## Updated at UTC 2026-02-12T19:50:22.301991

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2026-21531 9.8 0.16% 2 1 2026-02-12T19:19:54 Deserialization of untrusted data in the Azure AI Language Conversations Authori
CVE-2026-20700 7.8 0.01% 17 0 2026-02-12T19:15:51.187000 A memory corruption issue was addressed with improved state management. This iss
CVE-2025-15556 0 0.04% 4 2 2026-02-12T19:15:50.117000 Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an upd
CVE-2024-43468 9.8 73.83% 4 3 2026-02-12T19:15:49.520000 Microsoft Configuration Manager Remote Code Execution Vulnerability
CVE-2026-2250 7.5 0.05% 2 0 2026-02-12T18:31:24 The /dbviewer/ web endpoint in METIS WIC devices is exposed without authenticati
CVE-2026-2249 9.8 0.12% 2 1 2026-02-12T18:31:24 METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at t
CVE-2026-2248 9.8 0.12% 2 0 2026-02-12T18:31:24 METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at t
CVE-2026-26217 8.6 0.00% 2 0 2026-02-12T16:16:17.620000 Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in
CVE-2026-26216 10.0 0.00% 2 0 2026-02-12T16:16:17.447000 Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability i
CVE-2026-26029 7.5 0.07% 2 0 2026-02-12T16:16:16.927000 sf-mcp-server is an implementation of Salesforce MCP server for Claude for Deskt
CVE-2026-1320 7.2 0.00% 2 0 2026-02-12T15:32:54 The Secure Copy Content Protection and Content Locking plugin for WordPress is v
CVE-2026-2360 8.0 0.04% 2 0 2026-02-12T15:11:02.290000 PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superu
CVE-2026-0229 0 0.02% 2 0 2026-02-12T15:11:02.290000 A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feat
CVE-2026-0228 0 0.01% 2 0 2026-02-12T15:11:02.290000 An improper certificate validation vulnerability in PAN-OS allows users to conne
CVE-2026-2004 8.8 0.00% 3 1 2026-02-12T15:10:37.307000 Missing validation of type of input in PostgreSQL intarray extension selectivity
CVE-2026-20614 0 0.02% 2 0 2026-02-12T15:10:37.307000 A path handling issue was addressed with improved validation. This issue is fixe
CVE-2026-25924 8.4 0.04% 2 0 2026-02-12T15:10:37.307000 Kanboard is project management software focused on Kanban methodology. Prior to
CVE-2026-2313 8.8 0.02% 2 0 2026-02-12T15:10:37.307000 Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote a
CVE-2025-12059 9.8 0.04% 2 0 2026-02-12T08:16:00.800000 Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2026-26234 8.8 0.07% 4 0 2026-02-12T06:30:21 JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerabi
CVE-2026-26235 7.5 0.07% 2 1 2026-02-12T06:30:21 JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that
CVE-2026-25676 7.8 0.01% 2 0 2026-02-12T06:30:21 The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL sea
CVE-2026-23857 8.3 0.01% 4 0 2026-02-12T03:31:06 Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contain
CVE-2026-1729 9.8 0.19% 6 1 2026-02-12T03:31:06 The AdForest theme for WordPress is vulnerable to authentication bypass in all v
CVE-2026-23856 7.8 0.01% 2 0 2026-02-12T03:31:06 Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell
CVE-2026-0969 8.8 0.07% 4 0 2026-02-12T03:31:01 The serialize function used to compile MDX in next-mdx-remote is vulnerable to a
CVE-2026-26215 None 0.13% 2 1 2026-02-12T00:31:12 manga-image-translator version beta-0.3 and prior in shared API mode contains an
CVE-2026-20654 None 0.02% 2 0 2026-02-12T00:31:12 The issue was addressed with improved memory handling. This issue is fixed in wa
CVE-2026-20617 None 0.02% 2 0 2026-02-12T00:31:11 A race condition was addressed with improved state handling. This issue is fixed
CVE-2026-26010 7.6 0.01% 2 0 2026-02-11T23:14:54 ### Summary Calls issued by the UI against `/api/v1/ingestionPipelines` leak JWT
CVE-2026-25759 8.7 0.01% 2 0 2026-02-11T23:14:17 ### Impact Stored XSS vulnerability in content titles allow authenticated users
CVE-2025-48723 8.1 0.10% 2 0 2026-02-11T21:31:44 A buffer overflow vulnerability has been reported to affect Qsync Central. If a
CVE-2026-2315 8.8 0.02% 2 0 2026-02-11T21:30:48 Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 a
CVE-2026-2314 8.8 0.02% 2 0 2026-02-11T21:30:48 Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a
CVE-2026-2319 7.5 0.02% 2 0 2026-02-11T21:30:48 Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attack
CVE-2025-52868 8.1 0.10% 2 0 2026-02-11T21:30:40 A buffer overflow vulnerability has been reported to affect Qsync Central. If a
CVE-2025-48725 8.1 0.10% 2 0 2026-02-11T21:30:39 A buffer overflow vulnerability has been reported to affect several QNAP operati
CVE-2025-48724 8.1 0.10% 2 0 2026-02-11T21:30:39 A buffer overflow vulnerability has been reported to affect Qsync Central. If a
CVE-2025-30276 8.8 0.11% 2 0 2026-02-11T21:30:39 An out-of-bounds write vulnerability has been reported to affect Qsync Central.
CVE-2026-21246 7.8 0.02% 2 0 2026-02-11T21:30:38 Heap-based buffer overflow in Microsoft Graphics Component allows an authorized
CVE-2026-21259 7.8 0.04% 2 0 2026-02-11T21:30:38 Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized atta
CVE-2026-21239 7.8 0.03% 2 0 2026-02-11T21:30:37 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to el
CVE-2026-21236 7.8 0.03% 2 0 2026-02-11T21:30:37 Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allo
CVE-2026-21245 7.8 0.03% 2 0 2026-02-11T21:30:37 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to el
CVE-2025-30269 8.1 0.04% 2 0 2026-02-11T21:10:50.490000 A use of externally-controlled format string vulnerability has been reported to
CVE-2026-21255 8.8 0.03% 2 0 2026-02-11T20:04:16.867000 Improper access control in Windows Hyper-V allows an authorized attacker to bypa
CVE-2026-21257 8.0 0.05% 2 0 2026-02-11T19:47:12.797000 Improper neutralization of special elements used in a command ('command injectio
CVE-2026-21260 7.5 0.09% 2 0 2026-02-11T19:10:20.090000 Exposure of sensitive information to an unauthorized actor in Microsoft Office O
CVE-2026-21511 7.5 0.28% 1 0 2026-02-11T18:56:56.907000 Deserialization of untrusted data in Microsoft Office Outlook allows an unauthor
CVE-2026-21357 7.8 0.01% 1 0 2026-02-11T18:32:31 InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based
CVE-2026-25084 9.8 0.07% 4 0 2026-02-11T18:31:36 Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs
CVE-2026-24789 9.8 0.07% 4 0 2026-02-11T18:31:36 An unprotected API endpoint allows an attacker to remotely change the device pas
CVE-2026-2361 8.1 0.04% 2 0 2026-02-11T18:31:36 PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superu
CVE-2026-1235 6.5 0.01% 1 0 2026-02-11T18:31:28 The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via aja
CVE-2025-64075 10.0 0.44% 2 0 2026-02-11T18:06:04.010000 A path traversal vulnerability in the check_token function of Shenzhen Zhibotong
CVE-2026-21330 7.8 0.01% 2 0 2026-02-11T17:39:42.610000 After Effects versions 25.6 and earlier are affected by an Access of Resource Us
CVE-2026-21321 7.8 0.01% 2 0 2026-02-11T17:37:29.543000 After Effects versions 25.6 and earlier are affected by an Integer Overflow or W
CVE-2026-21325 7.8 0.01% 2 0 2026-02-11T17:36:38.050000 After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu
CVE-2026-21327 7.8 0.01% 2 0 2026-02-11T17:36:07.663000 After Effects versions 25.6 and earlier are affected by an out-of-bounds write v
CVE-2026-21334 7.8 0.01% 2 0 2026-02-11T17:31:30.870000 Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bou
CVE-2026-21351 7.8 0.01% 1 0 2026-02-11T17:29:31.673000 After Effects versions 25.6 and earlier are affected by a Use After Free vulnera
CVE-2026-21346 7.8 0.03% 1 0 2026-02-11T17:15:14.187000 Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds writ
CVE-2026-21347 7.8 0.03% 1 0 2026-02-11T17:14:59.750000 Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow o
CVE-2026-21341 7.8 0.03% 1 0 2026-02-11T16:40:15.260000 Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds
CVE-2026-25577 7.5 0.05% 1 0 2026-02-11T16:16:06.200000 Emmett is a framework designed to simplify your development process. Prior to 1.
CVE-2026-21510 8.8 5.83% 6 1 2026-02-11T16:13:25.603000 Protection mechanism failure in Windows Shell allows an unauthorized attacker to
CVE-2026-21519 7.8 4.09% 4 0 2026-02-11T16:13:16.180000 Access of resource using incompatible type ('type confusion') in Desktop Window
CVE-2026-21312 7.8 0.01% 2 0 2026-02-11T15:57:42.060000 Audition versions 25.3 and earlier are affected by an out-of-bounds write vulner
CVE-2026-21525 6.2 2.97% 4 0 2026-02-11T15:43:43.057000 Null pointer dereference in Windows Remote Access Connection Manager allows an u
CVE-2025-48503 7.9 0.01% 2 0 2026-02-11T15:30:35 A DLL hijacking vulnerability in the AMD Software Installer could allow an attac
CVE-2026-0910 8.8 0.07% 2 0 2026-02-11T15:30:34 The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in a
CVE-2025-8668 9.4 0.04% 2 0 2026-02-11T15:30:34 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
CVE-2026-1357 9.8 0.46% 3 3 2026-02-11T15:27:26.370000 The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress
CVE-2026-1560 8.8 0.24% 3 1 2026-02-11T15:27:26.370000 The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Rem
CVE-2025-8025 9.8 0.05% 2 0 2026-02-11T15:27:26.370000 Missing Authentication for Critical Function, Improper Access Control vulnerabil
CVE-2026-20841 8.8 0.10% 107 9 2026-02-11T15:16:16.997000 Improper neutralization of special elements used in a command ('command injectio
CVE-2026-0958 7.5 0.03% 2 0 2026-02-11T12:30:27 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4
CVE-2025-8099 7.5 0.04% 2 0 2026-02-11T12:30:27 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8
CVE-2025-7659 8.0 0.01% 2 0 2026-02-11T12:30:27 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2
CVE-2025-15096 8.8 0.04% 2 0 2026-02-11T12:30:26 The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privileg
CVE-2025-10174 8.3 0.01% 2 0 2026-02-11T12:30:26 Cleartext Transmission of Sensitive Information vulnerability in Pan Software &
CVE-2025-10913 8.3 0.04% 2 0 2026-02-11T09:30:24 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
CVE-2025-9986 8.2 0.03% 2 0 2026-02-11T09:30:24 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulne
CVE-2026-21228 8.1 0.04% 2 0 2026-02-10T21:51:48.077000 Improper certificate validation in Azure Local allows an unauthorized attacker t
CVE-2026-25993 0 0.03% 1 0 2026-02-10T21:51:48.077000 EverShop is a TypeScript-first eCommerce platform. During category update and de
CVE-2026-26009 9.9 0.26% 2 0 2026-02-10T21:51:48.077000 Catalyst is a platform built for enterprise game server hosts, game communities,
CVE-2026-25611 7.5 0.04% 1 0 2026-02-10T21:51:48.077000 A series of specifically crafted, unauthenticated messages can exhaust available
CVE-2026-21353 7.8 0.03% 1 0 2026-02-10T21:51:48.077000 DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or W
CVE-2026-21349 7.8 0.03% 1 0 2026-02-10T21:51:48.077000 Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds wri
CVE-2026-21344 7.8 0.03% 1 0 2026-02-10T21:31:42 Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds
CVE-2026-1507 7.5 0.05% 1 0 2026-02-10T21:31:42 The affected products are vulnerable to an uncaught exception that could allow a
CVE-2026-21345 7.8 0.03% 1 0 2026-02-10T21:31:41 Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds
CVE-2026-21352 7.8 0.03% 1 0 2026-02-10T21:31:41 DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write v
CVE-2026-21342 7.8 0.01% 1 0 2026-02-10T21:31:37 Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds
CVE-2026-1848 7.5 0.04% 1 0 2026-02-10T21:31:36 Connections received from the proxy port may not count towards total accepted co
CVE-2026-21343 7.8 0.03% 1 0 2026-02-10T21:31:36 Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds
CVE-2026-21514 7.8 3.68% 5 0 2026-02-10T21:31:29 Reliance on untrusted inputs in a security decision in Microsoft Office Word all
CVE-2026-21513 8.8 4.82% 4 0 2026-02-10T21:31:29 Protection mechanism failure in MSHTML Framework allows an unauthorized attacker
CVE-2026-21533 7.8 2.40% 4 1 2026-02-10T21:31:29 Improper privilege management in Windows Remote Desktop allows an authorized att
CVE-2026-25992 7.5 0.04% 1 0 2026-02-10T19:56:57 # File Read Interface Case Bypass Vulnerability ## Vulnerability Name File Read
CVE-2026-21537 8.8 0.05% 2 0 2026-02-10T18:30:54 Improper control of generation of code ('code injection') in Microsoft Defender
CVE-2026-21328 7.8 0.01% 2 0 2026-02-10T18:30:53 After Effects versions 25.6 and earlier are affected by an out-of-bounds write v
CVE-2026-21322 7.8 0.01% 2 0 2026-02-10T18:30:52 After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu
CVE-2026-21318 7.8 0.01% 2 0 2026-02-10T18:30:52 After Effects versions 25.6 and earlier are affected by an out-of-bounds write v
CVE-2026-21240 7.8 0.02% 2 0 2026-02-10T18:30:51 Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an
CVE-2026-21243 7.5 0.06% 2 0 2026-02-10T18:30:51 Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol
CVE-2026-21251 7.8 0.04% 2 0 2026-02-10T18:30:51 Use after free in Windows Cluster Client Failover allows an authorized attacker
CVE-2026-21250 7.8 0.04% 2 0 2026-02-10T18:30:51 Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker
CVE-2026-21323 7.8 0.01% 2 0 2026-02-10T18:30:51 After Effects versions 25.6 and earlier are affected by a Use After Free vulnera
CVE-2026-21320 7.8 0.01% 2 0 2026-02-10T18:30:51 After Effects versions 25.6 and earlier are affected by a Use After Free vulnera
CVE-2026-21329 7.8 0.01% 2 0 2026-02-10T18:30:51 After Effects versions 25.6 and earlier are affected by a Use After Free vulnera
CVE-2026-21326 7.8 0.01% 2 0 2026-02-10T18:30:51 After Effects versions 25.6 and earlier are affected by a Use After Free vulnera
CVE-2026-21324 7.8 0.01% 2 0 2026-02-10T18:30:51 After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu
CVE-2026-21256 8.8 0.05% 2 0 2026-02-10T18:30:50 Improper neutralization of special elements used in a command ('command injectio
CVE-2026-21335 7.8 0.01% 2 0 2026-02-10T18:30:50 Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bou
CVE-2026-21516 8.8 0.03% 1 0 2026-02-10T18:30:50 Improper neutralization of special elements used in a command ('command injectio
CVE-2026-1603 8.6 0.15% 2 0 2026-02-10T18:30:49 An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allo
CVE-2026-21229 8.0 0.07% 2 0 2026-02-10T18:30:49 Improper input validation in Power BI allows an authorized attacker to execute c
CVE-2026-21238 7.8 0.03% 2 0 2026-02-10T18:30:49 Improper access control in Windows Ancillary Function Driver for WinSock allows
CVE-2026-22153 8.1 0.07% 1 2 2026-02-10T18:30:48 An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerabili
CVE-2026-1602 6.5 0.05% 2 0 2026-02-10T18:30:38 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote
CVE-2026-24061 9.8 37.88% 7 63 template 2026-02-10T18:30:34 telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "
CVE-2026-0509 9.6 0.04% 2 0 2026-02-10T06:30:39 SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated,
CVE-2026-0488 10.0 0.04% 2 0 2026-02-10T06:30:38 An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could ex
CVE-2026-1529 8.1 0.02% 2 2 2026-02-10T02:15:52.253000 A flaw was found in Keycloak. An attacker can exploit this vulnerability by modi
CVE-2026-25639 7.5 0.01% 1 0 2026-02-09T22:39:36 # Denial of Service via **proto** Key in mergeConfig ### Summary The `mergeCon
CVE-2025-66630 None 0.01% 2 0 2026-02-09T18:49:19 Fiber v2 contains an internal vendored copy of `gofiber/utils`, and its function
CVE-2026-1731 0 4.22% 4 3 template 2026-02-09T16:08:55.263000 BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote
CVE-2026-2234 9.1 0.05% 2 0 2026-02-09T09:30:28 C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing
CVE-2025-64175 None 0.01% 2 0 2026-02-06T19:06:46 Contact OpenAI Security Research at outbounddisclosures@openai.com to engage on
CVE-2025-64111 None 0.12% 2 0 2026-02-06T19:06:45 ### Summary Due to the insufficient patch for the https://github.com/gogs/gogs/s
CVE-2025-24054 6.5 11.25% 1 9 2026-02-05T13:01:23.843000 External control of file name or path in Windows NTLM allows an unauthorized att
CVE-2026-25049 None 0.03% 4 1 2026-02-04T21:09:38 ### Impact Additional exploits in the expression evaluation of n8n have been id
CVE-2026-20119 7.5 0.09% 2 0 2026-02-04T18:30:51 A vulnerability in the text rendering subsystem of Cisco TelePresence Collaborat
CVE-2026-1340 9.8 0.18% 2 1 2026-02-04T16:34:21.763000 A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve
CVE-2026-25253 8.8 0.04% 1 4 2026-02-03T16:44:36.630000 OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value f
CVE-2026-0227 7.5 0.06% 1 2 2026-01-31T00:31:36 A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated
CVE-2026-1281 9.8 16.41% 2 1 2026-01-30T00:31:29 A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve
CVE-2026-23760 9.8 55.52% 2 2 template 2026-01-27T16:16:55.327000 SmarterTools SmarterMail versions prior to build 9511 contain an authentication
CVE-2026-20026 5.8 0.13% 2 0 2026-01-08T18:08:54.147000 Multiple&nbsp;Cisco products are affected by a vulnerability in the processing o
CVE-2023-4911 7.8 63.62% 1 17 template 2026-01-08T16:28:27.603000 A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so whi
CVE-2026-20027 5.3 0.04% 2 0 2026-01-07T18:30:33 Multiple Cisco products are affected by a vulnerability in the processing of DCE
CVE-2025-43529 8.8 0.02% 2 7 2025-12-17T21:31:01 A use-after-free issue was addressed with improved memory management. This issue
CVE-2025-14174 8.8 0.65% 2 6 2025-12-15T15:30:31 Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499
CVE-2025-60787 7.2 70.31% 1 1 2025-11-03T21:48:21 ## Summary A command injection vulnerability in MotionEye allows attackers to ac
CVE-2025-8088 8.8 3.90% 4 28 2025-10-30T15:50:59.680000 A path traversal vulnerability affecting the Windows version of WinRAR allows th
CVE-2018-0802 7.8 93.89% 2 7 2025-10-22T00:31:30 Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Offic
CVE-2025-59375 7.5 0.12% 1 0 2025-09-17T15:31:32 libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory
CVE-2025-3573 6.1 0.25% 2 0 2025-04-15T14:24:22 Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-
CVE-2026-26081 0 0.00% 2 0 N/A
CVE-2026-26080 0 0.00% 2 0 N/A
CVE-2025-64487 0 0.01% 2 0 N/A
CVE-2026-21523 0 0.04% 1 0 N/A
CVE-2026-25947 0 0.03% 1 0 N/A
CVE-2026-25506 0 0.02% 1 0 N/A

CVE-2026-21531
(9.8 CRITICAL)

EPSS: 0.16%

updated 2026-02-12T19:19:54

2 posts

Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network.

