FediSecfeeds

https://aws.amazon.com/security/security-bulletins/rss/2026-048-aws/

##

nyanbinary@infosec.exchange at 2026-06-29T20:39:54.000Z ##

~~CVE-2026-13762/CVE-2026-13763 are not vulnerabilities and shouldn't have been assigned CVEs, fight me~~

##

awssecurityfeed@infosec.exchange at 2026-06-29T20:15:01.000Z ##

CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF

Bulletin ID: 2026-048-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/29/2026 11:15 PM PDT
Description:
AWS WAF is a web application firewall that monitors the HTTP(S) requests that are forwarded...

https://aws.amazon.com/security/security-bulletins/rss/2026-048-aws/

##

CVE-2026-13762
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-06-29T21:16:43.183000

4 posts

Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue was remediated server-side. No customer action is required.

nyanbinary at 2026-06-29T20:39:54.925Z ##

~~CVE-2026-13762/CVE-2026-13763 are not vulnerabilities and shouldn't have been assigned CVEs, fight me~~

##

awssecurityfeed at 2026-06-29T20:15:01.433Z ##

CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF

Bulletin ID: 2026-048-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/29/2026 11:15 PM PDT
Description:
AWS WAF is a web application firewall that monitors the HTTP(S) requests that are forwarded...

https://aws.amazon.com/security/security-bulletins/rss/2026-048-aws/

##

nyanbinary@infosec.exchange at 2026-06-29T20:39:54.000Z ##

~~CVE-2026-13762/CVE-2026-13763 are not vulnerabilities and shouldn't have been assigned CVEs, fight me~~

##

awssecurityfeed@infosec.exchange at 2026-06-29T20:15:01.000Z ##

CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF

Bulletin ID: 2026-048-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/29/2026 11:15 PM PDT
Description:
AWS WAF is a web application firewall that monitors the HTTP(S) requests that are forwarded...

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260629 #cisa20260629 #cve_2026_48558 #cve202648558

##

CVE-2026-48558
(10.0 CRITICAL)

EPSS: 0.72%

updated 2026-06-29T20:17:38.077000

7 posts

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary

secdb at 2026-06-29T21:01:57.072Z ##

🚨 [CISA-2026:0629] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-48558 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48558)
- Name: SimpleHelp Authentication Bypass Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/security/simplehelp-security-update-2026-05 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-48558

##

cisakevtracker@mastodon.social at 2026-06-29T20:00:51.000Z ##

CVE ID: CVE-2026-48558
Vendor: SimpleHelp
Product: SimpleHelp
Date Added: 2026-06-29
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-48558

##

oversecurity@mastodon.social at 2026-06-29T14:30:37.000Z ##

Critical SimpleHelp flaw exploited to deploy new stealer malware

Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously...

🔗️ [Bleepingcomputer] https://link.is.it/O1CzjD

##

Analyst207@mastodon.social at 2026-06-29T14:14:09.000Z ##

Hackers Exploit SimpleHelp Flaw to Deploy Djinn Stealer Malware

Hackers have found a way to exploit a flaw in SimpleHelp, using it as a trusted channel to deploy the Djinn Stealer malware and wreak havoc on managed systems. This critical vulnerability, CVE-2026-48558, allows attackers to create highly privileged accounts without authentication, putting thousands of systems at risk.

https://osintsights.com/hackers-exploit-simplehelp-flaw-to-deploy-djinn-stealer-malware?utm_source=mastodon&utm_medium=social

#Cve202648558 #Simplehelp #Oidc #DjinnStealer #MalwareOperations

##

secdb@infosec.exchange at 2026-06-29T21:01:57.000Z ##

🚨 [CISA-2026:0629] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-48558 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48558)
- Name: SimpleHelp Authentication Bypass Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/security/simplehelp-security-update-2026-05 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-48558

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260629 #cisa20260629 #cve_2026_48558 #cve202648558

##

cisakevtracker@mastodon.social at 2026-06-29T20:00:51.000Z ##

CVE ID: CVE-2026-48558
Vendor: SimpleHelp
Product: SimpleHelp
Date Added: 2026-06-29
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-48558

##

oversecurity@mastodon.social at 2026-06-29T14:30:37.000Z ##

Critical SimpleHelp flaw exploited to deploy new stealer malware

Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously...

🔗️ [Bleepingcomputer] https://link.is.it/O1CzjD

##

CVE-2026-22078
(7.3 HIGH)

EPSS: 0.09%

updated 2026-06-29T19:07:03.733000

2 posts

Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel.

offseq at 2026-06-29T09:00:27.143Z ##

OPPO O+ Connect v16.0.33 is vulnerable (CVE-2026-22078, HIGH). Lack of IPC client authentication lets external apps escalate privileges — potential for sensitive actions. Patch unavailable. Monitor and restrict app permissions. #OffSeq #CVE202622078 #OPPO https://radar.offseq.com/threat/cve-2026-22078-cwe-266-incorrect-privilege-assignm-d3bb9a84f0ae01c1

##

offseq@infosec.exchange at 2026-06-29T09:00:27.000Z ##

OPPO O+ Connect v16.0.33 is vulnerable (CVE-2026-22078, HIGH). Lack of IPC client authentication lets external apps escalate privileges — potential for sensitive actions. Patch unavailable. Monitor and restrict app permissions. #OffSeq #CVE202622078 #OPPO https://radar.offseq.com/threat/cve-2026-22078-cwe-266-incorrect-privilege-assignm-d3bb9a84f0ae01c1

##

CVE-2025-2902
(8.3 HIGH)

EPSS: 0.19%

updated 2026-06-29T18:52:40.497000

2 posts

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90

thehackerwire@mastodon.social at 2026-06-29T08:00:29.000Z ##

🟠 CVE-2025-2902 - High (8.3)

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.

This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, G...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-2902/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-06-29T08:00:29.000Z ##

🟠 CVE-2025-2902 - High (8.3)

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.

