CVE-2026-54403 | 8.6 | 0.48% | 1 | 0 | 2026-07-02T15:32:20 | A malicious actor with access to the network could exploit a Path Traversal vuln | |
| CVE-2026-5524 | 9.8 | 0.54% | 1 | 1 | 2026-07-02T15:32:20 | The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Uploa | |
| CVE-2026-50027 | 9.8 | 0.00% | 1 | 0 | 2026-07-02T15:26:24 | ## Missing Authentication on Document API Endpoints Allows Unauthenticated Memor | |
| CVE-2026-6682 | 7.6 | 0.21% | 2 | 0 | 2026-07-02T14:37:48.377000 | In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume | |
| CVE-2026-57683 | 9.3 | 0.25% | 1 | 0 | 2026-07-02T12:31:09 | Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions. | |
| CVE-2026-43503 | 8.8 | 0.14% | 4 | 8 | 2026-07-02T12:17:20.070000 | In the Linux kernel, the following vulnerability has been resolved: net: skbuff | |
| CVE-2026-13774 | 8.1 | 0.30% | 1 | 0 | 2026-07-02T05:16:26.800000 | Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an | |
| CVE-2026-14431 | 8.8 | 0.27% | 1 | 0 | 2026-07-02T03:32:33 | Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote at | |
| CVE-2026-14423 | 9.6 | 0.22% | 1 | 0 | 2026-07-02T00:31:50 | Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote | |
| CVE-2026-14425 | 9.6 | 0.22% | 2 | 0 | 2026-07-02T00:31:50 | Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote | |
| CVE-2026-14417 | 9.6 | 0.21% | 2 | 0 | 2026-07-02T00:31:50 | Use after free in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote | |
| CVE-2026-14429 | 8.3 | 0.23% | 1 | 0 | 2026-07-02T00:31:50 | Insufficient validation of untrusted input in Skia in Google Chrome prior to 150 | |
| CVE-2026-14427 | 8.3 | 0.24% | 1 | 0 | 2026-07-02T00:31:50 | Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a r | |
| CVE-2026-14439 | None | 0.60% | 1 | 0 | 2026-07-02T00:31:50 | A path traversal vulnerability exists in the Git Service component shared by Alt | |
| CVE-2026-14390 | 9.6 | 0.24% | 1 | 0 | 2026-07-02T00:31:49 | Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote | |
| CVE-2026-14419 | 9.6 | 0.21% | 2 | 0 | 2026-07-02T00:31:49 | Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote | |
| CVE-2026-54428 | 7.5 | 0.41% | 1 | 0 | 2026-07-01T21:36:16 | Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder | |
| CVE-2026-45659 | 8.8 | 3.22% | 11 | 3 | 2026-07-01T21:35:53 | Deserialization of untrusted data in Microsoft Office SharePoint allows an autho | |
| CVE-2026-44935 | 9.9 | 0.57% | 1 | 0 | 2026-07-01T20:45:42 | ### Impact A vulnerability in Fleet for Rancher Manager affects multi-tenancy en | |
| CVE-2026-10539 | 9.0 | 0.24% | 1 | 0 | 2026-07-01T19:59:44.537000 | A Control-M/Server communication command does not sufficiently filter or sanitiz | |
| CVE-2026-20191 | 7.5 | 0.76% | 1 | 0 | 2026-07-01T18:31:59 | A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote | |
| CVE-2025-23351 | 9.0 | 0.27% | 2 | 0 | 2026-07-01T18:31:55 | NVIDIA ConnectX and BlueField contain a vulnerability in the command interface w | |
| CVE-2025-23350 | 9.0 | 0.27% | 1 | 0 | 2026-07-01T18:31:55 | NVIDIA ConnectX and BlueField contain a vulnerability in the command interface w | |
| CVE-2026-24270 | 9.8 | 0.84% | 1 | 0 | 2026-07-01T18:31:55 | NVIDIA AIStore framework contains a vulnerability where an attacker could bypass | |
| CVE-2026-13775 | 9.8 | 0.31% | 1 | 0 | 2026-07-01T18:31:27 | Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote a | |
| CVE-2026-8451 | 7.5 | 0.50% | 8 | 4 | 2026-07-01T18:31:24 | Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to | |
| CVE-2026-50003 | 9.8 | 0.43% | 2 | 0 | 2026-07-01T18:17:31.553000 | A malicious or compromised server can make a DCMTK client using bit-preserving C | |
| CVE-2026-50110 | 9.2 | 0.13% | 1 | 0 | 2026-07-01T18:17:31.553000 | Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous int | |
| CVE-2026-54399 | 7.5 | 0.41% | 1 | 0 | 2026-07-01T18:16:34.317000 | Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser i | |
| CVE-2026-48276 | 10.0 | 0.92% | 1 | 0 | 2026-07-01T18:16:32.993000 | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted | |
| CVE-2025-15666 | 5.3 | 0.12% | 3 | 0 | 2026-07-01T15:16:23.077000 | A security vulnerability has been detected in Open Asset Import Library Assimp u | |
| CVE-2026-41991 | 4.7 | 0.10% | 1 | 0 | 2026-07-01T14:02:24.450000 | GNU gzip contains a vulnerability in the gzexe utility related to insecure tempo | |
| CVE-2026-6070 | 9.1 | 0.41% | 1 | 0 | 2026-07-01T13:56:17.493000 | The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated A | |
| CVE-2026-11387 | 9.8 | 0.38% | 1 | 1 | 2026-07-01T09:30:33 | The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart | |
| CVE-2026-7840 | 9.8 | 1.20% | 1 | 0 | 2026-07-01T06:31:41 | UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embed | |
| CVE-2026-55200 | 8.1 | 0.73% | 5 | 3 | 2026-07-01T05:16:22.513000 | libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write | |
| CVE-2026-10109 | 9.8 | 0.86% | 1 | 0 | 2026-06-30T21:31:44 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote | |
| CVE-2026-12243 | 7.5 | 0.51% | 1 | 0 | 2026-06-30T20:10:25.837000 | NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete | |
| CVE-2026-48282 | 10.0 | 1.02% | 1 | 0 | 2026-06-30T18:31:42 | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limi | |
| CVE-2026-48286 | 10.0 | 0.71% | 1 | 0 | 2026-06-30T18:31:37 | Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected | |
| CVE-2026-50566 | 9.9 | 0.29% | 1 | 0 | 2026-06-30T18:20:39 | ### Summary A follow-up bypass of the round-4 PodSpec hardening (GHSA-gx55-f84r | |
| CVE-2026-50564 | 9.9 | 0.27% | 1 | 0 | 2026-06-30T18:19:33 | ### Summary Fission's `Environment` CRD exposes `spec.runtime.podSpec` and `spe | |
| CVE-2026-54475 | 7.5 | 0.59% | 1 | 0 | 2026-06-30T15:30:45 | Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ A | |
| CVE-2026-8037 | 9.6 | 29.64% | 8 | 1 | template | 2026-06-30T15:30:32 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC |
| CVE-2026-7656 | 8.1 | 0.23% | 1 | 0 | 2026-06-30T14:22:59.490000 | The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_inpu | |
| CVE-2026-8402 | 9.8 | 0.32% | 1 | 0 | 2026-06-30T14:12:56.833000 | Improper neutralization of special elements used in an SQL command ('SQL injecti | |
| CVE-2026-9711 | 9.8 | 0.44% | 1 | 0 | 2026-06-30T14:08:13.510000 | The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full | |
| CVE-2026-46529 | 7.8 | 0.53% | 1 | 1 | 2026-06-30T13:18:50.817000 | Atril Document Viewer is the default document reader of the MATE desktop environ | |
| CVE-2026-48558 | 10.0 | 1.16% | 6 | 1 | 2026-06-30T13:03:11.437000 | SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an aut | |
| CVE-2026-56137 | 7.8 | 0.68% | 1 | 0 | 2026-06-30T09:31:41 | RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command i | |
| CVE-2026-12818 | None | 0.25% | 1 | 0 | 2026-06-30T09:31:41 | Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerab | |
| CVE-2026-12819 | None | 0.31% | 2 | 0 | 2026-06-30T09:31:36 | Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port | |
| CVE-2026-12114 | 4.4 | 0.21% | 1 | 0 | 2026-06-30T03:37:24 | The Team Members – Multi Language Supported Team Plugin plugin for WordPress is | |
| CVE-2025-15467 | 9.8 | 47.62% | 1 | 6 | 2026-06-30T03:36:32 | Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AE | |
| CVE-2025-61732 | 8.6 | 0.47% | 1 | 0 | 2026-06-30T03:16:56.440000 | A discrepancy between how Go and C/C++ comments were parsed allowed for code smu | |
| CVE-2026-13762 | 9.8 | 0.44% | 4 | 0 | 2026-06-29T21:32:12 | Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF | |
| CVE-2026-13763 | 9.8 | 0.47% | 4 | 0 | 2026-06-29T21:32:12 | Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer | |
| CVE-2026-11834 | 0 | 0.41% | 1 | 1 | 2026-06-26T22:16:30.897000 | A command injection vulnerability has been identified in the DHCP option process | |
| CVE-2026-48769 | 9.9 | 0.00% | 1 | 0 | 2026-06-26T19:13:19 | ### Summary An arbitrary file write exists in the Incus client when a malicious | |
| CVE-2026-48755 | 9.9 | 0.00% | 1 | 0 | 2026-06-26T19:03:32 | ### Summary Improper validation of user-provided backup compression algorithm l | |
| CVE-2026-44161 | 7.2 | 0.00% | 1 | 0 | 2026-06-26T16:36:11 | The `out_http` output plugin allows the use of placeholders (such as `${tag}`) i | |
| CVE-2026-57878 | 9.8 | 0.53% | 1 | 0 | 2026-06-26T16:16:36.820000 | An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in | |
| CVE-2026-50242 | 10.0 | 0.42% | 1 | 0 | 2026-06-26T13:20:46.867000 | In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.14812 | |
| CVE-2026-39955 | 9.8 | 0.32% | 1 | 0 | 2026-06-26T05:16:27.173000 | Cacti is an open source performance and fault management framework. Versions 1.2 | |
| CVE-2026-39938 | 9.8 | 0.44% | 1 | 1 | 2026-06-26T05:16:26.907000 | Cacti is an open source performance and fault management framework. Versions 1.2 | |
| CVE-2026-12244 | 8.8 | 0.30% | 1 | 0 | 2026-06-26T02:07:23.190000 | If NSD is configured as secondary for a zone, the primary of that zone can crash | |
| CVE-2026-20230 | 8.6 | 41.69% | 4 | 3 | 2026-06-25T21:31:23 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco U | |
| CVE-2026-54588 | 9.6 | 0.31% | 1 | 0 | 2026-06-25T20:18:11.603000 | Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions | |
| CVE-2026-41120 | 9.8 | 0.26% | 1 | 0 | 2026-06-25T15:32:09 | Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance | |
| CVE-2026-45051 | None | 0.00% | 1 | 0 | 2026-06-24T17:25:29 | ## Summary **Description** A deserialization of untrusted data vulnerability ( | |
| CVE-2026-35025 | 8.1 | 0.33% | 1 | 0 | 2026-06-24T15:31:50 | ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerabi | |
| CVE-2026-35019 | 8.1 | 0.43% | 1 | 0 | 2026-06-23T16:16:59.460000 | NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenti | |
| CVE-2026-42824 | 6.5 | 7.64% | 1 | 0 | 2026-06-19T21:16:42.893000 | Missing authentication for critical function in M365 Copilot allows an unauthori | |
| CVE-2026-20253 | 9.8 | 88.17% | 1 | 5 | template | 2026-06-18T18:35:18 | In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform |
| CVE-2026-48907 | 9.8 | 80.42% | 1 | 17 | template | 2026-06-17T14:06:35.153000 | A vulnerability in the JCE editor extension for Joomla allows the creation of ne |
| CVE-2026-6307 | 8.8 | 0.36% | 1 | 2 | 2026-06-17T11:00:38.113000 | Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a re | |
| CVE-2026-50751 | 9.3 | 70.10% | 2 | 7 | template | 2026-06-17T10:57:46.373000 | A logic flow weakness in Remote Access and Mobile Access certificate validation |
| CVE-2026-46242 | 7.8 | 0.12% | 2 | 0 | 2026-06-17T10:53:23.777000 | In the Linux kernel, the following vulnerability has been resolved: eventpoll: | |
| CVE-2026-35273 | 9.8 | 92.33% | 2 | 4 | template | 2026-06-17T10:40:19.560000 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleS |
| CVE-2026-33017 | 9.8 | 98.41% | 1 | 12 | template | 2026-06-17T10:36:47.177000 | Langflow is a tool for building and deploying AI-powered agents and workflows. I |
| CVE-2026-10520 | 10.0 | 99.04% | 1 | 6 | template | 2026-06-17T10:12:16.930000 | An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6 |
| CVE-2025-68941 | 4.9 | 0.24% | 1 | 0 | 2026-06-17T09:59:51.847000 | Gitea before 1.22.3 mishandles access to a private resource upon receiving an AP | |
| CVE-2025-5777 | 7.5 | 99.90% | 3 | 25 | template | 2026-06-17T09:48:43.670000 | Insufficient input validation leading to memory overread when the NetScaler is c |
| CVE-2025-4674 | 8.6 | 0.27% | 1 | 0 | 2026-06-17T09:33:46.027000 | The go command may execute unexpected commands when operating in untrusted VCS r | |
| CVE-2024-56406 | 8.4 | 0.47% | 1 | 0 | 2026-06-17T08:12:08.977000 | A heap buffer overflow vulnerability was discovered in Perl. Release branches | |
| CVE-2024-1442 | 6.0 | 0.80% | 1 | 0 | 2026-06-17T07:04:15.300000 | A user with the permissions to create a data source can use Grafana API to crea | |
| CVE-2022-29170 | 6.6 | 1.12% | 1 | 1 | 2026-06-17T04:39:44.167000 | Grafana is an open-source platform for monitoring and observability. In Grafana | |
| CVE-2022-26148 | 9.8 | 53.44% | 1 | 0 | template | 2026-06-17T04:34:46.890000 | An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. T |
| CVE-2022-24812 | 8.0 | 2.32% | 1 | 0 | 2026-06-17T04:32:34.510000 | Grafana is an open-source platform for monitoring and observability. When fine-g | |
| CVE-2020-27846 | 9.8 | 4.87% | 1 | 0 | 2026-06-17T03:09:43.880000 | A signature verification vulnerability exists in crewjam/saml. This flaw allows | |
| CVE-2026-50656 | 7.8 | 3.39% | 2 | 1 | 2026-06-16T21:31:57 | Microsoft is aware of an elevation of privilege in the Microsoft Malware Protect | |
| CVE-2026-48611 | 9.8 | 0.66% | 2 | 2 | 2026-06-12T06:33:21 | Improper authentication checks in the OAuth implementation allow account hijacki | |
| CVE-2026-46215 | 7.8 | 0.13% | 1 | 1 | 2026-06-10T21:32:27 | In the Linux kernel, the following vulnerability has been resolved: drm: Set ol | |
| CVE-2026-34182 | 9.1 | 0.24% | 2 | 0 | 2026-06-10T18:32:45 | Issue Summary: Cryptographic Message Services (CMS) processing fails to perform | |
| CVE-2026-49160 | 7.5 | 48.44% | 1 | 1 | 2026-06-09T18:31:11 | Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to d | |
| CVE-2026-45504 | 8.8 | 0.46% | 1 | 1 | 2026-06-09T18:30:58 | Server-side request forgery (ssrf) in Microsoft Exchange Server allows an author | |
| CVE-2026-25089 | 9.8 | 23.39% | 1 | 2 | 2026-06-09T18:30:47 | A improper neutralization of special elements used in an os command ('os command | |
| CVE-2026-10523 | 9.9 | 47.19% | 1 | 3 | 2026-06-09T18:30:39 | An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10 | |
| CVE-2026-31694 | 7.8 | 0.13% | 1 | 1 | 2026-06-01T18:32:31 | In the Linux kernel, the following vulnerability has been resolved: fuse: rejec | |
| CVE-2026-0826 | None | 26.47% | 1 | 0 | 2026-06-01T15:30:49 | In certain scenarios when the admin has enabled Interactive Connectivity Establi | |
| CVE-2026-46817 | 9.8 | 0.68% | 4 | 2 | 2026-05-29T18:31:20 | Vulnerability in the Oracle Payments product of Oracle E-Business Suite (compone | |
| CVE-2026-6637 | 8.8 | 0.38% | 1 | 0 | 2026-05-14T15:31:59 | Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged datab | |
| CVE-2026-33825 | 7.8 | 6.75% | 3 | 5 | 2026-04-23T00:31:18 | Insufficient granularity of access control in Microsoft Defender allows an autho | |
| CVE-2026-1229 | None | 0.40% | 1 | 0 | 2026-03-02T15:26:57 | The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produc | |
| CVE-2026-24418 | None | 0.36% | 1 | 2 | 2026-02-10T01:17:51 | ### Summary Critical Error-Based SQL Injection vulnerability in the Scadenzario | |
| CVE-2025-68121 | 4.8 | 0.77% | 1 | 0 | 2026-02-06T18:31:38 | During session resumption in crypto/tls, if the underlying Config has its Client | |
| CVE-2025-41115 | 10.0 | 17.29% | 1 | 2 | 2025-11-27T08:40:01 | SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in Apri | |
| CVE-2023-29300 | 9.8 | 99.98% | 1 | 0 | template | 2025-10-22T00:33:52 | Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0 |
| CVE-2023-29298 | 7.5 | 99.75% | 1 | 1 | template | 2025-10-22T00:33:51 | Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0 |
| CVE-2023-26360 | 8.6 | 97.34% | 1 | 6 | template | 2025-10-22T00:33:50 | Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and ea |
| CVE-2022-28391 | 9.8 | 3.50% | 1 | 0 | 2025-06-09T18:32:01 | BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if nets | |
| CVE-2024-9264 | 9.9 | 97.78% | 1 | 12 | template | 2025-03-14T20:26:23 | The SQL Expressions experimental feature of Grafana allows for the evaluation of |
| CVE-2023-3128 | 9.4 | 4.09% | 1 | 1 | 2025-02-13T19:00:47 | Grafana is validating Azure AD accounts based on the email claim. On Azure AD, | |
| CVE-2024-2658 | None | 0.42% | 1 | 2 | 2025-01-30T18:32:09 | A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 | |
| CVE-2022-31097 | 7.3 | 68.60% | 1 | 0 | 2024-11-18T16:26:42 | Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch relea | |