1 repos

https://github.com/NetVanguard-cmd/CVE-2026-21531

offseq at 2026-02-11T03:00:29.734Z ##

🚨 CVE-2026-21531: Critical RCE in Azure AI Language Authoring SDK v1.0.0 via deserialization of untrusted data. Unauthenticated attackers can execute code remotely. Restrict access & monitor endpoints until patched. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-02-10T23:25:59.000Z ##

🔴 CVE-2026-21531 - Critical (9.8)

Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-20700
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-12T19:15:51.187000

17 posts

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals

cisakevtracker@mastodon.social at 2026-02-12T19:01:10.000Z ##

CVE ID: CVE-2026-20700
Vendor: Apple
Product: Multiple Products
Date Added: 2026-02-12
Notes: support.apple.com/en-us/126346 ; support.apple.com/en-us/126348 ; support.apple.com/en-us/126351 ; support.apple.com/en-us/126352 ; support.apple.com/en-us/126353 ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

DarkWebInformer at 2026-02-12T18:51:53.049Z ##

‼️ CISA has added 3 vulnerabilities to the KEV Catalog

CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.

CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.

CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.

##

mastokukei@social.josko.org at 2026-02-12T18:01:47.000Z ##

Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #technologyAtKukei masto.kukei.eu/browse/technolo category:
- Eddy Merckx Bikes unveils Corsa Strasbourg Ti and Corsa Pévèle Ti titanium bikes, handmade in Italy.
- WordPress plugin with ~900k installs exposed to a critical RCE flaw.
- Apple iOS 26.3 update patches CVE-2026-20700.
- Palantir sues Republik Magazin (Swiss outlet) over a published article.
- Waymo launches World Model for autonomous driving [1/2]

##

chorrell@hachyderm.io at 2026-02-12T14:54:21.000Z ##

Update your iPhones to iOS 26.3, CVE-2026-20700 is pretty bad!

go.theregister.com/feed/www.th

##

jbhall56 at 2026-02-12T12:55:43.364Z ##

The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. thehackernews.com/2026/02/appl

##

undercodenews@mastodon.social at 2026-02-12T12:21:55.000Z ##

Apple Releases Emergency Security Updates to Patch Actively Exploited Zero-Day CVE-2026-20700 Across iOS, macOS, and More + Video

A Critical Memory Corruption Flaw Forces Apple Into Rapid Defensive Action Apple has rolled out urgent security updates across its entire ecosystem, including iOS, iPadOS, macOS, watchOS, tvOS, and visionOS, to address an actively exploited zero-day vulnerability identified as CVE-2026-20700. The flaw, discovered by Google’s Threat Analysis…

undercodenews.com/apple-releas

##

PC_Fluesterer@social.tchncs.de at 2026-02-12T10:54:31.000Z ##

Apple aktualisiert alles 2026-02

Apples reguläre Updates im Februar flicken 71 Sicherheitslücken. Einige von denen stecken in mehreren von Apple Produkten. Bemerkenswert ist CVE-2026-20700, die bereits für Angriffe ausgenutzt wird (Zero-Day). Weitere drei neue Sicherheitslücken betreffen die Spracherkennung (Siri), ermöglichen sie doch, auch einem gesperrten iPhone persönliche Daten zu entloc

pc-fluesterer.info/wordpress/t

##

PC_Fluesterer@social.tchncs.de at 2026-02-12T10:54:29.000Z ##

Apple aktualisiert alles 2026-02

Apples reguläre Updates im Februar flicken 71 Sicherheitslücken. Einige von denen stecken in mehreren von Apple Produkten. Bemerkenswert ist CVE-2026-20700, die bereits für Angriffe ausgenutzt wird (Zero-Day). Weitere drei neue Sicherheit

pc-fluesterer.info/wordpress/2

#Allgemein #Empfehlung #Hintergrund #Mobilfunk #Warnung #0day #apple #cybercrime #ios #macos #sicherheit #UnplugTrump #vorbeugen

##

defendopsdiaries at 2026-02-12T01:20:40.293Z ##

A hidden flaw in Apple’s core system let hackers quietly bypass defenses and target high-profile users before anyone noticed. How did this zero-day slip through the cracks?

thedefendopsdiaries.com/inside

##

offseq at 2026-02-12T00:00:41.450Z ##

🚨 CRITICAL: CVE-2026-20700 impacts Apple macOS, iOS, iPadOS & more before v26.3. Memory corruption enables arbitrary code execution — exploited in sophisticated, targeted attacks. Urgently update all devices! radar.offseq.com/threat/cve-20

##

applsec at 2026-02-11T18:36:22.008Z ##

📣 EMERGENCY UPDATES 📣

Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.

🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3

##

cisakevtracker@mastodon.social at 2026-02-12T19:01:10.000Z ##

CVE ID: CVE-2026-20700
Vendor: Apple
Product: Multiple Products
Date Added: 2026-02-12
Notes: support.apple.com/en-us/126346 ; support.apple.com/en-us/126348 ; support.apple.com/en-us/126351 ; support.apple.com/en-us/126352 ; support.apple.com/en-us/126353 ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

DarkWebInformer@infosec.exchange at 2026-02-12T18:51:53.000Z ##

‼️ CISA has added 3 vulnerabilities to the KEV Catalog

CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.

CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.

CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.

##

jbhall56@infosec.exchange at 2026-02-12T12:55:43.000Z ##

The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. thehackernews.com/2026/02/appl

##

defendopsdiaries@infosec.exchange at 2026-02-12T01:20:40.000Z ##

A hidden flaw in Apple’s core system let hackers quietly bypass defenses and target high-profile users before anyone noticed. How did this zero-day slip through the cracks?

thedefendopsdiaries.com/inside

##

offseq@infosec.exchange at 2026-02-12T00:00:41.000Z ##

🚨 CRITICAL: CVE-2026-20700 impacts Apple macOS, iOS, iPadOS & more before v26.3. Memory corruption enables arbitrary code execution — exploited in sophisticated, targeted attacks. Urgently update all devices! radar.offseq.com/threat/cve-20 #OffSeq #AppleSecurity #CVE202620700 #ThreatIntel

##

applsec@infosec.exchange at 2026-02-11T18:36:22.000Z ##

📣 EMERGENCY UPDATES 📣

Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.

🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3

#apple #cybersecurity #infosec #security #ios

##

CVE-2025-15556
(0 None)

EPSS: 0.04%

updated 2026-02-12T19:15:50.117000

4 posts

Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download and execute an attacker-controlled installer, resulting in arbitrary code execution with the privileges

2 repos

https://github.com/renat0z3r0/notepadpp-supply-chain-iocs

https://github.com/George0Papasotiriou/CVE-2025-15556-Notepad-WinGUp-Updater-RCE

cisakevtracker@mastodon.social at 2026-02-12T19:01:41.000Z ##

CVE ID: CVE-2025-15556
Vendor: Notepad++
Product: Notepad++
Date Added: 2026-02-12
Notes: notepad-plus-plus.org/news/cla ; community.notepad-plus-plus.or ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

DarkWebInformer at 2026-02-12T18:51:53.049Z ##

‼️ CISA has added 3 vulnerabilities to the KEV Catalog

CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.

CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.

CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.

##

cisakevtracker@mastodon.social at 2026-02-12T19:01:41.000Z ##

CVE ID: CVE-2025-15556
Vendor: Notepad++
Product: Notepad++
Date Added: 2026-02-12
Notes: notepad-plus-plus.org/news/cla ; community.notepad-plus-plus.or ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

DarkWebInformer@infosec.exchange at 2026-02-12T18:51:53.000Z ##

‼️ CISA has added 3 vulnerabilities to the KEV Catalog

CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.

CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.

CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.

##

CVE-2024-43468
(9.8 CRITICAL)

EPSS: 73.83%

updated 2026-02-12T19:15:49.520000

4 posts

Microsoft Configuration Manager Remote Code Execution Vulnerability

3 repos

https://github.com/nikallass/CVE-2024-43468_mTLS_go

https://github.com/tadash10/Detailed-Analysis-and-Mitigation-Strategies-for-CVE-2024-38124-and-CVE-2024-43468

https://github.com/synacktiv/CVE-2024-43468

cisakevtracker@mastodon.social at 2026-02-12T19:01:25.000Z ##

CVE ID: CVE-2024-43468
Vendor: Microsoft
Product: Configuration Manager
Date Added: 2026-02-12
Notes: msrc.microsoft.com/update-guid ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

DarkWebInformer at 2026-02-12T18:51:53.049Z ##

‼️ CISA has added 3 vulnerabilities to the KEV Catalog

CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.

CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.

CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.

##

cisakevtracker@mastodon.social at 2026-02-12T19:01:25.000Z ##

CVE ID: CVE-2024-43468
Vendor: Microsoft
Product: Configuration Manager
Date Added: 2026-02-12
Notes: msrc.microsoft.com/update-guid ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

DarkWebInformer@infosec.exchange at 2026-02-12T18:51:53.000Z ##

‼️ CISA has added 3 vulnerabilities to the KEV Catalog

CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.

CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.

CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.

##

CVE-2026-2250
(7.5 HIGH)

EPSS: 0.05%

updated 2026-02-12T18:31:24

2 posts

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests to return verbose Django tracebacks that disclose backend source code, local file paths, and system co

thehackerwire@mastodon.social at 2026-02-11T22:21:59.000Z ##

🟠 CVE-2026-2250 - High (7.5)

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured w...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T22:21:59.000Z ##

🟠 CVE-2026-2250 - High (7.5)

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured w...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2249
(9.8 CRITICAL)

EPSS: 0.12%

updated 2026-02-12T18:31:24

2 posts

METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the software, granting unauthorized access to modify configuration, read and alter sensitive data, or dis

1 repos

https://github.com/taylorwerno/CVE-2026-2249

thehackerwire@mastodon.social at 2026-02-11T21:28:18.000Z ##

🔴 CVE-2026-2249 - Critical (9.8)

METIS DFS devices (versions &lt;= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with &#03...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T21:28:18.000Z ##

🔴 CVE-2026-2249 - Critical (9.8)

METIS DFS devices (versions &lt;= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with &#03...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2248
(9.8 CRITICAL)

EPSS: 0.12%

updated 2026-02-12T18:31:24

2 posts

METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results in full system compromise, allowing unauthorized access to modify system configuration, read sensitive data, or disrupt de

thehackerwire@mastodon.social at 2026-02-11T21:28:08.000Z ##

🔴 CVE-2026-2248 - Critical (9.8)

METIS WIC devices (versions &lt;= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T21:28:08.000Z ##

🔴 CVE-2026-2248 - Critical (9.8)

METIS WIC devices (versions &lt;= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26217
(8.6 HIGH)

EPSS: 0.00%

updated 2026-02-12T16:16:17.620000

2 posts

Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can access sensitive files such as /etc/passwd, /etc/shadow, application configuration files, and environment

offseq at 2026-02-12T16:00:15.517Z ##

🚨 CRITICAL: CVE-2026-26217 in Crawl4AI (<0.8.0) enables unauthenticated file read via Docker API endpoints. Attackers can access /etc/passwd, configs, and secrets. Upgrade to 0.8.0+! radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-02-12T16:00:15.000Z ##

🚨 CRITICAL: CVE-2026-26217 in Crawl4AI (<0.8.0) enables unauthenticated file read via Docker API endpoints. Attackers can access /etc/passwd, configs, and secrets. Upgrade to 0.8.0+! radar.offseq.com/threat/cve-20 #OffSeq #CVE202626217 #infosec

##

CVE-2026-26216
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-02-12T16:16:17.447000

2 posts

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was included in the allowed builtins, allowing unauthenticated remote attackers to import arbitrary modules and execute system commands. Successful exploitation allows

offseq at 2026-02-12T17:30:17.907Z ##

⚠️ CRITICAL RCE (CVE-2026-26216) in Crawl4AI <0.8.0: /crawl endpoint allows unauthenticated Python code injection via exec(), enabling server takeover & lateral movement. Restrict access, monitor activity, upgrade ASAP. radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-02-12T17:30:17.000Z ##

⚠️ CRITICAL RCE (CVE-2026-26216) in Crawl4AI <0.8.0: /crawl endpoint allows unauthenticated Python code injection via exec(), enabling server takeover & lateral movement. Restrict access, monitor activity, upgrade ASAP. radar.offseq.com/threat/cve-20 #OffSeq #CVE202626216 #infosec #RCE

##

CVE-2026-26029
(7.5 HIGH)

EPSS: 0.07%

updated 2026-02-12T16:16:16.927000

2 posts

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process.

thehackerwire@mastodon.social at 2026-02-11T22:18:53.000Z ##

🟠 CVE-2026-26029 - High (7.5)

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T22:18:53.000Z ##

🟠 CVE-2026-26029 - High (7.5)

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1320
(7.2 HIGH)

EPSS: 0.00%

updated 2026-02-12T15:32:54

2 posts

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses

offseq at 2026-02-12T14:30:20.349Z ##

⚠️ HIGH severity alert: CVE-2026-1320 impacts ays-pro Secure Copy Content Protection & Content Locking (all versions) — Stored XSS via 'X-Forwarded-For' lets unauth attackers inject scripts. Monitor and restrict input. More: radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-02-12T14:30:20.000Z ##

⚠️ HIGH severity alert: CVE-2026-1320 impacts ays-pro Secure Copy Content Protection & Content Locking (all versions) — Stored XSS via 'X-Forwarded-For' lets unauth attackers inject scripts. Monitor and restrict input. More: radar.offseq.com/threat/cve-20 #OffSeq #WordPress #XSS

##

CVE-2026-2360
(8.0 HIGH)

EPSS: 0.04%

updated 2026-02-12T15:11:02.290000

2 posts

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version. With PostgreS

thehackerwire@mastodon.social at 2026-02-11T21:02:42.000Z ##

🟠 CVE-2026-2360 - High (8)

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privil...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T21:02:42.000Z ##

🟠 CVE-2026-2360 - High (8)

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privil...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-0229
(0 None)

EPSS: 0.02%

updated 2026-02-12T15:11:02.290000

2 posts

A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Cloud NGFW and Prisma Access® are not impacted by this vulnerability.

AAKL at 2026-02-11T17:56:10.869Z ##

Palo Alto has three new advisories.

- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) security.paloaltonetworks.com/

- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature security.paloaltonetworks.com/

- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate security.paloaltonetworks.com/

##

AAKL@infosec.exchange at 2026-02-11T17:56:10.000Z ##

Palo Alto has three new advisories.

- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) security.paloaltonetworks.com/

- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature security.paloaltonetworks.com/

- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate security.paloaltonetworks.com/ #PaloAlto #infosec #vulnerability

##

CVE-2026-0228
(0 None)

EPSS: 0.01%

updated 2026-02-12T15:11:02.290000

2 posts

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.

AAKL at 2026-02-11T17:56:10.869Z ##

Palo Alto has three new advisories.

- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) security.paloaltonetworks.com/

- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature security.paloaltonetworks.com/

- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate security.paloaltonetworks.com/

##

AAKL@infosec.exchange at 2026-02-11T17:56:10.000Z ##

Palo Alto has three new advisories.

- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) security.paloaltonetworks.com/

- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature security.paloaltonetworks.com/

- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate security.paloaltonetworks.com/ #PaloAlto #infosec #vulnerability

##

CVE-2026-2004
(8.8 HIGH)

EPSS: 0.00%

updated 2026-02-12T15:10:37.307000

3 posts

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

1 repos

https://github.com/dkstar11q/Ashwesker-CVE-2026-20045

mastokukei@social.josko.org at 2026-02-12T18:02:20.000Z ##

Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei masto.kukei.eu/browse/programm category:
- AI agents coordinating on real work and autonomous coding (Claude Code, agent frameworks, Copilot-style testing)
- PostgreSQL CVE-2026-2004: missing input validation in intarray extension allows OS code execution
- Python ecosystem events: PyCon Namibia 2026 and PyCon Sweden 2025/2026 (speaker announcements and tracks)
- NixOS and Guix: full [1/2]

##

0x3e4@cyberplace.social at 2026-02-12T17:33:13.000Z ##

few new #postgresql vulns out there today

🔐 CVE-2026-2004
CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.

