| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-21531 | 9.8 | 0.16% | 2 | 1 | 2026-02-12T19:19:54 | Deserialization of untrusted data in the Azure AI Language Conversations Authori | |
| CVE-2026-20700 | 7.8 | 0.01% | 17 | 0 | 2026-02-12T19:15:51.187000 | A memory corruption issue was addressed with improved state management. This iss | |
| CVE-2025-15556 | 0 | 0.04% | 4 | 2 | 2026-02-12T19:15:50.117000 | Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an upd | |
| CVE-2024-43468 | 9.8 | 73.83% | 4 | 3 | 2026-02-12T19:15:49.520000 | Microsoft Configuration Manager Remote Code Execution Vulnerability | |
| CVE-2026-2250 | 7.5 | 0.05% | 2 | 0 | 2026-02-12T18:31:24 | The /dbviewer/ web endpoint in METIS WIC devices is exposed without authenticati | |
| CVE-2026-2249 | 9.8 | 0.12% | 2 | 1 | 2026-02-12T18:31:24 | METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at t | |
| CVE-2026-2248 | 9.8 | 0.12% | 2 | 0 | 2026-02-12T18:31:24 | METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at t | |
| CVE-2026-26217 | 8.6 | 0.00% | 2 | 0 | 2026-02-12T16:16:17.620000 | Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in | |
| CVE-2026-26216 | 10.0 | 0.00% | 2 | 0 | 2026-02-12T16:16:17.447000 | Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability i | |
| CVE-2026-26029 | 7.5 | 0.07% | 2 | 0 | 2026-02-12T16:16:16.927000 | sf-mcp-server is an implementation of Salesforce MCP server for Claude for Deskt | |
| CVE-2026-1320 | 7.2 | 0.00% | 2 | 0 | 2026-02-12T15:32:54 | The Secure Copy Content Protection and Content Locking plugin for WordPress is v | |
| CVE-2026-2360 | 8.0 | 0.04% | 2 | 0 | 2026-02-12T15:11:02.290000 | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superu | |
| CVE-2026-0229 | 0 | 0.02% | 2 | 0 | 2026-02-12T15:11:02.290000 | A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feat | |
| CVE-2026-0228 | 0 | 0.01% | 2 | 0 | 2026-02-12T15:11:02.290000 | An improper certificate validation vulnerability in PAN-OS allows users to conne | |
| CVE-2026-2004 | 8.8 | 0.00% | 3 | 1 | 2026-02-12T15:10:37.307000 | Missing validation of type of input in PostgreSQL intarray extension selectivity | |
| CVE-2026-20614 | 0 | 0.02% | 2 | 0 | 2026-02-12T15:10:37.307000 | A path handling issue was addressed with improved validation. This issue is fixe | |
| CVE-2026-25924 | 8.4 | 0.04% | 2 | 0 | 2026-02-12T15:10:37.307000 | Kanboard is project management software focused on Kanban methodology. Prior to | |
| CVE-2026-2313 | 8.8 | 0.02% | 2 | 0 | 2026-02-12T15:10:37.307000 | Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote a | |
| CVE-2025-12059 | 9.8 | 0.04% | 2 | 0 | 2026-02-12T08:16:00.800000 | Insertion of Sensitive Information into Externally-Accessible File or Directory | |
| CVE-2026-26234 | 8.8 | 0.07% | 4 | 0 | 2026-02-12T06:30:21 | JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerabi | |
| CVE-2026-26235 | 7.5 | 0.07% | 2 | 1 | 2026-02-12T06:30:21 | JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that | |
| CVE-2026-25676 | 7.8 | 0.01% | 2 | 0 | 2026-02-12T06:30:21 | The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL sea | |
| CVE-2026-23857 | 8.3 | 0.01% | 4 | 0 | 2026-02-12T03:31:06 | Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contain | |
| CVE-2026-1729 | 9.8 | 0.19% | 6 | 1 | 2026-02-12T03:31:06 | The AdForest theme for WordPress is vulnerable to authentication bypass in all v | |
| CVE-2026-23856 | 7.8 | 0.01% | 2 | 0 | 2026-02-12T03:31:06 | Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell | |
| CVE-2026-0969 | 8.8 | 0.07% | 4 | 0 | 2026-02-12T03:31:01 | The serialize function used to compile MDX in next-mdx-remote is vulnerable to a | |
| CVE-2026-26215 | None | 0.13% | 2 | 1 | 2026-02-12T00:31:12 | manga-image-translator version beta-0.3 and prior in shared API mode contains an | |
| CVE-2026-20654 | None | 0.02% | 2 | 0 | 2026-02-12T00:31:12 | The issue was addressed with improved memory handling. This issue is fixed in wa | |
| CVE-2026-20617 | None | 0.02% | 2 | 0 | 2026-02-12T00:31:11 | A race condition was addressed with improved state handling. This issue is fixed | |
| CVE-2026-26010 | 7.6 | 0.01% | 2 | 0 | 2026-02-11T23:14:54 | ### Summary Calls issued by the UI against `/api/v1/ingestionPipelines` leak JWT | |
| CVE-2026-25759 | 8.7 | 0.01% | 2 | 0 | 2026-02-11T23:14:17 | ### Impact Stored XSS vulnerability in content titles allow authenticated users | |
| CVE-2025-48723 | 8.1 | 0.10% | 2 | 0 | 2026-02-11T21:31:44 | A buffer overflow vulnerability has been reported to affect Qsync Central. If a | |
| CVE-2026-2315 | 8.8 | 0.02% | 2 | 0 | 2026-02-11T21:30:48 | Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 a | |
| CVE-2026-2314 | 8.8 | 0.02% | 2 | 0 | 2026-02-11T21:30:48 | Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a | |
| CVE-2026-2319 | 7.5 | 0.02% | 2 | 0 | 2026-02-11T21:30:48 | Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attack | |
| CVE-2025-52868 | 8.1 | 0.10% | 2 | 0 | 2026-02-11T21:30:40 | A buffer overflow vulnerability has been reported to affect Qsync Central. If a | |
| CVE-2025-48725 | 8.1 | 0.10% | 2 | 0 | 2026-02-11T21:30:39 | A buffer overflow vulnerability has been reported to affect several QNAP operati | |
| CVE-2025-48724 | 8.1 | 0.10% | 2 | 0 | 2026-02-11T21:30:39 | A buffer overflow vulnerability has been reported to affect Qsync Central. If a | |
| CVE-2025-30276 | 8.8 | 0.11% | 2 | 0 | 2026-02-11T21:30:39 | An out-of-bounds write vulnerability has been reported to affect Qsync Central. | |
| CVE-2026-21246 | 7.8 | 0.02% | 2 | 0 | 2026-02-11T21:30:38 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized | |
| CVE-2026-21259 | 7.8 | 0.04% | 2 | 0 | 2026-02-11T21:30:38 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized atta | |
| CVE-2026-21239 | 7.8 | 0.03% | 2 | 0 | 2026-02-11T21:30:37 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to el | |
| CVE-2026-21236 | 7.8 | 0.03% | 2 | 0 | 2026-02-11T21:30:37 | Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allo | |
| CVE-2026-21245 | 7.8 | 0.03% | 2 | 0 | 2026-02-11T21:30:37 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to el | |
| CVE-2025-30269 | 8.1 | 0.04% | 2 | 0 | 2026-02-11T21:10:50.490000 | A use of externally-controlled format string vulnerability has been reported to | |
| CVE-2026-21255 | 8.8 | 0.03% | 2 | 0 | 2026-02-11T20:04:16.867000 | Improper access control in Windows Hyper-V allows an authorized attacker to bypa | |
| CVE-2026-21257 | 8.0 | 0.05% | 2 | 0 | 2026-02-11T19:47:12.797000 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-21260 | 7.5 | 0.09% | 2 | 0 | 2026-02-11T19:10:20.090000 | Exposure of sensitive information to an unauthorized actor in Microsoft Office O | |
| CVE-2026-21511 | 7.5 | 0.28% | 1 | 0 | 2026-02-11T18:56:56.907000 | Deserialization of untrusted data in Microsoft Office Outlook allows an unauthor | |
| CVE-2026-21357 | 7.8 | 0.01% | 1 | 0 | 2026-02-11T18:32:31 | InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based | |
| CVE-2026-25084 | 9.8 | 0.07% | 4 | 0 | 2026-02-11T18:31:36 | Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs | |
| CVE-2026-24789 | 9.8 | 0.07% | 4 | 0 | 2026-02-11T18:31:36 | An unprotected API endpoint allows an attacker to remotely change the device pas | |
| CVE-2026-2361 | 8.1 | 0.04% | 2 | 0 | 2026-02-11T18:31:36 | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superu | |
| CVE-2026-1235 | 6.5 | 0.01% | 1 | 0 | 2026-02-11T18:31:28 | The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via aja | |
| CVE-2025-64075 | 10.0 | 0.44% | 2 | 0 | 2026-02-11T18:06:04.010000 | A path traversal vulnerability in the check_token function of Shenzhen Zhibotong | |
| CVE-2026-21330 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T17:39:42.610000 | After Effects versions 25.6 and earlier are affected by an Access of Resource Us | |
| CVE-2026-21321 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T17:37:29.543000 | After Effects versions 25.6 and earlier are affected by an Integer Overflow or W | |
| CVE-2026-21325 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T17:36:38.050000 | After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu | |
| CVE-2026-21327 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T17:36:07.663000 | After Effects versions 25.6 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-21334 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T17:31:30.870000 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bou | |
| CVE-2026-21351 | 7.8 | 0.01% | 1 | 0 | 2026-02-11T17:29:31.673000 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21346 | 7.8 | 0.03% | 1 | 0 | 2026-02-11T17:15:14.187000 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds writ | |
| CVE-2026-21347 | 7.8 | 0.03% | 1 | 0 | 2026-02-11T17:14:59.750000 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow o | |
| CVE-2026-21341 | 7.8 | 0.03% | 1 | 0 | 2026-02-11T16:40:15.260000 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-25577 | 7.5 | 0.05% | 1 | 0 | 2026-02-11T16:16:06.200000 | Emmett is a framework designed to simplify your development process. Prior to 1. | |
| CVE-2026-21510 | 8.8 | 5.83% | 6 | 1 | 2026-02-11T16:13:25.603000 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to | |
| CVE-2026-21519 | 7.8 | 4.09% | 4 | 0 | 2026-02-11T16:13:16.180000 | Access of resource using incompatible type ('type confusion') in Desktop Window | |
| CVE-2026-21312 | 7.8 | 0.01% | 2 | 0 | 2026-02-11T15:57:42.060000 | Audition versions 25.3 and earlier are affected by an out-of-bounds write vulner | |
| CVE-2026-21525 | 6.2 | 2.97% | 4 | 0 | 2026-02-11T15:43:43.057000 | Null pointer dereference in Windows Remote Access Connection Manager allows an u | |
| CVE-2025-48503 | 7.9 | 0.01% | 2 | 0 | 2026-02-11T15:30:35 | A DLL hijacking vulnerability in the AMD Software Installer could allow an attac | |
| CVE-2026-0910 | 8.8 | 0.07% | 2 | 0 | 2026-02-11T15:30:34 | The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in a | |
| CVE-2025-8668 | 9.4 | 0.04% | 2 | 0 | 2026-02-11T15:30:34 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site | |
| CVE-2026-1357 | 9.8 | 0.46% | 3 | 3 | 2026-02-11T15:27:26.370000 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress | |
| CVE-2026-1560 | 8.8 | 0.24% | 3 | 1 | 2026-02-11T15:27:26.370000 | The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Rem | |
| CVE-2025-8025 | 9.8 | 0.05% | 2 | 0 | 2026-02-11T15:27:26.370000 | Missing Authentication for Critical Function, Improper Access Control vulnerabil | |
| CVE-2026-20841 | 8.8 | 0.10% | 107 | 9 | 2026-02-11T15:16:16.997000 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-0958 | 7.5 | 0.03% | 2 | 0 | 2026-02-11T12:30:27 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 | |
| CVE-2025-8099 | 7.5 | 0.04% | 2 | 0 | 2026-02-11T12:30:27 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 | |
| CVE-2025-7659 | 8.0 | 0.01% | 2 | 0 | 2026-02-11T12:30:27 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 | |