This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, G...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-2902/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13500
(7.3 HIGH)

EPSS: 0.31%

updated 2026-06-29T18:46:31.617000

1 posts

A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted

hugovalters@mastodon.social at 2026-06-29T17:05:31.000Z ##

CVE-2026-13500 - Code Injection in ANTLR4 up to 4.13.2. CVSS 7.3. Remote exploit public, vendor unresponsive. Mitigate immediately. #CVE #infosec #ANTLR

https://www.valtersit.com/cve/CVE-2026-13500/

##

CVE-2026-57346
(7.1 HIGH)

EPSS: 0.00%

updated 2026-06-29T18:39:20.080000

2 posts

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3.

offseq at 2026-06-29T10:30:27.111Z ##

Epiphyt Embed Privacy ≤1.12.3 is affected by CVE-2026-57346 (HIGH, CVSS 7.1): path traversal via improper pathname checks. Assess your deployments and watch for mitigations. https://radar.offseq.com/threat/cve-2026-57346-cwe-22-improper-limitation-of-a-pat-b3034ca61c60516d #OffSeq #CVE202657346 #Vuln #PathTraversal

##

offseq@infosec.exchange at 2026-06-29T10:30:27.000Z ##

Epiphyt Embed Privacy ≤1.12.3 is affected by CVE-2026-57346 (HIGH, CVSS 7.1): path traversal via improper pathname checks. Assess your deployments and watch for mitigations. https://radar.offseq.com/threat/cve-2026-57346-cwe-22-improper-limitation-of-a-pat-b3034ca61c60516d #OffSeq #CVE202657346 #Vuln #PathTraversal

##

CVE-2026-10083
(7.5 HIGH)

EPSS: 0.16%

updated 2026-06-29T15:33:13

1 posts

The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before rendering them in an admin-area page, leading to a Stored Cross-Site Scripting vulnerability. When a persistent object cache is enabled, cache keys derived from unsanitised user input (e.g. a transient name created by another APCu Manager WordPress plugin before 4.5.0 from an unauthenticated request) are o

offseq at 2026-06-29T07:30:26.746Z ##

Stored XSS (CVE-2026-10083, HIGH) found in APCu Manager <4.5.0 for WordPress. Persistent object caching lets attackers inject JS via crafted cache keys, compromising admin sessions. Disable object caching or update plugin. https://radar.offseq.com/threat/cve-2026-10083-cwe-79-cross-site-scripting-xss-in--afabaed8bda5d811 #OffSeq #XSS #WordPress #Infosec

##

CVE-2026-46331
(7.8 HIGH)

EPSS: 0.23%

updated 2026-06-29T15:32:00

5 posts

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb

5 repos

https://github.com/douglasmun/pagecache-lpe-containment-kit

https://github.com/vulnquest58/dirtyclone-exploit

https://github.com/sgkdev/packet_edit_meme

https://github.com/0xBlackash/CVE-2026-46331

https://github.com/HORKimhab/CVE-2026-46331

cyberveille@mastobot.ping.moi at 2026-06-29T17:30:20.000Z ##

📢 CVE-2026-46331 ' pedit COW ' : élévation de privilèges root dans le noyau Linux
📝 ## 🔍 Contexte

Source : The Hacker News, publiée le 26 juin 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-06-29-cve-2026-46331-pedit-cow-elevation-de-privileges-root-dans-le-noyau-linux/
🌐 source : https://thehackernews.com/2026/06/new-linux-pedit-cow-exploit-enables.html
#CVE_2026_46331 #IOC #Cyberveille

##

data0@indieweb.social at 2026-06-29T13:25:09.000Z ##

There's another #Linux page cache corruption bug making the rounds, assigned CVE-2026-46331. And again, I couldn't find a list of #kernel versions that include the fix. I wonder why? Anyway, here's the list:

7.1.x stable: 7.1
7.0.x stable: 7.0.13
6.18.x lts: 6.18.36
6.12.x lts: 6.12.94

##

teezeh@ieji.de at 2026-06-29T05:54:45.000Z ##

"Sicherheitsforscher sind auf eine neue, pedit COW genannte, Schwachstelle CVE-2026-46331 gestoßen, es erlaubt, Speicherinhalte zu missbrauchen, um normalen Nutzern Root-Rechte zu verschaffen."

https://borncity.com/blog/2026/06/28/pedit-cow-linux-schwachstelle-cve-2026-46331-ermoeglicht-root/

##

cyberveille@mastobot.ping.moi at 2026-06-29T17:30:20.000Z ##

📢 CVE-2026-46331 ' pedit COW ' : élévation de privilèges root dans le noyau Linux
📝 ## 🔍 Contexte

Source : The Hacker News, publiée le 26 juin 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-06-29-cve-2026-46331-pedit-cow-elevation-de-privileges-root-dans-le-noyau-linux/
🌐 source : https://thehackernews.com/2026/06/new-linux-pedit-cow-exploit-enables.html
#CVE_2026_46331 #IOC #Cyberveille

##

data0@indieweb.social at 2026-06-29T13:25:09.000Z ##

There's another #Linux page cache corruption bug making the rounds, assigned CVE-2026-46331. And again, I couldn't find a list of #kernel versions that include the fix. I wonder why? Anyway, here's the list:

7.1.x stable: 7.1
7.0.x stable: 7.0.13
6.18.x lts: 6.18.36
6.12.x lts: 6.12.94

##

CVE-2026-32833
(8.8 HIGH)

EPSS: 1.34%

updated 2026-06-29T14:16:49.310000

1 posts

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface. Attackers can submit malicious payloads through the NTP settings endpoint to achieve remote code executio

thehackerwire@mastodon.social at 2026-06-29T07:00:22.000Z ##

🟠 CVE-2026-32833 - High (8.8)

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parame...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32833/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13564
(8.8 HIGH)

EPSS: 0.00%

updated 2026-06-29T12:31:51

2 posts

A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclos

offseq at 2026-06-29T13:30:30.609Z ##

CVE-2026-13564: HIGH (CVSS 8.7) stack-based buffer overflow in Edimax EW-7478APC v1.04. Remote exploit via pppUserName; public PoC, no patch. Disable remote access or segment device. https://radar.offseq.com/threat/cve-2026-13564-stack-based-buffer-overflow-in-edim-026db0243354aebd #OffSeq #Vulnerability #IoTSecurity #CVE202613564

##

offseq@infosec.exchange at 2026-06-29T13:30:30.000Z ##

CVE-2026-13564: HIGH (CVSS 8.7) stack-based buffer overflow in Edimax EW-7478APC v1.04. Remote exploit via pppUserName; public PoC, no patch. Disable remote access or segment device. https://radar.offseq.com/threat/cve-2026-13564-stack-based-buffer-overflow-in-edim-026db0243354aebd #OffSeq #Vulnerability #IoTSecurity #CVE202613564

##

CVE-2026-13553
(7.3 HIGH)

EPSS: 0.00%

updated 2026-06-29T12:31:50

1 posts

A flaw has been found in itsourcecode Online Hotel Management System 1.0. Affected is an unknown function of the file /admin/mod_amenities/controller.php?action=add. Executing a manipulation of the argument image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been published and may be used.

hugovalters@mastodon.social at 2026-06-29T14:06:24.000Z ##

CVE-2026-13553 - Unrestricted file upload in itsourcecode Online Hotel Management System 1.0 via controller.php. CVSS 7.3. Exploit published. No patch available. Restrict access or disable uploads immediately. #CVE #infosec #cybersecurity

https://www.valtersit.com/cve/CVE-2026-13553/

##

CVE-2026-13601
(7.1 HIGH)