| CVE-2022-21703 | 6.8 | 2.28% | 1 | 0 | 2024-02-01T00:16:02 | Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MED | |
| CVE-2018-15727 | 9.8 | 64.28% | 1 | 1 | 2023-10-02T12:01:52 | Grafana before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because a | |
| CVE-2019-3855 | 8.8 | 9.22% | 1 | 0 | 2023-02-01T05:04:28 | An integer overflow flaw which could lead to an out of bounds write was discover | |
| CVE-2022-28660 | 9.8 | 1.06% | 1 | 0 | 2023-01-27T05:02:23 | The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4. | |
| CVE-2026-10055 | 0 | 0.00% | 4 | 0 | N/A | ||
| CVE-2026-50548 | 0 | 0.64% | 2 | 0 | N/A | ||
| CVE-2026-50549 | 0 | 0.64% | 1 | 0 | N/A | ||
| CVE-2026-53657 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-58418 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-44024 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-57149 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2022-23498 | 0 | 1.13% | 1 | 0 | N/A | ||
| CVE-2026-5430 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-13136 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-8023 | 0 | 0.69% | 1 | 1 | N/A |
updated 2026-07-04T02:16:23.603000
2 posts
🟠 CVE-2026-12252 - High (7.8)
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser) are vulnerable to untrusted JAR code execution. These cla...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12252/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-12252 - High (7.8)
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser) are vulnerable to untrusted JAR code execution. These cla...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12252/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T02:16:23.477000
2 posts
🟠 CVE-2025-71380 - High (8.8)
The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71380/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-71380 - High (8.8)
The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71380/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T02:16:23.347000
2 posts
🟠 CVE-2025-71375 - High (8.1)
picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using _operator.methodcaller that evade detection and execute arbitr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71375/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-71375 - High (8.1)
picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using _operator.methodcaller that evade detection and execute arbitr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71375/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T02:16:23.220000
2 posts
🟠 CVE-2025-71373 - High (8.1)
picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-71373 - High (8.1)
picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T02:16:23.097000
2 posts
🟠 CVE-2025-71372 - High (8.1)
Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71372/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-71372 - High (8.1)
Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71372/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-04T02:16:22.063000
2 posts
🟠 CVE-2025-71356 - High (8.1)
picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71356/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-71356 - High (8.1)
picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71356/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:31:36
2 posts
🟠 CVE-2026-14605 - High (7.8)
A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1c_can.h of the component ls1c CAN Handler. Such manipulation leads to stack-based buff...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14605/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-14605 - High (7.8)
A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1c_can.h of the component ls1c CAN Handler. Such manipulation leads to stack-based buff...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14605/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T21:17:05.770000
2 posts
CVE-2026-58426 | CRITICAL in Gitea 1.22.0: Ambiguous HMAC signing enables cross-repo artifact reads & cross-task upload tampering. No patch available — restrict access, monitor activity. Details: https://radar.offseq.com/threat/cve-2026-58426-cwe-347-in-gitea-gitea-open-source--93937e1ae55d7b31 #OffSeq #CVE202658426 #Gitea #infosec
##CVE-2026-58426 | CRITICAL in Gitea 1.22.0: Ambiguous HMAC signing enables cross-repo artifact reads & cross-task upload tampering. No patch available — restrict access, monitor activity. Details: https://radar.offseq.com/threat/cve-2026-58426-cwe-347-in-gitea-gitea-open-source--93937e1ae55d7b31 #OffSeq #CVE202658426 #Gitea #infosec
##updated 2026-07-03T21:17:01.780000
1 posts
CVE-2026-57986 - Use After Free in Microsoft Edge. Unauthorized network RCE. CVSS 7.5. No patch available. Monitor closely. #CVE #MicrosoftEdge #infosec
##updated 2026-07-03T21:17:01.550000
1 posts
CVE-2026-57984 - Use After Free in Microsoft Edge. Unauthorized RCE over network. CVSS 7.5. No patch available. Mitigate now. #CVE #MicrosoftEdge #infosec
##updated 2026-07-03T20:16:52.237000
2 posts
🟠 CVE-2026-14606 - High (7.8)
A security flaw has been discovered in RT-Thread up to 5.0.2. Affected by this issue is the function CAN_Receive in the library bsp/synwit/libraries/SWM341_CSL/CMSIS/DeviceSupport/SWM341.h of the component SWM341 CAN Handler. Performing a manipula...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14606/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-14606 - High (7.8)
A security flaw has been discovered in RT-Thread up to 5.0.2. Affected by this issue is the function CAN_Receive in the library bsp/synwit/libraries/SWM341_CSL/CMSIS/DeviceSupport/SWM341.h of the component SWM341 CAN Handler. Performing a manipula...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14606/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T15:32:59
2 posts
9 repos
https://github.com/seguridadentrerios/CVE-2026-46331
https://github.com/g0thamRabb1t/cve-2026-46331-pedit-cow-auditd-detection
https://github.com/HORKimhab/CVE-2026-46331
https://github.com/0xBlackash/CVE-2026-46331
https://github.com/V0IDNETWORK/CVE-2026-46331
https://github.com/Quaerendir/cve-2026-46331-audit
https://github.com/vulnquest58/dirtyclone-exploit
Root-Zugriff ist möglich: Exploits zu CVE-2026-46331 (Linux-Kernel) wurden geleakt und betreffen u.a. Debian, Ubuntu & RHEL. Ein Patch ist teils schon drin, Updates fehlen aber noch nicht überall—Admins sollten schnell absichern. 🔧🚨 https://www.golem.de/news/root-zugriff-moeglich-exploits-fuer-gefaehrliche-luecke-im-linux-kernel-geleakt-2606-210283.html #Linux #Security #CVE #SysAdmin
##📢 CVE-2026-46331 ' pedit COW ' : élévation de privilèges root dans le noyau Linux
📝 ## 🔍 Contexte
Source : The Hacker News, publiée le 26 juin 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-06-29-cve-2026-46331-pedit-cow-elevation-de-privileges-root-dans-le-noyau-linux/
🌐 source : https://thehackernews.com/2026/06/new-linux-pedit-cow-exploit-enables.html
#CVE_2026_46331 #IOC #Cyberveille
updated 2026-07-03T15:31:59
2 posts
1 repos
https://github.com/dasokkk/CVE-2026-14459-14460-pardus-software
🟠 CVE-2026-14459 - High (8.8)
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.
This issue affects pardus-software: from <= ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14459/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-14459 - High (8.8)
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.
This issue affects pardus-software: from <= ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14459/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T15:16:32.720000
1 posts
CVE-2026-49815 - OS Command Injection in Dell PowerProtect Data Domain. CVSS 7.2. High-privilege remote attack. No patch available yet. Monitor and restrict access immediately. #CVE #Dell #infosec
##updated 2026-07-03T15:16:32.367000
2 posts
1 repos
https://github.com/dasokkk/CVE-2026-14459-14460-pardus-software
🟠 CVE-2026-14460 - High (8.8)
Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.
This issue affects pardus-software: from <= 1.0.4 before 1.0.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14460/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-14460 - High (8.8)
Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.
This issue affects pardus-software: from <= 1.0.4 before 1.0.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14460/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T12:31:51
3 posts
KongHQ mcp-konnect (<1.0.0) has a HIGH severity flaw (CVE-2026-13341, CVSS 7.4) allowing remote prompt injection with risk to confidentiality. No patch — monitor vendor updates. https://radar.offseq.com/threat/cve-2026-13341-cwe-20-improper-input-validation-in-a1d90aa86cfef676 #OffSeq #KongHQ #Infosec #Vulnerability
##CVE-2026-13341 - Unauthorized access in Kong Konnect MCP server. Indirect prompt injection could lead to unintended API requests. CVSS 7.4. No patch yet. Monitor and mitigate immediately. #CVE #Kong #infosec
##KongHQ mcp-konnect (<1.0.0) has a HIGH severity flaw (CVE-2026-13341, CVSS 7.4) allowing remote prompt injection with risk to confidentiality. No patch — monitor vendor updates. https://radar.offseq.com/threat/cve-2026-13341-cwe-20-improper-input-validation-in-a1d90aa86cfef676 #OffSeq #KongHQ #Infosec #Vulnerability
##updated 2026-07-03T09:31:35
2 posts
CVE-2026-14544: CRITICAL integer overflow in HPLIP (RHEL 10) enables remote code execution or privilege escalation via crafted print data 🖨️. Patch status not confirmed. Stay updated: https://radar.offseq.com/threat/cve-2026-14544-integer-overflow-or-wraparound-in-r-d57463ec7bf8b710 #OffSeq #CVE202614544 #LinuxSecurity
##CVE-2026-14544: CRITICAL integer overflow in HPLIP (RHEL 10) enables remote code execution or privilege escalation via crafted print data 🖨️. Patch status not confirmed. Stay updated: https://radar.offseq.com/threat/cve-2026-14544-integer-overflow-or-wraparound-in-r-d57463ec7bf8b710 #OffSeq #CVE202614544 #LinuxSecurity
##updated 2026-07-03T06:32:11
1 posts
CRITICAL: CVE-2026-9725 in Printcart Web to Print Product Designer for WooCommerce ≤2.5.2 enables unauthenticated file deletion via path traversal. No patch yet — restrict AJAX endpoints & monitor logs. https://radar.offseq.com/threat/cve-2026-9725-cwe-22-improper-limitation-of-a-path-a96c709af943903a #OffSeq #WordPress #CVE2026_9725 #PathTraversal
##updated 2026-07-03T04:17:51.457000
1 posts
🟠 CVE-2026-14432 - High (8.8)
Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14432/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T04:17:50.907000
1 posts
🟠 CVE-2026-14428 - High (8.3)
Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium sec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14428/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T04:17:50.543000
1 posts
🟠 CVE-2026-14426 - High (7.5)
Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T04:17:50.160000
1 posts
CVE-2026-14424: HIGH severity use-after-free in Chrome (Mac <150.0.7871.46) enables sandbox escape via crafted HTML. Update to 150.0.7871.46+ now. https://radar.offseq.com/threat/cve-2026-14424-use-after-free-in-google-chrome-1a17c58d72224f47 #OffSeq #Chrome #Infosec #Vuln
##updated 2026-07-03T04:17:49.127000
1 posts
🔴 CVE-2026-14420 - Critical (9.6)
Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14420/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T04:17:48.653000
1 posts
🔴 CVE-2026-14416 - Critical (9.6)
Out of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14416/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T04:17:44.787000
1 posts
CRITICAL use-after-free in Chrome ANGLE (CVE-2026-14398) enables remote sandbox escape via crafted HTML. Affected: versions before 150.0.7871.46. Patch ASAP! Details: https://radar.offseq.com/threat/cve-2026-14398-use-after-free-in-google-chrome-da42cd40eed38355 #OffSeq #Chrome #Vuln #CVE202614398
##updated 2026-07-03T00:31:57
2 posts
WatchGuard Firebox vulnerabilities include a critical unauthenticated RCE (CVE-2026-13368, CVSS 9.2) plus six more Fireware OS flaws. Patch now.
#WatchGuard #Firebox #CVE202613368 #FirewareOS #CyberSecurity
##CVE-2026-13368 (CRITICAL, CVSS 9.2): WatchGuard Fireware OS LDAP auth flaw in Mobile VPN with IKEv2 allows remote code execution (iked process). Disable affected configs or restrict access until patch. https://radar.offseq.com/threat/cve-2026-13368-cwe-416-use-after-free-in-watchguar-10bc07017e60512c #OffSeq #WatchGuard #CVE202613368 #Infosec
##updated 2026-07-03T00:31:57
1 posts
🟠 CVE-2026-54998 - High (8.8)
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-54998/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T00:31:53
1 posts
🔴 CVE-2026-45499 - Critical (9.9)
Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45499/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-03T00:16:52.270000
1 posts
1 repos
CVE-2026-13768: Gardyn Home Firmware (CRITICAL, CVSS 10) exposes a privileged iothubowner key, enabling attackers to control devices & move laterally on networks. No patch yet. Monitor and segment IoT devices. https://radar.offseq.com/threat/cve-2026-13768-cwe-798-in-gardyn-gardyn-home-firmw-08332214fc38f3ba #OffSeq #IoTSecurity #CVE202613768
##updated 2026-07-02T23:16:51.267000
1 posts
🔴 CVE-2026-57100 - Critical (9.9)
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-57100/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T23:16:50.867000
1 posts
CVE-2026-41106 - Critical open redirect in M365 Copilot. Unpatched. CVSS 9.3. Attackers can elevate privileges via URL redirection. Update immediately. #CVE #Microsoft #infosec
##updated 2026-07-02T21:33:17
1 posts
A public PoC is available for CVE-2026-57517, a critical CVSS 9.8 Control Web Panel SQLi flaw allowing unauthenticated remote code execution.
#CVE202657517 #ControlWebPanel #SQLInjection #CyberSecurity #Vulnerability
##updated 2026-07-02T21:16:57.080000
1 posts
🟠 CVE-2026-58460 - High (7.7)
react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted _display_name value containing dot-dot path comp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58460/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T20:38:51
1 posts
🔴 CVE-2026-52830 - Critical (9.4)
fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject pa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-52830/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T20:17:08.240000
1 posts
🔴 CVE-2026-59099 - Critical (9.1)
Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-59099/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T19:46:27.890000
1 posts
Google Patches Maximum-Severity RCE Vulnerability in Gemini CLI and GitHub Actions
Google patched a maximum-severity RCE vulnerability (CVE-2026-12537) in Gemini CLI and its GitHub Action that allowed attackers to execute host-level commands via malicious workspace configurations. The flaw exploited implicit trust in headless CI/CD environments to steal secrets and compromise build pipelines.
**If you use the Gemini CLI or its GitHub Action in your development pipelines, immediately upgrade to Gemini CLI version 0.39.1 (or 0.40.0-preview.3) and the run-gemini-cli action to version 0.1.22 to patch CVE-2026-12537. Only enable workspace trust for repositories you fully control. Review your automated workflows to make sure they never run shell commands on untrusted inputs.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-patches-maximum-severity-rce-vulnerability-in-gemini-cli-and-github-actions-c-g-6-4-g/gD2P6Ple2L
updated 2026-07-02T19:01:45.887000
1 posts
Seven Apache Tomcat vulnerabilities are patched, including an authentication bypass (CVE-2026-55957). Update to a fixed Tomcat release now.
#ApacheTomcat #Tomcat #CVE202655957 #AuthenticationBypass #JNDIRealm #WebServerSecurity #Vulnerability
##updated 2026-07-02T18:45:21.210000
2 posts
A WinRAR vulnerability (CVE-2026-14191) causes a heap overflow via crafted .rev recovery files. Update WinRAR and UnRAR to version 7.23 now.