📊 CVSS Score: 8.8
⚠️ Severity: High
📅 Published: 02/12/2026, 02:16 PM
🏷️ Aliases: CVE-2026-2004
🛡️ CWE: CWE-1287
📚 References: postgresql.org/support/securit

🔗 hecate.pw/vulnerability/CVE-20

#cve #vulnerability #hecate

##

0x3e4@cyberplace.social at 2026-02-12T17:33:13.000Z ##

few new #postgresql vulns out there today

🔐 CVE-2026-2004
CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.

📊 CVSS Score: 8.8
⚠️ Severity: High
📅 Published: 02/12/2026, 02:16 PM
🏷️ Aliases: CVE-2026-2004
🛡️ CWE: CWE-1287
📚 References: postgresql.org/support/securit

🔗 hecate.pw/vulnerability/CVE-20

#cve #vulnerability #hecate

##

CVE-2026-20614
(0 None)

EPSS: 0.02%

updated 2026-02-12T15:10:37.307000

2 posts

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to gain root privileges.

offseq at 2026-02-12T01:30:30.288Z ##

🚨 CVE-2026-20614 (CRITICAL): Privilege escalation in macOS lets apps gain root with no user interaction. Fixes: Sequoia 15.7.4, Tahoe 26.3, Sonoma 14.8.4. Patch now to block full compromise — esp. in EU orgs! radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-02-12T01:30:30.000Z ##

🚨 CVE-2026-20614 (CRITICAL): Privilege escalation in macOS lets apps gain root with no user interaction. Fixes: Sequoia 15.7.4, Tahoe 26.3, Sonoma 14.8.4. Patch now to block full compromise — esp. in EU orgs! radar.offseq.com/threat/cve-20 #OffSeq #macOS #Vuln #Patch

##

CVE-2026-25924
(8.4 HIGH)

EPSS: 0.04%

updated 2026-02-12T15:10:37.307000

2 posts

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution (RCE). Although the application correctly hides the plugin installation interface when the PLUGIN_INSTALLER configuration is set to false, the underlying backend endpoint fails to veri

thehackerwire@mastodon.social at 2026-02-11T21:17:35.000Z ##

🟠 CVE-2026-25924 - High (8.4)

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution (RCE). Although the application...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T21:17:35.000Z ##

🟠 CVE-2026-25924 - High (8.4)

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution (RCE). Although the application...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2313
(8.8 HIGH)

EPSS: 0.02%

updated 2026-02-12T15:10:37.307000

2 posts

Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

thehackerwire@mastodon.social at 2026-02-11T21:01:55.000Z ##

🟠 CVE-2026-2313 - High (8.8)

Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T21:01:55.000Z ##

🟠 CVE-2026-2313 - High (8.8)

Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-12059
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-02-12T08:16:00.800000

2 posts

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logo j-Platform: from 3.29.6.4 before 3.34.8.9.

thehackerwire@mastodon.social at 2026-02-11T22:22:18.000Z ##

🔴 CVE-2025-12059 - Critical (9.8)

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logo ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T22:22:18.000Z ##

🔴 CVE-2025-12059 - Critical (9.8)

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logo ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26234
(8.8 HIGH)

EPSS: 0.07%

updated 2026-02-12T06:30:21

4 posts

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains.

offseq at 2026-02-12T11:30:34.950Z ##

🔎 CVE-2026-26234 (HIGH): JUNG Smart Visu Server (v1.0.830 – 1.1.1050) allows unauthenticated X-Forwarded-Host header injection — leads to cache poisoning, phishing, and redirects. Patch when available, restrict access, monitor logs. radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-02-12T04:22:55.000Z ##

🟠 CVE-2026-26234 - High (8.8)

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-02-12T11:30:34.000Z ##

🔎 CVE-2026-26234 (HIGH): JUNG Smart Visu Server (v1.0.830 – 1.1.1050) allows unauthenticated X-Forwarded-Host header injection — leads to cache poisoning, phishing, and redirects. Patch when available, restrict access, monitor logs. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #IoT

##

thehackerwire@mastodon.social at 2026-02-12T04:22:55.000Z ##

🟠 CVE-2026-26234 - High (8.8)

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26235
(7.5 HIGH)

EPSS: 0.07%

updated 2026-02-12T06:30:21

2 posts

JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any authentication.

1 repos

https://github.com/mbanyamer/CVE-2026-26235-JUNG-Smart-Visu-Server-Unauthenticated-Reboot-Shutdown

offseq at 2026-02-12T10:00:30.144Z ##

🚨 CVE-2026-26235 (HIGH): JUNG Smart Visu Server 1.1.1050 lets unauthenticated users remotely shut down or reboot the server via POST request. Restrict network access, monitor logs, and await vendor patch. Details: radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-02-12T10:00:30.000Z ##

🚨 CVE-2026-26235 (HIGH): JUNG Smart Visu Server 1.1.1050 lets unauthenticated users remotely shut down or reboot the server via POST request. Restrict network access, monitor logs, and await vendor patch. Details: radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #OTSecurity

##

CVE-2026-25676
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-12T06:30:21

2 posts

The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges.

offseq at 2026-02-12T08:30:53.599Z ##

⚠️ CVE-2026-25676: HIGH-severity DLL search path vuln in M-Audio M-Track Duo HD v1.0.0 installer. Local attackers can hijack DLLs to run code as admin. Restrict installer use, monitor for patches! radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-02-12T08:30:53.000Z ##

⚠️ CVE-2026-25676: HIGH-severity DLL search path vuln in M-Audio M-Track Duo HD v1.0.0 installer. Local attackers can hijack DLLs to run code as admin. Restrict installer use, monitor for patches! radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #Infosec #CVE2026_25676

##

CVE-2026-23857
(8.3 HIGH)

EPSS: 0.01%

updated 2026-02-12T03:31:06

4 posts

Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

offseq at 2026-02-12T13:00:31.465Z ##

Dell Update Package Framework (23.12.00 – 24.12.00) hit by HIGH severity (CVSS 8.2) vuln: improper permission checks enable local privilege escalation. Restrict access & monitor for updates. CVE-2026-23857 🛡️ radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-02-12T03:22:30.000Z ##

🟠 CVE-2026-23857 - High (8.2)

Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabilit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-02-12T13:00:31.000Z ##

Dell Update Package Framework (23.12.00 – 24.12.00) hit by HIGH severity (CVSS 8.2) vuln: improper permission checks enable local privilege escalation. Restrict access & monitor for updates. CVE-2026-23857 🛡️ radar.offseq.com/threat/cve-20 #OffSeq #Dell #PrivilegeEscalation #Vuln

##

thehackerwire@mastodon.social at 2026-02-12T03:22:30.000Z ##

🟠 CVE-2026-23857 - High (8.2)

Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabilit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1729
(9.8 CRITICAL)

EPSS: 0.19%

updated 2026-02-12T03:31:06

6 posts

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_otp_fun' function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.

1 repos

https://github.com/ninjazan420/CVE-2026-1729-PoC-AdForest-WordPress-Authentication-Bypass

offseq at 2026-02-12T07:00:34.685Z ##

🚨 CRITICAL: CVE-2026-1729 in AdForest (≤6.0.12) enables unauthenticated OTP login as any user — including admins. No patch yet. Block vulnerable OTP function, monitor logs, and deploy WAF rules ASAP. radar.offseq.com/threat/cve-20

##

offseq at 2026-02-12T03:00:30.533Z ##

🚨 CVE-2026-1729 (CRITICAL): AdForest WordPress theme authentication bypass lets attackers log in as any user — including admin! All versions affected, no patch yet. Disable OTP login & deploy WAF rules ASAP. More: radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-02-12T02:26:27.000Z ##

🔴 CVE-2026-1729 - Critical (9.8)

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_o...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-02-12T07:00:34.000Z ##

🚨 CRITICAL: CVE-2026-1729 in AdForest (≤6.0.12) enables unauthenticated OTP login as any user — including admins. No patch yet. Block vulnerable OTP function, monitor logs, and deploy WAF rules ASAP. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vulnerability

##

offseq@infosec.exchange at 2026-02-12T03:00:30.000Z ##

🚨 CVE-2026-1729 (CRITICAL): AdForest WordPress theme authentication bypass lets attackers log in as any user — including admin! All versions affected, no patch yet. Disable OTP login & deploy WAF rules ASAP. More: radar.offseq.com/threat/cve-20 #OffSeq #WordPress #CVE20261729 #WebSecurity

##

thehackerwire@mastodon.social at 2026-02-12T02:26:27.000Z ##

🔴 CVE-2026-1729 - Critical (9.8)

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_o...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-23856
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-12T03:31:06

2 posts

Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

thehackerwire@mastodon.social at 2026-02-12T03:22:39.000Z ##

🟠 CVE-2026-23856 - High (7.8)

Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could p...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T03:22:39.000Z ##

🟠 CVE-2026-23856 - High (7.8)

Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could p...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-0969
(8.8 HIGH)

EPSS: 0.07%

updated 2026-02-12T03:31:01

4 posts

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.

thehackerwire@mastodon.social at 2026-02-12T03:22:59.000Z ##

🟠 CVE-2026-0969 - High (8.8)

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T03:22:38.000Z ##

🟠 CVE-2026-0969 - High (8.8)

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T03:22:59.000Z ##

🟠 CVE-2026-0969 - High (8.8)

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T03:22:38.000Z ##

🟠 CVE-2026-0969 - High (8.8)

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26215(CVSS UNKNOWN)

EPSS: 0.13%

updated 2026-02-12T00:31:12

2 posts

manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simple_execute/{method} and /execute/{method} deserialize attacker-controlled request bodies using pickle.loads() without validation. Although a nonce-based authorization check is intended to restrict ac

1 repos

https://github.com/mbanyamer/-CVE-2026-26215-manga-image-translator-RCE

offseq at 2026-02-12T06:00:31.098Z ##

CVE-2026-26215: CRITICAL RCE in zyddnys manga-image-translator (beta-0.3 & earlier). Unauthenticated attackers can exploit unsafe pickle.loads() in FastAPI endpoints to execute code. Disable endpoints & monitor for threats! radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-02-12T06:00:31.000Z ##

CVE-2026-26215: CRITICAL RCE in zyddnys manga-image-translator (beta-0.3 & earlier). Unauthenticated attackers can exploit unsafe pickle.loads() in FastAPI endpoints to execute code. Disable endpoints & monitor for threats! radar.offseq.com/threat/cve-20 #OffSeq #CVE202626215 #infosec

##

CVE-2026-20654(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-02-12T00:31:12

2 posts

The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to cause unexpected system termination.

speedyfriend67 at 2026-02-12T02:44:32.937Z ##

Got my first Apple CVE!
CVE-2026-20654

At the age of 19, I have finally achieved my goal.

Weird thing is, the 2025 CVE isn't addressed yet haha

More exciting news coming soon!

Thank you everyone for the support 🥹🙏

##

speedyfriend67@infosec.exchange at 2026-02-12T02:44:32.000Z ##

Got my first Apple CVE!
CVE-2026-20654

At the age of 19, I have finally achieved my goal.

Weird thing is, the 2025 CVE isn't addressed yet haha

More exciting news coming soon!

Thank you everyone for the support 🥹🙏

##

CVE-2026-20617(CVSS UNKNOWN)

EPSS: 0.02%

updated 2026-02-12T00:31:11

2 posts

A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to gain root privileges.

offseq at 2026-02-12T04:30:32.618Z ##

🚨 CVE-2026-20617 (CRITICAL): Race condition lets malicious apps escalate to root on macOS & Apple OS. No exploits in the wild yet — patch to Sonoma 14.8.4, Tahoe 26.3 ASAP! radar.offseq.com/threat/cve-20

##

offseq@infosec.exchange at 2026-02-12T04:30:32.000Z ##

🚨 CVE-2026-20617 (CRITICAL): Race condition lets malicious apps escalate to root on macOS & Apple OS. No exploits in the wild yet — patch to Sonoma 14.8.4, Tahoe 26.3 ASAP! radar.offseq.com/threat/cve-20 #OffSeq #macOS #Apple #Infosec #CVE202620617

##

CVE-2026-26010
(7.6 HIGH)

EPSS: 0.01%

updated 2026-02-11T23:14:54

2 posts

### Summary Calls issued by the UI against `/api/v1/ingestionPipelines` leak JWTs used by `ingestion-bot` for certain services (Glue / Redshift / Postgres) ### Details Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes in OpenMetadata instances, and potential data leakage (e.g. sample data, or service met

thehackerwire@mastodon.social at 2026-02-11T21:17:14.000Z ##

🟠 CVE-2026-26010 - High (7.6)

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a high...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T21:17:14.000Z ##

🟠 CVE-2026-26010 - High (7.6)

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a high...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25759
(8.7 HIGH)

EPSS: 0.01%

updated 2026-02-11T23:14:17

2 posts

### Impact Stored XSS vulnerability in content titles allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious user must have an account with control panel access and content creation permissions. This vulnerability can be exploited to allow super admin accounts to be created. ### Patches This has

thehackerwire@mastodon.social at 2026-02-11T21:17:24.000Z ##

🟠 CVE-2026-25759 - High (8.7)

Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that execu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T21:17:24.000Z ##

🟠 CVE-2026-25759 - High (8.7)

Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that execu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-48723
(8.1 HIGH)

EPSS: 0.10%

updated 2026-02-11T21:31:44

2 posts

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

thehackerwire@mastodon.social at 2026-02-11T23:26:50.000Z ##

🟠 CVE-2025-48723 - High (8.1)

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.

We have already fixed the vulnerability in the foll...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T23:26:50.000Z ##

🟠 CVE-2025-48723 - High (8.1)

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.

We have already fixed the vulnerability in the foll...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2315
(8.8 HIGH)

EPSS: 0.02%

updated 2026-02-11T21:30:48

2 posts

Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

thehackerwire@mastodon.social at 2026-02-11T21:02:33.000Z ##

🟠 CVE-2026-2315 - High (8.8)

Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T21:02:33.000Z ##

🟠 CVE-2026-2315 - High (8.8)

Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2314
(8.8 HIGH)

EPSS: 0.02%

updated 2026-02-11T21:30:48

2 posts

Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

thehackerwire@mastodon.social at 2026-02-11T21:02:04.000Z ##

🟠 CVE-2026-2314 - High (8.8)

Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T21:02:04.000Z ##

🟠 CVE-2026-2314 - High (8.8)

Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2319
(7.5 HIGH)

EPSS: 0.02%

updated 2026-02-11T21:30:48

2 posts

Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)

thehackerwire@mastodon.social at 2026-02-11T21:01:45.000Z ##

🟠 CVE-2026-2319 - High (7.5)

Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium se...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T21:01:45.000Z ##

🟠 CVE-2026-2319 - High (7.5)

Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium se...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-52868
(8.1 HIGH)

EPSS: 0.10%

updated 2026-02-11T21:30:40

2 posts

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

thehackerwire@mastodon.social at 2026-02-11T23:26:32.000Z ##

🟠 CVE-2025-52868 - High (8.1)

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.

We have already fixed the vulnerability in the foll...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T23:26:32.000Z ##

🟠 CVE-2025-52868 - High (8.1)

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.

We have already fixed the vulnerability in the foll...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-48725
(8.1 HIGH)

EPSS: 0.10%

updated 2026-02-11T21:30:39

2 posts

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later

thehackerwire@mastodon.social at 2026-02-12T00:31:01.000Z ##

🟠 CVE-2025-48725 - High (8.1)

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.

We have already fixed the ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T00:31:01.000Z ##

🟠 CVE-2025-48725 - High (8.1)

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.

We have already fixed the ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-48724
(8.1 HIGH)

EPSS: 0.10%

updated 2026-02-11T21:30:39

2 posts

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

thehackerwire@mastodon.social at 2026-02-12T00:30:52.000Z ##

🟠 CVE-2025-48724 - High (8.1)

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.

We have already fixed the vulnerability in the foll...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T00:30:52.000Z ##

🟠 CVE-2025-48724 - High (8.1)

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.

We have already fixed the vulnerability in the foll...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-30276
(8.8 HIGH)

EPSS: 0.11%

updated 2026-02-11T21:30:39

2 posts

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

thehackerwire@mastodon.social at 2026-02-11T23:26:41.000Z ##

🟠 CVE-2025-30276 - High (8.8)

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory.

We have already fixed the vulnerability in the followi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T23:26:41.000Z ##

🟠 CVE-2025-30276 - High (8.8)

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory.

We have already fixed the vulnerability in the followi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21246
(7.8 HIGH)

EPSS: 0.02%

updated 2026-02-11T21:30:38

2 posts

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

thehackerwire@mastodon.social at 2026-02-11T01:25:25.000Z ##

🟠 CVE-2026-21246 - High (7.8)

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T01:25:25.000Z ##

🟠 CVE-2026-21246 - High (7.8)

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21259
(7.8 HIGH)

EPSS: 0.04%

updated 2026-02-11T21:30:38

2 posts

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.

thehackerwire@mastodon.social at 2026-02-11T01:21:12.000Z ##

🟠 CVE-2026-21259 - High (7.8)

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T01:21:12.000Z ##

🟠 CVE-2026-21259 - High (7.8)

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21239
(7.8 HIGH)

EPSS: 0.03%

updated 2026-02-11T21:30:37

2 posts

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

thehackerwire@mastodon.social at 2026-02-12T03:36:20.000Z ##

🟠 CVE-2026-21239 - High (7.8)

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T03:36:20.000Z ##

🟠 CVE-2026-21239 - High (7.8)

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21236
(7.8 HIGH)

EPSS: 0.03%

updated 2026-02-11T21:30:37

2 posts

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

thehackerwire@mastodon.social at 2026-02-12T03:36:01.000Z ##

🟠 CVE-2026-21236 - High (7.8)

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T03:36:01.000Z ##

🟠 CVE-2026-21236 - High (7.8)

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21245
(7.8 HIGH)

EPSS: 0.03%

updated 2026-02-11T21:30:37

2 posts

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

thehackerwire@mastodon.social at 2026-02-12T02:26:49.000Z ##

🟠 CVE-2026-21245 - High (7.8)

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T02:26:49.000Z ##

🟠 CVE-2026-21245 - High (7.8)

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-30269
(8.1 HIGH)

EPSS: 0.04%

updated 2026-02-11T21:10:50.490000

2 posts

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

thehackerwire@mastodon.social at 2026-02-12T00:31:11.000Z ##

🟠 CVE-2025-30269 - High (8.1)

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory.