EPSS: 0.00%

updated 2026-06-29T12:31:50

2 posts

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML in

offseq at 2026-06-29T12:00:33.381Z ##

CVE-2026-13601 (HIGH, CVSS 7.1) in Red Hat Enterprise Linux 10: Yelp’s help viewer can leak sensitive files via crafted Flatpak apps due to weak Content Security Policy. No patch yet — restrict untrusted Flatpaks. https://radar.offseq.com/threat/cve-2026-13601-protection-mechanism-failure-in-red-844c9044ecdb0d62 #OffSeq #Linux #Vuln #RedHat

##

offseq@infosec.exchange at 2026-06-29T12:00:33.000Z ##

CVE-2026-13601 (HIGH, CVSS 7.1) in Red Hat Enterprise Linux 10: Yelp’s help viewer can leak sensitive files via crafted Flatpak apps due to weak Content Security Policy. No patch yet — restrict untrusted Flatpaks. https://radar.offseq.com/threat/cve-2026-13601-protection-mechanism-failure-in-red-844c9044ecdb0d62 #OffSeq #Linux #Vuln #RedHat

##

CVE-2026-13539
(8.8 HIGH)

EPSS: 0.47%

updated 2026-06-29T09:30:32

2 posts

A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the function sub_407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guest_ssid leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. It is suggested to upgrade the aff

thehackerwire@mastodon.social at 2026-06-29T08:00:16.000Z ##

🟠 CVE-2026-13539 - High (8.8)

A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the function sub_407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guest_ssid leads to ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-13539/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-06-29T08:00:16.000Z ##

🟠 CVE-2026-13539 - High (8.8)

A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the function sub_407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guest_ssid leads to ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-13539/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13517
(8.8 HIGH)

EPSS: 0.47%

updated 2026-06-29T03:30:58

1 posts

A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security_5g can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.

offseq at 2026-06-29T04:30:29.749Z ##

CVE-2026-13517: HIGH severity stack buffer overflow in Tenda JD12L (16.03.53.23). Exploitable remotely via security_5g argument in formWifiBasicSet. No patch yet — restrict access & monitor for threats. https://radar.offseq.com/threat/cve-2026-13517-stack-based-buffer-overflow-in-tend-004391078b4ed241 #OffSeq #Vulnerability #Infosec #RouterSecurity

##

CVE-2026-13516
(8.8 HIGH)

EPSS: 0.47%

updated 2026-06-29T00:31:46

1 posts

A vulnerability was detected in Tenda JD12L 16.03.53.23. The affected element is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. Performing a manipulation of the argument shareSpeed results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

offseq at 2026-06-29T06:00:25.131Z ##

Tenda JD12L routers (fw 16.03.53.23) face HIGH severity stack-based buffer overflow (CVE-2026-13516, CVSS 8.7). Remote code execution possible — exploit code is public. Restrict remote access, monitor endpoints. https://radar.offseq.com/threat/cve-2026-13516-stack-based-buffer-overflow-in-tend-c61568839c0ead88 #OffSeq #infosec #IoTSecurity #CVE

##

CVE-2026-13485
(7.3 HIGH)

EPSS: 0.41%

updated 2026-06-28T12:30:28

1 posts

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument course_year_section results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.

hugovalters@mastodon.social at 2026-06-29T09:01:59.000Z ##

CVE-2026-13485 - SQLi in SourceCodester Class & Exam Timetabling System 1.0. Unpatched, exploit public. CVSS 7.3. Update or mitigate immediately. #CVE #infosec #cybersecurity

https://www.valtersit.com/cve/CVE-2026-13485/

##

CVE-2026-55975
(7.2 HIGH)

EPSS: 0.65%

updated 2026-06-27T00:30:34

1 posts

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation.

hugovalters@mastodon.social at 2026-06-29T12:01:41.000Z ##

CVE-2026-55975 - Command Injection in H.View IP cameras. Authenticated users can exploit unsanitized XML fields for elevated command execution. CVSS 7.2. No patch available. Isolate affected devices immediately. #CVE #infosec #HView

https://www.valtersit.com/cve/CVE-2026-55975/

##

CVE-2026-48769
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-06-26T19:13:19

1 posts

### Summary An arbitrary file write exists in the Incus client when a malicious image server returns a crafted `Incus-Image-Hash` header. This can lead to arbitrary command execution as root on the server. ### Details - `cmd/incusd/images.go:611-684` handles `source.type=url` by HEADing the user-supplied URL, reading `Incus-Image-Hash` and `Incus-Image-URL`, and passing them to `imageDownload(

blog@stgraber.org at 2026-06-29T04:32:40.000Z ##

Announcing Incus 7.2

The Incus team is pleased to announce the release of Incus 7.2!

It’s another pretty busy release for us with a varied set of new features across the board as well as the usual set of performance improvements and bugfixes.

This fixes the following security issues:

CVE-2026-48749 (critical) – Arbitrary file read+write on host via rootfs/ symlink in malicious image
CVE-2026-48750 (critical) – Arbitrary file write on host via exec-output symlink in crafted image
CVE-2026-48751 (critical) – Restricted project bypass leading to arbitrary command execution
CVE-2026-48752 (critical) – Arbitrary file read+write on host via templates/ symlink in malicious image
CVE-2026-48755 (critical) – Argument injection in backup compression algorithm leading to arbitrary file write and command execution
CVE-2026-48769 (critical) – Arbitrary file write on client due to trusted image hash
CVE-2026-55621 (high) – Project restriction bypass for custom volume copy across projects
CVE-2026-55622 (high) – Project restriction bypass in instance copy across projects

On the feature front, the highlights for this release are:

Per-instance SELinux integration
New incus default CLI command
Filtered server info by default
Keepalive timeout from the CLI
Better OS-specific handling of CLI configuration
Standalone server certificate update
Static network configuration for OCI containers
Per-instance BGP route advertisement
Dynamic addresses in proxy NAT mode
Expanded NBD access to VMs
Btrfs compression for storage volumes
InfiniBand SR-IOV GUID configuration
Websocket origin restriction

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://github.com/douglasmun/pagecache-lpe-containment-kit

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

##

CVE-2026-43503
(8.8 HIGH)

EPSS: 0.13%

updated 2026-06-26T18:57:17.887000

4 posts

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail to propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()->flags when moving frags from source to destination. __pskb_copy_fclone() defers the rest of the shinfo metadata to skb_copy_header(