| CVE-2025-15096 | 8.8 | 0.04% | 2 | 0 | 2026-02-11T12:30:26 | The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privileg | |
| CVE-2025-10174 | 8.3 | 0.01% | 2 | 0 | 2026-02-11T12:30:26 | Cleartext Transmission of Sensitive Information vulnerability in Pan Software & | |
| CVE-2025-10913 | 8.3 | 0.04% | 2 | 0 | 2026-02-11T09:30:24 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site | |
| CVE-2025-9986 | 8.2 | 0.03% | 2 | 0 | 2026-02-11T09:30:24 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulne | |
| CVE-2026-21228 | 8.1 | 0.04% | 2 | 0 | 2026-02-10T21:51:48.077000 | Improper certificate validation in Azure Local allows an unauthorized attacker t | |
| CVE-2026-25993 | 0 | 0.03% | 1 | 0 | 2026-02-10T21:51:48.077000 | EverShop is a TypeScript-first eCommerce platform. During category update and de | |
| CVE-2026-26009 | 9.9 | 0.26% | 2 | 0 | 2026-02-10T21:51:48.077000 | Catalyst is a platform built for enterprise game server hosts, game communities, | |
| CVE-2026-25611 | 7.5 | 0.04% | 1 | 0 | 2026-02-10T21:51:48.077000 | A series of specifically crafted, unauthenticated messages can exhaust available | |
| CVE-2026-21353 | 7.8 | 0.03% | 1 | 0 | 2026-02-10T21:51:48.077000 | DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or W | |
| CVE-2026-21349 | 7.8 | 0.03% | 1 | 0 | 2026-02-10T21:51:48.077000 | Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds wri | |
| CVE-2026-21344 | 7.8 | 0.03% | 1 | 0 | 2026-02-10T21:31:42 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-1507 | 7.5 | 0.05% | 1 | 0 | 2026-02-10T21:31:42 | The affected products are vulnerable to an uncaught exception that could allow a | |
| CVE-2026-21345 | 7.8 | 0.03% | 1 | 0 | 2026-02-10T21:31:41 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-21352 | 7.8 | 0.03% | 1 | 0 | 2026-02-10T21:31:41 | DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-21342 | 7.8 | 0.01% | 1 | 0 | 2026-02-10T21:31:37 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-1848 | 7.5 | 0.04% | 1 | 0 | 2026-02-10T21:31:36 | Connections received from the proxy port may not count towards total accepted co | |
| CVE-2026-21343 | 7.8 | 0.03% | 1 | 0 | 2026-02-10T21:31:36 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds | |
| CVE-2026-21514 | 7.8 | 3.68% | 5 | 0 | 2026-02-10T21:31:29 | Reliance on untrusted inputs in a security decision in Microsoft Office Word all | |
| CVE-2026-21513 | 8.8 | 4.82% | 4 | 0 | 2026-02-10T21:31:29 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker | |
| CVE-2026-21533 | 7.8 | 2.40% | 4 | 1 | 2026-02-10T21:31:29 | Improper privilege management in Windows Remote Desktop allows an authorized att | |
| CVE-2026-25992 | 7.5 | 0.04% | 1 | 0 | 2026-02-10T19:56:57 | # File Read Interface Case Bypass Vulnerability ## Vulnerability Name File Read | |
| CVE-2026-21537 | 8.8 | 0.05% | 2 | 0 | 2026-02-10T18:30:54 | Improper control of generation of code ('code injection') in Microsoft Defender | |
| CVE-2026-21328 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:53 | After Effects versions 25.6 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-21322 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:52 | After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu | |
| CVE-2026-21318 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:52 | After Effects versions 25.6 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-21240 | 7.8 | 0.02% | 2 | 0 | 2026-02-10T18:30:51 | Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an | |
| CVE-2026-21243 | 7.5 | 0.06% | 2 | 0 | 2026-02-10T18:30:51 | Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol | |
| CVE-2026-21251 | 7.8 | 0.04% | 2 | 0 | 2026-02-10T18:30:51 | Use after free in Windows Cluster Client Failover allows an authorized attacker | |
| CVE-2026-21250 | 7.8 | 0.04% | 2 | 0 | 2026-02-10T18:30:51 | Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker | |
| CVE-2026-21323 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:51 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21320 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:51 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21329 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:51 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21326 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:51 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnera | |
| CVE-2026-21324 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:51 | After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu | |
| CVE-2026-21256 | 8.8 | 0.05% | 2 | 0 | 2026-02-10T18:30:50 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-21335 | 7.8 | 0.01% | 2 | 0 | 2026-02-10T18:30:50 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bou | |
| CVE-2026-21516 | 8.8 | 0.03% | 1 | 0 | 2026-02-10T18:30:50 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-1603 | 8.6 | 0.15% | 2 | 0 | 2026-02-10T18:30:49 | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allo | |
| CVE-2026-21229 | 8.0 | 0.07% | 2 | 0 | 2026-02-10T18:30:49 | Improper input validation in Power BI allows an authorized attacker to execute c | |
| CVE-2026-21238 | 7.8 | 0.03% | 2 | 0 | 2026-02-10T18:30:49 | Improper access control in Windows Ancillary Function Driver for WinSock allows | |
| CVE-2026-22153 | 8.1 | 0.07% | 1 | 2 | 2026-02-10T18:30:48 | An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerabili | |
| CVE-2026-1602 | 6.5 | 0.05% | 2 | 0 | 2026-02-10T18:30:38 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote | |
| CVE-2026-24061 | 9.8 | 37.88% | 7 | 63 | template | 2026-02-10T18:30:34 | telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a " |
| CVE-2026-0509 | 9.6 | 0.04% | 2 | 0 | 2026-02-10T06:30:39 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, | |
| CVE-2026-0488 | 10.0 | 0.04% | 2 | 0 | 2026-02-10T06:30:38 | An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could ex | |
| CVE-2026-1529 | 8.1 | 0.02% | 2 | 2 | 2026-02-10T02:15:52.253000 | A flaw was found in Keycloak. An attacker can exploit this vulnerability by modi | |
| CVE-2026-25639 | 7.5 | 0.01% | 1 | 0 | 2026-02-09T22:39:36 | # Denial of Service via **proto** Key in mergeConfig ### Summary The `mergeCon | |
| CVE-2025-66630 | None | 0.01% | 2 | 0 | 2026-02-09T18:49:19 | Fiber v2 contains an internal vendored copy of `gofiber/utils`, and its function | |
| CVE-2026-1731 | 0 | 4.22% | 4 | 3 | template | 2026-02-09T16:08:55.263000 | BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote |
| CVE-2026-2234 | 9.1 | 0.05% | 2 | 0 | 2026-02-09T09:30:28 | C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing | |
| CVE-2025-64175 | None | 0.01% | 2 | 0 | 2026-02-06T19:06:46 | Contact OpenAI Security Research at outbounddisclosures@openai.com to engage on | |
| CVE-2025-64111 | None | 0.12% | 2 | 0 | 2026-02-06T19:06:45 | ### Summary Due to the insufficient patch for the https://github.com/gogs/gogs/s | |
| CVE-2025-24054 | 6.5 | 11.25% | 1 | 9 | 2026-02-05T13:01:23.843000 | External control of file name or path in Windows NTLM allows an unauthorized att | |
| CVE-2026-25049 | None | 0.03% | 4 | 1 | 2026-02-04T21:09:38 | ### Impact Additional exploits in the expression evaluation of n8n have been id | |
| CVE-2026-20119 | 7.5 | 0.09% | 2 | 0 | 2026-02-04T18:30:51 | A vulnerability in the text rendering subsystem of Cisco TelePresence Collaborat | |
| CVE-2026-1340 | 9.8 | 0.18% | 2 | 1 | 2026-02-04T16:34:21.763000 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2026-25253 | 8.8 | 0.04% | 1 | 4 | 2026-02-03T16:44:36.630000 | OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value f | |
| CVE-2026-0227 | 7.5 | 0.06% | 1 | 2 | 2026-01-31T00:31:36 | A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated | |
| CVE-2026-1281 | 9.8 | 16.41% | 2 | 1 | 2026-01-30T00:31:29 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2026-23760 | 9.8 | 55.52% | 2 | 2 | template | 2026-01-27T16:16:55.327000 | SmarterTools SmarterMail versions prior to build 9511 contain an authentication |
| CVE-2026-20026 | 5.8 | 0.13% | 2 | 0 | 2026-01-08T18:08:54.147000 | Multiple Cisco products are affected by a vulnerability in the processing o | |
| CVE-2023-4911 | 7.8 | 63.62% | 1 | 17 | template | 2026-01-08T16:28:27.603000 | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so whi |
| CVE-2026-20027 | 5.3 | 0.04% | 2 | 0 | 2026-01-07T18:30:33 | Multiple Cisco products are affected by a vulnerability in the processing of DCE | |
| CVE-2025-43529 | 8.8 | 0.02% | 2 | 7 | 2025-12-17T21:31:01 | A use-after-free issue was addressed with improved memory management. This issue | |
| CVE-2025-14174 | 8.8 | 0.65% | 2 | 6 | 2025-12-15T15:30:31 | Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499 | |
| CVE-2025-60787 | 7.2 | 70.31% | 1 | 1 | 2025-11-03T21:48:21 | ## Summary A command injection vulnerability in MotionEye allows attackers to ac | |
| CVE-2025-8088 | 8.8 | 3.90% | 4 | 28 | 2025-10-30T15:50:59.680000 | A path traversal vulnerability affecting the Windows version of WinRAR allows th | |
| CVE-2018-0802 | 7.8 | 93.89% | 2 | 7 | 2025-10-22T00:31:30 | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Offic | |
| CVE-2025-59375 | 7.5 | 0.12% | 1 | 0 | 2025-09-17T15:31:32 | libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory | |
| CVE-2025-3573 | 6.1 | 0.25% | 2 | 0 | 2025-04-15T14:24:22 | Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross- | |
| CVE-2026-26081 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-26080 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-64487 | 0 | 0.01% | 2 | 0 | N/A | ||
| CVE-2026-21523 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-25947 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-25506 | 0 | 0.02% | 1 | 0 | N/A |
updated 2026-02-12T19:19:54
2 posts
1 repos
🚨 CVE-2026-21531: Critical RCE in Azure AI Language Authoring SDK v1.0.0 via deserialization of untrusted data. Unauthenticated attackers can execute code remotely. Restrict access & monitor endpoints until patched. https://radar.offseq.com/threat/cve-2026-21531-cwe-502-deserialization-of-untruste-4a5578f9 #OffSeq #Azure #Security
##🔴 CVE-2026-21531 - Critical (9.8)
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21531/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T19:15:51.187000
17 posts
CVE ID: CVE-2026-20700
Vendor: Apple
Product: Multiple Products
Date Added: 2026-02-12
Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20700
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
##Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #technologyAtKukei https://masto.kukei.eu/browse/technology category:
- Eddy Merckx Bikes unveils Corsa Strasbourg Ti and Corsa Pévèle Ti titanium bikes, handmade in Italy.
- WordPress plugin with ~900k installs exposed to a critical RCE flaw.
- Apple iOS 26.3 update patches CVE-2026-20700.
- Palantir sues Republik Magazin (Swiss outlet) over a published article.