#WinRAR #UnRAR #CVE202614191 #HeapOverflow #RAR5 #RARLAB #Vulnerability
##updated 2026-07-02T18:36:28
1 posts
🟠 CVE-2026-44941 - High (8.4)
A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44941/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T18:36:25
1 posts
🟠 CVE-2026-14430 - High (8.8)
Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14430/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T17:42:23.640000
1 posts
🔴 CVE-2026-58455 - Critical (9.8)
Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit() after an authentication redirect in loader.php combined with u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-58455/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T17:03:09.633000
2 posts
Multiple Langflow OSS vulnerabilities, including the critical CVE-2026-10134 flaw, expose servers to code execution. Patch immediately.
#Langflow #Vulnerabilities #CyberSecurity #CVE202610134 #InfoSec
##Multiple Langflow OSS vulnerabilities, including the critical CVE-2026-10134 flaw, expose servers to code execution. Patch immediately.
#Langflow #Vulnerabilities #CyberSecurity #CVE202610134 #InfoSec
##updated 2026-07-02T16:54:47.880000
1 posts
🟠 CVE-2026-55112 - High (7.5)
A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-55112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T16:54:47.880000
1 posts
🟠 CVE-2026-56842 - High (7.5)
A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56842/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T15:32:20
1 posts
🔴 CVE-2026-56004 - Critical (10)
A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a _service file to execute code as the source service or the local user checking out the malicious se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56004/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T15:32:20
1 posts
🟠 CVE-2026-56841 - High (8.8)
A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56841/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T15:32:20
1 posts
@cR0w ../ spotted!
Summary 7 of 25
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances.
CVE-2026-54403
##updated 2026-07-02T15:32:20
1 posts
1 repos
CVE-2026-5524: Divi Form Builder <=5.1.8 has a CRITICAL file upload vuln (CVSS 9.8). Unauth RCE possible via PHP extensions not blocked by .htaccess, esp. on Nginx. Restrict uploads, monitor for patch. https://radar.offseq.com/threat/cve-2026-5524-cwe-434-unrestricted-upload-of-file--ef397843e92862b0 #OffSeq #WordPress #Infosec #CVE2026_5524
##updated 2026-07-02T15:26:24
1 posts
CVE-2026-50027: mcp-memory-service (<10.67.1) has a CRITICAL auth bypass in /api/documents/* 🚨. Unauthenticated attackers can read, write, delete memory data. Restrict access or disable endpoints until fixed. https://radar.offseq.com/threat/ghsa-84hp-mqvj-3p8h-mcp-memory-service-missing-aut-09a7b270b55ce238 #OffSeq #CVE202650027 #APIsecurity
##updated 2026-07-02T14:37:48.377000
2 posts
🧩 Runzero warnt: Eine KI-gestützte Suche fand eine gefährliche Lücke im FatFs-Treiber. Schon das Anschließen eines USB-Sticks soll genügen, um über CVE-2026-6682 (CVSS 7,6) Schadcode einzuschleusen. Patch derzeit unklar. Angriff auch via manipulierte OTA-Updates möglich. 🔥
https://www.golem.de/news/angriff-per-usb-stick-ki-findet-gefaehrliche-luecke-in-populaerem-fatfs-treiber-2607-210484.html
#Security #IoT #Embedded #USB #CVE #Vulnerability
🧩 Runzero warnt: Eine KI-gestützte Suche fand eine gefährliche Lücke im FatFs-Treiber. Schon das Anschließen eines USB-Sticks soll genügen, um über CVE-2026-6682 (CVSS 7,6) Schadcode einzuschleusen. Patch derzeit unklar. Angriff auch via manipulierte OTA-Updates möglich. 🔥
https://www.golem.de/news/angriff-per-usb-stick-ki-findet-gefaehrliche-luecke-in-populaerem-fatfs-treiber-2607-210484.html
#Security #IoT #Embedded #USB #CVE #Vulnerability
updated 2026-07-02T12:31:09
1 posts
CVE-2026-57683: CRITICAL SQL injection (CVSS 9.3) in Epsiloncool WP Fast Total Search ≤1.80.280 enables unauthenticated exploitation. Patch pending — monitor for fixes and restrict access. https://radar.offseq.com/threat/cve-2026-57683-cwe-89-improper-neutralization-of-s-608880638f90634f #OffSeq #WordPress #Infosec #Vuln
##updated 2026-07-02T12:17:20.070000
4 posts
8 repos
https://github.com/mooder1/dirtyclone-CVE-2026-43503
https://github.com/entra1337/DirtyClone
https://github.com/aexdyhaxor/CVE-2026-43503-DirtyClone
https://github.com/sec0x/CVE-2026-43503
https://github.com/gl1tch0x1/DirtyClone
https://github.com/0xBlackash/CVE-2026-43503
Dissecting and Exploiting Linux LPE Variant: DirtyClone (CVE-2026-43503) - JFrog Security Research #devopsish https://research.jfrog.com/post/dissecting-and-exploiting-linux-lpe-variant-dirtyclone-cve-2026-43503/
##DirtyClone Vulnerability Grants Root Access via Linux Kernel Networking Stack
JFrog researchers report DirtyClone (CVE-2026-43503), a high-severity Linux kernel vulnerability that allows local users to gain root privileges by corrupting the system page cache through the networking stack. It's a major risk to multi-tenant cloud and containerized environments.
**Patch your Linux kernel right away: update to your distribution's fixed version (for example, Ubuntu 24.04 needs 6.8.0-124.124 or later) and then reboot, because a patched-but-unrebooted machine is still vulnerable. Confirm with `uname -r`. If you can't patch immediately, reduce the risk by setting `kernel.unprivileged_userns_clone=0` to block the privilege path this attack relies on.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/dirtyclone-vulnerability-grants-root-access-via-linux-kernel-networking-stack-l-r-2-m-8/gD2P6Ple2L
🚨 DirtyClone (CVE-2026-43503)
In the Linux kernel, the following vulnerability has been resolved:
net: skbuff: propagate shared-frag marker through frag-transfer helpers
ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/updates/9a1828d5-6607-419b-b475-622a6c135aae/dirtyclone-vulnerability
#nttdata #zen #secdb
#infosec #dirtyclone #linux #lpe #cve202643503
‼️ CVE-2026-43503: Python PoC for DirtyClone, a Linux kernel LPE via page-cache corruption exploit
##updated 2026-07-02T05:16:26.800000
1 posts
For the second time in a row, a post by cr0w on Mastodon regarding the Chrome release blog appearing to not render anything resulted in me firing up lynx to show a sub-second load and render, then finally doing something a bit more tangible about the situation.
The Google Blogger pages load an ancient copy of jQuery (1.11.3, from 2015) synchronously in the <head>, alongside a 53KB widgets.js Blogger framework. Then, posts like this one — https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html — stuff 433 CVE entries into the DOM — 670KB of HTML, 5,045 nodes. The Blogger WidgetManager processes all of that against the DOM using jQuery’s notoriously slow selector engine, and the main thread stays locked for 81 seconds. Nothing else runs. Not even the HTTP request for the DoubleClick tracking pixel queued behind it (because ofc there’s a DoubleClick tracking pixel).
The Safari Navigation Timing API numbers make it embarrassingly concrete:
responseEnd: 143msdomInteractive: 231msdomContentLoaded: 81,280msThat’s 81 seconds between “DOM is ready” and “page is loaded.” All burning prescious CPU cycles with zero network activity during that window.
This is the second time I’ve felt compelled to dig into this particular mess. The Chrome Releases page is a real/tangible operational resource — security teams, vulnerability managers, and researchers (somewhat, at least) depend on it for CVE data. When it’s broken, it creates a bottleneck for people who have real jobs to do.
The 433 CVE entries choking the page are exactly what people came to read. But they’re baked into the HTML as rendered text, not exposed as structured data anywhere. So even when the page eventually loads, you’re still scraping HTML to get at anything useful.
unjam solves that problem. It’s a small CLI that connects to a Blogger page and extracts structured data — both the widget configuration from the _WidgetManager._SetDataContext inline script and the CVE entries from Chrome Release posts — without touching a browser at all.
It’s a single Deno binary for macOS, Linux, and Windows. No dependencies, no configuration overhead, just download and run:
unjam --cve https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html
[
{
"issueId": "506558270",
"issueUrl": "https://issues.chromium.org/issues/506558270",
"severity": "Critical",
"cveId": "CVE-2026-13774",
"description": "Use after free in Extensions.",
"reporter": "Google",
"reportedOn": "2026-04-26"
},
{
"issueId": "511766407",
"issueUrl": "https://issues.chromium.org/issues/511766407",
"severity": "Critical",
"cveId": "CVE-2026-13775",
"description": "Use after free in GPU.",
"reporter": "Google",
"reportedOn": "2026-05-10"
},
…
]
Getting CVE data from one of these posts used to mean waiting 81 seconds for a browser tab to finish wrestling with jQuery, then hand-scraping HTML. Now it takes about a second and returns clean JSON. The --cve flag parses each entry into structured fields — CVE ID, severity, description, issue tracker URL, reporter, and date reported — ready to pipe into jq, load into a database, or feed into whatever vulnerability management pipeline you’re running.
The tool also handles the general case: any Blogger page carrying the _WidgetManager._SetDataContext inline script can be unwedged with the default mode, which converts the JavaScript object literal into proper JSON. That turned out to be useful enough to bake in as default functionality.
The project’s at https://git.sr.ht/~hrbrmstr/unjam and has pre-built binaries for popular platforms.
I don’t expect this page to stay broken forever…I mean, someone at Google will eventually update the template (right, Anakin? right? Anakin?), and may even quietly drop the DoubleClick pixel (LOL) — but until then, unjam fills the gap cleanly.
updated 2026-07-02T03:32:33
1 posts
🟠 CVE-2026-14431 - High (8.8)
Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14431/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T00:31:50
1 posts
CVE-2026-14423: Type confusion in Chrome (pre-150.0.7871.46) enables sandbox escape via crafted HTML. HIGH severity — update Chrome ASAP to patch. Details: https://radar.offseq.com/threat/cve-2026-14423-type-confusion-in-google-chrome-ebdcbaa0782002d1 #OffSeq #Chrome #Vuln #BrowserSecurity
##updated 2026-07-02T00:31:50
2 posts
Use-after-free in Chrome’s ANGLE (CVE-2026-14425, HIGH) allows remote sandbox escape via crafted HTML in versions before 150.0.7871.46. Patch status unclear — update Chrome past this version. More: https://radar.offseq.com/threat/cve-2026-14425-use-after-free-in-google-chrome-d16c7cab93365fc8 #OffSeq #Chrome #Vuln #Infosec
##🔴 CVE-2026-14425 - Critical (9.6)
Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14425/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T00:31:50
2 posts
CVE-2026-14417: CRITICAL use-after-free in Chrome’s Dawn (pre-150.0.7871.46). Remote attackers can potentially escape the sandbox — patch ASAP. Details: https://radar.offseq.com/threat/cve-2026-14417-use-after-free-in-google-chrome-b3887b8e713f2d29 #OffSeq #Chrome #CVE202614417 #Infosec
##🔴 CVE-2026-14417 - Critical (9.6)
Use after free in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14417/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T00:31:50
1 posts
🟠 CVE-2026-14429 - High (8.3)
Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security sever...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14429/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T00:31:50
1 posts
🟠 CVE-2026-14427 - High (8.3)
Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14427/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-02T00:31:50
1 posts
CVE-2026-14439: CRITICAL path traversal in Altium Enterprise Server & Altium 365 Git Service. Authenticated users can achieve RCE & cross-tenant data access. Upgrade Altium Server to v8.1.1; cloud already remediated. https://radar.offseq.com/threat/cve-2026-14439-cwe-22-improper-limitation-of-a-pat-19675f7d579c103e #OffSeq #CVE202614439 #infosec #remediation
##updated 2026-07-02T00:31:49
1 posts
CVE-2026-14390: Use-after-free in Chrome ANGLE (High severity, ≤150.0.7871.45) can enable sandbox escape via crafted HTML. Update to 150.0.7871.46+ to mitigate. No active exploits reported. https://radar.offseq.com/threat/cve-2026-14390-use-after-free-in-google-chrome-7f7b248bc3c84ce8 #OffSeq #GoogleChrome #Infosec #Vulnerability
##updated 2026-07-02T00:31:49
2 posts
🔴 CVE-2026-14419 - Critical (9.6)
Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-14419/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-14419: CRITICAL use-after-free in Chrome <150.0.7871.46 (Skia) enables remote sandbox escape via crafted HTML. Patch immediately to prevent code execution outside the browser. https://radar.offseq.com/threat/cve-2026-14419-use-after-free-in-google-chrome-0ddc404b4a28d10f #OffSeq #Chrome #CVE202614419 #Infosec
##updated 2026-07-01T21:36:16
1 posts
Apache HttpComponents Core vulnerabilities CVE-2026-54399 and CVE-2026-54428 allow remote denial of service through memory exhaustion. Upgrade now.
##updated 2026-07-01T21:35:53
11 posts
3 repos
https://github.com/jenniferreire26/CVE-2026-45659
https://github.com/HORKimhab/CVE-2026-45659
https://github.com/mistbarbarianspot/CVE-2026-45659-SharePoint-RCE
📢 CISA ajoute CVE-2026-45659 au KEV : RCE activement exploitée dans SharePoint Server
📝 ## 📰 Contexte
Source : SOCRadar, publié le 2 juillet 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-07-03-cisa-ajoute-cve-2026-45659-au-kev-rce-activement-exploitee-dans-sharepoint-server/
🌐 source : https://socradar.io/blog/cisa-sharepoint-rce-cve-2026-45659/
#CISA_KEV #CVE_2026_45659 #Cyberveille
OpenAI voluntarily limited new AI models at government request on July 2. Cybersecurity threats remain high with critical Citrix Bleed 2 (CVE-2025-5777) and Microsoft SharePoint RCE (CVE-2026-45659) vulnerabilities being actively exploited, as reported on July 2-3. Google, in collaboration with the FBI, disrupted NetNut, a major residential proxy network spanning 2 million devices. Geopolitically, Iran issued warnings to ships regarding unapproved routes in the Strait of Hormuz on July 3.
##📰 CISA Adds Actively Exploited SharePoint RCE Flaw to KEV Catalog, Mandates Urgent Patching
⚠️ CISA adds high-severity SharePoint RCE flaw (CVE-2026-45659) to its KEV catalog due to active exploitation! Authenticated attackers can execute code. Federal agencies must patch by July 4. #SharePoint #CyberSecurity #PatchNow
🌐 cyber[.]netsecops[.]io
##CISA Reports Active Exploitation of SharePoint RCE Flaw
CISA warned that attackers are exploiting a high-severity SharePoint vulnerability (CVE-2026-45659) that allows authenticated users to run arbitrary code.
**If you run on-premises Microsoft SharePoint Server (Subscription Edition, 2019, or 2016), this is urgent. Your Sharepoint is under attack. Apply Microsoft's security update for CVE-2026-45659 immediately. Prioritize any internet-facing SharePoint instances first, and confirm every server is updated to the latest secure version. If possible, isolate SharePoint from the Internet.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-sharepoint-rce-flaw-a-p-5-o-0/gD2P6Ple2L
OpenAI voluntarily limited new AI models at government request on July 2. Cybersecurity threats remain high with critical Citrix Bleed 2 (CVE-2025-5777) and Microsoft SharePoint RCE (CVE-2026-45659) vulnerabilities being actively exploited, as reported on July 2-3. Google, in collaboration with the FBI, disrupted NetNut, a major residential proxy network spanning 2 million devices. Geopolitically, Iran issued warnings to ships regarding unapproved routes in the Strait of Hormuz on July 3.
##CISA Reports Active Exploitation of SharePoint RCE Flaw
CISA warned that attackers are exploiting a high-severity SharePoint vulnerability (CVE-2026-45659) that allows authenticated users to run arbitrary code.
**If you run on-premises Microsoft SharePoint Server (Subscription Edition, 2019, or 2016), this is urgent. Your Sharepoint is under attack. Apply Microsoft's security update for CVE-2026-45659 immediately. Prioritize any internet-facing SharePoint instances first, and confirm every server is updated to the latest secure version. If possible, isolate SharePoint from the Internet.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-sharepoint-rce-flaw-a-p-5-o-0/gD2P6Ple2L
https://thecybersecguru.com/news/hsin-breach-dhs-sharepoint-hack/
##C-Suite Alert: CVE-2026-45659 is actively exploited. CISA BOD 26-04 mandates immediate action. Is your organization compliant? My executive briefing provides the risk assessment and strategic roadmap to secure your SharePoint assets and mitigate enterprise liability. https://thecybermind.co/x3h5
#Governance #InfoSec #SharePoint
CISA flags an actively exploited SharePoint vulnerability (CVE-2026-45659) enabling remote code execution. Patch SharePoint Server 2016 now.