We have already fixed...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T00:31:11.000Z ##

🟠 CVE-2025-30269 - High (8.1)

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory.

We have already fixed...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21255
(8.8 HIGH)

EPSS: 0.03%

updated 2026-02-11T20:04:16.867000

2 posts

Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.

thehackerwire@mastodon.social at 2026-02-11T01:15:30.000Z ##

🟠 CVE-2026-21255 - High (8.8)

Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T01:15:30.000Z ##

🟠 CVE-2026-21255 - High (8.8)

Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21257
(8.0 HIGH)

EPSS: 0.05%

updated 2026-02-11T19:47:12.797000

2 posts

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.

thehackerwire@mastodon.social at 2026-02-11T01:21:02.000Z ##

🟠 CVE-2026-21257 - High (8)

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T01:21:02.000Z ##

🟠 CVE-2026-21257 - High (8)

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21260
(7.5 HIGH)

EPSS: 0.09%

updated 2026-02-11T19:10:20.090000

2 posts

Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

thehackerwire@mastodon.social at 2026-02-11T01:25:15.000Z ##

🟠 CVE-2026-21260 - High (7.5)

Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T01:25:15.000Z ##

🟠 CVE-2026-21260 - High (7.5)

Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21511
(7.5 HIGH)

EPSS: 0.28%

updated 2026-02-11T18:56:56.907000

1 posts

Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

thehackerwire@mastodon.social at 2026-02-10T23:38:22.000Z ##

🟠 CVE-2026-21511 - High (7.5)

Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21357
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-11T18:32:31

1 posts

InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-10T23:40:21.000Z ##

🟠 CVE-2026-21357 - High (7.8)

InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25084
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-02-11T18:31:36

4 posts

Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.

thehackerwire@mastodon.social at 2026-02-11T21:08:30.000Z ##

🔴 CVE-2026-25084 - Critical (9.8)

Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

beyondmachines1 at 2026-02-11T16:01:32.677Z ##

Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways

ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.

**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**

beyondmachines.net/event_detai

##

thehackerwire@mastodon.social at 2026-02-11T21:08:30.000Z ##

🔴 CVE-2026-25084 - Critical (9.8)

Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

beyondmachines1@infosec.exchange at 2026-02-11T16:01:32.000Z ##

Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways

ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.

**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-24789
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-02-11T18:31:36

4 posts

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.

thehackerwire@mastodon.social at 2026-02-11T21:08:20.000Z ##

🔴 CVE-2026-24789 - Critical (9.8)

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

beyondmachines1 at 2026-02-11T16:01:32.677Z ##

Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways

ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.

**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**

beyondmachines.net/event_detai

##

thehackerwire@mastodon.social at 2026-02-11T21:08:20.000Z ##

🔴 CVE-2026-24789 - Critical (9.8)

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

beyondmachines1@infosec.exchange at 2026-02-11T16:01:32.000Z ##

Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways

ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.

**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-2361
(8.1 HIGH)

EPSS: 0.04%

updated 2026-02-11T18:31:36

2 posts

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The

thehackerwire@mastodon.social at 2026-02-11T21:02:51.000Z ##

🟠 CVE-2026-2361 - High (8)

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T21:02:51.000Z ##

🟠 CVE-2026-2361 - High (8)

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1235
(6.5 MEDIUM)

EPSS: 0.01%

updated 2026-02-11T18:31:28

1 posts

The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.

offseq at 2026-02-11T07:30:29.651Z ##

🚨 CVE-2026-1235: CRITICAL deserialization flaw in WP eCommerce (≤3.15.1) allows unauthenticated PHP object injection via AJAX. No patch yet. Disable vulnerable AJAX actions & audit plugins. High risk for EU e-commerce sites. radar.offseq.com/threat/cve-20

##

CVE-2025-64075
(10.0 CRITICAL)

EPSS: 0.44%

updated 2026-02-11T18:06:04.010000

2 posts

A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value.

thehackerwire@mastodon.social at 2026-02-11T21:08:40.000Z ##

🔴 CVE-2025-64075 - Critical (10)

A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T21:08:40.000Z ##

🔴 CVE-2025-64075 - Critical (10)

A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21330
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-11T17:39:42.610000

2 posts

After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-11T00:16:30.000Z ##

🟠 CVE-2026-21330 - High (7.8)

After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T00:16:30.000Z ##

🟠 CVE-2026-21330 - High (7.8)

After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21321
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-11T17:37:29.543000

2 posts

After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-11T00:35:35.000Z ##

🟠 CVE-2026-21321 - High (7.8)

After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T00:35:35.000Z ##

🟠 CVE-2026-21321 - High (7.8)

After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21325
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-11T17:36:38.050000

2 posts

After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-11T00:12:47.000Z ##

🟠 CVE-2026-21325 - High (7.8)

After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T00:12:47.000Z ##

🟠 CVE-2026-21325 - High (7.8)

After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21327
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-11T17:36:07.663000

2 posts

After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-11T00:16:03.000Z ##

🟠 CVE-2026-21327 - High (7.8)

After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T00:16:03.000Z ##

🟠 CVE-2026-21327 - High (7.8)

After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21334
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-11T17:31:30.870000

2 posts

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-10T23:40:31.000Z ##

🟠 CVE-2026-21334 - High (7.8)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-10T23:40:31.000Z ##

🟠 CVE-2026-21334 - High (7.8)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21351
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-11T17:29:31.673000

1 posts

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-10T23:40:11.000Z ##

🟠 CVE-2026-21351 - High (7.8)

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21346
(7.8 HIGH)

EPSS: 0.03%

updated 2026-02-11T17:15:14.187000

1 posts

Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-10T22:16:13.000Z ##

🟠 CVE-2026-21346 - High (7.8)

Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21347
(7.8 HIGH)

EPSS: 0.03%

updated 2026-02-11T17:14:59.750000

1 posts

Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-10T22:16:23.000Z ##

🟠 CVE-2026-21347 - High (7.8)

Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21341
(7.8 HIGH)

EPSS: 0.03%

updated 2026-02-11T16:40:15.260000

1 posts

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-10T23:02:48.000Z ##

🟠 CVE-2026-21341 - High (7.8)

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25577
(7.5 HIGH)

EPSS: 0.05%

updated 2026-02-11T16:16:06.200000

1 posts

Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. This vulnerability is fixed in 1.3.11.

thehackerwire@mastodon.social at 2026-02-10T23:25:41.000Z ##

🟠 CVE-2026-25577 - High (7.5)

Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticate...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21510
(8.8 HIGH)

EPSS: 5.83%

updated 2026-02-11T16:13:25.603000

6 posts

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

1 repos

https://github.com/andreassudo/CVE-2026-21510-CVSS-8.8-Important-Windows-Shell-security-feature-bypass

mastokukei@social.josko.org at 2026-02-11T09:02:11.000Z ##

age-verification concerns.
- Windows security flaws: multiple 2026 CVEs (Notepad RCE CVE-2026-20841; MSHTML; CVE-2026-21510/13/19/25/33) and ongoing Patch Tuesday updates.
- AI and work: productivity boosts but rising cognitive load and burnout; AI adoption altering job markets and roles.
- Open/indie web and OSS: growing use of Pixelfed, Matrix, Zulip; open-source Discord alternatives (Stoat chat); broader Fediverse/indie-web movement.
- Space/AI funding and policy: [2/3]

##

thehackerwire@mastodon.social at 2026-02-10T23:38:12.000Z ##

🟠 CVE-2026-21510 - High (8.8)

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

0x3e4@cyberplace.social at 2026-02-10T22:46:54.000Z ##

🔐 CVE-2026-21510
CVE-2026-21510

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21510
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: msrc.microsoft.com/update-guid cisa.gov/known-exploited-vulne

##

AAKL@infosec.exchange at 2026-02-10T21:44:38.000Z ##

CISA has updated the KEV catalogue, and Microsoft is the winner.

- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability cve.org/CVERecord?id=CVE-2026-

CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability cve.org/CVERecord?id=CVE-2026-

More:

CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication cisa.gov/news-events/news/cisa

The guide: cisa.gov/resources-tools/resou

Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps cisa.gov/news-events/alerts/20 #CISA #infosec #Microsoft #vulnerability

##

linux@activitypub.awakari.com at 2026-02-10T18:55:45.000Z ## Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513) 2 Critical 51 Important 1 Moderate 0 Low Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday ...


Origin | Interest | Match ##

cisakevtracker@mastodon.social at 2026-02-10T19:01:53.000Z ##

CVE ID: CVE-2026-21510
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: msrc.microsoft.com/update-guid ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2026-21519
(7.8 HIGH)

EPSS: 4.09%

updated 2026-02-11T16:13:16.180000

4 posts

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

thehackerwire@mastodon.social at 2026-02-10T23:28:25.000Z ##

🟠 CVE-2026-21519 - High (7.8)

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

0x3e4@cyberplace.social at 2026-02-10T22:45:41.000Z ##

🔐 CVE-2026-21519
CVE-2026-21519

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21519
🛡️ CWE: CWE-843
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: msrc.microsoft.com/update-guid cisa.gov/known-exploited-vulne

##

AAKL@infosec.exchange at 2026-02-10T21:44:38.000Z ##

CISA has updated the KEV catalogue, and Microsoft is the winner.

- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability cve.org/CVERecord?id=CVE-2026-

CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability cve.org/CVERecord?id=CVE-2026-

More:

CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication cisa.gov/news-events/news/cisa

The guide: cisa.gov/resources-tools/resou

Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps cisa.gov/news-events/alerts/20 #CISA #infosec #Microsoft #vulnerability

##

cisakevtracker@mastodon.social at 2026-02-10T19:02:24.000Z ##

CVE ID: CVE-2026-21519
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: msrc.microsoft.com/update-guid ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2026-21312
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-11T15:57:42.060000

2 posts

Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-11T01:15:19.000Z ##

🟠 CVE-2026-21312 - High (7.8)

Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T01:15:19.000Z ##

🟠 CVE-2026-21312 - High (7.8)

Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21525
(6.2 MEDIUM)

EPSS: 2.97%

updated 2026-02-11T15:43:43.057000

4 posts

Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

undercodenews@mastodon.social at 2026-02-11T10:57:01.000Z ##

Critical Windows RasMan Zero-Day Exploited: February 2026 Patch Released

Microsoft has urgently released security updates on February 10, 2026, to fix a critical zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service. This flaw, tracked as CVE-2026-21525, is actively exploited in the wild, enabling attackers to crash systems and disrupt remote connections—a serious concern for organizations relying on VPNs, remote desktops, and other…

undercodenews.com/critical-win

##

0x3e4@cyberplace.social at 2026-02-10T22:45:41.000Z ##

🔐 CVE-2026-21525
CVE-2026-21525

Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

📊 CVSS Score: 6.2
⚠️ Severity: Medium
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21525
🛡️ CWE: CWE-476
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (secure@microsoft.com)
📚 References: msrc.microsoft.com/update-guid cisa.gov/known-exploited-vulne

##

AAKL@infosec.exchange at 2026-02-10T21:44:38.000Z ##

CISA has updated the KEV catalogue, and Microsoft is the winner.

- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability cve.org/CVERecord?id=CVE-2026-

CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability cve.org/CVERecord?id=CVE-2026-

More:

CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication cisa.gov/news-events/news/cisa

The guide: cisa.gov/resources-tools/resou

Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps cisa.gov/news-events/alerts/20 #CISA #infosec #Microsoft #vulnerability

##

cisakevtracker@mastodon.social at 2026-02-10T19:01:38.000Z ##

CVE ID: CVE-2026-21525
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: msrc.microsoft.com/update-guid ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-48503
(7.9 HIGH)

EPSS: 0.01%

updated 2026-02-11T15:30:35

2 posts

A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

thehackerwire@mastodon.social at 2026-02-11T22:22:08.000Z ##

🟠 CVE-2025-48503 - High (7.8)

A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T22:22:08.000Z ##

🟠 CVE-2025-48503 - High (7.8)

A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-0910
(8.8 HIGH)

EPSS: 0.07%

updated 2026-02-11T15:30:34

2 posts

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vuln

thehackerwire@mastodon.social at 2026-02-11T22:34:31.000Z ##

🟠 CVE-2026-0910 - High (8.8)

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. This makes it possible for authenticated a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T22:34:31.000Z ##

🟠 CVE-2026-0910 - High (8.8)

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. This makes it possible for authenticated a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-8668
(9.4 CRITICAL)

EPSS: 0.04%

updated 2026-02-11T15:30:34

2 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard allows Reflected XSS.This issue affects Turboard: from 2025.07 through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

thehackerwire@mastodon.social at 2026-02-11T22:34:21.000Z ##

🔴 CVE-2025-8668 - Critical (9.4)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard allows Reflected XSS.This issue a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T22:34:21.000Z ##

🔴 CVE-2025-8668 - Critical (9.4)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard allows Reflected XSS.This issue a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1357
(9.8 CRITICAL)

EPSS: 0.46%

updated 2026-02-11T15:27:26.370000

3 posts

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it

3 repos

https://github.com/LucasM0ntes/POC-CVE-2026-1357

https://github.com/itsismarcos/Exploit-CVE-2026-1357

https://github.com/microcyberr/CVE-2026-1357

thehackerwire@mastodon.social at 2026-02-12T02:13:25.000Z ##

🔴 CVE-2026-1357 - Critical (9.8)

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-02-11T06:00:29.985Z ##

🚨 CRITICAL: CVE-2026-1357 impacts WPvivid Backup & Migration (all versions). Unauthenticated file upload via directory traversal enables RCE. Disable plugin or restrict access immediately! radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-02-12T02:13:25.000Z ##

🔴 CVE-2026-1357 - Critical (9.8)

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1560
(8.8 HIGH)

EPSS: 0.24%

updated 2026-02-11T15:27:26.370000

3 posts

The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

1 repos

https://github.com/Z3YR0xX/CVE-2026-1560-Authenticated-Remote-Code-Execution-in-Lazy-Blocks-4.2.0

thehackerwire@mastodon.social at 2026-02-12T01:50:45.000Z ##

🟠 CVE-2026-1560 - High (8.8)

The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. This makes it possible for authenticated atta...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq at 2026-02-11T09:00:32.173Z ##

⚠️ HIGH severity: CVE-2026-1560 in Lazy Blocks (WordPress, ≤4.2.0) lets Contributor+ users run arbitrary code via improper code generation (CWE-94). No public exploits yet — restrict roles and monitor activity! radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-02-12T01:50:45.000Z ##

🟠 CVE-2026-1560 - High (8.8)

The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. This makes it possible for authenticated atta...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-8025
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-02-11T15:27:26.370000

2 posts

Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from < 3.0.1 through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

thehackerwire@mastodon.social at 2026-02-11T22:34:42.000Z ##

🔴 CVE-2025-8025 - Critical (9.8)

Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from &lt; 3.0.1 throug...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T22:34:42.000Z ##

🔴 CVE-2025-8025 - Critical (9.8)

Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from &lt; 3.0.1 throug...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

Sdowney@mastodon.social at 2026-02-12T18:53:59.000Z ##

cve.org/CVERecord?id=CVE-2026-
AI enabled remote code execution in Windows Notepad if you open the wrong text file.

##

arudesalad@piefed.ca at 2026-02-12T17:29:09.533Z ##

Literally

(CVE)

##

mastokukei@social.josko.org at 2026-02-12T09:01:42.000Z ##

revolt.
- AI governance: SpaceX merger prompts XAI leadership shake‑up; GLM‑5 discussed; EU digital sovereignty push.
- Windows security: Windows 11 Notepad remote code execution CVE-2026-20841 disclosed.
- Bochum urban space: Bochum city center has thousands of unused parking spots; space wasted, calls for transit/urban‑planning action. [2/2]

##

_r_netsec at 2026-02-12T07:43:06.123Z ##

Microsoft's Notepad Got Pwned (CVE-2026-20841) foss-daily.org/posts/microsoft

##

jacenboy@mastodon.jacen.moe at 2026-02-11T23:11:59.000Z ##

Social engineering using Notepad?

jacen.moe/blog/20260211-weapon

#Cybersecurity #SocialEngineering #Infosec #Microsoft #Windows #Tech #Technology

##

flxtr@social.tchncs.de at 2026-02-11T21:02:45.000Z ##

@odo
From cve.org/CVERecord?id=CVE-2026-
> Improper neutralization of special elements used in a command ('command injection') […]

So maybe notepad just runs something like
```cmd
start "" $link_src
```

And when you write something like
```md
[trust me bro](mailto:foo@bar.baz & echo u pwnd)
```
in your md ...

It maybe translates to something like
```cmd
start "" mailto:foo@bar.baz & echo u pwnd
```

I don't know what the actual vuln is. But sounds like something like the above. Hopefully not that simple. 🤞

@AmeliaBR

##

0xCDE at 2026-02-11T18:18:41.053Z ##

@mttaggart for those utilizing MS defender stack here is a detection for it:
github.com/0x-cde/Threat-Hunti

##

jbz@indieweb.social at 2026-02-11T18:12:01.000Z ##

⚠️ Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network

cve.org/CVERecord?id=CVE-2026-

#notepad #CVE202620841 #cybersecurity

##

mastokukei@social.josko.org at 2026-02-11T18:02:00.000Z ##

moves.
- TikTok launches opt-in Local Feed in the US using precise location data.
- Windows Notepad remote code execution vulnerability CVE-2026-20841.
- Europe’s hypersonic program: Mach 6 test completed in Norway as defense autonomy advances. [2/2]

##

winbuzzer@mastodon.social at 2026-02-11T17:31:48.000Z ##

winbuzzer.com/2026/02/11/micro

Microsoft Patches High-Severity Notepad Remote Code Execution Flaw

#Cybersecurity #MicrosoftNotepad #Microsoft #Windows #MicrosoftWindows #Windows11 #PatchTuesday #SecurityPatches #WindowsVulnerability #Vulnerability

##

mttaggart at 2026-02-11T17:17:40.949Z ##

Here's my CVE-2026-20841 PoC.