- Waymo launches World Model for autonomous driving [1/2]
Update your iPhones to iOS 26.3, CVE-2026-20700 is pretty bad!
https://go.theregister.com/feed/www.theregister.com/2026/02/12/apple_ios_263/
##The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html
##Apple Releases Emergency Security Updates to Patch Actively Exploited Zero-Day CVE-2026-20700 Across iOS, macOS, and More + Video
A Critical Memory Corruption Flaw Forces Apple Into Rapid Defensive Action Apple has rolled out urgent security updates across its entire ecosystem, including iOS, iPadOS, macOS, watchOS, tvOS, and visionOS, to address an actively exploited zero-day vulnerability identified as CVE-2026-20700. The flaw, discovered by Google’s Threat Analysis…
##Apple aktualisiert alles 2026-02
Apples reguläre Updates im Februar flicken 71 Sicherheitslücken. Einige von denen stecken in mehreren von Apple Produkten. Bemerkenswert ist CVE-2026-20700, die bereits für Angriffe ausgenutzt wird (Zero-Day). Weitere drei neue Sicherheitslücken betreffen die Spracherkennung (Siri), ermöglichen sie doch, auch einem gesperrten iPhone persönliche Daten zu entloc
https://www.pc-fluesterer.info/wordpress/taxopress_logs/apple-aktualisiert-alles-2026-02/
##Apple aktualisiert alles 2026-02
Apples reguläre Updates im Februar flicken 71 Sicherheitslücken. Einige von denen stecken in mehreren von Apple Produkten. Bemerkenswert ist CVE-2026-20700, die bereits für Angriffe ausgenutzt wird (Zero-Day). Weitere drei neue Sicherheit
https://www.pc-fluesterer.info/wordpress/2026/02/12/apple-aktualisiert-alles-2026-02/
#Allgemein #Empfehlung #Hintergrund #Mobilfunk #Warnung #0day #apple #cybercrime #ios #macos #sicherheit #UnplugTrump #vorbeugen
##A hidden flaw in Apple’s core system let hackers quietly bypass defenses and target high-profile users before anyone noticed. How did this zero-day slip through the cracks?
https://thedefendopsdiaries.com/inside-cve-2026-20700-how-a-zero-day-slipped-past-apples-defenses/
##🚨 CRITICAL: CVE-2026-20700 impacts Apple macOS, iOS, iPadOS & more before v26.3. Memory corruption enables arbitrary code execution — exploited in sophisticated, targeted attacks. Urgently update all devices! https://radar.offseq.com/threat/cve-2026-20700-an-attacker-with-memory-write-capab-30065920 #OffSeq #AppleSecurity #CVE202620700 #ThreatIntel
##📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
CVE ID: CVE-2026-20700
Vendor: Apple
Product: Multiple Products
Date Added: 2026-02-12
Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20700
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
##The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html
##A hidden flaw in Apple’s core system let hackers quietly bypass defenses and target high-profile users before anyone noticed. How did this zero-day slip through the cracks?
https://thedefendopsdiaries.com/inside-cve-2026-20700-how-a-zero-day-slipped-past-apples-defenses/
##🚨 CRITICAL: CVE-2026-20700 impacts Apple macOS, iOS, iPadOS & more before v26.3. Memory corruption enables arbitrary code execution — exploited in sophisticated, targeted attacks. Urgently update all devices! https://radar.offseq.com/threat/cve-2026-20700-an-attacker-with-memory-write-capab-30065920 #OffSeq #AppleSecurity #CVE202620700 #ThreatIntel
##📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
updated 2026-02-12T19:15:50.117000
4 posts
2 repos
https://github.com/renat0z3r0/notepadpp-supply-chain-iocs
https://github.com/George0Papasotiriou/CVE-2025-15556-Notepad-WinGUp-Updater-RCE
CVE ID: CVE-2025-15556
Vendor: Notepad++
Product: Notepad++
Date Added: 2026-02-12
Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-15556
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
##CVE ID: CVE-2025-15556
Vendor: Notepad++
Product: Notepad++
Date Added: 2026-02-12
Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-15556
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
##updated 2026-02-12T19:15:49.520000
4 posts
3 repos
CVE ID: CVE-2024-43468
Vendor: Microsoft
Product: Configuration Manager
Date Added: 2026-02-12
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-43468
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
##CVE ID: CVE-2024-43468
Vendor: Microsoft
Product: Configuration Manager
Date Added: 2026-02-12
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-43468
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
##updated 2026-02-12T18:31:24
2 posts
🟠 CVE-2026-2250 - High (7.5)
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2250 - High (7.5)
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T18:31:24
2 posts
1 repos
🔴 CVE-2026-2249 - Critical (9.8)
METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2249/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2249 - Critical (9.8)
METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2249/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T18:31:24
2 posts
🔴 CVE-2026-2248 - Critical (9.8)
METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2248 - Critical (9.8)
METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T16:16:17.620000
2 posts
🚨 CRITICAL: CVE-2026-26217 in Crawl4AI (<0.8.0) enables unauthenticated file read via Docker API endpoints. Attackers can access /etc/passwd, configs, and secrets. Upgrade to 0.8.0+! https://radar.offseq.com/threat/cve-2026-26217-cwe-22-improper-limitation-of-a-pat-0f89b04d #OffSeq #CVE202626217 #infosec
##🚨 CRITICAL: CVE-2026-26217 in Crawl4AI (<0.8.0) enables unauthenticated file read via Docker API endpoints. Attackers can access /etc/passwd, configs, and secrets. Upgrade to 0.8.0+! https://radar.offseq.com/threat/cve-2026-26217-cwe-22-improper-limitation-of-a-pat-0f89b04d #OffSeq #CVE202626217 #infosec
##updated 2026-02-12T16:16:17.447000
2 posts
⚠️ CRITICAL RCE (CVE-2026-26216) in Crawl4AI <0.8.0: /crawl endpoint allows unauthenticated Python code injection via exec(), enabling server takeover & lateral movement. Restrict access, monitor activity, upgrade ASAP. https://radar.offseq.com/threat/cve-2026-26216-cwe-94-improper-control-of-generati-09f71e54 #OffSeq #CVE202626216 #infosec #RCE
##⚠️ CRITICAL RCE (CVE-2026-26216) in Crawl4AI <0.8.0: /crawl endpoint allows unauthenticated Python code injection via exec(), enabling server takeover & lateral movement. Restrict access, monitor activity, upgrade ASAP. https://radar.offseq.com/threat/cve-2026-26216-cwe-94-improper-control-of-generati-09f71e54 #OffSeq #CVE202626216 #infosec #RCE
##updated 2026-02-12T16:16:16.927000
2 posts
🟠 CVE-2026-26029 - High (7.5)
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26029 - High (7.5)
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:32:54
2 posts
⚠️ HIGH severity alert: CVE-2026-1320 impacts ays-pro Secure Copy Content Protection & Content Locking (all versions) — Stored XSS via 'X-Forwarded-For' lets unauth attackers inject scripts. Monitor and restrict input. More: https://radar.offseq.com/threat/cve-2026-1320-cwe-79-improper-neutralization-of-in-70548f61 #OffSeq #WordPress #XSS
##⚠️ HIGH severity alert: CVE-2026-1320 impacts ays-pro Secure Copy Content Protection & Content Locking (all versions) — Stored XSS via 'X-Forwarded-For' lets unauth attackers inject scripts. Monitor and restrict input. More: https://radar.offseq.com/threat/cve-2026-1320-cwe-79-improper-neutralization-of-in-70548f61 #OffSeq #WordPress #XSS
##updated 2026-02-12T15:11:02.290000
2 posts
🟠 CVE-2026-2360 - High (8)
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2360/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2360 - High (8)
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2360/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:11:02.290000
2 posts
Palo Alto has three new advisories.
- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) https://security.paloaltonetworks.com/PAN-SA-2026-0002
- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature https://security.paloaltonetworks.com/CVE-2026-0229
- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate https://security.paloaltonetworks.com/CVE-2026-0228 #PaloAlto #infosec #vulnerability
##Palo Alto has three new advisories.
- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) https://security.paloaltonetworks.com/PAN-SA-2026-0002
- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature https://security.paloaltonetworks.com/CVE-2026-0229
- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate https://security.paloaltonetworks.com/CVE-2026-0228 #PaloAlto #infosec #vulnerability
##updated 2026-02-12T15:11:02.290000
2 posts
Palo Alto has three new advisories.
- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) https://security.paloaltonetworks.com/PAN-SA-2026-0002
- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature https://security.paloaltonetworks.com/CVE-2026-0229
- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate https://security.paloaltonetworks.com/CVE-2026-0228 #PaloAlto #infosec #vulnerability
##Palo Alto has three new advisories.
- This affects several CVEs: PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) https://security.paloaltonetworks.com/PAN-SA-2026-0002
- CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature https://security.paloaltonetworks.com/CVE-2026-0229
- CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate https://security.paloaltonetworks.com/CVE-2026-0228 #PaloAlto #infosec #vulnerability
##updated 2026-02-12T15:10:37.307000
3 posts
1 repos
Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- AI agents coordinating on real work and autonomous coding (Claude Code, agent frameworks, Copilot-style testing)
- PostgreSQL CVE-2026-2004: missing input validation in intarray extension allows OS code execution
- Python ecosystem events: PyCon Namibia 2026 and PyCon Sweden 2025/2026 (speaker announcements and tracks)
- NixOS and Guix: full [1/2]
few new #postgresql vulns out there today
🔐 CVE-2026-2004
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.
📊 CVSS Score: 8.8
⚠️ Severity: High
📅 Published: 02/12/2026, 02:16 PM
🏷️ Aliases: CVE-2026-2004
🛡️ CWE: CWE-1287
📚 References: https://www.postgresql.org/support/security/CVE-2026-2004/
few new #postgresql vulns out there today
🔐 CVE-2026-2004
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.