#SharePoint #Microsoft #CVE202645659 #CISAKEV #RCE #ExploitedInTheWild #Vulnerability
##🚨 [CISA-2026:0701] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0701)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-45659 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-45659)
- Name: Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: SharePoint Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-45659
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260701 #cisa20260701 #cve_2026_45659 #cve202645659
##CVE ID: CVE-2026-45659
Vendor: Microsoft
Product: SharePoint Server
Date Added: 2026-07-01
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-45659
updated 2026-07-01T20:45:42
1 posts
🔴 CVE-2026-44935 - Critical (9.9)
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other ten...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44935/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-07-01T19:59:44.537000
1 posts
CVE-2026-10539: CRITICAL auth bypass in BMC Control-M/Server (v9.0.20 – 9.0.21.200). Unauthenticated attackers can execute commands. Patch status unconfirmed — monitor vendor. https://radar.offseq.com/threat/cve-2026-10539-cwe-305-authentication-bypass-by-pr-1a4c43a69f0e2740 #OffSeq #CVE202610539 #infosec #vuln
##updated 2026-07-01T18:31:59
1 posts
Cisco fixes a Cisco Catalyst Center vulnerability (CVE-2026-20191, CVSS 7.5) and seven ClamAV vulnerabilities causing DoS in Secure Endpoint Connectors.
##updated 2026-07-01T18:31:55
2 posts
Recent NVIDIA security updates address critical vulnerabilities, including CVE-2025-23351. Apply patches to secure your ConnectX and BlueField devices.
##Broadcom has a long list of advisories for a bunch of vulnerabilities, included critical and high-severity holes https://support.broadcom.com/web/ecx/security-advisory
CISA:
Several industrial vulnerabilities have been added https://www.cisa.gov/
Cisco:
Econolite has been tagged for zero-day reports https://talosintelligence.com/vulnerability_info @TalosSecurity
Dell:
- CRITICAL: Security Update for Dell Encryption for Multiple libexpat Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000475690/dsa-2026-268
Two others:
Nvidia:
There are several advisories today, three of them critical:
CRITICAL:
- CVE-2026-24270: NVIDIA AIStore Framework - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5849
- CVE-2025-23351, CVE-2025-23350: NVIDIA Networking BlueField and ConnectX - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5699
- NVIDIA Megatron Bridge - June 2026, affecting multiple CVEs https://nvidia.custhelp.com/app/answers/detail/a_id/5841
More: https://www.nvidia.com/en-us/product-security/
Yesterday:
Apple:
Several security updates: https://support.apple.com/en-us/100100 #infosec #vulnerability #Apple #Nvidia #Dell #Cisco #CISA #Broadcom
##updated 2026-07-01T18:31:55
1 posts
Broadcom has a long list of advisories for a bunch of vulnerabilities, included critical and high-severity holes https://support.broadcom.com/web/ecx/security-advisory
CISA:
Several industrial vulnerabilities have been added https://www.cisa.gov/
Cisco:
Econolite has been tagged for zero-day reports https://talosintelligence.com/vulnerability_info @TalosSecurity
Dell:
- CRITICAL: Security Update for Dell Encryption for Multiple libexpat Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000475690/dsa-2026-268
Two others:
Nvidia:
There are several advisories today, three of them critical:
CRITICAL:
- CVE-2026-24270: NVIDIA AIStore Framework - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5849
- CVE-2025-23351, CVE-2025-23350: NVIDIA Networking BlueField and ConnectX - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5699
- NVIDIA Megatron Bridge - June 2026, affecting multiple CVEs https://nvidia.custhelp.com/app/answers/detail/a_id/5841
More: https://www.nvidia.com/en-us/product-security/
Yesterday:
Apple:
Several security updates: https://support.apple.com/en-us/100100 #infosec #vulnerability #Apple #Nvidia #Dell #Cisco #CISA #Broadcom
##updated 2026-07-01T18:31:55
1 posts
Broadcom has a long list of advisories for a bunch of vulnerabilities, included critical and high-severity holes https://support.broadcom.com/web/ecx/security-advisory
CISA:
Several industrial vulnerabilities have been added https://www.cisa.gov/
Cisco:
Econolite has been tagged for zero-day reports https://talosintelligence.com/vulnerability_info @TalosSecurity
Dell:
- CRITICAL: Security Update for Dell Encryption for Multiple libexpat Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000475690/dsa-2026-268
Two others:
Nvidia:
There are several advisories today, three of them critical:
CRITICAL:
- CVE-2026-24270: NVIDIA AIStore Framework - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5849
- CVE-2025-23351, CVE-2025-23350: NVIDIA Networking BlueField and ConnectX - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5699
- NVIDIA Megatron Bridge - June 2026, affecting multiple CVEs https://nvidia.custhelp.com/app/answers/detail/a_id/5841
More: https://www.nvidia.com/en-us/product-security/
Yesterday:
Apple:
Several security updates: https://support.apple.com/en-us/100100 #infosec #vulnerability #Apple #Nvidia #Dell #Cisco #CISA #Broadcom
##updated 2026-07-01T18:31:27
1 posts
For the second time in a row, a post by cr0w on Mastodon regarding the Chrome release blog appearing to not render anything resulted in me firing up lynx to show a sub-second load and render, then finally doing something a bit more tangible about the situation.
The Google Blogger pages load an ancient copy of jQuery (1.11.3, from 2015) synchronously in the <head>, alongside a 53KB widgets.js Blogger framework. Then, posts like this one — https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html — stuff 433 CVE entries into the DOM — 670KB of HTML, 5,045 nodes. The Blogger WidgetManager processes all of that against the DOM using jQuery’s notoriously slow selector engine, and the main thread stays locked for 81 seconds. Nothing else runs. Not even the HTTP request for the DoubleClick tracking pixel queued behind it (because ofc there’s a DoubleClick tracking pixel).
The Safari Navigation Timing API numbers make it embarrassingly concrete:
responseEnd: 143msdomInteractive: 231msdomContentLoaded: 81,280msThat’s 81 seconds between “DOM is ready” and “page is loaded.” All burning prescious CPU cycles with zero network activity during that window.
This is the second time I’ve felt compelled to dig into this particular mess. The Chrome Releases page is a real/tangible operational resource — security teams, vulnerability managers, and researchers (somewhat, at least) depend on it for CVE data. When it’s broken, it creates a bottleneck for people who have real jobs to do.
The 433 CVE entries choking the page are exactly what people came to read. But they’re baked into the HTML as rendered text, not exposed as structured data anywhere. So even when the page eventually loads, you’re still scraping HTML to get at anything useful.
unjam solves that problem. It’s a small CLI that connects to a Blogger page and extracts structured data — both the widget configuration from the _WidgetManager._SetDataContext inline script and the CVE entries from Chrome Release posts — without touching a browser at all.
It’s a single Deno binary for macOS, Linux, and Windows. No dependencies, no configuration overhead, just download and run:
unjam --cve https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html
[
{
"issueId": "506558270",
"issueUrl": "https://issues.chromium.org/issues/506558270",
"severity": "Critical",
"cveId": "CVE-2026-13774",
"description": "Use after free in Extensions.",
"reporter": "Google",
"reportedOn": "2026-04-26"
},
{
"issueId": "511766407",
"issueUrl": "https://issues.chromium.org/issues/511766407",
"severity": "Critical",
"cveId": "CVE-2026-13775",
"description": "Use after free in GPU.",
"reporter": "Google",
"reportedOn": "2026-05-10"
},
…
]
Getting CVE data from one of these posts used to mean waiting 81 seconds for a browser tab to finish wrestling with jQuery, then hand-scraping HTML. Now it takes about a second and returns clean JSON. The --cve flag parses each entry into structured fields — CVE ID, severity, description, issue tracker URL, reporter, and date reported — ready to pipe into jq, load into a database, or feed into whatever vulnerability management pipeline you’re running.
The tool also handles the general case: any Blogger page carrying the _WidgetManager._SetDataContext inline script can be unwedged with the default mode, which converts the JavaScript object literal into proper JSON. That turned out to be useful enough to bake in as default functionality.
The project’s at https://git.sr.ht/~hrbrmstr/unjam and has pre-built binaries for popular platforms.
I don’t expect this page to stay broken forever…I mean, someone at Google will eventually update the template (right, Anakin? right? Anakin?), and may even quietly drop the DoubleClick pixel (LOL) — but until then, unjam fills the gap cleanly.
updated 2026-07-01T18:31:24
8 posts
4 repos
https://github.com/0xBlackash/CVE-2026-8451
https://github.com/watchtowrlabs/watchTowr-vs-Netscaler-CVE-2026-8451
📰 CitrixBleed-Like Flaw (CVE-2026-8451) Exploited Within 24 Hours
New CitrixBleed-like flaw CVE-2026-8451 in NetScaler is being exploited in the wild less than 24 hours after disclosure! The bug can leak sensitive memory. Patch and terminate all sessions NOW. 🚨 #Citrix #NetScaler #CyberSecurity #CVE
🌐 cyber[.]netsecops[.]io
##Citrix NetScaler vulnerability CVE-2026-8451 is exploited in the wild after a public PoC exposed a pre-auth memory overread. Patch now.
##CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451) https://labs.watchtowr.com/citrixbleed-to-infinity-and-beyond-citrix-netscaler-pre-auth-memory-overread-cve-2026-8451/ #bot #cybersecurity #infosec
##Citrix has patched a series of bugs this week, including another CitrixBleed-like vulnerability that can allow remote attackers to leak a device's memory and find goodies inside, such as auth or config data.
This impacts NetScaler ADC devices.
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604
##‼️ CVE-2026-8451: Citrix Netscaler overread Detection Artifact Generator Tool
GitHub: https://github.com/watchtowrlabs/watchTowr-vs-Netscaler-CVE-2026-8451
Full writeup: https://labs.watchtowr.com/citrixbleed-to-infinity-and-beyond-citrix-netscaler-pre-auth-memory-overread-cve-2026-8451/
CVE-2026-8451 is a NetScaler ADC and NetScaler Gateway memory overread flaw caused by insufficient input validation, affecting appliances configured as a SAML Identity Provider.
The risk is sensitive memory disclosure, with researchers showing NetScaler can be tricked into returning process memory that should never leave the appliance.
##mum: what impact did you have on the cybersecurity industry?
me: LOGOS
if you have SAML IDP enabled on Netscaler, you want to patch CVE-2026-8451 https://labs.watchtowr.com/citrixbleed-to-infinity-and-beyond-citrix-netscaler-pre-auth-memory-overread-cve-2026-8451
This is already being exploited in the wild, one of my honeypots got MFA bypassed with it.
Edit: actually looking at it it looks like the honeypot got owned via a different vuln but you should probably patch this too.
##CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451) - watchTowr Labs https://labs.watchtowr.com/citrixbleed-to-infinity-and-beyond-citrix-netscaler-pre-auth-memory-overread-cve-2026-8451/
##Six NetScaler vulnerabilities allow denial of service, memory overreads, and an unauthenticated file read. Patch NetScaler ADC and Gateway now.
#NetScaler #NetScalerADC #NetScalerGateway #Citrix #CVE20268451 #DenialOfService #Vulnerability
##updated 2026-07-01T18:17:31.553000
2 posts
Five DCMTK vulnerabilities hit the DICOM toolkit, including a CVSS 9.8 path traversal file write (CVE-2026-50003). Update DCMTK now.
#DCMTK #DICOM #PathTraversal #CVE202650003 #MedicalImaging #ICS #Vulnerability
##Five DCMTK vulnerabilities hit the DICOM toolkit, including a CVSS 9.8 path traversal file write (CVE-2026-50003). Update DCMTK now.
#DCMTK #DICOM #PathTraversal #CVE202650003 #MedicalImaging #ICS #Vulnerability
##updated 2026-07-01T18:17:31.553000
1 posts
StoneFly Storage Concentrator (SC & SCVM) faces a CRITICAL vulnerability (CVE-2026-50110): hardcoded, encoded credentials allow potential access to databases & internal services. No patch yet — restrict config file access, increase monitoring. https://radar.offseq.com/threat/cve-2026-50110-cwe-798-use-of-hard-coded-credentia-ae0ab8c00c52fe63 #OffSeq #CVE #infosec
##updated 2026-07-01T18:16:34.317000
1 posts
Apache HttpComponents Core vulnerabilities CVE-2026-54399 and CVE-2026-54428 allow remote denial of service through memory exhaustion. Upgrade now.
##updated 2026-07-01T18:16:32.993000
1 posts
CRITICAL vulnerabilities patched in Adobe ColdFusion (2025/2023) & Campaign Classic (7.4.3 build 9397). Multiple CVSS 10.0 flaws incl. CVE-2026-48286, CVE-2026-48276 – 83. No active exploits, but patch ASAP. https://radar.offseq.com/threat/adobe-patches-critical-coldfusion-campaign-classic-baee08e7ac9d8888 #OffSeq #Adobe #ColdFusion #Vuln
##updated 2026-07-01T15:16:23.077000
3 posts
@Andres4NY@social.ridetrans.it https://nvd.nist.gov/vuln/detail/CVE-2025-15666
Congrats to anyone who ever wondered if ‘ass imp’ would show up on a .gov site, I guess.
@aud *stares in CVE-2025-15666*
##@aud *stares in CVE-2025-15666*
##updated 2026-07-01T14:02:24.450000
1 posts
A GNU gzip vulnerability (CVE-2026-41991) lets a local attacker overwrite files through a gzexe symlink attack. Update to the patched gzip release now.
#GNUgzip #gzip #CVE202641991 #CVE202641992 #gzexe #LinuxSecurity #Vulnerability
##updated 2026-07-01T13:56:17.493000
1 posts
CVE-2026-6070: WP-BusinessDirectory plugin (≤4.0.1) has a CRITICAL unauthenticated file deletion flaw (CVSS 9.1). Attackers can delete wp-config.php via path traversal. Restrict endpoint & monitor logs until patched. https://radar.offseq.com/threat/cve-2026-6070-cwe-73-external-control-of-file-name-ae3a571ee4bae8b5 #OffSeq #WordPress #CVE20266070 #infosec
##updated 2026-07-01T09:30:33
1 posts
1 repos
CVE-2026-11387 | SMS Alert – SMS & OTP for WooCommerce <=3.9.5 has a CRITICAL auth flaw (CVSS 9.8): Unauth attackers can take over any WP account if OTP resets & phone numbers are enabled. Disable OTP resets ASAP. https://radar.offseq.com/threat/cve-2026-11387-cwe-287-improper-authentication-in--cb792a6868247a84 #OffSeq #WordPress #Infosec
##updated 2026-07-01T06:31:41
1 posts
Two UltraVNC repeater vulnerabilities enable arbitrary code execution (CVE-2026-7840) plus admin access via a hardcoded password. Update now.
#UltraVNC #RemoteAccess #CVE20267839 #CVE20267840 #ArbitraryCodeExecution #BufferOverflow #Vulnerability
##updated 2026-07-01T05:16:22.513000
5 posts
3 repos
https://github.com/xd20111/CVE-2026-55200
No, the libssh2 vulnerability CVE-2026-55200 isn't end of the world.
1. You need to defeat ASLR to successfully exploit it. The PoC works only when you disable ASLR. In most realistic use cases you need additional off-band infoleak from the app using libssh2.
2. You also must somehow convince the victim to connect to your malicious server, OR compromise some existing server to perform the attack.
Calling this a "CRITICAL VULNERABILITY" is dumb.
##@bascule libssh2 was the most concerning dependency needed to add cargo to Ubuntu main (lp#1991650).
In 2018 @chrisccoulson reported CVE-2019-3855 through -3863. CVE-2019-3855 is the same bug as today's: a server-controlled packet_length with no upper bound, overflowing the transport read. 1.8.1 added a bounds check. CVE-2026-55200 is the same check missing 7 years later, on the chacha20-poly1305 path. That path is post-KEX, so at least host-key verification gates it (unlike 3855).