(Not really, but I have a feeling it's something that rhymes with this)

##

khalidabuhakmeh@mastodon.social at 2026-02-11T17:11:56.000Z ##

The Vibe-coding Era at Microsoft is going greaaaaaaaat.... msrc.microsoft.com/update-guid

##

gwire@mastodon.social at 2026-02-11T16:32:29.000Z ##

Looks like the vibe coders at Microsoft forgot to add "don't introduce command injection vulnerabilities" to their prompts?

cve.org/CVERecord?id=CVE-2026-

##

gomoot@mastodon.uno at 2026-02-11T15:03:30.000Z ##

🔥 Notepad colpito da vulnerabilità critica
Notepad in Windows 11 espone milioni di PC a un attacco remoto: la vulnerabilità CVE-2026-20841 sfrutta il supporto Markdown per eseguire codice malevolo con un semplice clic su un link

gomoot.com/notepad-di-windows-

#news #notepad #sicurezza #tech

##

newsyc500@toot.community at 2026-02-11T14:53:27.000Z ##

Windows Notepad App Remote Code Execution Vulnerability: cve.org/CVERecord?id=CVE-2026-

Discussion: news.ycombinator.com/item?id=4

##

hn500@social.lansky.name at 2026-02-11T14:50:15.000Z ##

Windows Notepad App Remote Code Execution Vulnerability

Link: cve.org/CVERecord?id=CVE-2026-
Discussion: news.ycombinator.com/item?id=4

##

dallo@pouet.chapril.org at 2026-02-11T14:43:34.000Z ##

Imagine being jail to an operating system where even the blast editor is vulnerable

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.

cve.org/CVERecord?id=CVE-2026-

Keep contributing and funding alternatives for all of us.

#windows #linux #foss #infosec #opensource

##

rasur@mastodon.social at 2026-02-11T14:18:44.000Z ##

cve.org/CVERecord?id=CVE-2026-

##

lrosa@mastodon.uno at 2026-02-11T13:15:46.000Z ##

Notepad++: alcune mie versioni erano vulnerabili

MS Notepad: hold my beer

msrc.microsoft.com/update-guid

##

lobsters@mastodon.social at 2026-02-11T12:50:13.000Z ##

Windows Notepad App Remote Code Execution Vulnerability lobste.rs/s/kp7jlq #windows
cve.org/CVERecord?id=CVE-2026-

##

pa3weg@mastodon.social at 2026-02-11T12:49:55.000Z ##

Remote Code Execution on notepad
FUCKING NOTEPAD

Microsoft, keep your claws out of the working code! Notepad does NOT need upgrades to be anything else than an entirely plain text editor.

msrc.microsoft.com/update-guid

##

jon@cyberdeck.social at 2026-02-11T12:24:54.000Z ##

Just A+ work all around.

"Windows Notepad App Remote Code Execution Vulnerability"

cve.org/CVERecord?id=CVE-2026-

##

manualdousuario@mastodon.social at 2026-02-11T11:49:20.000Z ##

Falha crítica no Bloco de notas (CVE-2026-20841). Um invasor poderia colocar um link malicioso em um arquivo Markdown que, ao ser clicado pela vítima, executaria códigos remotamente. Quem mandou macular a simplicidade do Bloco de notas? Já tem correção disponível. cve.org/CVERecord?id=CVE-2026-

##

newsyc300@toot.community at 2026-02-11T11:43:23.000Z ##

Windows Notepad App Remote Code Execution Vulnerability: cve.org/CVERecord?id=CVE-2026-

Discussion: news.ycombinator.com/item?id=4

##

tux0r@layer8.space at 2026-02-11T11:26:42.000Z ##

1976:
In fünfzig Jahren werden wir fliegende Autos haben.

2026:
Schwere Sicherheitslücke in ... Notepad.

msrc.microsoft.com/update-guid

##

maksimushka@mastodon.ml at 2026-02-11T11:25:30.000Z ##

Что ни день, то повод посмеяться над микрослопом.

Была обнаружена уязвимость, которая позволяет злоумышленникам запускать произвольный код на компьютере жертвы через БЛОКНОТ, сука. Серьёзность уязвимости помечена как ВЫСОКАЯ

cve.org/CVERecord?id=CVE-2026-

##

newsyc250@toot.community at 2026-02-11T11:03:20.000Z ##

Windows Notepad App Remote Code Execution Vulnerability: cve.org/CVERecord?id=CVE-2026-

Discussion: news.ycombinator.com/item?id=4

##

hn250@social.lansky.name at 2026-02-11T11:00:12.000Z ##

Windows Notepad App Remote Code Execution Vulnerability

Link: cve.org/CVERecord?id=CVE-2026-
Discussion: news.ycombinator.com/item?id=4

##

FlohEinstein@chaos.social at 2026-02-11T10:59:27.000Z ##

Notepad.exe RCE Vulnerability 8.8
Are you shitting me?

cve.org/CVERecord?id=CVE-2026-

#cve202620841 #notepad #windows #rce #infosec

##

newsyc200@toot.community at 2026-02-11T10:23:20.000Z ##

Windows Notepad App Remote Code Execution Vulnerability: cve.org/CVERecord?id=CVE-2026-

Discussion: news.ycombinator.com/item?id=4

##

markrimmel@metalhead.club at 2026-02-11T10:08:13.000Z ##

Notepad... NOTEPAD!

CVE Record: CVE-2026-20841

cve.org/CVERecord?id=CVE-2026-

##

tony@hoyle.me.uk at 2026-02-11T09:36:40.000Z ##

What the.. how?

Notepad was the simplest application on windows. What have they done to it?

cve.org/CVERecord?id=CVE-2026-

##

andyprice@mastodon.social at 2026-02-11T09:34:39.000Z ##

Really looking forward to the analysis of this remote code execution vulnerability in [checks notes] Windows Notepad

cve.org/CVERecord?id=CVE-2026-

##

hn100@social.lansky.name at 2026-02-11T09:15:09.000Z ##

Windows Notepad App Remote Code Execution Vulnerability

Link: cve.org/CVERecord?id=CVE-2026-
Discussion: news.ycombinator.com/item?id=4

##

vowe@social.heise.de at 2026-02-11T09:13:12.000Z ##

Microsoft hat NOTEPAD.EXE jetzt erfolgreich kaputt gespielt.

cve.org/CVERecord?id=CVE-2026-

#copilot #clippy

##

obivan at 2026-02-11T09:12:25.926Z ##

Notepad RCE? cvefeed.io/vuln/detail/CVE-202

##

_aD@hachyderm.io at 2026-02-11T09:04:49.000Z ##

lmao, it's 2026 and we have spaceships in the heliosphere, high-resolution images of Pluto and a permanent robotic presence, in orbit and on ground, on Mars.

plus remote code execution in fucking Notepad.

msrc.microsoft.com/update-guid

#slop

##

mastokukei@social.josko.org at 2026-02-11T09:02:11.000Z ##

age-verification concerns.
- Windows security flaws: multiple 2026 CVEs (Notepad RCE CVE-2026-20841; MSHTML; CVE-2026-21510/13/19/25/33) and ongoing Patch Tuesday updates.
- AI and work: productivity boosts but rising cognitive load and burnout; AI adoption altering job markets and roles.
- Open/indie web and OSS: growing use of Pixelfed, Matrix, Zulip; open-source Discord alternatives (Stoat chat); broader Fediverse/indie-web movement.
- Space/AI funding and policy: [2/3]

##

newsycombinator@framapiaf.org at 2026-02-11T09:00:04.000Z ##

Windows Notepad App Remote Code Execution Vulnerability
Link: cve.org/CVERecord?id=CVE-2026-
Comments: news.ycombinator.com/item?id=4

##

iamkonstantin@mastodon.social at 2026-02-11T08:54:05.000Z ##

lol

Windows Notepad App Remote Code Execution Vulnerability

cve.org/CVERecord?id=CVE-2026-

##

hacker_news_bot@mastodon.social at 2026-02-11T08:50:05.000Z ##

📜 Latest Top Story on #HackerNews: Windows Notepad App Remote Code Execution Vulnerability
🔍 Original Story: cve.org/CVERecord?id=CVE-2026-
👤 Author: riffraff
⭐ Score: 63
💬 Number of Comments: 12
🕒 Posted At: 2026-02-11 06:15:33 UTC
🔗 URL: news.ycombinator.com/item?id=4
#news #hackernewsbot #bot #hackernews

##

hn50@social.lansky.name at 2026-02-11T08:45:07.000Z ##

Windows Notepad App Remote Code Execution Vulnerability

Link: cve.org/CVERecord?id=CVE-2026-
Discussion: news.ycombinator.com/item?id=4

##

sebsauvage@framapiaf.org at 2026-02-11T08:37:24.000Z ##

#Windows #sécurité
Oh misère, y'a même des failles RCE dans le Notepad de Windows ???
cve.org/CVERecord?id=CVE-2026-

##

hnbot@chrispelli.fun at 2026-02-11T08:26:00.000Z ##

Windows Notepad App Remote Code Execution Vulnerability - cve.org/CVERecord?id=CVE-2026-

#hackernews

##

h4ckernews@mastodon.social at 2026-02-11T08:25:13.000Z ##

Windows Notepad App Remote Code Execution Vulnerability

cve.org/CVERecord?id=CVE-2026-

#HackerNews

##

CuratedHackerNews@mastodon.social at 2026-02-11T08:22:05.000Z ##

Windows Notepad App Remote Code Execution Vulnerability

cve.org/CVERecord?id=CVE-2026-

#windows

##

serriadh@treehouse.systems at 2026-02-11T08:18:14.000Z ##

Notepad was nice because all it did was display some text. Not necessarily very well, but it was better than whatever combination of decisions lead to “Windows Notepad App Remote Code Execution Vulnerability”.

msrc.microsoft.com/update-guid

##

tess@mastodon.social at 2026-02-11T07:56:05.000Z ##

Microsoft: I have made Notepad✨

Security researchers: You fucked up a perfectly good plaintext editor is what you did. Look at it. It's got RCEs.

cve.org/CVERecord?id=CVE-2026-

##

pheonix@hachyderm.io at 2026-02-11T07:23:33.000Z ##

They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.

This CVE is an 8.8 severity RCE in Notepad of all things lmao.

Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.

We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭

msrc.microsoft.com/update-guid

#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology

##

Stomata@procial.tchncs.de at 2026-02-11T07:13:13.395Z ##

What is it, Microsoft shited their pants again lol ​:neofox_laugh_tears:​
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Even this page didn't load properly
​:neofox_laugh_tears:​
#Microsoft #windows

##

Erpel@hai.z0ne.social at 2026-02-11T07:00:14.284Z ##

@stefan@akko.lightnovel-dungeon.de @volpeon@icy.wyvern.rip Nope.

Here is the CVE
https://www.cve.org/CVERecord?id=CVE-2026-20841

##

kboyd@phpc.social at 2026-02-11T03:35:15.000Z ##

microsoft: we have made a new notepad.exe

everyone else: you f***ed up a perfectly good text editor, is what you did. look at it. it's got RCE.

cve.org/CVERecord?id=CVE-2026-

##

alex@smith.geek.nz at 2026-02-11T01:55:42.000Z ##

CVE-2026-20841 = Windows Notepad App Remote Code Execution Vulnerability

"An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files."

lolwut

msrc.microsoft.com/update-guid

##

legacv at 2026-02-11T01:08:06.188Z ##

someone earlier today said "RCE in Notepad" and i was like "haha funny" and then someone ELSE said RCE in Notepad and then i was like youve gotta be fucking kidding me

##

AKK666@mastodon.social at 2026-02-11T00:42:55.000Z ##

Kein Kommentar. Wäre nicht zitierfähig. Aber...
RCE im Notizblock?! Wie verstrahlt- uhm "vibed" ist das denn?!

msrc.microsoft.com/update-guid

##

delta_vee@mstdn.ca at 2026-02-11T00:38:32.000Z ##

cve.org/CVERecord?id=CVE-2026-

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.

Notepad

over a network

##

adwright@mastodon.social at 2026-02-11T00:36:55.000Z ##

Microsoft Windows 11 enshitification continues with its screwing up what was a perfectly functional text file editor - Notepad - adding layers of garbage on it and congratulations, Notepad, yes, bleeding Notepad now has a code execution vulnerability on it.

cve.org/CVERecord?id=CVE-2026-

It's only the Windows 11 Notepad they've screwed up - anyone on any earlier version, which for safety's sake should only be online if it is Windows 10 with the Extended Service Updates (new one just today), is fine.

##

davidgerard@circumstances.run at 2026-02-11T00:32:39.000Z ##

RE: tech.lgbt/@solonovamax/1160491

cve.org/CVERecord?id=CVE-2026-

WHAT'S THE NETWORK ELEMENT in FUCKING NOTEPAD

WHAT BIT COULD IT BEEEEEEEE

edit: ahhh! the notepad thing might not be copilot. the bug is that a URL in a markdown file can actually be a sploit that runs stuff as the user. so this may not be an ai story. dammit.

##

lmorchard@masto.hackers.town at 2026-02-11T00:20:55.000Z ##

"Windows Notepad App Remote Code Execution Vulnerability"

That's it: I'm going back to AppleWorks, on my Apple IIe.

msrc.microsoft.com/update-guid

##

solonovamax@tech.lgbt at 2026-02-11T00:16:25.000Z ##

CVE-2026-20841

##

sandro@c3d2.social at 2026-02-11T00:11:53.000Z ##

@m4rc3l CVE-2026-20841 #c3d2leaks

##

Sdowney@mastodon.social at 2026-02-12T18:53:59.000Z ##

cve.org/CVERecord?id=CVE-2026-
AI enabled remote code execution in Windows Notepad if you open the wrong text file.

##

_r_netsec@infosec.exchange at 2026-02-12T07:43:06.000Z ##

Microsoft's Notepad Got Pwned (CVE-2026-20841) foss-daily.org/posts/microsoft

##

jacenboy@mastodon.jacen.moe at 2026-02-11T23:11:59.000Z ##

Social engineering using Notepad?

jacen.moe/blog/20260211-weapon

#Cybersecurity #SocialEngineering #Infosec #Microsoft #Windows #Tech #Technology

##

0xCDE@infosec.exchange at 2026-02-11T18:18:41.000Z ##

@mttaggart for those utilizing MS defender stack here is a detection for it:
github.com/0x-cde/Threat-Hunti

##

jbz@indieweb.social at 2026-02-11T18:12:01.000Z ##

⚠️ Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network

cve.org/CVERecord?id=CVE-2026-

#notepad #CVE202620841 #cybersecurity

##

winbuzzer@mastodon.social at 2026-02-11T17:31:48.000Z ##

winbuzzer.com/2026/02/11/micro

Microsoft Patches High-Severity Notepad Remote Code Execution Flaw

#Cybersecurity #MicrosoftNotepad #Microsoft #Windows #MicrosoftWindows #Windows11 #PatchTuesday #SecurityPatches #WindowsVulnerability #Vulnerability

##

mttaggart@infosec.exchange at 2026-02-11T17:17:40.000Z ##

Here's my CVE-2026-20841 PoC.

(Not really, but I have a feeling it's something that rhymes with this)

##

khalidabuhakmeh@mastodon.social at 2026-02-11T17:11:56.000Z ##

The Vibe-coding Era at Microsoft is going greaaaaaaaat.... msrc.microsoft.com/update-guid

##

gomoot@mastodon.uno at 2026-02-11T15:03:30.000Z ##

🔥 Notepad colpito da vulnerabilità critica
Notepad in Windows 11 espone milioni di PC a un attacco remoto: la vulnerabilità CVE-2026-20841 sfrutta il supporto Markdown per eseguire codice malevolo con un semplice clic su un link

gomoot.com/notepad-di-windows-

#news #notepad #sicurezza #tech

##

hn500@social.lansky.name at 2026-02-11T14:50:15.000Z ##

Windows Notepad App Remote Code Execution Vulnerability

Link: cve.org/CVERecord?id=CVE-2026-
Discussion: news.ycombinator.com/item?id=4

##

dallo@pouet.chapril.org at 2026-02-11T14:43:34.000Z ##

Imagine being jail to an operating system where even the blast editor is vulnerable

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.

cve.org/CVERecord?id=CVE-2026-

Keep contributing and funding alternatives for all of us.

#windows #linux #foss #infosec #opensource

##

lobsters@mastodon.social at 2026-02-11T12:50:13.000Z ##

Windows Notepad App Remote Code Execution Vulnerability lobste.rs/s/kp7jlq #windows
cve.org/CVERecord?id=CVE-2026-

##

pa3weg@mastodon.social at 2026-02-11T12:49:55.000Z ##

Remote Code Execution on notepad
FUCKING NOTEPAD

Microsoft, keep your claws out of the working code! Notepad does NOT need upgrades to be anything else than an entirely plain text editor.

msrc.microsoft.com/update-guid

##

jon@cyberdeck.social at 2026-02-11T12:24:54.000Z ##

Just A+ work all around.

"Windows Notepad App Remote Code Execution Vulnerability"

cve.org/CVERecord?id=CVE-2026-

##

manualdousuario@mastodon.social at 2026-02-11T11:49:20.000Z ##

Falha crítica no Bloco de notas (CVE-2026-20841). Um invasor poderia colocar um link malicioso em um arquivo Markdown que, ao ser clicado pela vítima, executaria códigos remotamente. Quem mandou macular a simplicidade do Bloco de notas? Já tem correção disponível. cve.org/CVERecord?id=CVE-2026-

##

tux0r@layer8.space at 2026-02-11T11:26:42.000Z ##

1976:
In fünfzig Jahren werden wir fliegende Autos haben.

2026:
Schwere Sicherheitslücke in ... Notepad.

msrc.microsoft.com/update-guid

##

maksimushka@mastodon.ml at 2026-02-11T11:25:30.000Z ##

Что ни день, то повод посмеяться над микрослопом.

Была обнаружена уязвимость, которая позволяет злоумышленникам запускать произвольный код на компьютере жертвы через БЛОКНОТ, сука. Серьёзность уязвимости помечена как ВЫСОКАЯ

cve.org/CVERecord?id=CVE-2026-

##

hn250@social.lansky.name at 2026-02-11T11:00:12.000Z ##

Windows Notepad App Remote Code Execution Vulnerability

Link: cve.org/CVERecord?id=CVE-2026-
Discussion: news.ycombinator.com/item?id=4

##

FlohEinstein@chaos.social at 2026-02-11T10:59:27.000Z ##

Notepad.exe RCE Vulnerability 8.8
Are you shitting me?

cve.org/CVERecord?id=CVE-2026-

#cve202620841 #notepad #windows #rce #infosec

##

markrimmel@metalhead.club at 2026-02-11T10:08:13.000Z ##

Notepad... NOTEPAD!