📊 CVSS Score: 8.8
⚠️ Severity: High
📅 Published: 02/12/2026, 02:16 PM
🏷️ Aliases: CVE-2026-2004
🛡️ CWE: CWE-1287
📚 References: https://www.postgresql.org/support/security/CVE-2026-2004/
updated 2026-02-12T15:10:37.307000
2 posts
🚨 CVE-2026-20614 (CRITICAL): Privilege escalation in macOS lets apps gain root with no user interaction. Fixes: Sequoia 15.7.4, Tahoe 26.3, Sonoma 14.8.4. Patch now to block full compromise — esp. in EU orgs! https://radar.offseq.com/threat/cve-2026-20614-an-app-may-be-able-to-gain-root-pri-30d49a81 #OffSeq #macOS #Vuln #Patch
##🚨 CVE-2026-20614 (CRITICAL): Privilege escalation in macOS lets apps gain root with no user interaction. Fixes: Sequoia 15.7.4, Tahoe 26.3, Sonoma 14.8.4. Patch now to block full compromise — esp. in EU orgs! https://radar.offseq.com/threat/cve-2026-20614-an-app-may-be-able-to-gain-root-pri-30d49a81 #OffSeq #macOS #Vuln #Patch
##updated 2026-02-12T15:10:37.307000
2 posts
🟠 CVE-2026-25924 - High (8.4)
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution (RCE). Although the application...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25924/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25924 - High (8.4)
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution (RCE). Although the application...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25924/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:10:37.307000
2 posts
🟠 CVE-2026-2313 - High (8.8)
Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2313 - High (8.8)
Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T08:16:00.800000
2 posts
🔴 CVE-2025-12059 - Critical (9.8)
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logo ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-12059 - Critical (9.8)
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logo ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T06:30:21
4 posts
🔎 CVE-2026-26234 (HIGH): JUNG Smart Visu Server (v1.0.830 – 1.1.1050) allows unauthenticated X-Forwarded-Host header injection — leads to cache poisoning, phishing, and redirects. Patch when available, restrict access, monitor logs. https://radar.offseq.com/threat/cve-2026-26234-improper-neutralization-of-http-hea-13dc0f5b #OffSeq #Vuln #IoT
##🟠 CVE-2026-26234 - High (8.8)
JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26234/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 CVE-2026-26234 (HIGH): JUNG Smart Visu Server (v1.0.830 – 1.1.1050) allows unauthenticated X-Forwarded-Host header injection — leads to cache poisoning, phishing, and redirects. Patch when available, restrict access, monitor logs. https://radar.offseq.com/threat/cve-2026-26234-improper-neutralization-of-http-hea-13dc0f5b #OffSeq #Vuln #IoT
##🟠 CVE-2026-26234 - High (8.8)
JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26234/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T06:30:21
2 posts
1 repos
https://github.com/mbanyamer/CVE-2026-26235-JUNG-Smart-Visu-Server-Unauthenticated-Reboot-Shutdown
🚨 CVE-2026-26235 (HIGH): JUNG Smart Visu Server 1.1.1050 lets unauthenticated users remotely shut down or reboot the server via POST request. Restrict network access, monitor logs, and await vendor patch. Details: https://radar.offseq.com/threat/cve-2026-26235-missing-authentication-for-critical-64624540 #OffSeq #Vulnerability #OTSecurity
##🚨 CVE-2026-26235 (HIGH): JUNG Smart Visu Server 1.1.1050 lets unauthenticated users remotely shut down or reboot the server via POST request. Restrict network access, monitor logs, and await vendor patch. Details: https://radar.offseq.com/threat/cve-2026-26235-missing-authentication-for-critical-64624540 #OffSeq #Vulnerability #OTSecurity
##updated 2026-02-12T06:30:21
2 posts
⚠️ CVE-2026-25676: HIGH-severity DLL search path vuln in M-Audio M-Track Duo HD v1.0.0 installer. Local attackers can hijack DLLs to run code as admin. Restrict installer use, monitor for patches! https://radar.offseq.com/threat/cve-2026-25676-uncontrolled-search-path-element-in-108bd32e #OffSeq #Vulnerability #Infosec #CVE2026_25676
##⚠️ CVE-2026-25676: HIGH-severity DLL search path vuln in M-Audio M-Track Duo HD v1.0.0 installer. Local attackers can hijack DLLs to run code as admin. Restrict installer use, monitor for patches! https://radar.offseq.com/threat/cve-2026-25676-uncontrolled-search-path-element-in-108bd32e #OffSeq #Vulnerability #Infosec #CVE2026_25676
##updated 2026-02-12T03:31:06
4 posts
Dell Update Package Framework (23.12.00 – 24.12.00) hit by HIGH severity (CVSS 8.2) vuln: improper permission checks enable local privilege escalation. Restrict access & monitor for updates. CVE-2026-23857 🛡️ https://radar.offseq.com/threat/cve-2026-23857-cwe-280-improper-handling-of-insuff-a6a15377 #OffSeq #Dell #PrivilegeEscalation #Vuln
##🟠 CVE-2026-23857 - High (8.2)
Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23857/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Dell Update Package Framework (23.12.00 – 24.12.00) hit by HIGH severity (CVSS 8.2) vuln: improper permission checks enable local privilege escalation. Restrict access & monitor for updates. CVE-2026-23857 🛡️ https://radar.offseq.com/threat/cve-2026-23857-cwe-280-improper-handling-of-insuff-a6a15377 #OffSeq #Dell #PrivilegeEscalation #Vuln
##🟠 CVE-2026-23857 - High (8.2)
Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23857/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T03:31:06
6 posts
1 repos
https://github.com/ninjazan420/CVE-2026-1729-PoC-AdForest-WordPress-Authentication-Bypass
🚨 CRITICAL: CVE-2026-1729 in AdForest (≤6.0.12) enables unauthenticated OTP login as any user — including admins. No patch yet. Block vulnerable OTP function, monitor logs, and deploy WAF rules ASAP. https://radar.offseq.com/threat/cve-2026-1729-cwe-306-missing-authentication-for-c-1533b53f #OffSeq #WordPress #Vulnerability
##🚨 CVE-2026-1729 (CRITICAL): AdForest WordPress theme authentication bypass lets attackers log in as any user — including admin! All versions affected, no patch yet. Disable OTP login & deploy WAF rules ASAP. More: https://radar.offseq.com/threat/cve-2026-1729-cwe-306-missing-authentication-for-c-1533b53f #OffSeq #WordPress #CVE20261729 #WebSecurity
##🔴 CVE-2026-1729 - Critical (9.8)
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1729/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-1729 in AdForest (≤6.0.12) enables unauthenticated OTP login as any user — including admins. No patch yet. Block vulnerable OTP function, monitor logs, and deploy WAF rules ASAP. https://radar.offseq.com/threat/cve-2026-1729-cwe-306-missing-authentication-for-c-1533b53f #OffSeq #WordPress #Vulnerability
##🚨 CVE-2026-1729 (CRITICAL): AdForest WordPress theme authentication bypass lets attackers log in as any user — including admin! All versions affected, no patch yet. Disable OTP login & deploy WAF rules ASAP. More: https://radar.offseq.com/threat/cve-2026-1729-cwe-306-missing-authentication-for-c-1533b53f #OffSeq #WordPress #CVE20261729 #WebSecurity
##🔴 CVE-2026-1729 - Critical (9.8)
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1729/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T03:31:06
2 posts
🟠 CVE-2026-23856 - High (7.8)
Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23856/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23856 - High (7.8)
Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23856/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T03:31:01
4 posts
🟠 CVE-2026-0969 - High (8.8)
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0969 - High (8.8)
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0969 - High (8.8)
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0969 - High (8.8)
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T00:31:12
2 posts
1 repos
https://github.com/mbanyamer/-CVE-2026-26215-manga-image-translator-RCE
CVE-2026-26215: CRITICAL RCE in zyddnys manga-image-translator (beta-0.3 & earlier). Unauthenticated attackers can exploit unsafe pickle.loads() in FastAPI endpoints to execute code. Disable endpoints & monitor for threats! https://radar.offseq.com/threat/cve-2026-26215-cwe-502-deserialization-of-untruste-e3572f04 #OffSeq #CVE202626215 #infosec
##CVE-2026-26215: CRITICAL RCE in zyddnys manga-image-translator (beta-0.3 & earlier). Unauthenticated attackers can exploit unsafe pickle.loads() in FastAPI endpoints to execute code. Disable endpoints & monitor for threats! https://radar.offseq.com/threat/cve-2026-26215-cwe-502-deserialization-of-untruste-e3572f04 #OffSeq #CVE202626215 #infosec
##updated 2026-02-12T00:31:12
2 posts
Got my first Apple CVE!
CVE-2026-20654
At the age of 19, I have finally achieved my goal.
Weird thing is, the 2025 CVE isn't addressed yet haha
More exciting news coming soon!
Thank you everyone for the support 🥹🙏
##Got my first Apple CVE!
CVE-2026-20654
At the age of 19, I have finally achieved my goal.
Weird thing is, the 2025 CVE isn't addressed yet haha
More exciting news coming soon!
Thank you everyone for the support 🥹🙏
##updated 2026-02-12T00:31:11
2 posts
🚨 CVE-2026-20617 (CRITICAL): Race condition lets malicious apps escalate to root on macOS & Apple OS. No exploits in the wild yet — patch to Sonoma 14.8.4, Tahoe 26.3 ASAP! https://radar.offseq.com/threat/cve-2026-20617-an-app-may-be-able-to-gain-root-pri-42394d40 #OffSeq #macOS #Apple #Infosec #CVE202620617
##🚨 CVE-2026-20617 (CRITICAL): Race condition lets malicious apps escalate to root on macOS & Apple OS. No exploits in the wild yet — patch to Sonoma 14.8.4, Tahoe 26.3 ASAP! https://radar.offseq.com/threat/cve-2026-20617-an-app-may-be-able-to-gain-root-pri-42394d40 #OffSeq #macOS #Apple #Infosec #CVE202620617
##updated 2026-02-11T23:14:54
2 posts
🟠 CVE-2026-26010 - High (7.6)
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a high...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26010/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26010 - High (7.6)
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a high...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26010/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T23:14:17
2 posts
🟠 CVE-2026-25759 - High (8.7)
Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that execu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25759/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25759 - High (8.7)
Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that execu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25759/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:31:44
2 posts
🟠 CVE-2025-48723 - High (8.1)
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the foll...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48723/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48723 - High (8.1)
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the foll...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48723/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:48
2 posts
🟠 CVE-2026-2315 - High (8.8)
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2315/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2315 - High (8.8)
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2315/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:48
2 posts
🟠 CVE-2026-2314 - High (8.8)
Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2314 - High (8.8)
Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:48
2 posts
🟠 CVE-2026-2319 - High (7.5)
Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2319 - High (7.5)
Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:40
2 posts
🟠 CVE-2025-52868 - High (8.1)
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the foll...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52868/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-52868 - High (8.1)
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the foll...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52868/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:39
2 posts
🟠 CVE-2025-48725 - High (8.1)
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48725/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48725 - High (8.1)
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48725/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:39
2 posts
🟠 CVE-2025-48724 - High (8.1)
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the foll...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48724/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48724 - High (8.1)
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the foll...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48724/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:39
2 posts
🟠 CVE-2025-30276 - High (8.8)
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory.
We have already fixed the vulnerability in the followi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30276/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-30276 - High (8.8)
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory.
We have already fixed the vulnerability in the followi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30276/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:38
2 posts
🟠 CVE-2026-21246 - High (7.8)
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21246/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21246 - High (7.8)
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21246/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:38
2 posts
🟠 CVE-2026-21259 - High (7.8)
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21259/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21259 - High (7.8)
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21259/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:37
2 posts
🟠 CVE-2026-21239 - High (7.8)
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21239/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21239 - High (7.8)
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21239/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:37
2 posts
🟠 CVE-2026-21236 - High (7.8)
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21236/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21236 - High (7.8)
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21236/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:37
2 posts
🟠 CVE-2026-21245 - High (7.8)
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21245/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21245 - High (7.8)
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21245/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:10:50.490000
2 posts
🟠 CVE-2025-30269 - High (8.1)
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30269/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-30269 - High (8.1)
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30269/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T20:04:16.867000
2 posts
🟠 CVE-2026-21255 - High (8.8)
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21255/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21255 - High (8.8)
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21255/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T19:47:12.797000
2 posts
🟠 CVE-2026-21257 - High (8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21257/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21257 - High (8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21257/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T19:10:20.090000
2 posts
🟠 CVE-2026-21260 - High (7.5)
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21260 - High (7.5)
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:56:56.907000
1 posts
🟠 CVE-2026-21511 - High (7.5)
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21511/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:32:31
1 posts
🟠 CVE-2026-21357 - High (7.8)
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21357/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:31:36
4 posts
🔴 CVE-2026-25084 - Critical (9.8)
Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25084/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways
ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.
**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaws-uncovered-in-zlan-industrial-gateways-k-4-k-9-i/gD2P6Ple2L
🔴 CVE-2026-25084 - Critical (9.8)
Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25084/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways
ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.
**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaws-uncovered-in-zlan-industrial-gateways-k-4-k-9-i/gD2P6Ple2L
updated 2026-02-11T18:31:36
4 posts
🔴 CVE-2026-24789 - Critical (9.8)
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24789/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways
ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.
**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaws-uncovered-in-zlan-industrial-gateways-k-4-k-9-i/gD2P6Ple2L
🔴 CVE-2026-24789 - Critical (9.8)
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24789/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways
ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.
**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaws-uncovered-in-zlan-industrial-gateways-k-4-k-9-i/gD2P6Ple2L
updated 2026-02-11T18:31:36
2 posts
🟠 CVE-2026-2361 - High (8)
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2361/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2361 - High (8)
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2361/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:31:28
1 posts
🚨 CVE-2026-1235: CRITICAL deserialization flaw in WP eCommerce (≤3.15.1) allows unauthenticated PHP object injection via AJAX. No patch yet. Disable vulnerable AJAX actions & audit plugins. High risk for EU e-commerce sites. https://radar.offseq.com/threat/cve-2026-1235-cwe-502-deserialization-of-untrusted-67de3834 #OffSeq #WordPress #Security
##updated 2026-02-11T18:06:04.010000
2 posts
🔴 CVE-2025-64075 - Critical (10)
A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64075/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-64075 - Critical (10)
A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64075/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:39:42.610000
2 posts
🟠 CVE-2026-21330 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21330/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21330 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21330/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:37:29.543000
2 posts
🟠 CVE-2026-21321 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21321 - High (7.8)
After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:36:38.050000
2 posts
🟠 CVE-2026-21325 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21325/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21325 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21325/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:36:07.663000
2 posts
🟠 CVE-2026-21327 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21327/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21327 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21327/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:31:30.870000
2 posts
🟠 CVE-2026-21334 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21334/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21334 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21334/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:29:31.673000
1 posts
🟠 CVE-2026-21351 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21351/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:15:14.187000
1 posts
🟠 CVE-2026-21346 - High (7.8)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21346/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T17:14:59.750000
1 posts
🟠 CVE-2026-21347 - High (7.8)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21347/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T16:40:15.260000
1 posts
🟠 CVE-2026-21341 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21341/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T16:16:06.200000
1 posts
🟠 CVE-2026-25577 - High (7.5)
Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticate...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25577/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T16:13:25.603000
6 posts
1 repos
age-verification concerns.
- Windows security flaws: multiple 2026 CVEs (Notepad RCE CVE-2026-20841; MSHTML; CVE-2026-21510/13/19/25/33) and ongoing Patch Tuesday updates.
- AI and work: productivity boosts but rising cognitive load and burnout; AI adoption altering job markets and roles.
- Open/indie web and OSS: growing use of Pixelfed, Matrix, Zulip; open-source Discord alternatives (Stoat chat); broader Fediverse/indie-web movement.