##🚨 Critical update: A proof-of-concept exploit has been released for a libssh2 vulnerability (CVE-2026-55200, CVSS 9.8). Attackers can abuse oversized SSH “packet_length” to corrupt heap memory. 📌 Patch status varies—check updates now: https://www.heise.de/en/news/Critical-libssh2-vulnerability-Proof-of-concept-exploit-released-11347906.html #CyberSecurity #Vulnerability #libssh2 #CVE
##🚨 Kritische libssh2-Lücke: Ein Proof-of-Concept-Exploit wurde veröffentlicht. Ursache: fehlende Begrenzung von „packet_length“ in ssh2_transport_read()—Angreifer können manipulierte SSH-Pakete senden und Speicher auf dem Heap durcheinanderbringen (CVE-2026-55200, CVSS 9.8). Update prüfen: https://www.heise.de/news/Kritische-libssh2-Luecke-Proof-of-Concept-Exploit-veroeffentlicht-11347855.html 🔐 #CyberSecurity #Vulnerability #CVE #SSH #libssh2
##Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw https://thehackernews.com/2026/06/public-poc-released-for-critical.html
##updated 2026-06-30T21:31:44
1 posts
A critical IBM Db2 RCE flaw (CVE-2026-10109) allows pre-auth code execution. IBM patched it plus two other Db2 bugs. Update 11.5 and 12.1 now.
##updated 2026-06-30T20:10:25.837000
1 posts
CVE-2026-12243: NLTK 3.9.4 suffers from a HIGH severity path traversal bug — percent-encoded sequences like ..%2f bypass directory checks, allowing arbitrary file reads in NLP apps/Jupyter/CLI. Audit usages & restrict resource loading. https://radar.offseq.com/threat/cve-2026-12243-cwe-22-improper-limitation-of-a-pat-3eae11979fc43a41 #OffSeq #NLTK #Python
##updated 2026-06-30T18:31:42
1 posts
A critical CVSS 10 ColdFusion arbitrary code execution flaw (CVE-2026-48282) is actively exploited in the wild. Update immediately to prevent attacks.
#ColdFusion #CVE202648282 #CyberSecurity #Vulnerability #Infosec
##updated 2026-06-30T18:31:37
1 posts
CRITICAL vulnerabilities patched in Adobe ColdFusion (2025/2023) & Campaign Classic (7.4.3 build 9397). Multiple CVSS 10.0 flaws incl. CVE-2026-48286, CVE-2026-48276 – 83. No active exploits, but patch ASAP. https://radar.offseq.com/threat/adobe-patches-critical-coldfusion-campaign-classic-baee08e7ac9d8888 #OffSeq #Adobe #ColdFusion #Vuln
##updated 2026-06-30T18:20:39
1 posts
CVE-2026-50566 (CRITICAL): Fission <1.24.0 allows SecurityContext bypass, letting attackers with Environment CRD access create privileged pods — risking container escape & cluster takeover. Patch to 1.24.0 & tighten RBAC. https://radar.offseq.com/threat/ghsa-m63v-2g9w-2w6v-fission-environment-runtimecon-e24c700c3e6ffd6e #OffSeq #Kubernetes #InfoSec
##updated 2026-06-30T18:19:33
1 posts
CVE-2026-50564 (CRITICAL): Fission <1.24.0 lets CRD users deploy privileged pods via unfiltered podSpec, leading to node escape & full compromise. Patch to v1.24.0. Restrict permissions if upgrade not possible. https://radar.offseq.com/threat/ghsa-gx55-f84r-v3r7-fission-environment-crd-podspe-d60bd0900af19d2d #OffSeq #Kubernetes #CVE202650564 #CloudSec
##updated 2026-06-30T15:30:45
1 posts
Nine Apache ActiveMQ vulnerabilities allow denial of service and a temporary destination takeover (CVE-2026-54475). Upgrade to 6.2.7 now.
#ApacheActiveMQ #ActiveMQ #CVE202654475 #DenialOfService #OpenWire #STOMP #MessageBroker #Vulnerability
##updated 2026-06-30T15:30:32
8 posts
1 repos
⚠️ CRITICAL: Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts
A critical pre-auth RCE vulnerability (CVE-2026-8037, CVSS 9.6) in Progress Kemp LoadMaster is actively being exploited. The flaw allows unauthenticated attackers to execute arbitrary OS commands via the /accessv2 API endpoint. Any organization running Kemp LoadMaster is at immediate risk.
##Progress Kemp LoadMaster Vulnerability Actively Exploited
Progress Software's Kemp LoadMaster is reportedly actively attacked following the release of a proof-of-concept for a remote code execution flaw (CVE-2026-8037).
**This is now urgent. Make sure all your Kemp LoadMaster appliances are updated to the latest versions immediately, because you are being hacked. If you do not require the management API for daily operations, disable it or isolate it behind a secure VPN so it is reachable only from trusted internal networks.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/progress-kemp-loadmaster-vulnerability-actively-exploited-u-c-i-k-t/gD2P6Ple2L
Kemp LoadMaster RCE Vulnerability Exploited in the Wild After Public PoC Release
##eSentire, from yesterday: Progress Kemp LoadMaster Vulnerability Targeted (CVE-2026-8037) https://www.esentire.com/security-advisories/progress-kemp-loadmaster-vulnerability-targeted-cve-2026-8037 #infosec #vulnerability
##📢 CVE-2026-8037 : RCE pré-authentifiée dans Progress Kemp LoadMaster via heap non initialisé
📝 ## 🔍 Contexte
Le 29 juin 2026, watchTowr Labs publie une anal...
📖 cyberveille : https://cyberveille.ch/posts/2026-07-01-cve-2026-8037-rce-pre-authentifiee-dans-progress-kemp-loadmaster-via-heap-non-initialise/
🌐 source : https://labs.watchtowr.com/enterprise-tech-in-shell-out-progress-kemp-loadmaster-uninitialized-heap-to-pre-auth-rce-cve-2026-8037
#CVE_2026_8037 #IOC #Cyberveille
⚠️ CRITICAL: Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
Critical unauthenticated RCE in Progress Kemp LoadMaster (CVE-2026-8037) allows attackers to execute arbitrary root commands via API input sanitization bypass. A public proof-of-concept exists. All LoadMaster instances are at risk unless patched immediately.
##WatchTower posted this yesterday, if you missed it:
Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037) https://labs.watchtowr.com/enterprise-tech-in-shell-out-progress-kemp-loadmaster-uninitialized-heap-to-pre-auth-rce-cve-2026-8037/ #infosec #vulnerability #threatresearch
##Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037) - watchTowr Labs https://labs.watchtowr.com/enterprise-tech-in-shell-out-progress-kemp-loadmaster-uninitialized-heap-to-pre-auth-rce-cve-2026-8037/
##updated 2026-06-30T14:22:59.490000
1 posts
CVE-2026-7656 (HIGH, CVSS 8.1) in Zephyr OS: Incorrect IPv6 ND logic lets attackers inject forged router/neighbor messages, risking MITM, redirection, and DoS. Patch pending. Restrict untrusted access, monitor ND. https://radar.offseq.com/threat/cve-2026-7656-always-incorrect-control-flow-implem-8d38cfb126f4b968 #OffSeq #ZephyrOS #CVE20267656
##updated 2026-06-30T14:12:56.833000
1 posts
CVE-2026-8402: Eksagate SYSGUARD 6001 (2.0.2 – <6.1.16.0) has a CRITICAL SQL injection (CVSS 9.8). Unsupported by vendor — no fix expected. Isolate or replace affected systems. https://radar.offseq.com/threat/cve-2026-8402-cwe-89-improper-neutralization-of-sp-679f5e5e28b1e119 #OffSeq #CVE20268402 #SQLi #Infosec
##updated 2026-06-30T14:08:13.510000
1 posts
CVE-2026-9711: CRITICAL SQL Injection in EventON (Pro) WordPress plugin ≤5.0.11. Unauthenticated attackers can exploit 'search' param if "Enable additional search queries" is enabled. Disable this feature until patched. https://radar.offseq.com/threat/cve-2026-9711-cwe-89-improper-neutralization-of-sp-94cbcb459839c3f2 #OffSeq #WordPress #Vuln
##updated 2026-06-30T13:18:50.817000
1 posts
1 repos
Michael Catanzaro: Single-Click Code Execution Exploit for Evince, Atril, and Xreader
“CVE-2026-46529 is an argument injection vulnerability in Evince, Atril, and Xreader caused by missing shell quoting when composing a command line. The reporter, João Medeiros, has published a GitHub repo for the CVE and a blog post with the story of how he discovered the flaw and developed the exploit. (…)”
#RSSBridge via Planet GNOME
##updated 2026-06-30T13:03:11.437000
6 posts
1 repos
This is tracked as CVE-2026-48558.
Blackpoint, published yesterday: A Djinn in the Machine: TaskWeaver’s Node.js Intrusion Chain https://blackpointcyber.com/blog/a-djinn-in-the-machine-taskweavers-node-js-intrusion-chain/
More:
Infosecurity-Magazine: Critical SimpleHelp Vulnerability Exploited For Malware Delivery https://www.infosecurity-magazine.com/news/simplehelp-rmm-vulnerability/ #infosec #vulnerability #JavaScript #malware
##🚨 EXECUTIVE ALERT: CISA has added CVE-2026-48558 (SimpleHelp Bypass) to the KEV matrix. This is a critical governance emergency exposing entire client supply chains to hijacking. Protect your enterprise assets now. Full C-SUITE risk management directives are live: https://thecybermind.co/jily
##🚨 CRITICAL RMM ALERT: CISA has added CVE-2026-48558 (SimpleHelp Admin Bypass) to the KEV matrix. Attackers are forging tokens to hijack environments. Lock down your perimeter. Full T-SUITE forensic detection logs, n8n playbooks, and mitigation scripts are live: https://thecybermind.co/jily
##CVE-2026-48558, a SimpleHelp authentication bypass, is exploited in the wild to deploy TaskWeaver and Djinn Stealer. CISA added it to KEV. Patch now.
#SimpleHelp #CVE202648558 #InfoStealer #RMMSecurity #ExploitedInTheWild #CyberSecurity
##🚨 [CISA-2026:0629] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-48558 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48558)
- Name: SimpleHelp Authentication Bypass Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/security/simplehelp-security-update-2026-05 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-48558
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260629 #cisa20260629 #cve_2026_48558 #cve202648558
##CVE ID: CVE-2026-48558
Vendor: SimpleHelp
Product: SimpleHelp
Date Added: 2026-06-29
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-48558
updated 2026-06-30T09:31:41
1 posts
CVE-2026-56137 - OS Command Injection in RPG Maker MV/MZ. CVSS 7.8. Loading a malicious save file can execute arbitrary commands. No patch yet. Disable auto-load features. #CVE #infosec #gamedev
##updated 2026-06-30T09:31:41
1 posts
Delta DVP-12SE PLCs face a CRITICAL vulnerability (CVE-2026-12818, CVSS 9.3): unlimited resource allocation in Modbus TCP. No patch yet. Reduce exposure and monitor traffic to mitigate risk. https://radar.offseq.com/threat/cve-2026-12818-cwe-770-allocation-of-resources-wit-5f563298dd2e41a2 #OffSeq #ICS #PLC #Vuln
##updated 2026-06-30T09:31:36
2 posts
I love OT shit.
https://nvd.nist.gov/vuln/detail/CVE-2026-12819
##Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions.
CVE-2026-12819 (CRITICAL, CVSS 9.3) in deltaww DVP-12SE PLC: Modbus TCP service lacks authentication, allowing unauthenticated access to critical PLC functions. Segment networks & restrict access. https://radar.offseq.com/threat/cve-2026-12819-cwe-306-missing-authentication-for--8fd3769bc2b1bbcf #OffSeq #ICS #Vulnerability #PLCsecurity
##updated 2026-06-30T03:37:24
1 posts
CVE-2026-12114: Stored XSS in wpmart Team Members plugin <=8.7 (WordPress). MEDIUM severity. Admins on multi-site or with unfiltered_html disabled can inject scripts. Restrict trusted admin access, monitor for patches. https://radar.offseq.com/threat/cve-2026-12114-cwe-79-improper-neutralization-of-i-07f3bfb7aa84d417 #OffSeq #WordPress #XSS
##updated 2026-06-30T03:36:32
1 posts
6 repos
https://github.com/guiimoraes/CVE-2025-15467
https://github.com/materaj2/cve-2025-15467
https://github.com/mr-r3b00t/CVE-2025-15467
https://github.com/balgan/CVE-2025-15467
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2026-06-30T03:16:56.440000
1 posts
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2026-06-29T21:32:12
4 posts
CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF #devopsish https://aws.amazon.com/security/security-bulletins/2026-048-aws/
##CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF #devopsish https://aws.amazon.com/security/security-bulletins/2026-048-aws/
##CVE-2026-13762/CVE-2026-13763 are not vulnerabilities and shouldn't have been assigned CVEs, fight me
CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF
Bulletin ID: 2026-048-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/29/2026 11:15 PM PDT
Description:
AWS WAF is a web application firewall that monitors the HTTP(S) requests that are forwarded...
https://aws.amazon.com/security/security-bulletins/rss/2026-048-aws/
##updated 2026-06-29T21:32:12
4 posts
CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF #devopsish https://aws.amazon.com/security/security-bulletins/2026-048-aws/
##CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF #devopsish https://aws.amazon.com/security/security-bulletins/2026-048-aws/
##CVE-2026-13762/CVE-2026-13763 are not vulnerabilities and shouldn't have been assigned CVEs, fight me
CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF
Bulletin ID: 2026-048-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/29/2026 11:15 PM PDT
Description:
AWS WAF is a web application firewall that monitors the HTTP(S) requests that are forwarded...
https://aws.amazon.com/security/security-bulletins/rss/2026-048-aws/
##updated 2026-06-26T22:16:30.897000
1 posts
1 repos
TP-Link DHCP Option 66 Unauthenticated RCE (CVE-2026-11834) | mattg.systems https://mattg.systems/posts/cve-2026-11834/
##updated 2026-06-26T19:13:19
1 posts
Six Incus vulnerabilities, all rated CVSS 9.9, are fixed in v7.2.0. CVE-2026-48769 and CVE-2026-48755 enable root attacks. Update now.
#Incus #LinuxContainers #ContainerSecurity #CVE #Cybersecurity #Infosec
##updated 2026-06-26T19:03:32
1 posts
Six Incus vulnerabilities, all rated CVSS 9.9, are fixed in v7.2.0. CVE-2026-48769 and CVE-2026-48755 enable root attacks. Update now.
#Incus #LinuxContainers #ContainerSecurity #CVE #Cybersecurity #Infosec
##updated 2026-06-26T16:36:11
1 posts
Four Fluentd vulnerabilities are fixed in v1.19.3, including a 9.8 RCE (CVE-2026-44024) and SSRF (CVE-2026-44161). Patch now.
##updated 2026-06-26T16:16:36.820000
1 posts
Ten GeoVision camera vulnerabilities hit GV-LPC2011/2211 models, four rated CVSS 9.8 (CVE-2026-57878). Update to firmware V1.13 now.
#GeoVision #IoTSecurity #CVE #BufferOverflow #Cybersecurity #Infosec
##updated 2026-06-26T13:20:46.867000
1 posts
JetBrains patched a CVSS 10 authentication bypass and two more flaws (CVE-2026-50242). Its tools reach 15M developers. Update JetBrains Hub now.
#JetBrains #AuthenticationBypass #CVE202650242 #JetBrainsHub #GoLand
##updated 2026-06-26T05:16:27.173000
1 posts
Cacti vulnerabilities in 1.2.30 include pre-auth SQL injection and LFI, both CVSS 9.8 (CVE-2026-39955, CVE-2026-39938). Update to 1.2.31 now.
##updated 2026-06-26T05:16:26.907000
1 posts
1 repos
Cacti vulnerabilities in 1.2.30 include pre-auth SQL injection and LFI, both CVSS 9.8 (CVE-2026-39955, CVE-2026-39938). Update to 1.2.31 now.
##updated 2026-06-26T02:07:23.190000
1 posts
NLnet Labs patched critical NSD DNS vulnerabilities, including CVE-2026-12244. Update now to protect your multi-tenant secondary DNS deployments.