8 repos

https://github.com/gl1tch0x1/DirtyClone

https://github.com/aexdyhaxor/CVE-2026-43503-DirtyClone

https://github.com/SecureWithUmer/CVE-2026-43503

https://github.com/sec0x/CVE-2026-43503

https://github.com/mooder1/dirtyclone-CVE-2026-43503

https://github.com/0xBlackash/CVE-2026-43503

https://github.com/entra1337/DirtyClone

DarkWebInformer at 2026-06-29T18:49:01.614Z ##

‼️ CVE-2026-43503: Python PoC for DirtyClone, a Linux kernel LPE via page-cache corruption exploit

GitHub: https://github.com/entra1337/DirtyClone

##

cyberveille@mastobot.ping.moi at 2026-06-29T17:00:20.000Z ##

📢 DirtyClone (CVE-2026-43503) : LPE Linux via corruption du page cache par IPsec
📝 ## 🔍 Contexte

Publié le 25 juin 2026 par les chercheurs Eddy Tsalolikhin et Or Peles de JFrog Security...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-29-dirtyclone-cve-2026-43503-lpe-linux-via-corruption-du-page-cache-par-ipsec/
🌐 source : https://research.jfrog.com/post/dissecting-and-exploiting-linux-lpe-variant-dirtyclone-cve-2026-43503/
#CVE_2026_43284 #CVE_2026_43500 #Cyberveille

##

pertho@bsd.cafe at 2026-06-29T07:47:14.000Z ##

ANOTHER #Linux LPE: CVE-2026-43503

If only Linus wasn't so obsessed with calling #OpenBSD developers "masturbating monkeys" 18 years ago and actually took security seriously. 🤔

https://www.cnet.com/tech/tech-industry/torvalds-attacks-it-industry-security-circus-1/

##

DarkWebInformer@infosec.exchange at 2026-06-29T18:49:01.000Z ##

‼️ CVE-2026-43503: Python PoC for DirtyClone, a Linux kernel LPE via page-cache corruption exploit

GitHub: https://github.com/entra1337/DirtyClone

##

CVE-2026-48752
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-06-26T18:46:32

1 posts

### Summary A specially crafted image or instance backup can be used to read or create/write arbitrary files on the host; possibly leading to arbitrary command execution. ### Details For container images, `internal/server/storage/utils.go` calls `archive.Unpack(imageFile, destPath, ...)`. The tar extraction path in `shared/archive/archive.go` excludes device nodes, but it does not reject a top

blog@stgraber.org at 2026-06-29T04:32:40.000Z ##

Announcing Incus 7.2

The Incus team is pleased to announce the release of Incus 7.2!

It’s another pretty busy release for us with a varied set of new features across the board as well as the usual set of performance improvements and bugfixes.

This fixes the following security issues:

CVE-2026-48749 (critical) – Arbitrary file read+write on host via rootfs/ symlink in malicious image
CVE-2026-48750 (critical) – Arbitrary file write on host via exec-output symlink in crafted image
CVE-2026-48751 (critical) – Restricted project bypass leading to arbitrary command execution
CVE-2026-48752 (critical) – Arbitrary file read+write on host via templates/ symlink in malicious image
CVE-2026-48755 (critical) – Argument injection in backup compression algorithm leading to arbitrary file write and command execution
CVE-2026-48769 (critical) – Arbitrary file write on client due to trusted image hash
CVE-2026-55621 (high) – Project restriction bypass for custom volume copy across projects
CVE-2026-55622 (high) – Project restriction bypass in instance copy across projects

On the feature front, the highlights for this release are:

Per-instance SELinux integration
New incus default CLI command
Filtered server info by default
Keepalive timeout from the CLI
Better OS-specific handling of CLI configuration
Standalone server certificate update
Static network configuration for OCI containers
Per-instance BGP route advertisement
Dynamic addresses in proxy NAT mode
Expanded NBD access to VMs
Btrfs compression for storage volumes
InfiniBand SR-IOV GUID configuration
Websocket origin restriction

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

##

CVE-2026-48750
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-06-26T18:32:53

1 posts

### Summary The `record-output` parameter of the `/instances/$name/exec` endpoint stores the output of the command in the `exec-output` directory of the instance. If `exec-output` is a symlink, file named `exec_UUID.stdout` and `exec_UUID.stderr` can be written to an arbitrary location where the `.stdout` file will contain arbitrary content. This behavior can be abused for arbitrary command execu

blog@stgraber.org at 2026-06-29T04:32:40.000Z ##

Announcing Incus 7.2

The Incus team is pleased to announce the release of Incus 7.2!

It’s another pretty busy release for us with a varied set of new features across the board as well as the usual set of performance improvements and bugfixes.

This fixes the following security issues:

CVE-2026-48749 (critical) – Arbitrary file read+write on host via rootfs/ symlink in malicious image
CVE-2026-48750 (critical) – Arbitrary file write on host via exec-output symlink in crafted image
CVE-2026-48751 (critical) – Restricted project bypass leading to arbitrary command execution
CVE-2026-48752 (critical) – Arbitrary file read+write on host via templates/ symlink in malicious image
CVE-2026-48755 (critical) – Argument injection in backup compression algorithm leading to arbitrary file write and command execution
CVE-2026-48769 (critical) – Arbitrary file write on client due to trusted image hash
CVE-2026-55621 (high) – Project restriction bypass for custom volume copy across projects
CVE-2026-55622 (high) – Project restriction bypass in instance copy across projects

On the feature front, the highlights for this release are:

Per-instance SELinux integration
New incus default CLI command
Filtered server info by default
Keepalive timeout from the CLI
Better OS-specific handling of CLI configuration
Standalone server certificate update
Static network configuration for OCI containers
Per-instance BGP route advertisement
Dynamic addresses in proxy NAT mode
Expanded NBD access to VMs
Btrfs compression for storage volumes
InfiniBand SR-IOV GUID configuration
Websocket origin restriction

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

##

CVE-2026-48749
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-06-26T18:31:23

1 posts

### Summary A specially crafted image can be used to read or create/write arbitrary files on the host; possibly leading to arbitrary command execution. ### Details Incus validates an image as soon as it sees a normal `metadata.yaml` and a `rootfs/` entry, but full extraction can later process a duplicate top-level `rootfs` symlink. Later, the stopped-container file API opens `d.RootfsPath()` a

blog@stgraber.org at 2026-06-29T04:32:40.000Z ##

Announcing Incus 7.2

The Incus team is pleased to announce the release of Incus 7.2!

It’s another pretty busy release for us with a varied set of new features across the board as well as the usual set of performance improvements and bugfixes.