- Space/AI funding and policy: [2/3]
🟠 CVE-2026-21510 - High (8.8)
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21510/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21510
CVE-2026-21510
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21510
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21510
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21510
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21510
updated 2026-02-11T16:13:16.180000
4 posts
🟠 CVE-2026-21519 - High (7.8)
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21519/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21519
CVE-2026-21519
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21519
🛡️ CWE: CWE-843
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21519
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21519
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21519
updated 2026-02-11T15:57:42.060000
2 posts
🟠 CVE-2026-21312 - High (7.8)
Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21312 - High (7.8)
Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:43:43.057000
4 posts
Critical Windows RasMan Zero-Day Exploited: February 2026 Patch Released
Microsoft has urgently released security updates on February 10, 2026, to fix a critical zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service. This flaw, tracked as CVE-2026-21525, is actively exploited in the wild, enabling attackers to crash systems and disrupt remote connections—a serious concern for organizations relying on VPNs, remote desktops, and other…
https://undercodenews.com/critical-windows-rasman-zero-day-exploited-february-2026-patch-released/
##🔐 CVE-2026-21525
CVE-2026-21525
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
📊 CVSS Score: 6.2
⚠️ Severity: Medium
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21525
🛡️ CWE: CWE-476
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21525
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21525
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21525
updated 2026-02-11T15:30:35
2 posts
🟠 CVE-2025-48503 - High (7.8)
A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48503/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48503 - High (7.8)
A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48503/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:30:34
2 posts
🟠 CVE-2026-0910 - High (8.8)
The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. This makes it possible for authenticated a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0910 - High (8.8)
The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. This makes it possible for authenticated a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:30:34
2 posts
🔴 CVE-2025-8668 - Critical (9.4)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard allows Reflected XSS.This issue a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-8668 - Critical (9.4)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard allows Reflected XSS.This issue a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:27:26.370000
3 posts
3 repos
https://github.com/LucasM0ntes/POC-CVE-2026-1357
🔴 CVE-2026-1357 - Critical (9.8)
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1357/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-1357 impacts WPvivid Backup & Migration (all versions). Unauthenticated file upload via directory traversal enables RCE. Disable plugin or restrict access immediately! https://radar.offseq.com/threat/cve-2026-1357-cwe-434-unrestricted-upload-of-file--8f35918d #OffSeq #WordPress #Infosec #CVE20261357
##🔴 CVE-2026-1357 - Critical (9.8)
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1357/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:27:26.370000
3 posts
1 repos
https://github.com/Z3YR0xX/CVE-2026-1560-Authenticated-Remote-Code-Execution-in-Lazy-Blocks-4.2.0
🟠 CVE-2026-1560 - High (8.8)
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. This makes it possible for authenticated atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1560/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH severity: CVE-2026-1560 in Lazy Blocks (WordPress, ≤4.2.0) lets Contributor+ users run arbitrary code via improper code generation (CWE-94). No public exploits yet — restrict roles and monitor activity! https://radar.offseq.com/threat/cve-2026-1560-cwe-94-improper-control-of-generatio-655d2091 #OffSeq #WordPress #RCE #Vuln
##🟠 CVE-2026-1560 - High (8.8)
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. This makes it possible for authenticated atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1560/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:27:26.370000
2 posts
🔴 CVE-2025-8025 - Critical (9.8)
Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from < 3.0.1 throug...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-8025 - Critical (9.8)
Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from < 3.0.1 throug...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:16:16.997000
107 posts
9 repos
https://github.com/patchpoint/CVE-2026-20841
https://github.com/BTtea/CVE-2026-20841-PoC
https://github.com/SecureWithUmer/CVE-2026-20841
https://github.com/hackfaiz/CVE-2026-20841-PoC
https://github.com/tangent65536/CVE-2026-20841
https://github.com/atiilla/CVE-2026-20841
https://github.com/RajaUzairAbdullah/CVE-2026-20841
https://www.cve.org/CVERecord?id=CVE-2026-20841
AI enabled remote code execution in Windows Notepad if you open the wrong text file.
(CVE)
##revolt.
- AI governance: SpaceX merger prompts XAI leadership shake‑up; GLM‑5 discussed; EU digital sovereignty push.
- Windows security: Windows 11 Notepad remote code execution CVE-2026-20841 disclosed.
- Bochum urban space: Bochum city center has thousands of unused parking spots; space wasted, calls for transit/urban‑planning action. [2/2]
Microsoft's Notepad Got Pwned (CVE-2026-20841) https://foss-daily.org/posts/microsoft-notepad-2026/
##Social engineering using Notepad?
https://jacen.moe/blog/20260211-weaponizing-notepad-bypassing-microsofts-cve-2026-20841-fix/
#Cybersecurity #SocialEngineering #Infosec #Microsoft #Windows #Tech #Technology
##@odo
From https://www.cve.org/CVERecord?id=CVE-2026-20841
> Improper neutralization of special elements used in a command ('command injection') […]
So maybe notepad just runs something like
```cmd
start "" $link_src
```
And when you write something like
```md
[trust me bro](mailto:foo@bar.baz & echo u pwnd)
```
in your md ...
It maybe translates to something like
```cmd
start "" mailto:foo@bar.baz & echo u pwnd
```
I don't know what the actual vuln is. But sounds like something like the above. Hopefully not that simple. 🤞
##@mttaggart for those utilizing MS defender stack here is a detection for it:
https://github.com/0x-cde/Threat-Hunting-with-KQL/blob/main/Queries/CVE-2026-20841.md
⚠️ Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network
##moves.
- TikTok launches opt-in Local Feed in the US using precise location data.
- Windows Notepad remote code execution vulnerability CVE-2026-20841.
- Europe’s hypersonic program: Mach 6 test completed in Norway as defense autonomy advances. [2/2]
https://winbuzzer.com/2026/02/11/microsoft-patches-notepad-rce-vulnerability-cve-2026-20841-xcxwbn/
Microsoft Patches High-Severity Notepad Remote Code Execution Flaw
#Cybersecurity #MicrosoftNotepad #Microsoft #Windows #MicrosoftWindows #Windows11 #PatchTuesday #SecurityPatches #WindowsVulnerability #Vulnerability
##Here's my CVE-2026-20841 PoC.
(Not really, but I have a feeling it's something that rhymes with this)
##The Vibe-coding Era at Microsoft is going greaaaaaaaat.... https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Looks like the vibe coders at Microsoft forgot to add "don't introduce command injection vulnerabilities" to their prompts?
##🔥 Notepad colpito da vulnerabilità critica
Notepad in Windows 11 espone milioni di PC a un attacco remoto: la vulnerabilità CVE-2026-20841 sfrutta il supporto Markdown per eseguire codice malevolo con un semplice clic su un link
https://gomoot.com/notepad-di-windows-11-colpito-da-vulnerabilita-critica/
##Windows Notepad App Remote Code Execution Vulnerability: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: http://news.ycombinator.com/item?id=46971516
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Imagine being jail to an operating system where even the blast editor is vulnerable
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
https://www.cve.org/CVERecord?id=CVE-2026-20841
Keep contributing and funding alternatives for all of us.
##Notepad++: alcune mie versioni erano vulnerabili
MS Notepad: hold my beer
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Windows Notepad App Remote Code Execution Vulnerability https://lobste.rs/s/kp7jlq #windows
https://www.cve.org/CVERecord?id=CVE-2026-20841
Remote Code Execution on notepad
FUCKING NOTEPAD
Microsoft, keep your claws out of the working code! Notepad does NOT need upgrades to be anything else than an entirely plain text editor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Just A+ work all around.
"Windows Notepad App Remote Code Execution Vulnerability"
##Falha crítica no Bloco de notas (CVE-2026-20841). Um invasor poderia colocar um link malicioso em um arquivo Markdown que, ao ser clicado pela vítima, executaria códigos remotamente. Quem mandou macular a simplicidade do Bloco de notas? Já tem correção disponível. https://www.cve.org/CVERecord?id=CVE-2026-20841&utm_medium=social&utm_source=manualdousuario
##Windows Notepad App Remote Code Execution Vulnerability: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: http://news.ycombinator.com/item?id=46971516
##1976:
In fünfzig Jahren werden wir fliegende Autos haben.
2026:
Schwere Sicherheitslücke in ... Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Что ни день, то повод посмеяться над микрослопом.
Была обнаружена уязвимость, которая позволяет злоумышленникам запускать произвольный код на компьютере жертвы через БЛОКНОТ, сука. Серьёзность уязвимости помечена как ВЫСОКАЯ
##Windows Notepad App Remote Code Execution Vulnerability: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: http://news.ycombinator.com/item?id=46971516
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Notepad.exe RCE Vulnerability 8.8
Are you shitting me?
Windows Notepad App Remote Code Execution Vulnerability: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: http://news.ycombinator.com/item?id=46971516
##Notepad... NOTEPAD!
CVE Record: CVE-2026-20841
##What the.. how?
Notepad was the simplest application on windows. What have they done to it?
##Really looking forward to the analysis of this remote code execution vulnerability in [checks notes] Windows Notepad
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Microsoft hat NOTEPAD.EXE jetzt erfolgreich kaputt gespielt.
##Notepad RCE? https://cvefeed.io/vuln/detail/CVE-2026-20841
##lmao, it's 2026 and we have spaceships in the heliosphere, high-resolution images of Pluto and a permanent robotic presence, in orbit and on ground, on Mars.
plus remote code execution in fucking Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##age-verification concerns.
- Windows security flaws: multiple 2026 CVEs (Notepad RCE CVE-2026-20841; MSHTML; CVE-2026-21510/13/19/25/33) and ongoing Patch Tuesday updates.
- AI and work: productivity boosts but rising cognitive load and burnout; AI adoption altering job markets and roles.
- Open/indie web and OSS: growing use of Pixelfed, Matrix, Zulip; open-source Discord alternatives (Stoat chat); broader Fediverse/indie-web movement.
- Space/AI funding and policy: [2/3]
Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Comments: https://news.ycombinator.com/item?id=46971516
lol
Windows Notepad App Remote Code Execution Vulnerability
##📜 Latest Top Story on #HackerNews: Windows Notepad App Remote Code Execution Vulnerability
🔍 Original Story: https://www.cve.org/CVERecord?id=CVE-2026-20841
👤 Author: riffraff
⭐ Score: 63
💬 Number of Comments: 12
🕒 Posted At: 2026-02-11 06:15:33 UTC
🔗 URL: https://news.ycombinator.com/item?id=46971516
#news #hackernewsbot #bot #hackernews
Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
#Windows #sécurité
Oh misère, y'a même des failles RCE dans le Notepad de Windows ???
https://www.cve.org/CVERecord?id=CVE-2026-20841
Windows Notepad App Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2026-20841
##Windows Notepad App Remote Code Execution Vulnerability
##Windows Notepad App Remote Code Execution Vulnerability
##Notepad was nice because all it did was display some text. Not necessarily very well, but it was better than whatever combination of decisions lead to “Windows Notepad App Remote Code Execution Vulnerability”.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Microsoft: I have made Notepad✨
Security researchers: You fucked up a perfectly good plaintext editor is what you did. Look at it. It's got RCEs.
##They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
##What is it, Microsoft shited their pants again lol :neofox_laugh_tears:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Even this page didn't load properly :neofox_laugh_tears:
#Microsoft #windows
@stefan@akko.lightnovel-dungeon.de @volpeon@icy.wyvern.rip Nope.
Here is the CVE
https://www.cve.org/CVERecord?id=CVE-2026-20841
microsoft: we have made a new notepad.exe
everyone else: you f***ed up a perfectly good text editor, is what you did. look at it. it's got RCE.
##CVE-2026-20841 = Windows Notepad App Remote Code Execution Vulnerability
"An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files."
lolwut
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##someone earlier today said "RCE in Notepad" and i was like "haha funny" and then someone ELSE said RCE in Notepad and then i was like youve gotta be fucking kidding me
##Kein Kommentar. Wäre nicht zitierfähig. Aber...
RCE im Notizblock?! Wie verstrahlt- uhm "vibed" ist das denn?!