CVE Record: CVE-2026-20841

cve.org/CVERecord?id=CVE-2026-

##

tony@hoyle.me.uk at 2026-02-11T09:36:40.000Z ##

What the.. how?

Notepad was the simplest application on windows. What have they done to it?

cve.org/CVERecord?id=CVE-2026-

##

andyprice@mastodon.social at 2026-02-11T09:34:39.000Z ##

Really looking forward to the analysis of this remote code execution vulnerability in [checks notes] Windows Notepad

cve.org/CVERecord?id=CVE-2026-

##

hn100@social.lansky.name at 2026-02-11T09:15:09.000Z ##

Windows Notepad App Remote Code Execution Vulnerability

Link: cve.org/CVERecord?id=CVE-2026-
Discussion: news.ycombinator.com/item?id=4

##

vowe@social.heise.de at 2026-02-11T09:13:12.000Z ##

Microsoft hat NOTEPAD.EXE jetzt erfolgreich kaputt gespielt.

cve.org/CVERecord?id=CVE-2026-

#copilot #clippy

##

obivan@infosec.exchange at 2026-02-11T09:12:25.000Z ##

Notepad RCE? cvefeed.io/vuln/detail/CVE-202

##

_aD@hachyderm.io at 2026-02-11T09:04:49.000Z ##

lmao, it's 2026 and we have spaceships in the heliosphere, high-resolution images of Pluto and a permanent robotic presence, in orbit and on ground, on Mars.

plus remote code execution in fucking Notepad.

msrc.microsoft.com/update-guid

#slop

##

newsycombinator@framapiaf.org at 2026-02-11T09:00:04.000Z ##

Windows Notepad App Remote Code Execution Vulnerability
Link: cve.org/CVERecord?id=CVE-2026-
Comments: news.ycombinator.com/item?id=4

##

iamkonstantin@mastodon.social at 2026-02-11T08:54:05.000Z ##

lol

Windows Notepad App Remote Code Execution Vulnerability

cve.org/CVERecord?id=CVE-2026-

##

hn50@social.lansky.name at 2026-02-11T08:45:07.000Z ##

Windows Notepad App Remote Code Execution Vulnerability

Link: cve.org/CVERecord?id=CVE-2026-
Discussion: news.ycombinator.com/item?id=4

##

sebsauvage@framapiaf.org at 2026-02-11T08:37:24.000Z ##

#Windows #sécurité
Oh misère, y'a même des failles RCE dans le Notepad de Windows ???
cve.org/CVERecord?id=CVE-2026-

##

h4ckernews@mastodon.social at 2026-02-11T08:25:13.000Z ##

Windows Notepad App Remote Code Execution Vulnerability

cve.org/CVERecord?id=CVE-2026-

#HackerNews

##

CuratedHackerNews@mastodon.social at 2026-02-11T08:22:05.000Z ##

Windows Notepad App Remote Code Execution Vulnerability

cve.org/CVERecord?id=CVE-2026-

#windows

##

serriadh@treehouse.systems at 2026-02-11T08:18:14.000Z ##

Notepad was nice because all it did was display some text. Not necessarily very well, but it was better than whatever combination of decisions lead to “Windows Notepad App Remote Code Execution Vulnerability”.

msrc.microsoft.com/update-guid

##

tess@mastodon.social at 2026-02-11T07:56:05.000Z ##

Microsoft: I have made Notepad✨

Security researchers: You fucked up a perfectly good plaintext editor is what you did. Look at it. It's got RCEs.

cve.org/CVERecord?id=CVE-2026-

##

pheonix@hachyderm.io at 2026-02-11T07:23:33.000Z ##

They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.

This CVE is an 8.8 severity RCE in Notepad of all things lmao.

Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.

We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭

msrc.microsoft.com/update-guid

#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology

##

Erpel@hai.z0ne.social at 2026-02-11T07:00:14.284Z ##

@stefan@akko.lightnovel-dungeon.de @volpeon@icy.wyvern.rip Nope.

Here is the CVE
https://www.cve.org/CVERecord?id=CVE-2026-20841

##

kboyd@phpc.social at 2026-02-11T03:35:15.000Z ##

microsoft: we have made a new notepad.exe

everyone else: you f***ed up a perfectly good text editor, is what you did. look at it. it's got RCE.

cve.org/CVERecord?id=CVE-2026-

##

alex@smith.geek.nz at 2026-02-11T01:55:42.000Z ##

CVE-2026-20841 = Windows Notepad App Remote Code Execution Vulnerability

"An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files."

lolwut

msrc.microsoft.com/update-guid

##

delta_vee@mstdn.ca at 2026-02-11T00:38:32.000Z ##

cve.org/CVERecord?id=CVE-2026-

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.

Notepad

over a network

##

adwright@mastodon.social at 2026-02-11T00:36:55.000Z ##

Microsoft Windows 11 enshitification continues with its screwing up what was a perfectly functional text file editor - Notepad - adding layers of garbage on it and congratulations, Notepad, yes, bleeding Notepad now has a code execution vulnerability on it.

cve.org/CVERecord?id=CVE-2026-

It's only the Windows 11 Notepad they've screwed up - anyone on any earlier version, which for safety's sake should only be online if it is Windows 10 with the Extended Service Updates (new one just today), is fine.

##

davidgerard@circumstances.run at 2026-02-11T00:32:39.000Z ##

RE: tech.lgbt/@solonovamax/1160491

cve.org/CVERecord?id=CVE-2026-

WHAT'S THE NETWORK ELEMENT in FUCKING NOTEPAD

WHAT BIT COULD IT BEEEEEEEE

edit: ahhh! the notepad thing might not be copilot. the bug is that a URL in a markdown file can actually be a sploit that runs stuff as the user. so this may not be an ai story. dammit.

##

lmorchard@masto.hackers.town at 2026-02-11T00:20:55.000Z ##

"Windows Notepad App Remote Code Execution Vulnerability"

That's it: I'm going back to AppleWorks, on my Apple IIe.

msrc.microsoft.com/update-guid

##

solonovamax@tech.lgbt at 2026-02-11T00:16:25.000Z ##

CVE-2026-20841

##

sandro@c3d2.social at 2026-02-11T00:11:53.000Z ##

@m4rc3l CVE-2026-20841 #c3d2leaks

##

bontchev@infosec.exchange at 2026-02-10T22:33:25.000Z ##

From the WTF department, sorry, I mean from Microsoft: an RCE in Notepad of all things. (Well, the new app with AI and stuff; not the old one.)

msrc.microsoft.com/update-guid

##

decalage@mastodon.social at 2026-02-10T20:43:06.000Z ##

A vulnerability in Notepad 🤦‍♂️
msrc.microsoft.com/update-guid

##

CVE-2026-0958
(7.5 HIGH)

EPSS: 0.03%

updated 2026-02-11T12:30:27

2 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits.

thehackerwire@mastodon.social at 2026-02-12T01:21:11.000Z ##

🟠 CVE-2026-0958 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T01:21:11.000Z ##

🟠 CVE-2026-0958 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-8099
(7.5 HIGH)

EPSS: 0.04%

updated 2026-02-11T12:30:27

2 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.

thehackerwire@mastodon.social at 2026-02-12T01:21:01.000Z ##

🟠 CVE-2025-8099 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by send...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T01:21:01.000Z ##

🟠 CVE-2025-8099 - High (7.5)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by send...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-7659
(8.0 HIGH)

EPSS: 0.01%

updated 2026-02-11T12:30:27

2 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE.

thehackerwire@mastodon.social at 2026-02-12T01:20:51.000Z ##

🟠 CVE-2025-7659 - High (8)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T01:20:51.000Z ##

🟠 CVE-2025-7659 - High (8)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-15096
(8.8 HIGH)

EPSS: 0.04%

updated 2026-02-11T12:30:26

2 posts

The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addr

thehackerwire@mastodon.social at 2026-02-12T01:50:36.000Z ##

🟠 CVE-2025-15096 - High (8.8)

The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T01:50:36.000Z ##

🟠 CVE-2025-15096 - High (8.8)

The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-10174
(8.3 HIGH)

EPSS: 0.01%

updated 2026-02-11T12:30:26

2 posts

Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025.

thehackerwire@mastodon.social at 2026-02-12T01:50:26.000Z ##

🟠 CVE-2025-10174 - High (8.3)

Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from &lt; 3.3.2 through 23092025.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T01:50:26.000Z ##

🟠 CVE-2025-10174 - High (8.3)

Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from &lt; 3.3.2 through 23092025.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-10913
(8.3 HIGH)

EPSS: 0.04%

updated 2026-02-11T09:30:24

2 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

thehackerwire@mastodon.social at 2026-02-12T02:13:16.000Z ##

🟠 CVE-2025-10913 - High (8.3)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda: through 110...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T02:13:16.000Z ##

🟠 CVE-2025-10913 - High (8.3)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda: through 110...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-9986
(8.2 HIGH)

EPSS: 0.03%

updated 2026-02-11T09:30:24

2 posts

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025.

thehackerwire@mastodon.social at 2026-02-12T02:13:06.000Z ##

🟠 CVE-2025-9986 - High (8.2)

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T02:13:06.000Z ##

🟠 CVE-2025-9986 - High (8.2)

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21228
(8.1 HIGH)

EPSS: 0.04%

updated 2026-02-10T21:51:48.077000

2 posts

Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.

thehackerwire@mastodon.social at 2026-02-12T04:01:14.000Z ##

🟠 CVE-2026-21228 - High (8.1)

Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T04:01:14.000Z ##

🟠 CVE-2026-21228 - High (8.1)

Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25993
(0 None)

EPSS: 0.03%

updated 2026-02-10T21:51:48.077000

1 posts

EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / request_path values—derived from the url_key stored in the database—into SQL statements via string concatenation and passes them to execute(). As a result, if a malicious string is stored in url_key , subsequent event processing modifies and executes the SQL statemen

offseq at 2026-02-11T04:30:31.046Z ##

🚨 CVE-2026-25993 (CRITICAL): EverShop <2.1.1 allows unauthenticated SQL injection via url_key in category handling. Upgrade to 2.1.1+ or enforce input validation now! radar.offseq.com/threat/cve-20

##

CVE-2026-26009
(9.9 CRITICAL)

EPSS: 0.26%

updated 2026-02-10T21:51:48.077000

2 posts

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or template.update permission can define arbitrary shell commands that achieve full root-level remote code

offseq at 2026-02-11T01:30:43.404Z ##

🚨 karutoil catalyst (<11980aaf3f46315b02777f325ba02c56b110165d) faces CRITICAL OS command injection (CVE-2026-26009, CVSS 10.0). Users with template perms can execute root shell commands cluster-wide. Patch immediately! radar.offseq.com/threat/cve-20

##

thehackerwire@mastodon.social at 2026-02-10T21:42:14.000Z ##

🔴 CVE-2026-26009 - Critical (9.9)

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25611
(7.5 HIGH)

EPSS: 0.04%

updated 2026-02-10T21:51:48.077000

1 posts

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.

thehackerwire@mastodon.social at 2026-02-10T23:25:50.000Z ##

🟠 CVE-2026-25611 - High (7.5)

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21353
(7.8 HIGH)

EPSS: 0.03%

updated 2026-02-10T21:51:48.077000

1 posts

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-10T21:55:28.000Z ##

🟠 CVE-2026-21353 - High (7.8)

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21349
(7.8 HIGH)

EPSS: 0.03%

updated 2026-02-10T21:51:48.077000

1 posts

Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-10T21:00:50.000Z ##

🟠 CVE-2026-21349 - High (7.8)

Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21344
(7.8 HIGH)

EPSS: 0.03%

updated 2026-02-10T21:31:42

1 posts

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-10T21:55:39.000Z ##

🟠 CVE-2026-21344 - High (7.8)

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1507
(7.5 HIGH)

EPSS: 0.05%

updated 2026-02-10T21:31:42

1 posts

The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.

thehackerwire@mastodon.social at 2026-02-10T21:42:04.000Z ##

🟠 CVE-2026-1507 - High (7.5)

The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21345
(7.8 HIGH)

EPSS: 0.03%

updated 2026-02-10T21:31:41

1 posts

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-10T22:16:04.000Z ##

🟠 CVE-2026-21345 - High (7.8)

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21352
(7.8 HIGH)

EPSS: 0.03%

updated 2026-02-10T21:31:41

1 posts

DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-10T21:55:18.000Z ##

🟠 CVE-2026-21352 - High (7.8)

DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21342
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-10T21:31:37

1 posts

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-10T23:02:27.000Z ##

🟠 CVE-2026-21342 - High (7.8)

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1848
(7.5 HIGH)

EPSS: 0.04%

updated 2026-02-10T21:31:36

1 posts

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.

thehackerwire@mastodon.social at 2026-02-10T23:15:05.000Z ##

🟠 CVE-2026-1848 - High (7.5)

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, p...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21343
(7.8 HIGH)

EPSS: 0.03%

updated 2026-02-10T21:31:36

1 posts

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-10T23:02:37.000Z ##

🟠 CVE-2026-21343 - High (7.8)

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21514
(7.8 HIGH)

EPSS: 3.68%

updated 2026-02-10T21:31:29

5 posts

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

guardingpearsoftware@mastodon.social at 2026-02-11T13:35:58.000Z ##

A critical zero-day vulnerability in Microsoft Word, identified as CVE-2026-21514, has been disclosed. The flaw is being actively exploited in the wild.
cybersecuritynews.com/microsof

##

thehackerwire@mastodon.social at 2026-02-10T23:39:11.000Z ##

🟠 CVE-2026-21514 - High (7.8)

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

0x3e4@cyberplace.social at 2026-02-10T22:45:42.000Z ##

🔐 CVE-2026-21514
CVE-2026-21514

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21514
🛡️ CWE: CWE-807
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: msrc.microsoft.com/update-guid cisa.gov/known-exploited-vulne

##

AAKL@infosec.exchange at 2026-02-10T21:44:38.000Z ##

CISA has updated the KEV catalogue, and Microsoft is the winner.

- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability cve.org/CVERecord?id=CVE-2026-

CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability cve.org/CVERecord?id=CVE-2026-

More:

CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication cisa.gov/news-events/news/cisa

The guide: cisa.gov/resources-tools/resou

Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps cisa.gov/news-events/alerts/20 #CISA #infosec #Microsoft #vulnerability

##

cisakevtracker@mastodon.social at 2026-02-10T19:02:40.000Z ##

CVE ID: CVE-2026-21514
Vendor: Microsoft
Product: Office
Date Added: 2026-02-10
Notes: msrc.microsoft.com/update-guid ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2026-21513
(8.8 HIGH)

EPSS: 4.82%

updated 2026-02-10T21:31:29

4 posts

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

thehackerwire@mastodon.social at 2026-02-10T23:39:02.000Z ##

🟠 CVE-2026-21513 - High (8.8)

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

0x3e4@cyberplace.social at 2026-02-10T22:45:42.000Z ##

🔐 CVE-2026-21513
CVE-2026-21513

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21513
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: msrc.microsoft.com/update-guid cisa.gov/known-exploited-vulne

##

AAKL@infosec.exchange at 2026-02-10T21:44:38.000Z ##

CISA has updated the KEV catalogue, and Microsoft is the winner.

- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability cve.org/CVERecord?id=CVE-2026-

CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability cve.org/CVERecord?id=CVE-2026-

More:

CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication cisa.gov/news-events/news/cisa

The guide: cisa.gov/resources-tools/resou

Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps cisa.gov/news-events/alerts/20 #CISA #infosec #Microsoft #vulnerability

##

linux@activitypub.awakari.com at 2026-02-10T18:55:45.000Z ## Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513) 2 Critical 51 Important 1 Moderate 0 Low Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday ...


Origin | Interest | Match ##

CVE-2026-21533
(7.8 HIGH)

EPSS: 2.40%

updated 2026-02-10T21:31:29

4 posts

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

1 repos

https://github.com/Pairs34/RDPVulnarableCheck

thehackerwire@mastodon.social at 2026-02-10T23:28:06.000Z ##

🟠 CVE-2026-21533 - High (7.8)

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

0x3e4@cyberplace.social at 2026-02-10T22:45:40.000Z ##

🔐 CVE-2026-21533
CVE-2026-21533

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21533
🛡️ CWE: CWE-269
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: msrc.microsoft.com/update-guid cisa.gov/known-exploited-vulne

##

AAKL@infosec.exchange at 2026-02-10T21:44:38.000Z ##

CISA has updated the KEV catalogue, and Microsoft is the winner.

- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability cve.org/CVERecord?id=CVE-2026-

CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability cve.org/CVERecord?id=CVE-2026-

More:

CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication cisa.gov/news-events/news/cisa

The guide: cisa.gov/resources-tools/resou

Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps cisa.gov/news-events/alerts/20 #CISA #infosec #Microsoft #vulnerability

##

cisakevtracker@mastodon.social at 2026-02-10T19:02:09.000Z ##

CVE ID: CVE-2026-21533
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: msrc.microsoft.com/update-guid ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2026-25992
(7.5 HIGH)

EPSS: 0.04%

updated 2026-02-10T19:56:57

1 posts

# File Read Interface Case Bypass Vulnerability ## Vulnerability Name File Read Interface Case Bypass Vulnerability ## Overview The `/api/file/getFile` endpoint uses **case-sensitive string equality checks** to block access to sensitive files. On case-insensitive file systems such as **Windows**, attackers can bypass restrictions using mixed-case paths and read protected configuration files. ##

thehackerwire@mastodon.social at 2026-02-10T23:15:24.000Z ##

🟠 CVE-2026-25992 - High (7.5)

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21537
(8.8 HIGH)

EPSS: 0.05%

updated 2026-02-10T18:30:54

2 posts

Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.

linux@activitypub.awakari.com at 2026-02-10T08:00:00.000Z ## CVE-2026-21537 Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability Improper control of generation of code ('code injection') in Microsoft Defender for Linux ...