This fixes the following security issues:

CVE-2026-48749 (critical) – Arbitrary file read+write on host via rootfs/ symlink in malicious image
CVE-2026-48750 (critical) – Arbitrary file write on host via exec-output symlink in crafted image
CVE-2026-48751 (critical) – Restricted project bypass leading to arbitrary command execution
CVE-2026-48752 (critical) – Arbitrary file read+write on host via templates/ symlink in malicious image
CVE-2026-48755 (critical) – Argument injection in backup compression algorithm leading to arbitrary file write and command execution
CVE-2026-48769 (critical) – Arbitrary file write on client due to trusted image hash
CVE-2026-55621 (high) – Project restriction bypass for custom volume copy across projects
CVE-2026-55622 (high) – Project restriction bypass in instance copy across projects

On the feature front, the highlights for this release are:

Per-instance SELinux integration
New incus default CLI command
Filtered server info by default
Keepalive timeout from the CLI
Better OS-specific handling of CLI configuration
Standalone server certificate update
Static network configuration for OCI containers
Per-instance BGP route advertisement
Dynamic addresses in proxy NAT mode
Expanded NBD access to VMs
Btrfs compression for storage volumes
InfiniBand SR-IOV GUID configuration
Websocket origin restriction

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://github.com/HalilDeniz/CVE-2026-20230-Scanner

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

##

CVE-2026-20230
(8.6 HIGH)

EPSS: 41.69%

updated 2026-06-25T21:31:23

2 posts

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this

3 repos

https://github.com/HORKimhab/CVE-2026-20230

https://github.com/W5M1n9/Cisco-Unified-Communications-Manager-Server-Side-Forgery-Request-Vulnerability-CVE-2026-20230

netsecio@mastodon.social at 2026-06-29T17:06:08.000Z ##

📰 Attackers Actively Exploit Critical Cisco Unified CM Flaw to Deploy Webshells

⚠️ ACTIVE EXPLOITATION: A critical SSRF flaw in Cisco Unified CM (CVE-2026-20230) is being used to drop webshells. Attackers are scanning from Tor. Disable the WebDialer service or patch immediately! #Cisco #CyberAttack #Infosec #SSRF

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/active-exploitation-of-critical-cisco-unified-cm-flaw-begins/?utm_source=mastodon&utm_medium…

##

netsecio@mastodon.social at 2026-06-29T17:06:08.000Z ##

📰 Attackers Actively Exploit Critical Cisco Unified CM Flaw to Deploy Webshells

⚠️ ACTIVE EXPLOITATION: A critical SSRF flaw in Cisco Unified CM (CVE-2026-20230) is being used to drop webshells. Attackers are scanning from Tor. Disable the WebDialer service or patch immediately! #Cisco #CyberAttack #Infosec #SSRF

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/active-exploitation-of-critical-cisco-unified-cm-flaw-begins/?utm_source=mastodon&utm_medium…

##

CVE-2026-12849
(9.1 CRITICAL)

EPSS: 1.68%

updated 2026-06-25T14:02:35.347000

2 posts

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. `libNetSetObj.so` is an internal library used by various binaries on the device to configure the network stack (start and stop various servi

secdb at 2026-06-29T12:56:53.325Z ##

📈 CVE Published in last days (2026-06-22 - 2026-06-22)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs:

Severity:
- Critical: 179
- High: 735
- Medium: 619
- Low: 105
- None: 418

Status:
- : 153
- Analyzed: 447
- Awaiting Analysis: 135
- Deferred: 685
- Modified: 12
- Received: 523
- Rejected: 8
- Undergoing Analysis: 93

CISA KEVs:
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)

Top CNAs:
- GitHub, Inc.: 500
- kernel.org: 413
- Patchstack: 158
- N/A: 153
- VulnCheck: 143
- Wordfence: 70
- MITRE: 53
- Red Hat, Inc.: 34
- wolfSSL Inc.: 32
- VulDB: 31

Top Affected Products:
- UNKNOWN: 1526
- Wolfssl: 32
- N8n: 25
- Google Chrome: 21
- Openwebui Open Webui: 15
- Flowiseai Flowise: 14
- Angularjs: 13
- Gitlab: 13
- Langflow: 12
- Frappe Framework: 12

##

secdb@infosec.exchange at 2026-06-29T12:56:53.000Z ##

📈 CVE Published in last days (2026-06-22 - 2026-06-22)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs:

Severity:
- Critical: 179
- High: 735
- Medium: 619
- Low: 105
- None: 418

Status:
- : 153
- Analyzed: 447
- Awaiting Analysis: 135
- Deferred: 685
- Modified: 12
- Received: 523
- Rejected: 8
- Undergoing Analysis: 93

CISA KEVs:
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)

Top CNAs:
- GitHub, Inc.: 500
- kernel.org: 413
- Patchstack: 158
- N/A: 153
- VulnCheck: 143
- Wordfence: 70
- MITRE: 53
- Red Hat, Inc.: 34
- wolfSSL Inc.: 32
- VulDB: 31

Top Affected Products:
- UNKNOWN: 1526
- Wolfssl: 32
- N8n: 25
- Google Chrome: 21
- Openwebui Open Webui: 15
- Flowiseai Flowise: 14
- Angularjs: 13
- Gitlab: 13
- Langflow: 12
- Frappe Framework: 12

##

CVE-2026-9776
(7.5 HIGH)

EPSS: 1.58%

updated 2026-06-25T00:35:20

2 posts

ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ATEN Unizon. Authentication is not required to exploit this vulnerability. The specific flaw exists within the writeFileToHttpServletResponse method. The issue results from the lack of proper

secdb at 2026-06-29T12:56:53.325Z ##

📈 CVE Published in last days (2026-06-22 - 2026-06-22)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs:

Severity:
- Critical: 179
- High: 735
- Medium: 619
- Low: 105
- None: 418

Status:
- : 153
- Analyzed: 447
- Awaiting Analysis: 135
- Deferred: 685
- Modified: 12
- Received: 523
- Rejected: 8
- Undergoing Analysis: 93

CISA KEVs:
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)

Top CNAs:
- GitHub, Inc.: 500
- kernel.org: 413
- Patchstack: 158
- N/A: 153
- VulnCheck: 143
- Wordfence: 70
- MITRE: 53
- Red Hat, Inc.: 34
- wolfSSL Inc.: 32
- VulDB: 31

Top Affected Products:
- UNKNOWN: 1526
- Wolfssl: 32
- N8n: 25
- Google Chrome: 21
- Openwebui Open Webui: 15
- Flowiseai Flowise: 14
- Angularjs: 13
- Gitlab: 13
- Langflow: 12
- Frappe Framework: 12