##updated 2026-06-25T21:31:23
4 posts
3 repos
Cisco confirma exploração ativa de vulnerabilidade nos sistemas Unified CM. A empresa confirmou que agentes maliciosos estão a explorar a vulnerabilidade CVE-2026-20230, que permite ataques de falsificação de pedidos do lado do servidor. 🚨
##New Cisco advisory relating to a June 3 critical vulnerability:
CVE-2026-20230: Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW @TalosSecurity #vulnerability #Cisco
##📈 CVE Published in last 30 days (2026-06-01 - 2026-07-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 855
- High: 3079
- Medium: 2559
- Low: 534
- None: 684
Status:
- : 344
- Analyzed: 2815
- Awaiting Analysis: 562
- Deferred: 3102
- Modified: 173
- Received: 551
- Rejected: 49
- Undergoing Analysis: 115
CISA KEVs:
- CISA-2026:0601 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0601)
- CISA-2026:0602 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0602)
- CISA-2026:0603 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0603)
- CISA-2026:0605 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0605)
- CISA-2026:0608 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0608)
- CISA-2026:0609 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0609)
- CISA-2026:0611 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0611)
- CISA-2026:0612 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0612)
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
Top CNAs:
- GitHub, Inc.: 1163
- Patchstack: 731
- VulnCheck: 612
- Chrome: 584
- kernel.org: 514
- VulDB: 468
- N/A: 344
- MITRE: 329
- Wordfence: 256
- Oracle: 242
Top Affected Products:
- UNKNOWN: 4698
- Google Chrome: 583
- Google Android: 118
- Microsoft Windows 11 26h1: 111
- Microsoft Windows Server 2025: 109
- Microsoft Windows 11 24h2: 105
- Microsoft Windows 11 25h2: 105
- Microsoft Windows Server 2022: 104
- Microsoft Windows 11 23h2: 99
- Microsoft Windows 10 22h2: 91
Top EPSS Score:
- CVE-2026-10520 - 98.94 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10520)
- CVE-2026-35273 - 92.33 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-35273)
- CVE-2026-20253 - 88.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20253)
- CVE-2026-48907 - 80.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48907)
- CVE-2026-50751 - 71.05 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50751)
- CVE-2026-49160 - 48.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-49160)
- CVE-2026-10523 - 47.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10523)
- CVE-2026-20230 - 41.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20230)
- CVE-2026-0826 - 26.47 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-0826)
- CVE-2026-25089 - 23.39 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25089)
📰 Attackers Actively Exploit Critical Cisco Unified CM Flaw to Deploy Webshells
⚠️ ACTIVE EXPLOITATION: A critical SSRF flaw in Cisco Unified CM (CVE-2026-20230) is being used to drop webshells. Attackers are scanning from Tor. Disable the WebDialer service or patch immediately! #Cisco #CyberAttack #Infosec #SSRF
🌐 cyber[.]netsecops[.]io
##updated 2026-06-25T20:18:11.603000
1 posts
A critical Poweradmin host header injection flaw (CVE-2026-54588) lets attackers hijack DNS admin accounts. Update to 4.2.4 or 4.3.3 now.
#Poweradmin #PowerDNS #CVE202654588 #AccountTakeover #CyberSecurity #DNS
##updated 2026-06-25T15:32:09
1 posts
Dell Patches Critical Remote Code Execution Flaws in Wyse Management Suite
Dell addressed two vulnerabilities in its Wyse Management Suite, including a critical remote code execution flaw (CVE-2026-41120) that allows unauthenticated attackers to take over management servers.
**Make sure all your Wyse Management Suite servers and the thin-client devices they manage are isolated from the internet and reachable only from trusted internal networks. Then update Dell Wyse Management Suite to version 5.5 HF1 ASAP.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/dell-patches-critical-remote-code-execution-flaws-in-wyse-management-suite-5-u-x-o-e/gD2P6Ple2L
updated 2026-06-24T17:25:29
1 posts
A critical OpenAM WebAuthn RCE flaw (CVE-2026-45051) allows code execution via Java deserialization. Update OpenAM to 16.1.1 to stay protected.
#OpenAM #WebAuthn #RCE #CVE202645051 #CyberSecurity #InfoSec
https://securityonline.info/openam-webauthn-rce/?utm_source=mastodon&utm_medium=jetpack_social
##updated 2026-06-24T15:31:50
1 posts
A ProFTPD ACL bypass (CVE-2026-35025, CVSS 8.6) lets logged-in FTP users reach files in restricted directories. No patch is out yet; use DefaultRoot.
#ProFTPD #CVE202635025 #ACLBypass #FTP #CyberSecurity
https://securityonline.info/proftpd-acl-bypass/?utm_source=mastodon&utm_medium=jetpack_social
##updated 2026-06-23T16:16:59.460000
1 posts
A NetComm authentication bypass (CVE-2026-35019, CVSS 9.2) uses a hardcoded AES key to forge admin session cookies. Update to firmware R6B032 now.
##updated 2026-06-19T21:16:42.893000
1 posts
The @varonis Threat Labs teams demonstrated that enterprise #AI assistants can be turned into a precision data exfiltration tool via a crafted link. #CVE-2026-42824 AKA #SearchLeak is a huge vulnerability chain in Microsoft 365 Copilot. HT HT @Kiteworks. https://cybersec.kiteworks.com/s/microsoft-365-copilot-searchleak-cve-2026-42824-when-your-ai-assistant-becomes-an-exfiltration-tool-28248
##updated 2026-06-18T18:35:18
1 posts
5 repos
https://github.com/pssec-io/CVE-2026-20253
https://github.com/HORKimhab/CVE-2026-20253
https://github.com/0xBlackash/CVE-2026-20253
https://github.com/fevar54/CVE-2026-20253-Splunk-Enterprise-Pre-Auth-RCE-
https://github.com/watchtowrlabs/watchTowr-vs-Splunk-CVE-2026-20253
📈 CVE Published in last 30 days (2026-06-01 - 2026-07-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 855
- High: 3079
- Medium: 2559
- Low: 534
- None: 684
Status:
- : 344
- Analyzed: 2815
- Awaiting Analysis: 562
- Deferred: 3102
- Modified: 173
- Received: 551
- Rejected: 49
- Undergoing Analysis: 115
CISA KEVs:
- CISA-2026:0601 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0601)
- CISA-2026:0602 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0602)
- CISA-2026:0603 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0603)
- CISA-2026:0605 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0605)
- CISA-2026:0608 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0608)
- CISA-2026:0609 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0609)
- CISA-2026:0611 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0611)
- CISA-2026:0612 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0612)
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
Top CNAs:
- GitHub, Inc.: 1163
- Patchstack: 731
- VulnCheck: 612
- Chrome: 584
- kernel.org: 514
- VulDB: 468
- N/A: 344
- MITRE: 329
- Wordfence: 256
- Oracle: 242
Top Affected Products:
- UNKNOWN: 4698
- Google Chrome: 583
- Google Android: 118
- Microsoft Windows 11 26h1: 111
- Microsoft Windows Server 2025: 109
- Microsoft Windows 11 24h2: 105
- Microsoft Windows 11 25h2: 105
- Microsoft Windows Server 2022: 104
- Microsoft Windows 11 23h2: 99
- Microsoft Windows 10 22h2: 91
Top EPSS Score:
- CVE-2026-10520 - 98.94 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10520)
- CVE-2026-35273 - 92.33 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-35273)
- CVE-2026-20253 - 88.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20253)
- CVE-2026-48907 - 80.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48907)
- CVE-2026-50751 - 71.05 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50751)
- CVE-2026-49160 - 48.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-49160)
- CVE-2026-10523 - 47.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10523)
- CVE-2026-20230 - 41.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20230)
- CVE-2026-0826 - 26.47 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-0826)
- CVE-2026-25089 - 23.39 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25089)
updated 2026-06-17T14:06:35.153000
1 posts
17 repos
https://github.com/grayxploit/CVE-2026-48907
https://github.com/sec0x/CVE-2026-48907
https://github.com/xitexploiter96-dot/CVE-2026-48907-
https://github.com/Almavj/Joomla_CVE_2026_48907
https://github.com/NoXiVaR/CVE-2026-48907
https://github.com/wearehackers160/CVE-2026-48907
https://github.com/K3ysTr0K3R/CVE-2026-48907
https://github.com/0xgh057r3c0n/CVE-2026-48907
https://github.com/g0thamRabb1t/joomla-jce-cve-2026-48907-detection
https://github.com/gh1mau/masta-cve-2026-48907
https://github.com/87achrafg-stack/CVE-2026-48907
https://github.com/pssec-io/CVE-2026-48907
https://github.com/webshellseo8/CVE-2026-48907-Unauthenticated-RCE-in-JCE
https://github.com/0xBlackash/CVE-2026-48907
https://github.com/HORKimhab/CVE-2026-48907
📈 CVE Published in last 30 days (2026-06-01 - 2026-07-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 855
- High: 3079
- Medium: 2559
- Low: 534
- None: 684
Status:
- : 344
- Analyzed: 2815
- Awaiting Analysis: 562
- Deferred: 3102
- Modified: 173
- Received: 551
- Rejected: 49
- Undergoing Analysis: 115
CISA KEVs:
- CISA-2026:0601 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0601)
- CISA-2026:0602 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0602)
- CISA-2026:0603 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0603)
- CISA-2026:0605 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0605)
- CISA-2026:0608 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0608)
- CISA-2026:0609 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0609)
- CISA-2026:0611 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0611)
- CISA-2026:0612 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0612)
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
Top CNAs:
- GitHub, Inc.: 1163
- Patchstack: 731
- VulnCheck: 612
- Chrome: 584
- kernel.org: 514
- VulDB: 468
- N/A: 344
- MITRE: 329
- Wordfence: 256
- Oracle: 242
Top Affected Products:
- UNKNOWN: 4698
- Google Chrome: 583
- Google Android: 118
- Microsoft Windows 11 26h1: 111
- Microsoft Windows Server 2025: 109
- Microsoft Windows 11 24h2: 105
- Microsoft Windows 11 25h2: 105
- Microsoft Windows Server 2022: 104
- Microsoft Windows 11 23h2: 99
- Microsoft Windows 10 22h2: 91
Top EPSS Score:
- CVE-2026-10520 - 98.94 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10520)
- CVE-2026-35273 - 92.33 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-35273)
- CVE-2026-20253 - 88.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20253)
- CVE-2026-48907 - 80.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48907)
- CVE-2026-50751 - 71.05 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50751)
- CVE-2026-49160 - 48.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-49160)
- CVE-2026-10523 - 47.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10523)
- CVE-2026-20230 - 41.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20230)
- CVE-2026-0826 - 26.47 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-0826)
- CVE-2026-25089 - 23.39 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25089)
updated 2026-06-17T11:00:38.113000
1 posts
2 repos
Longinus: 2 Boundaries in One Bug, Piercing Chrome’s Renderer and V8 Sandbox with a Single Vulnerability, CVE-2026-6307 https://lobste.rs/s/uaoe9y #security #web
https://nebusec.ai/research/v8-cve-2026-6307-writeup/
updated 2026-06-17T10:57:46.373000
2 posts
7 repos
https://github.com/fernstedt/CVE-2026-50751
https://github.com/hlkysipv/CVE-2026-50751-Check-Point-IKEv1-Authentication-Bypass
https://github.com/watchtowrlabs/watchTowr-vs-Check-Point-CVE-2026-50751
https://github.com/0xBlackash/CVE-2026-50751
https://github.com/WadesWeaponShed/CheckPoint-CVE-Webscanner
https://github.com/WadesWeaponShed/CVE-2026-50751-Mitigation-Scripts
https://github.com/fevar54/CVE-2026-50751---Check-Point-IKEv1-Authentication-Bypass-Exploit
Why patch directives only go so far https://cyberscoop.com/why-security-patching-is-not-enough-cve-2026-50751-op-ed/
##📈 CVE Published in last 30 days (2026-06-01 - 2026-07-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 855
- High: 3079
- Medium: 2559
- Low: 534
- None: 684
Status:
- : 344
- Analyzed: 2815
- Awaiting Analysis: 562
- Deferred: 3102
- Modified: 173
- Received: 551
- Rejected: 49
- Undergoing Analysis: 115
CISA KEVs:
- CISA-2026:0601 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0601)
- CISA-2026:0602 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0602)
- CISA-2026:0603 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0603)
- CISA-2026:0605 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0605)
- CISA-2026:0608 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0608)
- CISA-2026:0609 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0609)
- CISA-2026:0611 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0611)
- CISA-2026:0612 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0612)
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
Top CNAs:
- GitHub, Inc.: 1163
- Patchstack: 731
- VulnCheck: 612
- Chrome: 584
- kernel.org: 514
- VulDB: 468
- N/A: 344
- MITRE: 329
- Wordfence: 256
- Oracle: 242
Top Affected Products:
- UNKNOWN: 4698
- Google Chrome: 583
- Google Android: 118
- Microsoft Windows 11 26h1: 111
- Microsoft Windows Server 2025: 109
- Microsoft Windows 11 24h2: 105
- Microsoft Windows 11 25h2: 105
- Microsoft Windows Server 2022: 104
- Microsoft Windows 11 23h2: 99
- Microsoft Windows 10 22h2: 91
Top EPSS Score:
- CVE-2026-10520 - 98.94 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10520)
- CVE-2026-35273 - 92.33 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-35273)
- CVE-2026-20253 - 88.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20253)
- CVE-2026-48907 - 80.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48907)
- CVE-2026-50751 - 71.05 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50751)
- CVE-2026-49160 - 48.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-49160)
- CVE-2026-10523 - 47.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10523)
- CVE-2026-20230 - 41.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20230)
- CVE-2026-0826 - 26.47 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-0826)
- CVE-2026-25089 - 23.39 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25089)
updated 2026-06-17T10:53:23.777000
2 posts
Linux Flaw Exposes Unprivileged Users to Root Access
A newly discovered Linux flaw, CVE-2026-46242, allows ordinary users to gain root access to a machine, and even Android devices are vulnerable. This alarming vulnerability, known as Bad Epoll, can be exploited with ease, but thankfully, a working fix is now available.
#LinuxFlaw #Cve202646242 #Epoll #KernelVulnerability #RootAccess
##New “Bad Epoll” Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access…
#NewsBeep #News #US #USA #UnitedStates #UnitedStatesOfAmerica #Technology
https://www.newsbeep.com/us/742153/
updated 2026-06-17T10:40:19.560000
2 posts
4 repos
https://github.com/ekomsSavior/POC_cve_2026_35273
https://github.com/12hrformat/CVE-2026-35273-POC
📈 CVE Published in last 30 days (2026-06-01 - 2026-07-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 855
- High: 3079
- Medium: 2559
- Low: 534
- None: 684
Status:
- : 344
- Analyzed: 2815
- Awaiting Analysis: 562
- Deferred: 3102
- Modified: 173
- Received: 551
- Rejected: 49
- Undergoing Analysis: 115
CISA KEVs:
- CISA-2026:0601 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0601)
- CISA-2026:0602 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0602)
- CISA-2026:0603 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0603)
- CISA-2026:0605 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0605)
- CISA-2026:0608 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0608)
- CISA-2026:0609 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0609)
- CISA-2026:0611 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0611)
- CISA-2026:0612 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0612)
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
Top CNAs:
- GitHub, Inc.: 1163
- Patchstack: 731
- VulnCheck: 612
- Chrome: 584
- kernel.org: 514
- VulDB: 468
- N/A: 344
- MITRE: 329
- Wordfence: 256
- Oracle: 242
Top Affected Products:
- UNKNOWN: 4698
- Google Chrome: 583
- Google Android: 118
- Microsoft Windows 11 26h1: 111
- Microsoft Windows Server 2025: 109
- Microsoft Windows 11 24h2: 105
- Microsoft Windows 11 25h2: 105
- Microsoft Windows Server 2022: 104
- Microsoft Windows 11 23h2: 99
- Microsoft Windows 10 22h2: 91
Top EPSS Score:
- CVE-2026-10520 - 98.94 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10520)
- CVE-2026-35273 - 92.33 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-35273)
- CVE-2026-20253 - 88.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20253)
- CVE-2026-48907 - 80.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48907)
- CVE-2026-50751 - 71.05 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50751)
- CVE-2026-49160 - 48.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-49160)
- CVE-2026-10523 - 47.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10523)
- CVE-2026-20230 - 41.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20230)
- CVE-2026-0826 - 26.47 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-0826)
- CVE-2026-25089 - 23.39 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25089)
updated 2026-06-17T10:36:47.177000
1 posts
12 repos
https://github.com/oscar-mine/CVE-2026-33017-Exploit
https://github.com/rootdirective-sec/CVE-2026-33017-Lab
https://github.com/r3nsi15/CVE-2026-33017-langflow-rce
https://github.com/EQSTLab/CVE-2026-33017
https://github.com/omer-efe-curkus/CVE-2026-33017-Langflow-RCE-PoC
https://github.com/c0gnit00/CVE-2026-33017
https://github.com/MaxMnMl/langflow-CVE-2026-33017-poc
https://github.com/masterwok/PoC-CVE-2026-33017
https://github.com/z4yd3/PoC-CVE-2026-33017
https://github.com/Jorrit-VM/CVE-2026-33017
‼️ One POST to RCE: Unauthenticated Code Execution in Langflow (CVE-2026-33017)
##updated 2026-06-17T10:12:16.930000
1 posts
6 repos
https://github.com/gagaltotal/CVE-2026-10523-Ivanti-sentry
https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523
https://github.com/0xBlackash/CVE-2026-10520
https://github.com/emilliewatson96/spryCVE-2026-10520
📈 CVE Published in last 30 days (2026-06-01 - 2026-07-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 855
- High: 3079
- Medium: 2559
- Low: 534
- None: 684
Status:
- : 344
- Analyzed: 2815
- Awaiting Analysis: 562
- Deferred: 3102
- Modified: 173
- Received: 551
- Rejected: 49
- Undergoing Analysis: 115
CISA KEVs:
- CISA-2026:0601 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0601)
- CISA-2026:0602 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0602)
- CISA-2026:0603 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0603)
- CISA-2026:0605 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0605)
- CISA-2026:0608 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0608)
- CISA-2026:0609 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0609)
- CISA-2026:0611 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0611)
- CISA-2026:0612 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0612)
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
Top CNAs:
- GitHub, Inc.: 1163
- Patchstack: 731
- VulnCheck: 612
- Chrome: 584
- kernel.org: 514
- VulDB: 468
- N/A: 344
- MITRE: 329
- Wordfence: 256
- Oracle: 242
Top Affected Products:
- UNKNOWN: 4698
- Google Chrome: 583
- Google Android: 118
- Microsoft Windows 11 26h1: 111
- Microsoft Windows Server 2025: 109
- Microsoft Windows 11 24h2: 105
- Microsoft Windows 11 25h2: 105
- Microsoft Windows Server 2022: 104
- Microsoft Windows 11 23h2: 99
- Microsoft Windows 10 22h2: 91
Top EPSS Score:
- CVE-2026-10520 - 98.94 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10520)
- CVE-2026-35273 - 92.33 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-35273)
- CVE-2026-20253 - 88.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20253)
- CVE-2026-48907 - 80.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48907)
- CVE-2026-50751 - 71.05 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50751)
- CVE-2026-49160 - 48.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-49160)
- CVE-2026-10523 - 47.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10523)
- CVE-2026-20230 - 41.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20230)
- CVE-2026-0826 - 26.47 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-0826)
- CVE-2026-25089 - 23.39 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25089)
updated 2026-06-17T09:59:51.847000
1 posts
🚨 EUVD-2026-41623
📊 Score: 4.3/10 (CVSS v3.1)
📦 Product: Gitea Open Source Git Server
🏢 Vendor: Gitea
📅 Updated: 2026-07-03
📝 Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941.
