24h | 7d | 30d

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 8 Posts
  • 8 Interactions

Last activity: 3 hours ago

Fediverse

Profile picture fallback

Oh my

Zoom Workplace for Windows - Improper Input Validation

Bulletin: ZSB-26014
CVEID: CVE-2026-53412
CVSS Severity: Critical
CVSS Score: 9.8

Description:

Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access.

zoom.com/en/trust/security-bul

#zoom #cybersecurity

  • 3
  • 4
  • 0
  • 22h ago
Profile picture fallback

Zoom has warned of a critical security vulnerability that could allow an unauthenticated attacker to hijack user accounts.

The flaw, identified internally and tracked as CVE-2026-53412, has been assigned a CVSS severity score of 9.8 out of 10.
The video conferencing platform is used by millions of individuals and organizations worldwide, and users are urged to apply the latest updates.

  • 0
  • 0
  • 1
  • 10h ago

Bluesky

Profile picture fallback
Zoom fixes CVE-2026-53412, a 9.8-rated Windows flaw that could enable account takeover via network access, plus three privilege escalation bugs.
  • 0
  • 1
  • 0
  • 3h ago
Profile picture fallback
Zoom disclosed CVE-2026-53412, a critical 9.8 Windows flaw in Zoom Workplace, VDI Client, and Meeting SDK that could let an unauthenticated attacker take over accounts over the network. #Zoom #CVE202653412 #Windows
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
Zoom released a critical security update for a flaw (CVE-2026-53412, CVSS 9.8) that could allow unauthenticated account takeover via network […]
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
Zoom released Windows security updates for a critical CVE-2026-53412 flaw that can enable unauthenticated account takeover, plus fixes for three high-severity privilege escalation issues.
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Oracle Corporation
  • Oracle Payments

28 May 2026
Published
16 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
1.04%

Description

Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 7 Posts

Last activity: Last hour

Fediverse

Profile picture fallback

Oracle E-Business Suite flaw (CVE-2026-46817, CRITICAL) enables unauthenticated takeover of Oracle Payments via HTTP. Exploited in the wild — patches available since May 2026. CISA requires federal patching by 7/18/26. Details: radar.offseq.com/threat/cisa-o

  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback

CISA has ordered federal agencies to patch a critical Oracle E-Business Suite vulnerability, CVE-2026-46817, by Saturday due to active exploitation. This security flaw allows unauthenticated attackers to gain system control via HTTP network access.
bleepingcomputer.com/news/secu

  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback

⚠️ CRITICAL ALERT: CVE-2026-46817 allows unauthenticated takeover of Oracle E-Business Suite. With active exploitation verified, your perimeter is at risk. Get the forensic indicators, detection queries, and hardening playbooks you need to secure your infrastructure. thecybermind.co/k8ae

  • 0
  • 0
  • 0
  • Last hour
Profile picture fallback

CISA KEV catalog now lists CVE-2026-46817, a critical Oracle E-Business Suite flaw, and CVE-2023-4346 in KNX devices. Both are exploited in the wild.

securityonline.info/cisa-kev-c

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
CISA ordered U.S. federal agencies to patch Oracle E-Business Suite by Saturday after active attacks on CVE-2026-46817, a critical Oracle Payments flaw enabling unauthenticated takeover over HTTP. #OracleEBS #CISA #USA
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
Oracle EBS CVE-2026-46817 is newly KEV-listed. Treat Internet-exposed EBS as an exposure-and-compromise review: patch, restrict reachability, and examine privilege changes and anomalous finance/procurement access.
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
CISAが既知の悪用された脆弱性2件をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Jul 15) CVE-2023-4346 KNXアソシエーション KNXプロトコル接続認証オプション1 過度に制限的なアカウントロックアウトメカニズムの脆弱性 CVE-2026-46817 Oracle E-Business Suiteにおける不適切な権限管理の脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Microsoft
  • Age of Empires II: Definitive Edition Game

14 Jul 2026
Published
15 Jul 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.65%

KEV

Description

Relative path traversal in Age of Empires II: Definitive Edition Game allows an unauthorized attacker to execute code over a network.