##

secdb@infosec.exchange at 2026-06-29T12:56:53.000Z ##

📈 CVE Published in last days (2026-06-22 - 2026-06-22)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs:

Severity:
- Critical: 179
- High: 735
- Medium: 619
- Low: 105
- None: 418

Status:
- : 153
- Analyzed: 447
- Awaiting Analysis: 135
- Deferred: 685
- Modified: 12
- Received: 523
- Rejected: 8
- Undergoing Analysis: 93

CISA KEVs:
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)

Top CNAs:
- GitHub, Inc.: 500
- kernel.org: 413
- Patchstack: 158
- N/A: 153
- VulnCheck: 143
- Wordfence: 70
- MITRE: 53
- Red Hat, Inc.: 34
- wolfSSL Inc.: 32
- VulDB: 31

Top Affected Products:
- UNKNOWN: 1526
- Wolfssl: 32
- N8n: 25
- Google Chrome: 21
- Openwebui Open Webui: 15
- Flowiseai Flowise: 14
- Angularjs: 13
- Gitlab: 13
- Langflow: 12
- Frappe Framework: 12

https://github.com/0xBlackash/CVE-2026-55200

##

CVE-2026-55200
(8.1 HIGH)

EPSS: 0.92%

updated 2026-06-24T18:33:40

6 posts

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

2 repos

https://github.com/xd20111/CVE-2026-55200

veit@mastodon.social at 2026-06-29T12:27:03.000Z ##

Critical libssh2 vulnerability with a proof-of-concept exploit already published. curl, PHP and libgit2 are also affected.
https://nvd.nist.gov/vuln/detail/CVE-2026-55200
#ssh #Vulnerability #ITSecurity #curl

##

allaboutsecurity@mastodon.social at 2026-06-29T10:27:48.000Z ##

CVE-2026-55200: Öffentlicher Exploit-Code für libssh2-Schwachstelle veröffentlicht

https://www.all-about-security.de/cve-2026-55200-oeffentlicher-exploit-code-fuer-libssh2-schwachstelle-veroeffentlicht/

#cve #cybersecurity

##

posthole@social.posthole.net at 2026-06-29T09:10:37.000Z ##

https://posthole.net/

THE POSTHOLE
Monday, 29 June 2026 · Overnight Edition · Vol. 1 No. 201
MJD 61220.38

LEAD — HEALTH

Florida Hospitals Act Fast To Discharge Gun Victims — Especially if They’re Not Insured
-- KFF Health News

Uninsured patients made up about 1 in 4 of the more than 20,000 gunshot wound inpatient hospitalizations in Florida from 2018 to 2024, an analysis of state data by KFF Health News and The Trace found. They also had shorter hospital stays than those with any...

HEALTH

▸ She Struggled To Get a Lifesaving Drug Even After Insurers Vowed To Help
-- KFF Health News
Margaret Hvatum ended up in the hospital after her insurer denied coverage of a medicine she relies on to boost her immune...

INTERNATIONAL

▸ À gauche, les partis tentent d’étouffer en interne l’appel d’air insoumis
-- Mediapart
Craignant une hémorragie militante et des annonces en série d’un soutien à la candidature de Jean-Luc Mélenchon à la...

▸ Les saisonniers exposés aux pesticides, grands absents du débat public
-- Mediapart

▸ «Il y a eu comme une bascule»: en Île-de-France, les funérariums débordés par la canicule
-- Mediapart

NATIONAL

▸ Trump’s Sons Stand To Profit From The Critical Minerals Arms Race
-- Mother Jones
Donald Trump’s network of family businesses—and network of US government deals with those businesses—is mind-bogglingly wide. A...

▸ Trump’s Next ICE Pick: A Trooper Poised to Turn Local Cops Into Deportation Agents
-- Mother Jones

CULTURE & SPORT

▸ Dublin Pulls Off Comeback To Beat Galway In All-Ireland Quarterfinal
-- Defector
Dublin closed out a thrilling All-Ireland football quarterfinal weekend with a massive and penalty-aided comeback to beat Galway...

▸ Boots Ennis KO’s Zayas In Brooklyn Thriller
-- Defector

https://osintsights.com/libssh2-flaw-exposes-clients-to-code-execution-risk?utm_source=mastodon&utm_medium=social

SECURITY

▸ Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
-- The Hacker News
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH...

#infosec #cybersecurity #posthole

IN BRIEF

• AI Tools Accelerates Coding, but Not Overall Software Delivery, GitLab Research Finds -- InfoQ
• Swift 6.4 Brings New Language Features and Swift Testing/XCTest Interop -- InfoQ
• AWS Previews FinOps Agent for Cost Analysis and Optimization -- InfoQ
• AWS Introduces Workload Credentials Provider for Automated Certificate and Secret... -- InfoQ
• Vercel Introduces Eve, an Open-Source Framework for Building AI Agents -- InfoQ

#news #posthole

SECTIONS

Gaming Greatness: Marvel Tōkon: Fighting Souls Reveals Last 3 Playable Characters... #gaming
Tech Talk: [US Grid Constr...

##

Analyst207@mastodon.social at 2026-06-29T08:42:49.000Z ##

libssh2 Flaw Exposes Clients to Code Execution Risk

A critical flaw in libssh2, known as CVE-2026-55200, can be exploited by a malicious SSH server to trigger memory corruption on a connecting client, with no credentials or user interaction required. This vulnerability can be easily triggered with a public proof-of-concept now available.

#Libssh2 #CodeExecution #Cve202655200 #Ssh #MemoryCorruption

##

undercodenews@mastodon.social at 2026-06-29T07:26:21.000Z ##

Critical libssh2 Memory Corruption Flaw Exposes Millions of SSH Clients to Potential Remote Code Execution + Video

Critical libssh2 Memory Corruption Flaw Exposes Millions of SSH Clients to Potential Remote Code Execution Introduction A newly disclosed vulnerability in libssh2 has sent a fresh warning across the cybersecurity industry, exposing a fundamental weakness inside one of the world's most widely embedded SSH client libraries. Tracked as CVE-2026-55200, the…

https://undercodenews.com/critical-libssh2-memory-corruption-flaw-exposes-millions-of-ssh-clients-to-potential-remote-code-execution-video/?utm_source=mastodon&utm_medium=jetpack_social

##

veit@mastodon.social at 2026-06-29T12:27:03.000Z ##

Critical libssh2 vulnerability with a proof-of-concept exploit already published. curl, PHP and libgit2 are also affected.
https://nvd.nist.gov/vuln/detail/CVE-2026-55200
#ssh #Vulnerability #ITSecurity #curl

##

CVE-2026-12851
(9.1 CRITICAL)