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-41623
##updated 2026-06-17T09:48:43.670000
3 posts
25 repos
https://github.com/Anshika2709/Citrixbleed2-CVE-2025-5777
https://github.com/rootxsushant/Citrix-NetScaler-Memory-Leak-CVE-2025-5777
https://github.com/bughuntar/CVE-2025-5777
https://github.com/FrenzisRed/CVE-2025-5777
https://github.com/mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC-
https://github.com/sentinel-aidefense/CVE-2025-5777
https://github.com/rob0tstxt/POC-CVE-2025-5777
https://github.com/SleepNotF0und/CVE-2025-5777
https://github.com/RaR1991/citrix_bleed_2
https://github.com/fox-it/citrix-netscaler-triage
https://github.com/orange0Mint/CitrixBleed-2-CVE-2025-5777
https://github.com/RickGeex/CVE-2025-5777-CitrixBleed
https://github.com/mr-r3b00t/CVE-2025-5777
https://github.com/soltanali0/CVE-2025-5777-Exploit
https://github.com/win3zz/CVE-2025-5777
https://github.com/Chocapikk/CVE-2025-5777
https://github.com/0xBlackash/CVE-2025-5777
https://github.com/0xgh057r3c0n/CVE-2025-5777
https://github.com/ndr-repo/CVE-2025-5777
https://github.com/rashedhasan090/CVE-2025-5777
https://github.com/Shivshantp/CVE-2025-5777-TrendMicro-ApexCentral-RCE
https://github.com/nocerainfosec/cve-2025-5777
https://github.com/cyberleelawat/ExploitVeer
🔵 THREAT INTELLIGENCE
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Vulnerability | CRITICAL
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to...
Full analysis:
https://www.yazoul.net/news/article/ransomware-groups-turn-to-citrix-bleed-2-byovd-and-supply-chain-credentials
OpenAI voluntarily limited new AI models at government request on July 2. Cybersecurity threats remain high with critical Citrix Bleed 2 (CVE-2025-5777) and Microsoft SharePoint RCE (CVE-2026-45659) vulnerabilities being actively exploited, as reported on July 2-3. Google, in collaboration with the FBI, disrupted NetNut, a major residential proxy network spanning 2 million devices. Geopolitically, Iran issued warnings to ships regarding unapproved routes in the Strait of Hormuz on July 3.
##OpenAI voluntarily limited new AI models at government request on July 2. Cybersecurity threats remain high with critical Citrix Bleed 2 (CVE-2025-5777) and Microsoft SharePoint RCE (CVE-2026-45659) vulnerabilities being actively exploited, as reported on July 2-3. Google, in collaboration with the FBI, disrupted NetNut, a major residential proxy network spanning 2 million devices. Geopolitically, Iran issued warnings to ships regarding unapproved routes in the Strait of Hormuz on July 3.
##updated 2026-06-17T09:33:46.027000
1 posts
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2026-06-17T08:12:08.977000
1 posts
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2026-06-17T07:04:15.300000
1 posts
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2026-06-17T04:39:44.167000
1 posts
1 repos
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2026-06-17T04:34:46.890000
1 posts
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2026-06-17T04:32:34.510000
1 posts
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2026-06-17T03:09:43.880000
1 posts
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2026-06-16T21:31:57
2 posts
1 repos
It has now been two whole weeks since #microsoft assigned CVE-2026-50656 to the Defender exploit #RoguePlanet and there are still no patches to be had for this SYSTEM privilege escalation, but none of this is stopping Defender for Endpoint screaming at me about it.
There needs to be a button for "remind me about this when Microsoft bothers to release a fix for this" rather than fixed time periods that start from 30 days
##Here's a summary of the latest geopolitical, technology, and cybersecurity news from the last 24 hours:
Geopolitical: US and Iran halted Strait of Hormuz clashes for talks (June 29). Israel conducted airstrikes in South Lebanon despite a peace accord (June 29).
Tech/Cyber: OpenAI restricted its GPT-5.6 Sol AI model; Anthropic's Mythos 5 gained limited US approval amid cybersecurity vetting (June 29). A Millenium RAT variant infected over 62,000 devices, and a Microsoft Defender zero-day (CVE-2026-50656) is actively exploited (June 29). EPA launched a national cyber drill for water utilities (June 29).
##updated 2026-06-12T06:33:21
2 posts
2 repos
https://github.com/citruscitruscitruscitruscitrusci/CVE-2026-48611-poc
Critical phpBB Authentication Bypass Allows Instant Account Takeover
phpBB version 3.3.17 patches a critical authentication bypass (CVE-2026-48611) that allows unauthenticated attackers to take over any account, including administrators, by manipulating the auth_provider parameter.
**If you run a phpBB forum (versions 3.1.0 through 3.3.16, or 4.0.0-a2), this is important and urgent. Update to version 3.3.17 immediately. If you can't patch right away, delete the apache.php and ldap.php files from the phpbb/auth/provider/ directory, and check your server logs for suspicious auth_provider=apache and mode=login_link requests. If found, reset all user sessions and assume those accounts are compromised.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-phpbb-authentication-bypass-allows-instant-account-takeover-b-z-9-a-7/gD2P6Ple2L
Critical phpBB Authentication Bypass Allows Instant Account Takeover
phpBB version 3.3.17 patches a critical authentication bypass (CVE-2026-48611) that allows unauthenticated attackers to take over any account, including administrators, by manipulating the auth_provider parameter.
**If you run a phpBB forum (versions 3.1.0 through 3.3.16, or 4.0.0-a2), this is important and urgent. Update to version 3.3.17 immediately. If you can't patch right away, delete the apache.php and ldap.php files from the phpbb/auth/provider/ directory, and check your server logs for suspicious auth_provider=apache and mode=login_link requests. If found, reset all user sessions and assume those accounts are compromised.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-phpbb-authentication-bypass-allows-instant-account-takeover-b-z-9-a-7/gD2P6Ple2L
updated 2026-06-10T21:32:27
1 posts
1 repos
Unprivileged root via a use-after-free in DRM GEM change_handle (CVE-2026-46215) https://lobste.rs/s/hh5yyq #linux #security
https://cyberstan.co.uk/drm-lpe-linux/
updated 2026-06-10T18:32:45
2 posts
#GnuPG 2.5.21-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
Note that the FreePG project considers the 2.5.x branch to be experimental, and does not enable non-standard OpenPGP algorithms unless “--compliance=gnupg” is explicitly set.
Release notes
=============
Noteworthy changes in version 2.5.21-freepg (2026-07-03)
--------------------------------------------------------
* No FreePG-specific changes.
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.5.21-freepg
Upstream's release notes follow.
----
Noteworthy changes in version 2.5.21 (2026-07-02)
-------------------------------------------------
* New and extended features:
- gpg, gpgsm: Use partial file on decryption, remove on failure.
Disable with "--compatibility-flags=no-partial-file-guard".
[T7873]
- gpg: Use the INT_RCP_FPR subpacket in revocation signatures.
[T8252]
- Create a pkgversioninfo.txt file when building using the speedo
build system.
* Bug fixes:
- gpg: Fix potential use-after-free in batch key generation when
handling the keyserver URL option. [T8277]
- gpgsm: Fix regression in gpgsm_verify with expired certificates.
[T8188]
- gpgsm: Require a minimum tag length for GCM decryption.
[rG4c7e68cf3d, CVE-2026-34182]
- scd: Limit the size of returned APDU objects from faulty cards.
[T8281]
- scd: Fix condition to retrieve ATR. [rGca25a7a61b]
- scd:openpgp: Fix regression in CHV1 retry counter byte index.
[rG245330ebea]
- agent: Make batch import of Kyber keys work. [T8029]
- dirmngr: Add a validation check in get_dns_cert_standard.
[T8303]
- gpgconf: Raise an error on certain parse errors. [T8261]
- Fix use of usleep in file remove function on Windows. Regression
since 2.5.13. [rGab9ce5f5e7]
Release-info: https://dev.gnupg.org/T8262
###GnuPG 2.5.21-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
Note that the FreePG project considers the 2.5.x branch to be experimental, and does not enable non-standard OpenPGP algorithms unless “--compliance=gnupg” is explicitly set.
Release notes
=============
Noteworthy changes in version 2.5.21-freepg (2026-07-03)
--------------------------------------------------------
* No FreePG-specific changes.
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.5.21-freepg
Upstream's release notes follow.
----
Noteworthy changes in version 2.5.21 (2026-07-02)
-------------------------------------------------
* New and extended features:
- gpg, gpgsm: Use partial file on decryption, remove on failure.
Disable with "--compatibility-flags=no-partial-file-guard".
[T7873]
- gpg: Use the INT_RCP_FPR subpacket in revocation signatures.
[T8252]
- Create a pkgversioninfo.txt file when building using the speedo
build system.
* Bug fixes:
- gpg: Fix potential use-after-free in batch key generation when
handling the keyserver URL option. [T8277]
- gpgsm: Fix regression in gpgsm_verify with expired certificates.
[T8188]
- gpgsm: Require a minimum tag length for GCM decryption.
[rG4c7e68cf3d, CVE-2026-34182]
- scd: Limit the size of returned APDU objects from faulty cards.
[T8281]
- scd: Fix condition to retrieve ATR. [rGca25a7a61b]
- scd:openpgp: Fix regression in CHV1 retry counter byte index.
[rG245330ebea]
- agent: Make batch import of Kyber keys work. [T8029]
- dirmngr: Add a validation check in get_dns_cert_standard.
[T8303]
- gpgconf: Raise an error on certain parse errors. [T8261]
- Fix use of usleep in file remove function on Windows. Regression
since 2.5.13. [rGab9ce5f5e7]
Release-info: https://dev.gnupg.org/T8262
##updated 2026-06-09T18:31:11
1 posts
1 repos
https://github.com/dhmosfunk/CVE-2026-49160-CVE-2026-47291-HTTP.sys
📈 CVE Published in last 30 days (2026-06-01 - 2026-07-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 855
- High: 3079
- Medium: 2559
- Low: 534
- None: 684
Status:
- : 344
- Analyzed: 2815
- Awaiting Analysis: 562
- Deferred: 3102
- Modified: 173
- Received: 551
- Rejected: 49
- Undergoing Analysis: 115
CISA KEVs:
- CISA-2026:0601 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0601)
- CISA-2026:0602 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0602)
- CISA-2026:0603 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0603)
- CISA-2026:0605 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0605)
- CISA-2026:0608 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0608)
- CISA-2026:0609 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0609)
- CISA-2026:0611 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0611)
- CISA-2026:0612 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0612)
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
Top CNAs:
- GitHub, Inc.: 1163
- Patchstack: 731
- VulnCheck: 612
- Chrome: 584
- kernel.org: 514
- VulDB: 468
- N/A: 344
- MITRE: 329
- Wordfence: 256
- Oracle: 242
Top Affected Products:
- UNKNOWN: 4698
- Google Chrome: 583
- Google Android: 118
- Microsoft Windows 11 26h1: 111
- Microsoft Windows Server 2025: 109
- Microsoft Windows 11 24h2: 105
- Microsoft Windows 11 25h2: 105
- Microsoft Windows Server 2022: 104
- Microsoft Windows 11 23h2: 99
- Microsoft Windows 10 22h2: 91
Top EPSS Score:
- CVE-2026-10520 - 98.94 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10520)
- CVE-2026-35273 - 92.33 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-35273)
- CVE-2026-20253 - 88.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20253)
- CVE-2026-48907 - 80.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48907)
- CVE-2026-50751 - 71.05 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50751)
- CVE-2026-49160 - 48.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-49160)
- CVE-2026-10523 - 47.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10523)
- CVE-2026-20230 - 41.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20230)
- CVE-2026-0826 - 26.47 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-0826)
- CVE-2026-25089 - 23.39 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25089)
updated 2026-06-09T18:30:58
1 posts
1 repos
HawkTrace publicly disclosed Microsoft Exchange vulnerability CVE-2026-45504 with PoC exploit code. The SSRF flaw reads arbitrary files. Patch now.