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##https://www.cve.org/CVERecord?id=CVE-2026-20841
##Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
Notepad
over a network
Microsoft Windows 11 enshitification continues with its screwing up what was a perfectly functional text file editor - Notepad - adding layers of garbage on it and congratulations, Notepad, yes, bleeding Notepad now has a code execution vulnerability on it.
https://www.cve.org/CVERecord?id=CVE-2026-20841
It's only the Windows 11 Notepad they've screwed up - anyone on any earlier version, which for safety's sake should only be online if it is Windows 10 with the Extended Service Updates (new one just today), is fine.
##RE: https://tech.lgbt/@solonovamax/116049115040950367
https://www.cve.org/CVERecord?id=CVE-2026-20841
WHAT'S THE NETWORK ELEMENT in FUCKING NOTEPAD
WHAT BIT COULD IT BEEEEEEEE
edit: ahhh! the notepad thing might not be copilot. the bug is that a URL in a markdown file can actually be a sploit that runs stuff as the user. so this may not be an ai story. dammit.
##"Windows Notepad App Remote Code Execution Vulnerability"
That's it: I'm going back to AppleWorks, on my Apple IIe.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##@m4rc3l CVE-2026-20841 #c3d2leaks
##https://www.cve.org/CVERecord?id=CVE-2026-20841
AI enabled remote code execution in Windows Notepad if you open the wrong text file.
Microsoft's Notepad Got Pwned (CVE-2026-20841) https://foss-daily.org/posts/microsoft-notepad-2026/
##Social engineering using Notepad?
https://jacen.moe/blog/20260211-weaponizing-notepad-bypassing-microsofts-cve-2026-20841-fix/
#Cybersecurity #SocialEngineering #Infosec #Microsoft #Windows #Tech #Technology
##@mttaggart for those utilizing MS defender stack here is a detection for it:
https://github.com/0x-cde/Threat-Hunting-with-KQL/blob/main/Queries/CVE-2026-20841.md
⚠️ Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network
##https://winbuzzer.com/2026/02/11/microsoft-patches-notepad-rce-vulnerability-cve-2026-20841-xcxwbn/
Microsoft Patches High-Severity Notepad Remote Code Execution Flaw
#Cybersecurity #MicrosoftNotepad #Microsoft #Windows #MicrosoftWindows #Windows11 #PatchTuesday #SecurityPatches #WindowsVulnerability #Vulnerability
##Here's my CVE-2026-20841 PoC.
(Not really, but I have a feeling it's something that rhymes with this)
##The Vibe-coding Era at Microsoft is going greaaaaaaaat.... https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##🔥 Notepad colpito da vulnerabilità critica
Notepad in Windows 11 espone milioni di PC a un attacco remoto: la vulnerabilità CVE-2026-20841 sfrutta il supporto Markdown per eseguire codice malevolo con un semplice clic su un link
https://gomoot.com/notepad-di-windows-11-colpito-da-vulnerabilita-critica/
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Imagine being jail to an operating system where even the blast editor is vulnerable
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
https://www.cve.org/CVERecord?id=CVE-2026-20841
Keep contributing and funding alternatives for all of us.
##Windows Notepad App Remote Code Execution Vulnerability https://lobste.rs/s/kp7jlq #windows
https://www.cve.org/CVERecord?id=CVE-2026-20841
Remote Code Execution on notepad
FUCKING NOTEPAD
Microsoft, keep your claws out of the working code! Notepad does NOT need upgrades to be anything else than an entirely plain text editor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Just A+ work all around.
"Windows Notepad App Remote Code Execution Vulnerability"
##Falha crítica no Bloco de notas (CVE-2026-20841). Um invasor poderia colocar um link malicioso em um arquivo Markdown que, ao ser clicado pela vítima, executaria códigos remotamente. Quem mandou macular a simplicidade do Bloco de notas? Já tem correção disponível. https://www.cve.org/CVERecord?id=CVE-2026-20841&utm_medium=social&utm_source=manualdousuario
##1976:
In fünfzig Jahren werden wir fliegende Autos haben.
2026:
Schwere Sicherheitslücke in ... Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Что ни день, то повод посмеяться над микрослопом.
Была обнаружена уязвимость, которая позволяет злоумышленникам запускать произвольный код на компьютере жертвы через БЛОКНОТ, сука. Серьёзность уязвимости помечена как ВЫСОКАЯ
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Notepad.exe RCE Vulnerability 8.8
Are you shitting me?
Notepad... NOTEPAD!
CVE Record: CVE-2026-20841
##What the.. how?
Notepad was the simplest application on windows. What have they done to it?
##Really looking forward to the analysis of this remote code execution vulnerability in [checks notes] Windows Notepad
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
Microsoft hat NOTEPAD.EXE jetzt erfolgreich kaputt gespielt.
##Notepad RCE? https://cvefeed.io/vuln/detail/CVE-2026-20841
##lmao, it's 2026 and we have spaceships in the heliosphere, high-resolution images of Pluto and a permanent robotic presence, in orbit and on ground, on Mars.
plus remote code execution in fucking Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Comments: https://news.ycombinator.com/item?id=46971516
lol
Windows Notepad App Remote Code Execution Vulnerability
##Windows Notepad App Remote Code Execution Vulnerability
Link: https://www.cve.org/CVERecord?id=CVE-2026-20841
Discussion: https://news.ycombinator.com/item?id=46971516
#Windows #sécurité
Oh misère, y'a même des failles RCE dans le Notepad de Windows ???
https://www.cve.org/CVERecord?id=CVE-2026-20841
Windows Notepad App Remote Code Execution Vulnerability
##Windows Notepad App Remote Code Execution Vulnerability
##Notepad was nice because all it did was display some text. Not necessarily very well, but it was better than whatever combination of decisions lead to “Windows Notepad App Remote Code Execution Vulnerability”.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##Microsoft: I have made Notepad✨
Security researchers: You fucked up a perfectly good plaintext editor is what you did. Look at it. It's got RCEs.
##They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
##@stefan@akko.lightnovel-dungeon.de @volpeon@icy.wyvern.rip Nope.
Here is the CVE
https://www.cve.org/CVERecord?id=CVE-2026-20841
microsoft: we have made a new notepad.exe
everyone else: you f***ed up a perfectly good text editor, is what you did. look at it. it's got RCE.
##CVE-2026-20841 = Windows Notepad App Remote Code Execution Vulnerability
"An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files."
lolwut
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##https://www.cve.org/CVERecord?id=CVE-2026-20841
##Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
Notepad
over a network
Microsoft Windows 11 enshitification continues with its screwing up what was a perfectly functional text file editor - Notepad - adding layers of garbage on it and congratulations, Notepad, yes, bleeding Notepad now has a code execution vulnerability on it.
https://www.cve.org/CVERecord?id=CVE-2026-20841
It's only the Windows 11 Notepad they've screwed up - anyone on any earlier version, which for safety's sake should only be online if it is Windows 10 with the Extended Service Updates (new one just today), is fine.
##RE: https://tech.lgbt/@solonovamax/116049115040950367
https://www.cve.org/CVERecord?id=CVE-2026-20841
WHAT'S THE NETWORK ELEMENT in FUCKING NOTEPAD
WHAT BIT COULD IT BEEEEEEEE
edit: ahhh! the notepad thing might not be copilot. the bug is that a URL in a markdown file can actually be a sploit that runs stuff as the user. so this may not be an ai story. dammit.
##"Windows Notepad App Remote Code Execution Vulnerability"
That's it: I'm going back to AppleWorks, on my Apple IIe.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##@m4rc3l CVE-2026-20841 #c3d2leaks
##From the WTF department, sorry, I mean from Microsoft: an RCE in Notepad of all things. (Well, the new app with AI and stuff; not the old one.)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
##A vulnerability in Notepad 🤦♂️
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
updated 2026-02-11T12:30:27
2 posts
🟠 CVE-2026-0958 - High (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0958/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0958 - High (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0958/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T12:30:27
2 posts
🟠 CVE-2025-8099 - High (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by send...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8099/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-8099 - High (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by send...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8099/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T12:30:27
2 posts
🟠 CVE-2025-7659 - High (8)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-7659/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-7659 - High (8)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-7659/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T12:30:26
2 posts
🟠 CVE-2025-15096 - High (8.8)
The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-15096 - High (8.8)
The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T12:30:26
2 posts
🟠 CVE-2025-10174 - High (8.3)
Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10174/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-10174 - High (8.3)
Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10174/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T09:30:24
2 posts
🟠 CVE-2025-10913 - High (8.3)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda: through 110...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10913/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-10913 - High (8.3)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda: through 110...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10913/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T09:30:24
2 posts
🟠 CVE-2025-9986 - High (8.2)
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-9986/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-9986 - High (8.2)
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-9986/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
🟠 CVE-2026-21228 - High (8.1)
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21228/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21228 - High (8.1)
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21228/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
1 posts
🚨 CVE-2026-25993 (CRITICAL): EverShop <2.1.1 allows unauthenticated SQL injection via url_key in category handling. Upgrade to 2.1.1+ or enforce input validation now! https://radar.offseq.com/threat/cve-2026-25993-cwe-89-improper-neutralization-of-s-6994a1ac #OffSeq #SQLInjection #Infosec #EverShop #Vuln
##updated 2026-02-10T21:51:48.077000
2 posts
🚨 karutoil catalyst (<11980aaf3f46315b02777f325ba02c56b110165d) faces CRITICAL OS command injection (CVE-2026-26009, CVSS 10.0). Users with template perms can execute root shell commands cluster-wide. Patch immediately! https://radar.offseq.com/threat/cve-2026-26009-cwe-78-improper-neutralization-of-s-ff7845bb #OffSeq #vuln #infosec #CVE202626009
##🔴 CVE-2026-26009 - Critical (9.9)
Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26009/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
1 posts
🟠 CVE-2026-25611 - High (7.5)
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25611/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
1 posts
🟠 CVE-2026-21353 - High (7.8)
DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21353/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
1 posts
🟠 CVE-2026-21349 - High (7.8)
Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21349/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:42
1 posts
🟠 CVE-2026-21344 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21344/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:42
1 posts
🟠 CVE-2026-1507 - High (7.5)
The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1507/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:41
1 posts
🟠 CVE-2026-21345 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21345/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:41
1 posts
🟠 CVE-2026-21352 - High (7.8)
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:37
1 posts
🟠 CVE-2026-21342 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21342/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:36
1 posts
🟠 CVE-2026-1848 - High (7.5)
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1848/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:36
1 posts
🟠 CVE-2026-21343 - High (7.8)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21343/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:31:29
5 posts
A critical zero-day vulnerability in Microsoft Word, identified as CVE-2026-21514, has been disclosed. The flaw is being actively exploited in the wild.
https://cybersecuritynews.com/microsoft-office-word-0-day-vulnerability/
🟠 CVE-2026-21514 - High (7.8)
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21514/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21514
CVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21514
🛡️ CWE: CWE-807
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21514
Vendor: Microsoft
Product: Office
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21514
updated 2026-02-10T21:31:29
4 posts
🟠 CVE-2026-21513 - High (8.8)
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21513/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21513
CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21513
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21513
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##updated 2026-02-10T21:31:29
4 posts
1 repos
🟠 CVE-2026-21533 - High (7.8)
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21533/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-21533
CVE-2026-21533
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21533
🛡️ CWE: CWE-269
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21533
CISA has updated the KEV catalogue, and Microsoft is the winner.
- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514
- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519
- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533
- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510
- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525
CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513
More:
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability
##CVE ID: CVE-2026-21533
Vendor: Microsoft
Product: Windows
Date Added: 2026-02-10
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21533
updated 2026-02-10T19:56:57
1 posts
🟠 CVE-2026-25992 - High (7.5)
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25992/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:54
2 posts
🟠 CVE-2026-21537 - High (8.8)
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21537/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:53
2 posts
🟠 CVE-2026-21328 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21328/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21328 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21328/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
🟠 CVE-2026-21322 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21322 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:52
2 posts
🟠 CVE-2026-21318 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21318 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21240 - High (7.8)
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21240 - High (7.8)
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21243 - High (7.5)
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21243 - High (7.5)
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21251 - High (7.8)
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21251/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21251 - High (7.8)
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21251/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21250 - High (7.8)
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21250 - High (7.8)
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21323 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21323/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21323 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21323/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21320 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21320/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21320 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21320/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21329 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21329/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21329 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21329/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21326 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21326/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21326 - High (7.8)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21326/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21324 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21324 - High (7.8)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
🟠 CVE-2026-21256 - High (8.8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21256/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21256 - High (8.8)
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21256/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
2 posts
🟠 CVE-2026-21335 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21335/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21335 - High (7.8)
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21335/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:50
1 posts
🟠 CVE-2026-21516 - High (8.8)
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21516/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:49
2 posts
Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager
Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.