EPSS: 1.68%

updated 2026-06-24T06:31:51

2 posts

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. `libNetSetObj.so` is an internal library used by various binaries on the device to configure the network stack (start and stop various servi

secdb at 2026-06-29T12:56:53.325Z ##

📈 CVE Published in last days (2026-06-22 - 2026-06-22)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs:

Severity:
- Critical: 179
- High: 735
- Medium: 619
- Low: 105
- None: 418

Status:
- : 153
- Analyzed: 447
- Awaiting Analysis: 135
- Deferred: 685
- Modified: 12
- Received: 523
- Rejected: 8
- Undergoing Analysis: 93

CISA KEVs:
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)

Top CNAs:
- GitHub, Inc.: 500
- kernel.org: 413
- Patchstack: 158
- N/A: 153
- VulnCheck: 143
- Wordfence: 70
- MITRE: 53
- Red Hat, Inc.: 34
- wolfSSL Inc.: 32
- VulDB: 31

Top Affected Products:
- UNKNOWN: 1526
- Wolfssl: 32
- N8n: 25
- Google Chrome: 21
- Openwebui Open Webui: 15
- Flowiseai Flowise: 14
- Angularjs: 13
- Gitlab: 13
- Langflow: 12
- Frappe Framework: 12

##

secdb@infosec.exchange at 2026-06-29T12:56:53.000Z ##

📈 CVE Published in last days (2026-06-22 - 2026-06-22)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs:

Severity:
- Critical: 179
- High: 735
- Medium: 619
- Low: 105
- None: 418

Status:
- : 153
- Analyzed: 447
- Awaiting Analysis: 135
- Deferred: 685
- Modified: 12
- Received: 523
- Rejected: 8
- Undergoing Analysis: 93

CISA KEVs:
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)

Top CNAs:
- GitHub, Inc.: 500
- kernel.org: 413
- Patchstack: 158
- N/A: 153
- VulnCheck: 143
- Wordfence: 70
- MITRE: 53
- Red Hat, Inc.: 34
- wolfSSL Inc.: 32
- VulDB: 31

Top Affected Products:
- UNKNOWN: 1526
- Wolfssl: 32
- N8n: 25
- Google Chrome: 21
- Openwebui Open Webui: 15
- Flowiseai Flowise: 14
- Angularjs: 13
- Gitlab: 13
- Langflow: 12
- Frappe Framework: 12

##

CVE-2026-12850
(9.1 CRITICAL)

EPSS: 1.72%

updated 2026-06-24T06:31:51

2 posts

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. `libNetSetObj.so` is an internal library used by various binaries on the device to configure the network stack (start and stop various servi

secdb at 2026-06-29T12:56:53.325Z ##

📈 CVE Published in last days (2026-06-22 - 2026-06-22)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs:

Severity:
- Critical: 179
- High: 735
- Medium: 619
- Low: 105
- None: 418

Status:
- : 153
- Analyzed: 447
- Awaiting Analysis: 135
- Deferred: 685
- Modified: 12
- Received: 523
- Rejected: 8
- Undergoing Analysis: 93

CISA KEVs:
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)

Top CNAs:
- GitHub, Inc.: 500
- kernel.org: 413
- Patchstack: 158
- N/A: 153
- VulnCheck: 143
- Wordfence: 70
- MITRE: 53
- Red Hat, Inc.: 34
- wolfSSL Inc.: 32
- VulDB: 31

Top Affected Products:
- UNKNOWN: 1526
- Wolfssl: 32
- N8n: 25
- Google Chrome: 21
- Openwebui Open Webui: 15
- Flowiseai Flowise: 14
- Angularjs: 13
- Gitlab: 13
- Langflow: 12
- Frappe Framework: 12

##

secdb@infosec.exchange at 2026-06-29T12:56:53.000Z ##

📈 CVE Published in last days (2026-06-22 - 2026-06-22)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs:

Severity:
- Critical: 179
- High: 735
- Medium: 619
- Low: 105
- None: 418

Status:
- : 153
- Analyzed: 447
- Awaiting Analysis: 135
- Deferred: 685
- Modified: 12
- Received: 523
- Rejected: 8
- Undergoing Analysis: 93

CISA KEVs:
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)

Top CNAs:
- GitHub, Inc.: 500
- kernel.org: 413
- Patchstack: 158
- N/A: 153
- VulnCheck: 143
- Wordfence: 70
- MITRE: 53
- Red Hat, Inc.: 34
- wolfSSL Inc.: 32
- VulDB: 31

Top Affected Products:
- UNKNOWN: 1526
- Wolfssl: 32
- N8n: 25
- Google Chrome: 21
- Openwebui Open Webui: 15
- Flowiseai Flowise: 14
- Angularjs: 13
- Gitlab: 13
- Langflow: 12
- Frappe Framework: 12

##

CVE-2026-12486
(9.1 CRITICAL)

EPSS: 1.72%

updated 2026-06-24T06:31:51

2 posts

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. `libNetSetObj.so` is an internal library used by various binaries on the device to configure the network stack (start and stop various servi

secdb at 2026-06-29T12:56:53.325Z ##

📈 CVE Published in last days (2026-06-22 - 2026-06-22)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs:

Severity:
- Critical: 179
- High: 735
- Medium: 619
- Low: 105
- None: 418

Status:
- : 153
- Analyzed: 447
- Awaiting Analysis: 135
- Deferred: 685
- Modified: 12
- Received: 523
- Rejected: 8
- Undergoing Analysis: 93

CISA KEVs:
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)

Top CNAs:
- GitHub, Inc.: 500
- kernel.org: 413
- Patchstack: 158
- N/A: 153
- VulnCheck: 143
- Wordfence: 70
- MITRE: 53
- Red Hat, Inc.: 34
- wolfSSL Inc.: 32
- VulDB: 31

Top Affected Products:
- UNKNOWN: 1526
- Wolfssl: 32
- N8n: 25
- Google Chrome: 21
- Openwebui Open Webui: 15
- Flowiseai Flowise: 14
- Angularjs: 13
- Gitlab: 13
- Langflow: 12
- Frappe Framework: 12

##

secdb@infosec.exchange at 2026-06-29T12:56:53.000Z ##

📈 CVE Published in last days (2026-06-22 - 2026-06-22)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs:

Severity:
- Critical: 179
- High: 735
- Medium: 619
- Low: 105
- None: 418

Status:
- : 153
- Analyzed: 447
- Awaiting Analysis: 135
- Deferred: 685
- Modified: 12
- Received: 523
- Rejected: 8
- Undergoing Analysis: 93

CISA KEVs:
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)

Top CNAs:
- GitHub, Inc.: 500
- kernel.org: 413
- Patchstack: 158
- N/A: 153
- VulnCheck: 143
- Wordfence: 70
- MITRE: 53
- Red Hat, Inc.: 34
- wolfSSL Inc.: 32
- VulDB: 31

Top Affected Products:
- UNKNOWN: 1526
- Wolfssl: 32
- N8n: 25
- Google Chrome: 21
- Openwebui Open Webui: 15
- Flowiseai Flowise: 14
- Angularjs: 13
- Gitlab: 13
- Langflow: 12
- Frappe Framework: 12

https://github.com/HORKimhab/CVE-2025-67038

##

CVE-2025-67038
(9.8 CRITICAL)

EPSS: 1.13%

updated 2026-06-24T05:17:25.670000

1 posts

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.