#CVE

Origin | Interest | Match ##

thehackerwire@mastodon.social at 2026-02-10T23:28:16.000Z ##

🟠 CVE-2026-21537 - High (8.8)

Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21328
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-10T18:30:53

2 posts

After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-11T00:16:14.000Z ##

🟠 CVE-2026-21328 - High (7.8)

After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T00:16:14.000Z ##

🟠 CVE-2026-21328 - High (7.8)

After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21322
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-10T18:30:52

2 posts

After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-11T00:35:45.000Z ##

🟠 CVE-2026-21322 - High (7.8)

After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T00:35:45.000Z ##

🟠 CVE-2026-21322 - High (7.8)

After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21318
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-10T18:30:52

2 posts

After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-11T00:16:39.000Z ##

🟠 CVE-2026-21318 - High (7.8)

After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T00:16:39.000Z ##

🟠 CVE-2026-21318 - High (7.8)

After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21240
(7.8 HIGH)

EPSS: 0.02%

updated 2026-02-10T18:30:51

2 posts

Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

thehackerwire@mastodon.social at 2026-02-12T04:01:03.000Z ##

🟠 CVE-2026-21240 - High (7.8)

Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T04:01:03.000Z ##

🟠 CVE-2026-21240 - High (7.8)

Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21243
(7.5 HIGH)

EPSS: 0.06%

updated 2026-02-10T18:30:51

2 posts

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

thehackerwire@mastodon.social at 2026-02-12T02:26:39.000Z ##

🟠 CVE-2026-21243 - High (7.5)

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T02:26:39.000Z ##

🟠 CVE-2026-21243 - High (7.5)

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21251
(7.8 HIGH)

EPSS: 0.04%

updated 2026-02-10T18:30:51

2 posts

Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.

thehackerwire@mastodon.social at 2026-02-11T01:28:50.000Z ##

🟠 CVE-2026-21251 - High (7.8)

Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T01:28:50.000Z ##

🟠 CVE-2026-21251 - High (7.8)

Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21250
(7.8 HIGH)

EPSS: 0.04%

updated 2026-02-10T18:30:51

2 posts

Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

thehackerwire@mastodon.social at 2026-02-11T01:25:35.000Z ##

🟠 CVE-2026-21250 - High (7.8)

Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T01:25:35.000Z ##

🟠 CVE-2026-21250 - High (7.8)

Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21323
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-10T18:30:51

2 posts

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-11T01:15:10.000Z ##

🟠 CVE-2026-21323 - High (7.8)

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T01:15:10.000Z ##

🟠 CVE-2026-21323 - High (7.8)

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21320
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-10T18:30:51

2 posts

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-11T00:35:25.000Z ##

🟠 CVE-2026-21320 - High (7.8)

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T00:35:25.000Z ##

🟠 CVE-2026-21320 - High (7.8)

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21329
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-10T18:30:51

2 posts

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-11T00:16:21.000Z ##

🟠 CVE-2026-21329 - High (7.8)

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T00:16:21.000Z ##

🟠 CVE-2026-21329 - High (7.8)

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21326
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-10T18:30:51

2 posts

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-11T00:15:53.000Z ##

🟠 CVE-2026-21326 - High (7.8)

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T00:15:53.000Z ##

🟠 CVE-2026-21326 - High (7.8)

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21324
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-10T18:30:51

2 posts

After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-11T00:12:37.000Z ##

🟠 CVE-2026-21324 - High (7.8)

After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T00:12:37.000Z ##

🟠 CVE-2026-21324 - High (7.8)

After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21256
(8.8 HIGH)

EPSS: 0.05%

updated 2026-02-10T18:30:50

2 posts

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.

thehackerwire@mastodon.social at 2026-02-11T01:20:53.000Z ##

🟠 CVE-2026-21256 - High (8.8)

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T01:20:53.000Z ##

🟠 CVE-2026-21256 - High (8.8)

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21335
(7.8 HIGH)

EPSS: 0.01%

updated 2026-02-10T18:30:50

2 posts

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-02-11T00:12:28.000Z ##

🟠 CVE-2026-21335 - High (7.8)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T00:12:28.000Z ##

🟠 CVE-2026-21335 - High (7.8)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21516
(8.8 HIGH)

EPSS: 0.03%

updated 2026-02-10T18:30:50

1 posts

Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.

thehackerwire@mastodon.social at 2026-02-10T23:39:22.000Z ##

🟠 CVE-2026-21516 - High (8.8)

Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1603
(8.6 HIGH)

EPSS: 0.15%

updated 2026-02-10T18:30:49

2 posts

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

beyondmachines1 at 2026-02-12T13:01:32.149Z ##

Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager

Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.

**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**

beyondmachines.net/event_detai

##

beyondmachines1@infosec.exchange at 2026-02-12T13:01:32.000Z ##

Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager

Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.

**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-21229
(8.0 HIGH)

EPSS: 0.07%

updated 2026-02-10T18:30:49

2 posts

Improper input validation in Power BI allows an authorized attacker to execute code over a network.

thehackerwire@mastodon.social at 2026-02-12T04:01:25.000Z ##

🟠 CVE-2026-21229 - High (8)

Improper input validation in Power BI allows an authorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T04:01:25.000Z ##

🟠 CVE-2026-21229 - High (8)

Improper input validation in Power BI allows an authorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21238
(7.8 HIGH)

EPSS: 0.03%

updated 2026-02-10T18:30:49

2 posts

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

thehackerwire@mastodon.social at 2026-02-12T03:36:11.000Z ##

🟠 CVE-2026-21238 - High (7.8)

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-12T03:36:11.000Z ##

🟠 CVE-2026-21238 - High (7.8)

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22153
(8.1 HIGH)

EPSS: 0.07%

updated 2026-02-10T18:30:48

1 posts

An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.

2 repos

https://github.com/glitchhawks/CVE-2026-22153

https://github.com/washingtonmaister/CVE-2026-22153-exp

undercodenews@mastodon.social at 2026-02-11T09:38:02.000Z ##

Critical FortiOS Vulnerability Exposes Networks to LDAP Authentication Bypass

Fortinet has issued a major security alert warning of a serious flaw in its FortiOS firewall software. The vulnerability, tracked as CVE-2026-22153, allows attackers to bypass LDAP authentication entirely—meaning hackers can gain access without needing a valid username or password. This type of breach could compromise sensitive enterprise networks and VPN connections, putting critical data at…

undercodenews.com/critical-for

##

CVE-2026-1602
(6.5 MEDIUM)

EPSS: 0.05%

updated 2026-02-10T18:30:38

2 posts

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

beyondmachines1 at 2026-02-12T13:01:32.149Z ##

Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager

Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.

**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**

beyondmachines.net/event_detai

##

beyondmachines1@infosec.exchange at 2026-02-12T13:01:32.000Z ##

Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager

Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.

**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-24061
(9.8 CRITICAL)

EPSS: 37.88%

updated 2026-02-10T18:30:34

7 posts

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Nuclei template

63 repos

https://github.com/shivam-bathla/CVE-2026-24061-setup

https://github.com/Lingzesec/CVE-2026-24061-GUI

https://github.com/androidteacher/CVE-2026-24061-PoC-Telnetd

https://github.com/obrunolima1910/obrunolima1910.github.io

https://github.com/midox008/CVE-2026-24061

https://github.com/nrnw/CVE-2026-24061-GNU-inetutils-Telnet-Detector

https://github.com/ms0x08-dev/CVE-2026-24061-POC

https://github.com/z3n70/CVE-2026-24061

https://github.com/Ali-brarou/telnest

https://github.com/hackingyseguridad/root

https://github.com/r00tuser111/CVE-2026-24061

https://github.com/hilwa24/CVE-2026-24061

https://github.com/lavabyte/telnet-CVE-2026-24061

https://github.com/punitdarji/telnetd-cve-2026-24061

https://github.com/ibrahmsql/CVE-2026-24061-PoC

https://github.com/Chocapikk/CVE-2026-24061

https://github.com/parameciumzhang/Tell-Me-Root

https://github.com/duy-31/CVE-2026-24061---telnetd

https://github.com/XsanFlip/CVE-2026-24061-Scanner

https://github.com/infat0x/CVE-2026-24061

https://github.com/m3ngx1ng/cve_2026_24061_cli

https://github.com/Gabs-hub/CVE-2026-24061_Lab

https://github.com/monstertsl/CVE-2026-24061

https://github.com/SeptembersEND/CVE--2026-24061

https://github.com/0x7556/CVE-2026-24061

https://github.com/LucasPDiniz/CVE-2026-24061

https://github.com/Mr-Zapi/CVE-2026-24061

https://github.com/cumakurt/tscan

https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061

https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061

https://github.com/JayGLXR/CVE-2026-24061-POC

https://github.com/X-croot/CVE-2026-24061_POC

https://github.com/cyberpoul/CVE-2026-24061-POC

https://github.com/SafeBreach-Labs/CVE-2026-24061

https://github.com/Good123321-bot/good123321-bot.github.io

https://github.com/killsystema/scan-cve-2026-24061

https://github.com/h3athen/CVE-2026-24061

https://github.com/franckferman/CVE_2026_24061_PoC

https://github.com/Parad0x7e/CVE-2026-24061

https://github.com/scumfrog/cve-2026-24061

https://github.com/madfxr/Twenty-Three-Scanner

https://github.com/SystemVll/CVE-2026-24061

https://github.com/yanxinwu946/CVE-2026-24061--telnetd

https://github.com/leonjza/inetutils-telnetd-auth-bypass

https://github.com/buzz075/CVE-2026-24061

https://github.com/TryA9ain/CVE-2026-24061

https://github.com/balgan/CVE-2026-24061

https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-

https://github.com/hyu164/Terrminus-CVE-2026-2406

https://github.com/obrunolima1910/CVE-2026-24061

https://github.com/Alter-N0X/CVE-2026-24061-POC

https://github.com/xuemian168/CVE-2026-24061

https://github.com/ridpath/Terrminus-CVE-2026-2406

https://github.com/Mefhika120/Ashwesker-CVE-2026-24061

https://github.com/novitahk/Exploit-CVE-2026-24061

https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061

https://github.com/Moxxic1/Tell-Me-Root

https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester

https://github.com/typeconfused/CVE-2026-24061

https://github.com/Moxxic1/moxxic1.github.io

https://github.com/FurkanKAYAPINAR/CVE-2026-24061-telnet2root

https://github.com/Good123321-bot/CVE-2026-24061-POC

https://github.com/BrainBob/CVE-2026-24061

catsalad at 2026-02-12T02:21:01.772Z ##
USER='-f root' telnet -a ur.momma

root@ur.momma:~# got em!

cve.org/CVERecord?id=CVE-2026-

lists.gnu.org/archive/html/bug

##

cyborg42@chaos.social at 2026-02-11T23:10:43.000Z ##

Fixed Issues

> Fixed a security vulnerability regarding telnetd (CVE-2026-24061).

Thanks Synology.

##

waldoj@mastodon.social at 2026-02-11T22:00:02.000Z ##

I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. cve.org/CVERecord?id=CVE-2026-

##

catsalad@infosec.exchange at 2026-02-12T02:21:01.000Z ##
USER='-f root' telnet -a ur.momma

root@ur.momma:~# got em!

cve.org/CVERecord?id=CVE-2026-

lists.gnu.org/archive/html/bug

##

cyborg42@chaos.social at 2026-02-11T23:10:43.000Z ##

Fixed Issues

> Fixed a security vulnerability regarding telnetd (CVE-2026-24061).

Thanks Synology.

##

waldoj@mastodon.social at 2026-02-11T22:00:02.000Z ##

I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. cve.org/CVERecord?id=CVE-2026-

##

hrbrmstr@mastodon.social at 2026-02-10T20:38:58.000Z ##

I can't remember if I cried
When my `-f root` hit an ACL line
But something touched me deep inside…

The day the telnet died

On January 14, 2026, global telnet traffic observed by the GreyNoise Global Observation Grid fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing (telnet-wise) from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.

labs.greynoise.io/grimoire/202

##

CVE-2026-0509
(9.6 CRITICAL)

EPSS: 0.04%

updated 2026-02-10T06:30:39

2 posts

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.

beyondmachines1 at 2026-02-11T09:01:32.444Z ##

SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws

SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.

**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**

beyondmachines.net/event_detai

##

beyondmachines1@infosec.exchange at 2026-02-11T09:01:32.000Z ##

SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws

SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.

**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-0488
(10.0 CRITICAL)

EPSS: 0.04%

updated 2026-02-10T06:30:38

2 posts

An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impact on confidentiality, integrity, and availability.

beyondmachines1 at 2026-02-11T09:01:32.444Z ##

SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws

SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.

**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**

beyondmachines.net/event_detai

##

beyondmachines1@infosec.exchange at 2026-02-11T09:01:32.000Z ##

SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws

SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.

**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-1529
(8.1 HIGH)

EPSS: 0.02%

updated 2026-02-10T02:15:52.253000

2 posts

A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access.

2 repos

https://github.com/ninjazan420/CVE-2026-1529-PoC-keycloak-unauthorized-registration-via-improper-invitation-token-validation

https://github.com/0x240x23elu/CVE-2026-1529

lobsters@mastodon.social at 2026-02-11T13:10:12.000Z ##

CVE-2026-1529 - keycloak: unauthorized organization registration via improper invitation token validation lobste.rs/s/ghqflm #security
cvefeed.io/vuln/detail/CVE-202

##

lobsters@mastodon.social at 2026-02-11T13:10:12.000Z ##

CVE-2026-1529 - keycloak: unauthorized organization registration via improper invitation token validation lobste.rs/s/ghqflm #security
cvefeed.io/vuln/detail/CVE-202

##

CVE-2026-25639
(7.5 HIGH)

EPSS: 0.01%

updated 2026-02-09T22:39:36

1 posts

# Denial of Service via **proto** Key in mergeConfig ### Summary The `mergeConfig` function in axios crashes with a TypeError when processing configuration objects containing `__proto__` as an own property. An attacker can trigger this by providing a malicious configuration object created via `JSON.parse()`, causing complete denial of service. ### Details The vulnerability exists in `lib/core/

mastokukei@social.josko.org at 2026-02-11T09:02:35.000Z ##

Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei masto.kukei.eu/browse/programm category:
- Git default branch: Git 3.0 will make "main" the default branch by end of 2026.
- COLRv1 in WebKit: COLRv1 font rendering support in WebKit.
- Linux kernel 7.0: io_uring gains filtering support (cBPF opcodes) and per-task filters.
- AWS Lambda CVEs: 29 CVEs across 27 Lambda base images; CVE-2026-25639 affecting base images.
- Post-OOP: Move [1/2]

##

CVE-2025-66630(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-02-09T18:49:19

2 posts

Fiber v2 contains an internal vendored copy of `gofiber/utils`, and its functions `UUIDv4()` and `UUID()` inherit the same critical weakness described in the upstream advisory. On **Go versions prior to 1.24**, the underlying `crypto/rand` implementation **can return an error** if secure randomness cannot be obtained. In such cases, these Fiber v2 UUID functions silently fall back to generating pr

beyondmachines1 at 2026-02-12T15:01:33.379Z ##

Critical UUID Flaw in Fiber v2 Framework Enables Session Hijacking

Fiber v2 patched a critical vulnerability (CVE-2025-66630) that generates predictable all-zero UUIDs when secure randomness fails, enabling session hijacking and CSRF bypass.

**If you are running applications running Fiber v2, prioritize updating to version 2.52.11 and update environments to Go 1.24, This is a weird flaw that may not happen regularly and is hard to reproduce, but it will hit you if you leave the old version long enough. It's better to patch than to hope.**

beyondmachines.net/event_detai

##

beyondmachines1@infosec.exchange at 2026-02-12T15:01:33.000Z ##

Critical UUID Flaw in Fiber v2 Framework Enables Session Hijacking

Fiber v2 patched a critical vulnerability (CVE-2025-66630) that generates predictable all-zero UUIDs when secure randomness fails, enabling session hijacking and CSRF bypass.

**If you are running applications running Fiber v2, prioritize updating to version 2.52.11 and update environments to Go 1.24, This is a weird flaw that may not happen regularly and is hard to reproduce, but it will hit you if you leave the old version long enough. It's better to patch than to hope.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-1731
(0 None)

EPSS: 4.22%

updated 2026-02-09T16:08:55.263000

4 posts

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Nuclei template

3 repos

https://github.com/win3zz/CVE-2026-1731

https://github.com/z3r0h3ro/CVE-2026-1731-exp

https://github.com/bytehazard/CVE-2026-1731

AAKL at 2026-02-12T18:15:38.155Z ##

New.

GreyNoise: Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far greynoise.io/blog/reconnaissan @greynoise

##

threatcodex at 2026-02-12T18:06:38.073Z ##

Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far

greynoise.io/blog/reconnaissan

##

AAKL@infosec.exchange at 2026-02-12T18:15:38.000Z ##

New.

GreyNoise: Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far greynoise.io/blog/reconnaissan @greynoise #infosec #vulnerability

##

threatcodex@infosec.exchange at 2026-02-12T18:06:38.000Z ##

Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far
#CVE_2026_1731
greynoise.io/blog/reconnaissan

##

CVE-2026-2234
(9.1 CRITICAL)

EPSS: 0.05%

updated 2026-02-09T09:30:28

2 posts

C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content.

beyondmachines1 at 2026-02-11T13:01:32.480Z ##

HGiga Patches Critical Authentication Bypass and SQL Injection Flaws in C&Cm@il

HGiga patched three vulnerabilities in its C&Cm@il platform, including a critical missing authentication flaw (CVE-2026-2234) that allows unauthenticated attackers to read and modify any user's emails.

**If you use HGiga C&Cm@il, plan a quick update to version 7.0-978. Since the most severe flaw allows attackers to read mail without a password, treat this as a high-priority emergency patch.**

beyondmachines.net/event_detai

##

beyondmachines1@infosec.exchange at 2026-02-11T13:01:32.000Z ##

HGiga Patches Critical Authentication Bypass and SQL Injection Flaws in C&Cm@il

HGiga patched three vulnerabilities in its C&Cm@il platform, including a critical missing authentication flaw (CVE-2026-2234) that allows unauthenticated attackers to read and modify any user's emails.