Statistics

  • 4 Posts
  • 11 Interactions

Last activity: 3 hours ago

Fediverse

Profile picture fallback

Microsoft fixed an Age of Empires RCE from yesterday’s Patch Tuesday (CVE-2026-50663). Here is an example of how it was done.

Credit: x.com/rdjgr/status/20773314275

  • 4
  • 7
  • 0
  • 22h ago
Profile picture fallback

Microsoft patched a severe Age of Empires CVE. Attackers exploited game lobbies for remote code execution. Update your game immediately to stay safe.

securityonline.info/age-of-emp

  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback

Age of Empires II : une faille permettait de prendre le contrôle d’un PC via une partie multijoueur it-connect.fr/age-of-empires-i #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
Une RCE dans Age of Empires II: Definitive Edition (CVE-2026-50663, CVSS 8.8). Rejoindre le salon multijoueur d'un attaquant et accepter l'UGC suffisait pour compromettre le PC. Patch dispo. Les détails 👇 www.it-connect.fr/age-of-empir... #cybersecurite #gaming #ageofempire
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

14 Jul 2026
Published
15 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.38%

Description

Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.

Statistics

  • 7 Posts
  • 27 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

Regarding CVE-2026-56155, the in-the-wild ADFS vulnerability - the July patch just released does not fix the vulnerability.

Instead it adds an audit log. The changes to harden the service and enforce protection will only apply with October 2026’s update applied.

support.microsoft.com/en-us/se

  • 12
  • 15
  • 0
  • 5h ago
Profile picture fallback

wacoca.com/news/2884403/ Microsoft、2026年7月定例パッチで史上最多569件の脆弱性を修正-AD FSとSharePointの2件がゼロデイ攻撃で悪用済み(CVE-2026-56155, CVE-2026-56164)|セキュリティニュースのセキュリティ対策Lab #Science&Technology #ScienceNews #TechnologyNews #u30bbu30adu30e5u30eau30c6u30a3u30cbu30e5u30fcu30b9 #u60c5u5831u30bbu30adu30e5u30eau30c6u30a3 #u8106u5f31u6027u306eu30cbu30e5u30fcu30b9 #テクノロジー #科学 #科学&テクノロジー

  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback

📰 Microsoft's July 2026 Patch Tuesday Fixes 570+ Flaws, Two Zero-Days

Microsoft's record-breaking July 2026 Patch Tuesday addresses 570+ vulnerabilities. Two zero-days are actively exploited: CVE-2026-56155 (AD FS) and CVE-2026-56164 (SharePoint). Both are in CISA's KEV catalog. Patch now. #PatchTuesday #ZeroDay

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/mi

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
Microsoft、2026年7月定例パッチで史上最多569件の脆弱性を修正-AD FSとSharePointの2件がゼロデイ攻撃で悪用済み(CVE-2026-56155, CVE-2026-56164) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
Microsoft、2026年7月定例パッチで史上最多569件の脆弱性を修正-AD FSとSharePointの2件がゼロデイ攻撃で悪用済み(CVE-2026-56155, CVE-2026-56164)|セキュリティニュースのセキュリティ対策Lab https://www.wacoca.com/news/2884403/ Microsoftは2026年7月14日(米国時間)、月例のセキュリティ更新プログラム(Patch Tuesday)を公開しました。今回の修正件数は569件(Critical 56件・Important 510件・Mod [...]
  • 0
  • 0
  • 2
  • 20h ago

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016

14 Jul 2026
Published
15 Jul 2026
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
5.60%

Description

Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.