1 repos

darses@mastodon.nl at 2026-06-29T19:19:26.000Z ##

#Lantronix released new a bunch of new firmware, fixing both CVE-2025-67038 and the second actively exploited vulnerability without #CVE identifier.

I did not check all the firmware uploads nor do I have devices to actually test the fixed code, but from the looks of it this should all be good.

You can follow the discussion on #ifin : https://discourse.ifin.network/t/lantronix-openwrt-luci-attacks/625/5

##

CVE-2026-56274
(9.9 CRITICAL)

EPSS: 2.68%

updated 2026-06-23T15:32:37

2 posts

Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions for chatflows, can configure a malicious MCP server to bypass the validateCommandFlags blocklist (for ex

secdb at 2026-06-29T12:56:53.325Z ##

📈 CVE Published in last days (2026-06-22 - 2026-06-22)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs:

Severity:
- Critical: 179
- High: 735
- Medium: 619
- Low: 105
- None: 418

Status:
- : 153
- Analyzed: 447
- Awaiting Analysis: 135
- Deferred: 685
- Modified: 12
- Received: 523
- Rejected: 8
- Undergoing Analysis: 93

CISA KEVs:
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)

Top CNAs:
- GitHub, Inc.: 500
- kernel.org: 413
- Patchstack: 158
- N/A: 153
- VulnCheck: 143
- Wordfence: 70
- MITRE: 53
- Red Hat, Inc.: 34
- wolfSSL Inc.: 32
- VulDB: 31

Top Affected Products:
- UNKNOWN: 1526
- Wolfssl: 32
- N8n: 25
- Google Chrome: 21
- Openwebui Open Webui: 15
- Flowiseai Flowise: 14
- Angularjs: 13
- Gitlab: 13
- Langflow: 12
- Frappe Framework: 12

##

secdb@infosec.exchange at 2026-06-29T12:56:53.000Z ##

📈 CVE Published in last days (2026-06-22 - 2026-06-22)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs:

Severity:
- Critical: 179
- High: 735
- Medium: 619
- Low: 105
- None: 418

Status:
- : 153
- Analyzed: 447
- Awaiting Analysis: 135
- Deferred: 685
- Modified: 12
- Received: 523
- Rejected: 8
- Undergoing Analysis: 93

CISA KEVs:
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)

Top CNAs:
- GitHub, Inc.: 500
- kernel.org: 413
- Patchstack: 158
- N/A: 153
- VulnCheck: 143
- Wordfence: 70
- MITRE: 53
- Red Hat, Inc.: 34
- wolfSSL Inc.: 32
- VulDB: 31

Top Affected Products:
- UNKNOWN: 1526
- Wolfssl: 32
- N8n: 25
- Google Chrome: 21
- Openwebui Open Webui: 15
- Flowiseai Flowise: 14
- Angularjs: 13
- Gitlab: 13
- Langflow: 12
- Frappe Framework: 12

##

CVE-2026-11374
(9.0 None)

EPSS: 1.24%

updated 2026-06-23T09:32:28

2 posts

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.

threatcodex at 2026-06-29T14:08:34.626Z ##

CVE-2026-11374: Account takeover vulnerability in ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus
#CVE_2026_11374 #ManageEngine
https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html

##

threatcodex@infosec.exchange at 2026-06-29T14:08:34.000Z ##

CVE-2026-11374: Account takeover vulnerability in ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus
#CVE_2026_11374 #ManageEngine
https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html

##

CVE-2026-32315
(5.5 MEDIUM)

EPSS: 2.90%

updated 2026-06-22T17:11:37

2 posts

# Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye ## Summary motionEye v0.43.1 and prior versions create the configuration file `/etc/motioneye/motion.conf` with `644` permissions (`-rw-r--r--`), making it readable by any local user on the system. This file contains sensitive data including the admin password hash, which can be leveraged by other vul

secdb at 2026-06-29T12:56:53.325Z ##

📈 CVE Published in last days (2026-06-22 - 2026-06-22)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs:

Severity:
- Critical: 179
- High: 735
- Medium: 619
- Low: 105
- None: 418

Status:
- : 153
- Analyzed: 447
- Awaiting Analysis: 135
- Deferred: 685
- Modified: 12
- Received: 523
- Rejected: 8
- Undergoing Analysis: 93

CISA KEVs:
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)

Top CNAs:
- GitHub, Inc.: 500
- kernel.org: 413
- Patchstack: 158
- N/A: 153
- VulnCheck: 143
- Wordfence: 70
- MITRE: 53
- Red Hat, Inc.: 34
- wolfSSL Inc.: 32
- VulDB: 31

Top Affected Products:
- UNKNOWN: 1526
- Wolfssl: 32
- N8n: 25
- Google Chrome: 21
- Openwebui Open Webui: 15
- Flowiseai Flowise: 14
- Angularjs: 13
- Gitlab: 13
- Langflow: 12
- Frappe Framework: 12

##

secdb@infosec.exchange at 2026-06-29T12:56:53.000Z ##

📈 CVE Published in last days (2026-06-22 - 2026-06-22)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs:

Severity:
- Critical: 179
- High: 735
- Medium: 619
- Low: 105
- None: 418

Status:
- : 153
- Analyzed: 447
- Awaiting Analysis: 135
- Deferred: 685
- Modified: 12
- Received: 523
- Rejected: 8
- Undergoing Analysis: 93

CISA KEVs:
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)

Top CNAs:
- GitHub, Inc.: 500
- kernel.org: 413
- Patchstack: 158
- N/A: 153
- VulnCheck: 143
- Wordfence: 70
- MITRE: 53
- Red Hat, Inc.: 34
- wolfSSL Inc.: 32
- VulDB: 31

Top Affected Products:
- UNKNOWN: 1526
- Wolfssl: 32
- N8n: 25
- Google Chrome: 21
- Openwebui Open Webui: 15
- Flowiseai Flowise: 14
- Angularjs: 13
- Gitlab: 13
- Langflow: 12
- Frappe Framework: 12