**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ivanti-patches-high-severity-authentication-bypass-in-endpoint-manager-d-7-x-9-j/gD2P6Ple2L
Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager
Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.
**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ivanti-patches-high-severity-authentication-bypass-in-endpoint-manager-d-7-x-9-j/gD2P6Ple2L
updated 2026-02-10T18:30:49
2 posts
🟠 CVE-2026-21229 - High (8)
Improper input validation in Power BI allows an authorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21229/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21229 - High (8)
Improper input validation in Power BI allows an authorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21229/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:49
2 posts
🟠 CVE-2026-21238 - High (7.8)
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21238/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21238 - High (7.8)
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21238/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:48
1 posts
2 repos
Critical FortiOS Vulnerability Exposes Networks to LDAP Authentication Bypass
Fortinet has issued a major security alert warning of a serious flaw in its FortiOS firewall software. The vulnerability, tracked as CVE-2026-22153, allows attackers to bypass LDAP authentication entirely—meaning hackers can gain access without needing a valid username or password. This type of breach could compromise sensitive enterprise networks and VPN connections, putting critical data at…
##updated 2026-02-10T18:30:38
2 posts
Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager
Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.
**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ivanti-patches-high-severity-authentication-bypass-in-endpoint-manager-d-7-x-9-j/gD2P6Ple2L
Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager
Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.
**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ivanti-patches-high-severity-authentication-bypass-in-endpoint-manager-d-7-x-9-j/gD2P6Ple2L
updated 2026-02-10T18:30:34
7 posts
63 repos
https://github.com/shivam-bathla/CVE-2026-24061-setup
https://github.com/Lingzesec/CVE-2026-24061-GUI
https://github.com/androidteacher/CVE-2026-24061-PoC-Telnetd
https://github.com/obrunolima1910/obrunolima1910.github.io
https://github.com/midox008/CVE-2026-24061
https://github.com/nrnw/CVE-2026-24061-GNU-inetutils-Telnet-Detector
https://github.com/ms0x08-dev/CVE-2026-24061-POC
https://github.com/z3n70/CVE-2026-24061
https://github.com/Ali-brarou/telnest
https://github.com/hackingyseguridad/root
https://github.com/r00tuser111/CVE-2026-24061
https://github.com/hilwa24/CVE-2026-24061
https://github.com/lavabyte/telnet-CVE-2026-24061
https://github.com/punitdarji/telnetd-cve-2026-24061
https://github.com/ibrahmsql/CVE-2026-24061-PoC
https://github.com/Chocapikk/CVE-2026-24061
https://github.com/parameciumzhang/Tell-Me-Root
https://github.com/duy-31/CVE-2026-24061---telnetd
https://github.com/XsanFlip/CVE-2026-24061-Scanner
https://github.com/infat0x/CVE-2026-24061
https://github.com/m3ngx1ng/cve_2026_24061_cli
https://github.com/Gabs-hub/CVE-2026-24061_Lab
https://github.com/monstertsl/CVE-2026-24061
https://github.com/SeptembersEND/CVE--2026-24061
https://github.com/0x7556/CVE-2026-24061
https://github.com/LucasPDiniz/CVE-2026-24061
https://github.com/Mr-Zapi/CVE-2026-24061
https://github.com/cumakurt/tscan
https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061
https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061
https://github.com/JayGLXR/CVE-2026-24061-POC
https://github.com/X-croot/CVE-2026-24061_POC
https://github.com/cyberpoul/CVE-2026-24061-POC
https://github.com/SafeBreach-Labs/CVE-2026-24061
https://github.com/Good123321-bot/good123321-bot.github.io
https://github.com/killsystema/scan-cve-2026-24061
https://github.com/h3athen/CVE-2026-24061
https://github.com/franckferman/CVE_2026_24061_PoC
https://github.com/Parad0x7e/CVE-2026-24061
https://github.com/scumfrog/cve-2026-24061
https://github.com/madfxr/Twenty-Three-Scanner
https://github.com/SystemVll/CVE-2026-24061
https://github.com/yanxinwu946/CVE-2026-24061--telnetd
https://github.com/leonjza/inetutils-telnetd-auth-bypass
https://github.com/buzz075/CVE-2026-24061
https://github.com/TryA9ain/CVE-2026-24061
https://github.com/balgan/CVE-2026-24061
https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-
https://github.com/hyu164/Terrminus-CVE-2026-2406
https://github.com/obrunolima1910/CVE-2026-24061
https://github.com/Alter-N0X/CVE-2026-24061-POC
https://github.com/xuemian168/CVE-2026-24061
https://github.com/ridpath/Terrminus-CVE-2026-2406
https://github.com/Mefhika120/Ashwesker-CVE-2026-24061
https://github.com/novitahk/Exploit-CVE-2026-24061
https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061
https://github.com/Moxxic1/Tell-Me-Root
https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester
https://github.com/typeconfused/CVE-2026-24061
https://github.com/Moxxic1/moxxic1.github.io
https://github.com/FurkanKAYAPINAR/CVE-2026-24061-telnet2root
USER='-f root' telnet -a ur.momma
root@ur.momma:~# got em!
https://www.cve.org/CVERecord?id=CVE-2026-24061
https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
##Fixed Issues
> Fixed a security vulnerability regarding telnetd (CVE-2026-24061).
Thanks Synology.
##I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
##USER='-f root' telnet -a ur.momma
root@ur.momma:~# got em!
https://www.cve.org/CVERecord?id=CVE-2026-24061
https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
##Fixed Issues
> Fixed a security vulnerability regarding telnetd (CVE-2026-24061).
Thanks Synology.
##I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
##I can't remember if I cried
When my `-f root` hit an ACL line
But something touched me deep inside…
The day the telnet died
On January 14, 2026, global telnet traffic observed by the GreyNoise Global Observation Grid fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing (telnet-wise) from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
##updated 2026-02-10T06:30:39
2 posts
SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
updated 2026-02-10T06:30:38
2 posts
SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
SAP February 2026 Updates Patch Critical CRM, S/4HANA and NetWeaver Flaws
SAP's February 2026 Patch Tuesday addresses 27 security notes, including two critical vulnerabilities: CVE-2026-0488, code injection flaw in SAP CRM/S/4HANA enabling full database compromise, and CVE-2026-0509, missing authorization check in NetWeaver AS ABAP allowing unauthorized remote function calls.
**Make sure all SAP platforms are isolated from the internet and accessible from trusted networks only. Prioritize patching the CRM and S/4HANA Scripting Editor and NetWeaver Application Server ABAP critical vulnerabilities, then address the high-severity XML Signature Wrapping flaw in NetWeaver and the DoS issues in Supply Chain Management and BusinessObjects.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-february-2026-updates-patch-critical-crm-s-4hana-and-netweaver-flaws-m-7-v-w-t/gD2P6Ple2L
updated 2026-02-10T02:15:52.253000
2 posts
2 repos
CVE-2026-1529 - keycloak: unauthorized organization registration via improper invitation token validation https://lobste.rs/s/ghqflm #security
https://cvefeed.io/vuln/detail/CVE-2026-1529
CVE-2026-1529 - keycloak: unauthorized organization registration via improper invitation token validation https://lobste.rs/s/ghqflm #security
https://cvefeed.io/vuln/detail/CVE-2026-1529
updated 2026-02-09T22:39:36
1 posts
Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- Git default branch: Git 3.0 will make "main" the default branch by end of 2026.
- COLRv1 in WebKit: COLRv1 font rendering support in WebKit.
- Linux kernel 7.0: io_uring gains filtering support (cBPF opcodes) and per-task filters.
- AWS Lambda CVEs: 29 CVEs across 27 Lambda base images; CVE-2026-25639 affecting base images.
- Post-OOP: Move [1/2]
updated 2026-02-09T18:49:19
2 posts
Critical UUID Flaw in Fiber v2 Framework Enables Session Hijacking
Fiber v2 patched a critical vulnerability (CVE-2025-66630) that generates predictable all-zero UUIDs when secure randomness fails, enabling session hijacking and CSRF bypass.
**If you are running applications running Fiber v2, prioritize updating to version 2.52.11 and update environments to Go 1.24, This is a weird flaw that may not happen regularly and is hard to reproduce, but it will hit you if you leave the old version long enough. It's better to patch than to hope.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-uuid-flaw-in-fiber-v2-framework-enables-session-hijacking-s-n-a-1-9/gD2P6Ple2L
Critical UUID Flaw in Fiber v2 Framework Enables Session Hijacking
Fiber v2 patched a critical vulnerability (CVE-2025-66630) that generates predictable all-zero UUIDs when secure randomness fails, enabling session hijacking and CSRF bypass.
**If you are running applications running Fiber v2, prioritize updating to version 2.52.11 and update environments to Go 1.24, This is a weird flaw that may not happen regularly and is hard to reproduce, but it will hit you if you leave the old version long enough. It's better to patch than to hope.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-uuid-flaw-in-fiber-v2-framework-enables-session-hijacking-s-n-a-1-9/gD2P6Ple2L
updated 2026-02-09T16:08:55.263000
4 posts
3 repos
https://github.com/win3zz/CVE-2026-1731
New.
GreyNoise: Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731 @greynoise #infosec #vulnerability
##Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far
#CVE_2026_1731
https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731
New.
GreyNoise: Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731 @greynoise #infosec #vulnerability
##Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far
#CVE_2026_1731
https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731
updated 2026-02-09T09:30:28
2 posts
HGiga Patches Critical Authentication Bypass and SQL Injection Flaws in C&Cm@il
HGiga patched three vulnerabilities in its C&Cm@il platform, including a critical missing authentication flaw (CVE-2026-2234) that allows unauthenticated attackers to read and modify any user's emails.
**If you use HGiga C&Cm@il, plan a quick update to version 7.0-978. Since the most severe flaw allows attackers to read mail without a password, treat this as a high-priority emergency patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/hgiga-patches-critical-authentication-bypass-and-sql-injection-flaws-in-c-cm-il-b-m-r-j-8/gD2P6Ple2L
HGiga Patches Critical Authentication Bypass and SQL Injection Flaws in C&Cm@il
HGiga patched three vulnerabilities in its C&Cm@il platform, including a critical missing authentication flaw (CVE-2026-2234) that allows unauthenticated attackers to read and modify any user's emails.
**If you use HGiga C&Cm@il, plan a quick update to version 7.0-978. Since the most severe flaw allows attackers to read mail without a password, treat this as a high-priority emergency patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/hgiga-patches-critical-authentication-bypass-and-sql-injection-flaws-in-c-cm-il-b-m-r-j-8/gD2P6Ple2L
updated 2026-02-06T19:06:46
2 posts
Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass
Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.
**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerabilities-enable-remote-code-execution-and-2fa-bypass-0-4-b-b-k/gD2P6Ple2L
Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass
Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.
**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerabilities-enable-remote-code-execution-and-2fa-bypass-0-4-b-b-k/gD2P6Ple2L
updated 2026-02-06T19:06:45
2 posts
Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass
Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.
**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerabilities-enable-remote-code-execution-and-2fa-bypass-0-4-b-b-k/gD2P6Ple2L
Critical Gogs Vulnerabilities Enable Remote Code Execution and 2FA Bypass
Gogs released security updates to address a critical RCE vulnerability (CVE-2025-64111) and a 2FA bypass (CVE-2025-64175) affecting self-hosted Git instances. These flaws allow authenticated attackers to execute system commands via malicious Git configurations or take over user accounts by misusing recovery codes.