#MicrosoftExchange #CVE202645504 #SSRF #Cybersecurity #PoC #Infosec
updated 2026-06-09T18:30:47
1 posts
2 repos
📈 CVE Published in last 30 days (2026-06-01 - 2026-07-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 855
- High: 3079
- Medium: 2559
- Low: 534
- None: 684
Status:
- : 344
- Analyzed: 2815
- Awaiting Analysis: 562
- Deferred: 3102
- Modified: 173
- Received: 551
- Rejected: 49
- Undergoing Analysis: 115
CISA KEVs:
- CISA-2026:0601 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0601)
- CISA-2026:0602 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0602)
- CISA-2026:0603 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0603)
- CISA-2026:0605 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0605)
- CISA-2026:0608 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0608)
- CISA-2026:0609 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0609)
- CISA-2026:0611 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0611)
- CISA-2026:0612 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0612)
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
Top CNAs:
- GitHub, Inc.: 1163
- Patchstack: 731
- VulnCheck: 612
- Chrome: 584
- kernel.org: 514
- VulDB: 468
- N/A: 344
- MITRE: 329
- Wordfence: 256
- Oracle: 242
Top Affected Products:
- UNKNOWN: 4698
- Google Chrome: 583
- Google Android: 118
- Microsoft Windows 11 26h1: 111
- Microsoft Windows Server 2025: 109
- Microsoft Windows 11 24h2: 105
- Microsoft Windows 11 25h2: 105
- Microsoft Windows Server 2022: 104
- Microsoft Windows 11 23h2: 99
- Microsoft Windows 10 22h2: 91
Top EPSS Score:
- CVE-2026-10520 - 98.94 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10520)
- CVE-2026-35273 - 92.33 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-35273)
- CVE-2026-20253 - 88.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20253)
- CVE-2026-48907 - 80.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48907)
- CVE-2026-50751 - 71.05 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50751)
- CVE-2026-49160 - 48.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-49160)
- CVE-2026-10523 - 47.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10523)
- CVE-2026-20230 - 41.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20230)
- CVE-2026-0826 - 26.47 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-0826)
- CVE-2026-25089 - 23.39 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25089)
updated 2026-06-09T18:30:39
1 posts
3 repos
https://github.com/gagaltotal/CVE-2026-10523-Ivanti-sentry
https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523
📈 CVE Published in last 30 days (2026-06-01 - 2026-07-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 855
- High: 3079
- Medium: 2559
- Low: 534
- None: 684
Status:
- : 344
- Analyzed: 2815
- Awaiting Analysis: 562
- Deferred: 3102
- Modified: 173
- Received: 551
- Rejected: 49
- Undergoing Analysis: 115
CISA KEVs:
- CISA-2026:0601 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0601)
- CISA-2026:0602 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0602)
- CISA-2026:0603 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0603)
- CISA-2026:0605 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0605)
- CISA-2026:0608 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0608)
- CISA-2026:0609 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0609)
- CISA-2026:0611 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0611)
- CISA-2026:0612 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0612)
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
Top CNAs:
- GitHub, Inc.: 1163
- Patchstack: 731
- VulnCheck: 612
- Chrome: 584
- kernel.org: 514
- VulDB: 468
- N/A: 344
- MITRE: 329
- Wordfence: 256
- Oracle: 242
Top Affected Products:
- UNKNOWN: 4698
- Google Chrome: 583
- Google Android: 118
- Microsoft Windows 11 26h1: 111
- Microsoft Windows Server 2025: 109
- Microsoft Windows 11 24h2: 105
- Microsoft Windows 11 25h2: 105
- Microsoft Windows Server 2022: 104
- Microsoft Windows 11 23h2: 99
- Microsoft Windows 10 22h2: 91
Top EPSS Score:
- CVE-2026-10520 - 98.94 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10520)
- CVE-2026-35273 - 92.33 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-35273)
- CVE-2026-20253 - 88.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20253)
- CVE-2026-48907 - 80.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48907)
- CVE-2026-50751 - 71.05 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50751)
- CVE-2026-49160 - 48.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-49160)
- CVE-2026-10523 - 47.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10523)
- CVE-2026-20230 - 41.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20230)
- CVE-2026-0826 - 26.47 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-0826)
- CVE-2026-25089 - 23.39 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25089)
updated 2026-06-01T18:32:31
1 posts
1 repos
Unprivileged root via an out-of-bounds write in the FUSE readdir cache (CVE-2026-31694) https://lobste.rs/s/0kc445 #linux #security
https://cyberstan.co.uk/fuse-readdir-oob/
updated 2026-06-01T15:30:49
1 posts
📈 CVE Published in last 30 days (2026-06-01 - 2026-07-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 855
- High: 3079
- Medium: 2559
- Low: 534
- None: 684
Status:
- : 344
- Analyzed: 2815
- Awaiting Analysis: 562
- Deferred: 3102
- Modified: 173
- Received: 551
- Rejected: 49
- Undergoing Analysis: 115
CISA KEVs:
- CISA-2026:0601 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0601)
- CISA-2026:0602 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0602)
- CISA-2026:0603 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0603)
- CISA-2026:0605 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0605)
- CISA-2026:0608 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0608)
- CISA-2026:0609 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0609)
- CISA-2026:0611 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0611)
- CISA-2026:0612 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0612)
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
Top CNAs:
- GitHub, Inc.: 1163
- Patchstack: 731
- VulnCheck: 612
- Chrome: 584
- kernel.org: 514
- VulDB: 468
- N/A: 344
- MITRE: 329
- Wordfence: 256
- Oracle: 242
Top Affected Products:
- UNKNOWN: 4698
- Google Chrome: 583
- Google Android: 118
- Microsoft Windows 11 26h1: 111
- Microsoft Windows Server 2025: 109
- Microsoft Windows 11 24h2: 105
- Microsoft Windows 11 25h2: 105
- Microsoft Windows Server 2022: 104
- Microsoft Windows 11 23h2: 99
- Microsoft Windows 10 22h2: 91
Top EPSS Score:
- CVE-2026-10520 - 98.94 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10520)
- CVE-2026-35273 - 92.33 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-35273)
- CVE-2026-20253 - 88.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20253)
- CVE-2026-48907 - 80.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48907)
- CVE-2026-50751 - 71.05 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50751)
- CVE-2026-49160 - 48.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-49160)
- CVE-2026-10523 - 47.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10523)
- CVE-2026-20230 - 41.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20230)
- CVE-2026-0826 - 26.47 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-0826)
- CVE-2026-25089 - 23.39 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25089)
updated 2026-05-29T18:31:20
4 posts
2 repos
Oracle E-Business Suite under attack via critical flaw before exploit code emerged
https://1ban.news/oracle-ebs-attack-cve-2026-46817/
#1ban #oracle #ebs #attack #cve #tech
CRITICAL CVE-2026-46817 in Oracle E-Business Suite: Over 900 exposed instances face active exploit attempts via HTTP. Attackers can fully compromise systems. Apply May 2026 patch ASAP. Details: https://radar.offseq.com/threat/over-900-oracle-e-business-instances-exposed-to-on-032c4945a3a53de9 #OffSeq #Oracle #Vuln #ThreatIntel
##Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments.
#CVE_2026_46817
https://securityaffairs.com/194463/security/attackers-actively-exploit-the-oracle-e-business-suite-flaw-cve-2026-46817.html
Attackers Exploit Critical Takeover Flaw in Oracle E-Business Suite
Researchers report actively exploit of a critical vulnerability (CVE-2026-46817) in Oracle E-Business Suite's financial module.
**If you run Oracle E-Business Suite (versions 12.2.3 through 12.2.15), make sure your EBS instances are isolated from the public internet and reachable only from trusted networks via a VPN or secure gateway. Then apply the May 2026 Critical Security Patch Update ASAP.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/attackers-exploit-critical-takeover-flaw-in-oracle-e-business-suite-v-f-z-k-l/gD2P6Ple2L
updated 2026-05-14T15:31:59
1 posts
Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- **AI coding tools & workflows**: Claude Code, GitHub Copilot pricing changes, AI agent frameworks (LangGraph, CrewAI, OpenAI Agents SDK), LLM-driven development risks, AI-generated code bans (Godot Engine, Alibaba).
- **PostgreSQL updates**: PostgreSQL 19 beta (`WAIT FOR LSN`), TimescaleDB 2.28.1, pg_lake extension for Iceberg, CVE-2026-6637 [1/3]
updated 2026-04-23T00:31:18
3 posts
5 repos
https://github.com/0xBlackash/CVE-2026-33825
https://github.com/kaleth4/CVE-2026-33825
https://github.com/Letlaka/redsun-bluehammer-undefend-detection-pack
📢 CVE-2026-33825 (BlueHammer) dans Microsoft Defender exploitée dans des attaques ransomware
📝 📰 **Source** : SecurityWeek — **Date de publication** : 30 juin 2026
La **CISA** (agence américaine de cyb...
📖 cyberveille : https://cyberveille.ch/posts/2026-07-03-cve-2026-33825-bluehammer-dans-microsoft-defender-exploitee-dans-des-attaques-ransomware/
🌐 source : https://www.securityweek.com/bluehammer-vulnerability-exploited-in-ransomware-attacks/
#BlueHammer #CISA #Cyberveille
⚠️ CRITICAL: BlueHammer Vulnerability Exploited in Ransomware Attacks
CVE-2026-33825 (BlueHammer) in Microsoft Defender is being actively exploited in ransomware campaigns in the wild. This zero-day was publicly disclosed before patches became available on April 14, and CISA has confirmed active abuse. All Windows environments running vulnerable Defender versions are…
##CVE-2026-33825 - Changed to Known Ransomware Status
Microsoft Defender Insufficient Granularity of Access Control VulnerabilityVendor: MicrosoftProduct: DefenderMicrosoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.Status changed from Unknown to Known for ransomware campaign usage.Flip detected on: June 29, 2026 at 20:00:35 UTCDate Added https://nvd.nist.gov/vuln/detail/CVE-2026-33825
##updated 2026-03-02T15:26:57
1 posts
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2026-02-10T01:17:51
1 posts
2 repos
‼️ CVE-2026-24418: OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk operations handler for the Scadenzario (Payment Schedule) module.
##updated 2026-02-06T18:31:38
1 posts
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2025-11-27T08:40:01
1 posts
2 repos
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2025-10-22T00:33:52
1 posts
Incident breakdown: CVE-2023-26360, CVE-2023-29298, and CVE-2023-29300 in Adobe ColdFusion led to webshell deployment and DisableDefender.ps1 execution. Attackers dumped credentials via Mimikatz driver after silencing...
##updated 2025-10-22T00:33:51
1 posts
1 repos
Incident breakdown: CVE-2023-26360, CVE-2023-29298, and CVE-2023-29300 in Adobe ColdFusion led to webshell deployment and DisableDefender.ps1 execution. Attackers dumped credentials via Mimikatz driver after silencing...
##updated 2025-10-22T00:33:50
1 posts
6 repos
https://github.com/joaoaugustom/Adobe_ColdFusion_RCE_Unauthenticated
https://github.com/H3rm1tR3b0rn/CVE-2023-26360-RCE
https://github.com/CuriousLearnerDev/ColdFusion_EXp
https://github.com/RyanRodrigues880/CVE-2023-26360
https://github.com/jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit
Incident breakdown: CVE-2023-26360, CVE-2023-29298, and CVE-2023-29300 in Adobe ColdFusion led to webshell deployment and DisableDefender.ps1 execution. Attackers dumped credentials via Mimikatz driver after silencing...
##updated 2025-06-09T18:32:01
1 posts
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2025-03-14T20:26:23
1 posts
12 repos
https://github.com/punitdarji/Grafana-CVE-2024-9264
https://github.com/ruizii/CVE-2024-9264
https://github.com/nollium/CVE-2024-9264
https://github.com/z3k0sec/File-Read-CVE-2024-9264
https://github.com/rvzsec/CVE-2024-9264
https://github.com/yeonchoda/CVE-2024-9264
https://github.com/z3k0sec/CVE-2024-9264-RCE-Exploit
https://github.com/Royall-Researchers/CVE-2024-9264
https://github.com/amalpvatayam67/day05-grafana-sqlexpr-lab
https://github.com/patrickpichler/grafana-CVE-2024-9264
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2025-02-13T19:00:47
1 posts
1 repos
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2025-01-30T18:32:09
1 posts
2 repos
Beware of the license manager: how a Schneider Electric software vulnerability puts industrial facilities at risk
Analysis of CVE-2024-2658 as found in Schneider Electric's Floating License Manager. Discover how this FlexNet Publisher vulnerability potentially...
🔗️ [Securelist] https://link.is.it/DVUIfS
##updated 2024-11-18T16:26:42
1 posts
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2024-02-01T00:16:02
1 posts
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2023-10-02T12:01:52
1 posts
1 repos
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##updated 2023-02-01T05:04:28
1 posts
@bascule libssh2 was the most concerning dependency needed to add cargo to Ubuntu main (lp#1991650).
In 2018 @chrisccoulson reported CVE-2019-3855 through -3863. CVE-2019-3855 is the same bug as today's: a server-controlled packet_length with no upper bound, overflowing the transport read. 1.8.1 added a bounds check. CVE-2026-55200 is the same check missing 7 years later, on the chacha20-poly1305 path. That path is post-KEX, so at least host-key verification gates it (unlike 3855).
##updated 2023-01-27T05:02:23
1 posts
#OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##🟠 CVE-2026-10055 - High (8.5)
In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10055/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Server-Side Request Forgery (SSRF) in Eclipse Theia 1.26.0 (CVE-2026-10055, HIGH, CVSS 8.5). Attackers with access to the service connection can target internal resources. Restrict access now. https://radar.offseq.com/threat/cve-2026-10055-cwe-918-server-side-request-forgery-66116bce3c83a4f6 #OffSeq #SSRF #EclipseTheia #Cybersecurity
##🟠 CVE-2026-10055 - High (8.5)
In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10055/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Server-Side Request Forgery (SSRF) in Eclipse Theia 1.26.0 (CVE-2026-10055, HIGH, CVSS 8.5). Attackers with access to the service connection can target internal resources. Restrict access now. https://radar.offseq.com/threat/cve-2026-10055-cwe-918-server-side-request-forgery-66116bce3c83a4f6 #OffSeq #SSRF #EclipseTheia #Cybersecurity
##DuneSlide (CVE-2026-50548/50549): CRITICAL zero-click RCE in Cursor AI editor <3.0. Flaws in sandbox & symlink handling enable attackers to escape IDE, compromise OS. Upgrade to v3.0+ now. https://radar.offseq.com/threat/critical-cursor-ai-code-editor-flaws-could-lead-to-2cf2d4969fcd376b #OffSeq #Infosec #Vuln #RCE
##DuneSlide: Zero-Click RCE Vulnerabilities Discovered in Cursor IDE
Cato AI Labs identified two critical vulnerabilities (CVE-2026-50548 and CVE-2026-50549) in Cursor IDE that allow attackers to achieve remote code execution via zero-click prompt injection. The flaws enable sandbox escapes by overwriting system binaries through manipulated working directories and symlink resolution errors.
**If you use Cursor IDE, update ASAP to version 3.0 or later, because these flaws will be attacked very soon. Be cautious about letting the AI agent pull in content from untrusted external sources (like websites or files), since a malicious prompt hidden there is enough to trigger the attack with no other action from you.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/duneslide-zero-click-rce-vulnerabilities-discovered-in-cursor-ide-5-n-j-t-d/gD2P6Ple2L
DuneSlide: Zero-Click RCE Vulnerabilities Discovered in Cursor IDE
Cato AI Labs identified two critical vulnerabilities (CVE-2026-50548 and CVE-2026-50549) in Cursor IDE that allow attackers to achieve remote code execution via zero-click prompt injection. The flaws enable sandbox escapes by overwriting system binaries through manipulated working directories and symlink resolution errors.
**If you use Cursor IDE, update ASAP to version 3.0 or later, because these flaws will be attacked very soon. Be cautious about letting the AI agent pull in content from untrusted external sources (like websites or files), since a malicious prompt hidden there is enough to trigger the attack with no other action from you.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/duneslide-zero-click-rce-vulnerabilities-discovered-in-cursor-ide-5-n-j-t-d/gD2P6Ple2L
Privilege escalation to root in Lima QEMU guests via a world-writable agent socket (CVE-2026-53657) https://syntetisk.tech/blog/posts/privilege-escalation-to-root-in-lima-qemu-guests-via-a-world-writable-agent-socket-cve-2026-53657/
##Privilege escalation to root in Lima QEMU guests via a world-writable agent socket (CVE-2026-53657) https://syntetisk.tech/blog/posts/privilege-escalation-to-root-in-lima-qemu-guests-via-a-world-writable-agent-socket-cve-2026-53657/
##New Gitea vulnerability found by me, tracked as CVE-2026-58418, just published: https://github.com/go-gitea/gitea/security/advisories/GHSA-rqhx-647v-wx32
##Four Fluentd vulnerabilities are fixed in v1.19.3, including a 9.8 RCE (CVE-2026-44024) and SSRF (CVE-2026-44161). Patch now.
##A critical Plone RCE vulnerability (CVE-2026-57149, CVSS 9.9) allows TALES injection via the Classic portlet. Two more flaws enable DoS and SSRF.
#Plone #RCE #CyberSecurity #CMS #PatchNow
https://securityonline.info/plone-rce-vulnerability/?utm_source=mastodon&utm_medium=jetpack_social
###OT #Advisory VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01
Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
#CVE CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406
https://certvde.com/en/advisories/vde-2026-049/
#CSAF https://balluff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-049.json
##WSO2 patched seven flaws across API Manager and gateways, led by a CVSS 10 JWT auth bypass (CVE-2026-5430). Update WSO2 API Manager now.
##Synology MailPlus Server has three new flaws, including CVE-2026-13136 at CVSS 10. Update to 4.0.1-31663 now. No exploit confirmed.
#Synology #MailPlusServer #CVE202613136 #NAS #Cybersecurity #Infosec
##Zephyr HTTP server (4.0.0 – 4.4.x) is affected by CVE-2026-8023 (HIGH): improper path handling enables unauthenticated remote file access via path traversal (../). Patch status unclear — check advisories & restrict exposure. https://radar.offseq.com/threat/cve-2026-8023-improper-limitation-of-a-pathname-to-c30c7b8fffb254ad #OffSeq #Zephyr #Infosec #PathTraversal
##