**If you use HGiga C&Cm@il, plan a quick update to version 7.0-978. Since the most severe flaw allows attackers to read mail without a password, treat this as a high-priority emergency patch.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-64175(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-02-06T19:06:46

2 posts

Contact OpenAI Security Research at outbounddisclosures@openai.com to engage on this report. See PDF report for easier reading. Security Advisory: 2FA Bypass via Recovery Code Vulnerability Type: 2FA Authentication Bypass Affected Software: GOGS Severity: High Date: Aug 5, 2025 Discoverer: OpenAI Security Research Summary Gogs’ 2FA recovery code validation does not scope codes by user, enabling

beyondmachines1 at 2026-02-11T12:01:32.269Z ##

Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass

Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.

**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**

beyondmachines.net/event_detai

##

beyondmachines1@infosec.exchange at 2026-02-11T12:01:32.000Z ##

Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass

Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.

**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-64111(CVSS UNKNOWN)

EPSS: 0.12%

updated 2026-02-06T19:06:45

2 posts

### Summary Due to the insufficient patch for the https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7, it's still possible to update files in the `.git` directory and achieve remote command execution. ### Details Function `UpdateRepoFile` security check under some if conditions. While UpdateRepoFile call in API router will NOT match any of them. It's still possible to update `.

beyondmachines1 at 2026-02-11T12:01:32.269Z ##

Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass

Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.

**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**

beyondmachines.net/event_detai

##

beyondmachines1@infosec.exchange at 2026-02-11T12:01:32.000Z ##

Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass

Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.

**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

exploitdb_bot@mastodon.social at 2026-02-11T10:01:08.000Z ##

🚨 New Exploit: Windows 10.0.17763.7009 - spoofing vulnerability
📋 CVE: CVE-2025-24054
👤 Author: beatrizfn

🔗 exploit-db.com/exploits/52480

#ExploitDB #InfoSec #CyberSecurity #CVE-2025-24054

##

CVE-2026-25049(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-02-04T21:09:38

4 posts

### Impact Additional exploits in the expression evaluation of n8n have been identified and patched following [CVE-2025-68613](https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp). An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. ###

1 repos

https://github.com/otakuliu/Expression-Sandbox-Escape-Simulation-Lab

jbz@indieweb.social at 2026-02-11T17:12:01.000Z ##

🐞 Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security // Het Mehta

「 CVE-2026-25049, a critical vulnerability with a CVSS score of 9.4 that let attackers execute arbitrary system commands on n8n servers. What makes this particularly interesting (and painful for n8n’s security team) is that this vulnerability bypassed a security fix they had just deployed two months earlier 」

hetmehta.com/posts/n8n-type-co

#typescript #rce #cybersecurity #CVE202625049

##

lobsters@mastodon.social at 2026-02-11T09:00:23.000Z ##

Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security via @wezm lobste.rs/s/wepiig #security
hetmehta.com/posts/n8n-type-co

##

jbz@indieweb.social at 2026-02-11T17:12:01.000Z ##

🐞 Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security // Het Mehta

「 CVE-2026-25049, a critical vulnerability with a CVSS score of 9.4 that let attackers execute arbitrary system commands on n8n servers. What makes this particularly interesting (and painful for n8n’s security team) is that this vulnerability bypassed a security fix they had just deployed two months earlier 」

hetmehta.com/posts/n8n-type-co

#typescript #rce #cybersecurity #CVE202625049

##

lobsters@mastodon.social at 2026-02-11T09:00:23.000Z ##

Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security via @wezm lobste.rs/s/wepiig #security
hetmehta.com/posts/n8n-type-co

##

CVE-2026-20119
(7.5 HIGH)

EPSS: 0.09%

updated 2026-02-04T18:30:51

2 posts

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of input received by an affected device. An attacker could exploit this vulnerability by getting

AAKL at 2026-02-11T17:13:28.359Z ##

Cisco posted two advisories yesterday, if you missed them.

- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability sec.cloudapps.cisco.com/securi

- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities sec.cloudapps.cisco.com/securi @cisco

##

AAKL@infosec.exchange at 2026-02-11T17:13:28.000Z ##

Cisco posted two advisories yesterday, if you missed them.

- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability sec.cloudapps.cisco.com/securi

- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities sec.cloudapps.cisco.com/securi @cisco #Cisco #infosec #vulnerability

##

CVE-2026-1340
(9.8 CRITICAL)

EPSS: 0.18%

updated 2026-02-04T16:34:21.763000

2 posts

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

1 repos

https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE

CVE-2026-25253
(8.8 HIGH)

EPSS: 0.04%

updated 2026-02-03T16:44:36.630000

1 posts

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

4 repos

https://github.com/Joseph19820124/openclaw-vuln-report

https://github.com/al4n4n/CVE-2026-25253-research

https://github.com/ethiack/moltbot-1click-rce

https://github.com/adibirzu/openclaw-security-monitor

SerferTroyan@mastodon.social at 2026-02-12T17:24:06.000Z ##

📰 CVE-2026-25253: How Malicious Links Can Steal Authentication Tokens and Compromise OpenClaw AI Systems

This article examines the CVE-2026-25253 vulnerability in the OpenClaw AI assistant, highlighting how it enables attackers to capture authentication tokens through malicious web pages and compromised WebSocket connections

🔗 hackers-arise.com/cve-2026-252

##

CVE-2026-0227
(7.5 HIGH)

EPSS: 0.06%

updated 2026-01-31T00:31:36

1 posts

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.

2 repos

https://github.com/CkAbhijit/CVE-2026-0227-Advanced-Scanner

https://github.com/TeeyaR/CVE-2026-0227-Palo-Alto

AAKL@infosec.exchange at 2026-02-10T20:56:25.000Z ##

Palo Alto advisory, posted yesterday:

Moderate: CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal security.paloaltonetworks.com/ #PaloAlto #infosec #vulnerability

##

CVE-2026-1281
(9.8 CRITICAL)

EPSS: 16.41%

updated 2026-01-30T00:31:29

2 posts

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

1 repos

https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE

CVE-2026-23760
(9.8 CRITICAL)

EPSS: 55.52%

updated 2026-01-27T16:16:55.327000

2 posts

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the acc

Nuclei template

2 repos

https://github.com/MaxMnMl/smartermail-CVE-2026-23760-poc

https://github.com/hilwa24/CVE-2026-23760_SmarterMail-Auth-Bypass-and-RCE

CVE-2026-20026
(5.8 MEDIUM)

EPSS: 0.13%

updated 2026-01-08T18:08:54.147000

2 posts

Multiple&nbsp;Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can resu

AAKL at 2026-02-11T17:13:28.359Z ##

Cisco posted two advisories yesterday, if you missed them.

- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability sec.cloudapps.cisco.com/securi

- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities sec.cloudapps.cisco.com/securi @cisco

##

AAKL@infosec.exchange at 2026-02-11T17:13:28.000Z ##

Cisco posted two advisories yesterday, if you missed them.

- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability sec.cloudapps.cisco.com/securi

- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities sec.cloudapps.cisco.com/securi @cisco #Cisco #infosec #vulnerability

##

exploitdb_bot@mastodon.social at 2026-02-11T10:01:06.000Z ##

🚨 New Exploit: glibc 2.38 - Buffer Overflow
📋 CVE: CVE-2023-4911
👤 Author: Beatriz Fresno Naumova

🔗 exploit-db.com/exploits/52479

#ExploitDB #InfoSec #CyberSecurity #CVE-2023-4911

##

CVE-2026-20027
(5.3 MEDIUM)

EPSS: 0.04%

updated 2026-01-07T18:30:33

2 posts

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can result in a

AAKL at 2026-02-11T17:13:28.359Z ##

Cisco posted two advisories yesterday, if you missed them.

- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability sec.cloudapps.cisco.com/securi

- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities sec.cloudapps.cisco.com/securi @cisco

##

AAKL@infosec.exchange at 2026-02-11T17:13:28.000Z ##

Cisco posted two advisories yesterday, if you missed them.

- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability sec.cloudapps.cisco.com/securi

- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities sec.cloudapps.cisco.com/securi @cisco #Cisco #infosec #vulnerability

##

CVE-2025-43529
(8.8 HIGH)

EPSS: 0.02%

updated 2025-12-17T21:31:01

2 posts

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated at

7 repos

https://github.com/sakyu7/sakyu7.github.io

https://github.com/SgtBattenHA/Analysis

https://github.com/bjrjk/CVE-2025-43529

https://github.com/jir4vv1t/CVE-2025-43529

https://github.com/zeroxjf/WebKit-UAF-ANGLE-OOB-Analysis

https://github.com/SimoesCTT/CTT-Apple-Silicon-Refraction

https://github.com/SimoesCTT/Convergent-Time-Theory-Enhanced-iOS-Safari-RCE-CVE-2025-43529-

applsec at 2026-02-11T18:36:22.008Z ##

📣 EMERGENCY UPDATES 📣

Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.

🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3

##

applsec@infosec.exchange at 2026-02-11T18:36:22.000Z ##

📣 EMERGENCY UPDATES 📣

Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.

🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3

#apple #cybersecurity #infosec #security #ios

##

CVE-2025-14174
(8.8 HIGH)

EPSS: 0.65%

updated 2025-12-15T15:30:31

2 posts

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

6 repos

https://github.com/George0Papasotiriou/CVE-2025-14174-Chrome-Zero-Day

https://github.com/sakyu7/sakyu7.github.io

https://github.com/SgtBattenHA/Analysis

https://github.com/zeroxjf/WebKit-UAF-ANGLE-OOB-Analysis

https://github.com/typeconfused/CVE-2025-14174-analysis

https://github.com/Satirush/CVE-2025-14174-Poc

applsec at 2026-02-11T18:36:22.008Z ##

📣 EMERGENCY UPDATES 📣

Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.

🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3

##

applsec@infosec.exchange at 2026-02-11T18:36:22.000Z ##

📣 EMERGENCY UPDATES 📣

Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.

🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3

#apple #cybersecurity #infosec #security #ios

##

CVE-2025-60787
(7.2 HIGH)

EPSS: 70.31%

updated 2025-11-03T21:48:21

1 posts

## Summary A command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution (RCE) by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization, attackers can inject shell syntax that is executed when the Motion process restarts. This issue ena

1 repos

https://github.com/prabhatverma47/CVE-2025-60787

exploitdb_bot@mastodon.social at 2026-02-11T10:16:05.000Z ##

🚨 New Exploit: motionEye 0.43.1b4 - RCE
📋 CVE: CVE-2025-60787
👤 Author: prabhat

🔗 exploit-db.com/exploits/52481

#ExploitDB #InfoSec #CyberSecurity #CVE-2025-60787

##

CVE-2025-8088
(8.8 HIGH)

EPSS: 3.90%

updated 2025-10-30T15:50:59.680000

4 posts

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

28 repos

https://github.com/travisbgreen/cve-2025-8088

https://github.com/nhattanhh/CVE-2025-8088

https://github.com/lucyna77/winrar-exploit

https://github.com/hexsecteam/CVE-2025-8088-Winrar-Tool

https://github.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC

https://github.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC

https://github.com/pentestfunctions/best-CVE-2025-8088

https://github.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability

https://github.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal

https://github.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition

https://github.com/xi0onamdev/WinRAR-CVE-2025-8088-Exploitation-Toolkit

https://github.com/jordan922/CVE-2025-8088

https://github.com/pentestfunctions/CVE-2025-8088-Multi-Document

https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder

https://github.com/nuky-alt/CVE-2025-8088

https://github.com/pescada-dev/-CVE-2025-8088

https://github.com/ghostn4444/CVE-2025-8088

https://github.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR

https://github.com/Ismael-20223/CVE-2025-8088

https://github.com/Markusino488/cve-2025-8088

https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool

https://github.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui

https://github.com/techcorp/CVE-2025-8088-Exploit

https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC

https://github.com/ilhamrzr/RAR-Anomaly-Inspector

https://github.com/walidpyh/CVE-2025-8088

https://github.com/hbesljx/CVE-2025-8088-EXP

https://github.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit-

campuscodi@mastodon.social at 2026-02-11T23:40:29.000Z ##

Stairwell: "over 80% of monitored environments contain vulnerable versions of WinRAR affected by CVE-2025-8088"

🙃🙃🙃🙃🙃 :blobpeek:

stairwell.com/resources/stairw

##

daniel1820815 at 2026-02-11T16:24:00.841Z ##

Research observed -Dragon, a Chinese-aligned group linked to , conducting espionage against government and law enforcement across Southeast Asia. The threat actor weaponized flaw CVE-2025-8088 within 10 days after its disclosure, geo-fenced servers to targets, and introduced , a Telegram-based remote access tool.

research.checkpoint.com/2026/a

##

campuscodi@mastodon.social at 2026-02-11T23:40:29.000Z ##

Stairwell: "over 80% of monitored environments contain vulnerable versions of WinRAR affected by CVE-2025-8088"

🙃🙃🙃🙃🙃 :blobpeek:

stairwell.com/resources/stairw

##

daniel1820815@infosec.exchange at 2026-02-11T16:24:00.000Z ##

#CheckPoint Research observed #Amaranth-Dragon, a Chinese-aligned group linked to #APT41, conducting espionage against government and law enforcement across Southeast Asia. The threat actor weaponized #WinRAR flaw CVE-2025-8088 within 10 days after its disclosure, geo-fenced servers to targets, and introduced #TGAmaranth, a Telegram-based remote access tool.

research.checkpoint.com/2026/a

##

CVE-2018-0802
(7.8 HIGH)

EPSS: 93.89%

updated 2025-10-22T00:31:30

2 posts

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.

7 repos

https://github.com/zldww2011/CVE-2018-0802_POC

https://github.com/Palvinder-Singh/PS_CVE2018-0802

https://github.com/likekabin/CVE-2018-0802_CVE-2017-11882

https://github.com/roninAPT/CVE-2018-0802

https://github.com/rxwx/CVE-2018-0802

https://github.com/Ridter/RTF_11882_0802

https://github.com/Abdibimantara/Maldoc-Analysis

technadu at 2026-02-11T10:02:25.700Z ##

Observed campaign summary:

Initial Access:
• Phishing emails with Excel (.XLAM) attachments
Execution:
• CVE-2018-0802 (EQNEDT32.EXE)
• HTA → mshta.exe
• PowerShell in-memory decoding
Deployment:
• Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
• Process hollowing into Msbuild.exe
• AES-encrypted C2 packets
• delimited command protocol
• Plugin-based architecture (50+ modules)

Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.

This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.

Blue teamers - which telemetry source provides the strongest signal here?

Source: fortinet.com/blog/threat-resea

Follow @technadu for ongoing malware analysis and threat intelligence coverage.

##

technadu@infosec.exchange at 2026-02-11T10:02:25.000Z ##

Observed campaign summary:

Initial Access:
• Phishing emails with Excel (.XLAM) attachments
Execution:
• CVE-2018-0802 (EQNEDT32.EXE)
• HTA → mshta.exe
• PowerShell in-memory decoding
Deployment:
• Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
• Process hollowing into Msbuild.exe
• AES-encrypted C2 packets
• delimited command protocol
• Plugin-based architecture (50+ modules)

Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.

This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.

Blue teamers - which telemetry source provides the strongest signal here?

Source: fortinet.com/blog/threat-resea

Follow @technadu for ongoing malware analysis and threat intelligence coverage.

#Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu

##

CVE-2025-59375
(7.5 HIGH)

EPSS: 0.12%

updated 2025-09-17T15:31:32

1 posts

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

linux@activitypub.awakari.com at 2026-02-11T09:38:02.000Z ## Ubuntu 25.10 Expat Critical DoS Issues USN-8022-1 CVE-2025-59375 Several security issues were fixed in Expat.

#Ubuntu #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2025-3573
(6.1 MEDIUM)

EPSS: 0.25%

updated 2025-04-15T14:24:22

2 posts

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

krinkle@fosstodon.org at 2026-02-11T03:16:36.000Z ##

@zachleat

Should be a lot more! They don't organise frontend and npm vuln that way. This doesn't even mention JavaScript:

cve.org/CVERecord?id=CVE-2025-

The search relies on descriptions for which standard terms are "an ongoing area of research" 🧐

cve.org/ResourcesSupport/FAQs#

##

krinkle@fosstodon.org at 2026-02-11T03:16:36.000Z ##

@zachleat

Should be a lot more! They don't organise frontend and npm vuln that way. This doesn't even mention JavaScript:

cve.org/CVERecord?id=CVE-2025-

The search relies on descriptions for which standard terms are "an ongoing area of research" 🧐

cve.org/ResourcesSupport/FAQs#

##

CVE-2026-26081
(0 None)

EPSS: 0.00%

2 posts

N/A

ScriptFanix@maly.io at 2026-02-12T15:04:27.000Z ##

2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC

haproxy.com/blog/cves-2026-qui

##

ScriptFanix@maly.io at 2026-02-12T15:04:27.000Z ##

2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC

haproxy.com/blog/cves-2026-qui

##

CVE-2026-26080
(0 None)

EPSS: 0.00%

2 posts

N/A

ScriptFanix@maly.io at 2026-02-12T15:04:27.000Z ##

2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC

haproxy.com/blog/cves-2026-qui

##

ScriptFanix@maly.io at 2026-02-12T15:04:27.000Z ##

2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC

haproxy.com/blog/cves-2026-qui

##

CVE-2025-64487
(0 None)

EPSS: 0.01%

2 posts

N/A

thehackerwire@mastodon.social at 2026-02-11T21:27:58.000Z ##

🟠 CVE-2025-64487 - High (7.6)

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership mana...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-02-11T21:27:58.000Z ##

🟠 CVE-2025-64487 - High (7.6)

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership mana...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21523
(0 None)

EPSS: 0.04%

1 posts

N/A

thehackerwire@mastodon.social at 2026-02-10T23:38:01.000Z ##

🟠 CVE-2026-21523 - High (8)

Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25947
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-02-10T23:15:15.000Z ##

🟠 CVE-2026-25947 - High (8.8)

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, re...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25506
(0 None)

EPSS: 0.02%

1 posts

N/A

thehackerwire@mastodon.social at 2026-02-10T21:42:24.000Z ##

🟠 CVE-2026-25506 - High (7.7)

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from pro...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

Visit counter For Websites