**If you are using self-hosted Gogs, this is important - especially if your Gogs is publicly accessible and free to register. Update to version 0.13.4. If you cannot patch right away, restrict network access to your Git service and ensure only trusted users can register and push code.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerabilities-enable-remote-code-execution-and-2fa-bypass-0-4-b-b-k/gD2P6Ple2L
updated 2026-02-05T13:01:23.843000
1 posts
9 repos
https://github.com/Marcejr117/CVE-2025-24071_PoC
https://github.com/rubenformation/CVE-2025-50154
https://github.com/Wind010/CVE-2025-24054_PoC
https://github.com/basekilll/CVE-2025-24054_PoC
https://github.com/Yuri08loveElaina/CVE-2025-24054_POC
https://github.com/S4mma3l/CVE-2025-24054
https://github.com/Untouchable17/CVE-2025-24054
https://github.com/moften/CVE-2025-24054
https://github.com/helidem/CVE-2025-24054_CVE-2025-24071-PoC
🚨 New Exploit: Windows 10.0.17763.7009 - spoofing vulnerability
📋 CVE: CVE-2025-24054
👤 Author: beatrizfn
🔗 https://www.exploit-db.com/exploits/52480
#ExploitDB #InfoSec #CyberSecurity #CVE-2025-24054
##updated 2026-02-04T21:09:38
4 posts
1 repos
https://github.com/otakuliu/Expression-Sandbox-Escape-Simulation-Lab
🐞 Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security // Het Mehta
「 CVE-2026-25049, a critical vulnerability with a CVSS score of 9.4 that let attackers execute arbitrary system commands on n8n servers. What makes this particularly interesting (and painful for n8n’s security team) is that this vulnerability bypassed a security fix they had just deployed two months earlier 」
##Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security via @wezm https://lobste.rs/s/wepiig #security
https://hetmehta.com/posts/n8n-type-confusion-rce/
🐞 Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security // Het Mehta
「 CVE-2026-25049, a critical vulnerability with a CVSS score of 9.4 that let attackers execute arbitrary system commands on n8n servers. What makes this particularly interesting (and painful for n8n’s security team) is that this vulnerability bypassed a security fix they had just deployed two months earlier 」
##Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security via @wezm https://lobste.rs/s/wepiig #security
https://hetmehta.com/posts/n8n-type-confusion-rce/
updated 2026-02-04T18:30:51
2 posts
Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##updated 2026-02-04T16:34:21.763000
2 posts
1 repos
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
@wiert @christopherkunz https://www.hackernoob.tips/critical-ivanti-epmm-zero-day-vulnerabilities-cve-2026-1281-cve-2026-1340-demand-immediate-ciso-action/
##@wiert @christopherkunz https://www.hackernoob.tips/critical-ivanti-epmm-zero-day-vulnerabilities-cve-2026-1281-cve-2026-1340-demand-immediate-ciso-action/
##updated 2026-02-03T16:44:36.630000
1 posts
4 repos
https://github.com/Joseph19820124/openclaw-vuln-report
https://github.com/al4n4n/CVE-2026-25253-research
📰 CVE-2026-25253: How Malicious Links Can Steal Authentication Tokens and Compromise OpenClaw AI Systems
This article examines the CVE-2026-25253 vulnerability in the OpenClaw AI assistant, highlighting how it enables attackers to capture authentication tokens through malicious web pages and compromised WebSocket connections
##updated 2026-01-31T00:31:36
1 posts
2 repos
Palo Alto advisory, posted yesterday:
Moderate: CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal https://security.paloaltonetworks.com/CVE-2026-0227 #PaloAlto #infosec #vulnerability
##updated 2026-01-30T00:31:29
2 posts
1 repos
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
@wiert @christopherkunz https://www.hackernoob.tips/critical-ivanti-epmm-zero-day-vulnerabilities-cve-2026-1281-cve-2026-1340-demand-immediate-ciso-action/
##@wiert @christopherkunz https://www.hackernoob.tips/critical-ivanti-epmm-zero-day-vulnerabilities-cve-2026-1281-cve-2026-1340-demand-immediate-ciso-action/
##updated 2026-01-27T16:16:55.327000
2 posts
2 repos
https://github.com/MaxMnMl/smartermail-CVE-2026-23760-poc
https://github.com/hilwa24/CVE-2026-23760_SmarterMail-Auth-Bypass-and-RCE
Storm-2603 Exploits CVE-2026-23760 to Stage Warlock Ransomware
#Storm_2603 #CVE_2026_23760 #WarlockRansomware
https://reliaquest.com/blog/threat-spotlight-storm-2603-exploits-CVE-2026-23760-to-stage-warlock-ransomware
Storm-2603 Exploits CVE-2026-23760 to Stage Warlock Ransomware
#Storm_2603 #CVE_2026_23760 #WarlockRansomware
https://reliaquest.com/blog/threat-spotlight-storm-2603-exploits-CVE-2026-23760-to-stage-warlock-ransomware
updated 2026-01-08T18:08:54.147000
2 posts
Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##updated 2026-01-08T16:28:27.603000
1 posts
17 repos
https://github.com/leesh3288/CVE-2023-4911
https://github.com/NishanthAnand21/CVE-2023-4911-PoC
https://github.com/Diego-AltF4/CVE-2023-4911
https://github.com/xiaoQ1z/CVE-2023-4911
https://github.com/chaudharyarjun/LooneyPwner
https://github.com/silent6trinity/looney-tuneables
https://github.com/Green-Avocado/CVE-2023-4911
https://github.com/RickdeJager/CVE-2023-4911
https://github.com/hadrian3689/looney-tunables-CVE-2023-4911
https://github.com/ruycr4ft/CVE-2023-4911
https://github.com/Billar42/CVE-2023-4911
https://github.com/snurkeburk/Looney-Tunables
https://github.com/guffre/CVE-2023-4911
https://github.com/teraGL/looneyCVE
https://github.com/KillReal01/CVE-2023-4911
🚨 New Exploit: glibc 2.38 - Buffer Overflow
📋 CVE: CVE-2023-4911
👤 Author: Beatriz Fresno Naumova
🔗 https://www.exploit-db.com/exploits/52479
#ExploitDB #InfoSec #CyberSecurity #CVE-2023-4911
##updated 2026-01-07T18:30:33
2 posts
Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##Cisco posted two advisories yesterday, if you missed them.
- High: CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
- Medium: CVE-2026-20026 and CVE-2026-20027 Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH @cisco #Cisco #infosec #vulnerability
##updated 2025-12-17T21:31:01
2 posts
7 repos
https://github.com/sakyu7/sakyu7.github.io
https://github.com/SgtBattenHA/Analysis
https://github.com/bjrjk/CVE-2025-43529
https://github.com/jir4vv1t/CVE-2025-43529
https://github.com/zeroxjf/WebKit-UAF-ANGLE-OOB-Analysis
https://github.com/SimoesCTT/CTT-Apple-Silicon-Refraction
https://github.com/SimoesCTT/Convergent-Time-Theory-Enhanced-iOS-Safari-RCE-CVE-2025-43529-
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
updated 2025-12-15T15:30:31
2 posts
6 repos
https://github.com/George0Papasotiriou/CVE-2025-14174-Chrome-Zero-Day
https://github.com/sakyu7/sakyu7.github.io
https://github.com/SgtBattenHA/Analysis
https://github.com/zeroxjf/WebKit-UAF-ANGLE-OOB-Analysis
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.
🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3
updated 2025-11-03T21:48:21
1 posts
1 repos
🚨 New Exploit: motionEye 0.43.1b4 - RCE
📋 CVE: CVE-2025-60787
👤 Author: prabhat
🔗 https://www.exploit-db.com/exploits/52481
#ExploitDB #InfoSec #CyberSecurity #CVE-2025-60787
##updated 2025-10-30T15:50:59.680000
4 posts
28 repos
https://github.com/travisbgreen/cve-2025-8088
https://github.com/nhattanhh/CVE-2025-8088
https://github.com/lucyna77/winrar-exploit
https://github.com/hexsecteam/CVE-2025-8088-Winrar-Tool
https://github.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC
https://github.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC
https://github.com/pentestfunctions/best-CVE-2025-8088
https://github.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability
https://github.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal
https://github.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition
https://github.com/xi0onamdev/WinRAR-CVE-2025-8088-Exploitation-Toolkit
https://github.com/jordan922/CVE-2025-8088
https://github.com/pentestfunctions/CVE-2025-8088-Multi-Document
https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder
https://github.com/nuky-alt/CVE-2025-8088
https://github.com/pescada-dev/-CVE-2025-8088
https://github.com/ghostn4444/CVE-2025-8088
https://github.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR
https://github.com/Ismael-20223/CVE-2025-8088
https://github.com/Markusino488/cve-2025-8088
https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool
https://github.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui
https://github.com/techcorp/CVE-2025-8088-Exploit
https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC
https://github.com/ilhamrzr/RAR-Anomaly-Inspector
https://github.com/walidpyh/CVE-2025-8088
https://github.com/hbesljx/CVE-2025-8088-EXP
https://github.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit-
Stairwell: "over 80% of monitored environments contain vulnerable versions of WinRAR affected by CVE-2025-8088"
🙃🙃🙃🙃🙃 :blobpeek:
###CheckPoint Research observed #Amaranth-Dragon, a Chinese-aligned group linked to #APT41, conducting espionage against government and law enforcement across Southeast Asia. The threat actor weaponized #WinRAR flaw CVE-2025-8088 within 10 days after its disclosure, geo-fenced servers to targets, and introduced #TGAmaranth, a Telegram-based remote access tool.
##Stairwell: "over 80% of monitored environments contain vulnerable versions of WinRAR affected by CVE-2025-8088"
🙃🙃🙃🙃🙃 :blobpeek:
###CheckPoint Research observed #Amaranth-Dragon, a Chinese-aligned group linked to #APT41, conducting espionage against government and law enforcement across Southeast Asia. The threat actor weaponized #WinRAR flaw CVE-2025-8088 within 10 days after its disclosure, geo-fenced servers to targets, and introduced #TGAmaranth, a Telegram-based remote access tool.
##updated 2025-10-22T00:31:30
2 posts
7 repos
https://github.com/zldww2011/CVE-2018-0802_POC
https://github.com/Palvinder-Singh/PS_CVE2018-0802
https://github.com/likekabin/CVE-2018-0802_CVE-2017-11882
https://github.com/roninAPT/CVE-2018-0802
https://github.com/rxwx/CVE-2018-0802
Observed campaign summary:
Initial Access:
• Phishing emails with Excel (.XLAM) attachments
Execution:
• CVE-2018-0802 (EQNEDT32.EXE)
• HTA → mshta.exe
• PowerShell in-memory decoding
Deployment:
• Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
• Process hollowing into Msbuild.exe
• AES-encrypted C2 packets
• delimited command protocol
• Plugin-based architecture (50+ modules)
Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.
This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.
Blue teamers - which telemetry source provides the strongest signal here?
Follow @technadu for ongoing malware analysis and threat intelligence coverage.
#Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu
##Observed campaign summary:
Initial Access:
• Phishing emails with Excel (.XLAM) attachments
Execution:
• CVE-2018-0802 (EQNEDT32.EXE)
• HTA → mshta.exe
• PowerShell in-memory decoding
Deployment:
• Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
• Process hollowing into Msbuild.exe
• AES-encrypted C2 packets
• delimited command protocol
• Plugin-based architecture (50+ modules)
Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.
This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.
Blue teamers - which telemetry source provides the strongest signal here?
Follow @technadu for ongoing malware analysis and threat intelligence coverage.
#Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu
##updated 2025-09-17T15:31:32
1 posts
updated 2025-04-15T14:24:22
2 posts
Should be a lot more! They don't organise frontend and npm vuln that way. This doesn't even mention JavaScript:
https://www.cve.org/CVERecord?id=CVE-2025-3573
The search relies on descriptions for which standard terms are "an ongoing area of research" 🧐
https://www.cve.org/ResourcesSupport/FAQs#pc_cve_list_basicssearch_cve
##Should be a lot more! They don't organise frontend and npm vuln that way. This doesn't even mention JavaScript:
https://www.cve.org/CVERecord?id=CVE-2025-3573
The search relies on descriptions for which standard terms are "an ongoing area of research" 🧐
https://www.cve.org/ResourcesSupport/FAQs#pc_cve_list_basicssearch_cve
##2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC
https://www.haproxy.com/blog/cves-2026-quic-denial-of-service
##2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC
https://www.haproxy.com/blog/cves-2026-quic-denial-of-service
##2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC
https://www.haproxy.com/blog/cves-2026-quic-denial-of-service
##2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC
https://www.haproxy.com/blog/cves-2026-quic-denial-of-service
##🟠 CVE-2025-64487 - High (7.6)
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership mana...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64487/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-64487 - High (7.6)
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership mana...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64487/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21523 - High (8)
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21523/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25947 - High (8.8)
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25947/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25506 - High (7.7)
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from pro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25506/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##