Statistics

  • 7 Posts
  • 2 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

wacoca.com/news/2884403/ Microsoft、2026年7月定例パッチで史上最多569件の脆弱性を修正-AD FSとSharePointの2件がゼロデイ攻撃で悪用済み(CVE-2026-56155, CVE-2026-56164)|セキュリティニュースのセキュリティ対策Lab #Science&Technology #ScienceNews #TechnologyNews #u30bbu30adu30e5u30eau30c6u30a3u30cbu30e5u30fcu30b9 #u60c5u5831u30bbu30adu30e5u30eau30c6u30a3 #u8106u5f31u6027u306eu30cbu30e5u30fcu30b9 #テクノロジー #科学 #科学&テクノロジー

  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback

📰 Microsoft's July 2026 Patch Tuesday Fixes 570+ Flaws, Two Zero-Days

Microsoft's record-breaking July 2026 Patch Tuesday addresses 570+ vulnerabilities. Two zero-days are actively exploited: CVE-2026-56155 (AD FS) and CVE-2026-56164 (SharePoint). Both are in CISA's KEV catalog. Patch now. #PatchTuesday #ZeroDay

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/mi

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
The latest update for #CyCognito includes "Emerging Threat: (CVE-2026-56164) SharePoint Server Privilege Escalation via Missing Authentication". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 1
  • 1
  • 0
  • 15h ago
Profile picture fallback
Microsoft、2026年7月定例パッチで史上最多569件の脆弱性を修正-AD FSとSharePointの2件がゼロデイ攻撃で悪用済み(CVE-2026-56155, CVE-2026-56164) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
Microsoft、2026年7月定例パッチで史上最多569件の脆弱性を修正-AD FSとSharePointの2件がゼロデイ攻撃で悪用済み(CVE-2026-56155, CVE-2026-56164)|セキュリティニュースのセキュリティ対策Lab https://www.wacoca.com/news/2884403/ Microsoftは2026年7月14日(米国時間)、月例のセキュリティ更新プログラム(Patch Tuesday)を公開しました。今回の修正件数は569件(Critical 56件・Important 510件・Mod [...]
  • 0
  • 0
  • 2
  • 20h ago

Overview

  • n8n-io
  • n8n

09 Jul 2026
Published
14 Jul 2026
Updated

CVSS v4.0
HIGH (7.6)
EPSS
0.14%

KEV

Description

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacker with a valid token from one trusted issuer and a sub matching a victim under another issuer to authenticate as that victim. This issue is fixed in versions 2.27.4 and 2.28.1.

Statistics

  • 3 Posts

Last activity: Last hour

Fediverse

Profile picture fallback

A token exchange flaw in n8n (CVE-2026-59208) allowed attackers to log in as other users by incorrectly matching JWT claims based solely on the user ID while ignoring the token issuer. Users of the workflow automation platform are encouraged to patch to version 2.27.4 or later, or disable the vulnerable Enterprise feature to mitigate the risk of unauthorized access.
thehackernews.com/2026/07/n8n-

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
CVE-2026-59208: Cross-Issuer Account Takeover in n8n https://www.strix.ai/blog/n8n-cross-issuer-account-takeover (https://news.ycombinator.com/item?id=48921422)
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
A critical identity-binding flaw in n8n‘s token exchange allowed account takeover when multiple external issuers were trusted. The vulnerability (CVE-2026-59208) […]
  • 0
  • 0
  • 0
  • Last hour

Overview

  • SonicWall
  • SMA1000

14 Jul 2026
Published
16 Jul 2026
Updated

CVSS
Pending
EPSS
1.27%

Description

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

Statistics

  • 6 Posts

Last activity: 2 hours ago

Fediverse

Profile picture fallback

SonicWall SMA1000 vulnerability CVE-2026-15409 (CVSS 10.0) is exploited in the wild. Public PoC enables remote code execution patch now.

securityonline.info/sonicwall-

  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback

Threat actors are actively exploiting SonicWall SMA1000 appliances through a critical SSRF vulnerability (CVE-2026-15409) and a local privilege escalation flaw (CVE-2026-15410) to gain root access and compromise corporate networks. Organizations must urgently patch their systems to the latest firmware versions to mitigate this zero-day threat.
cybersecuritynews.com/sonicwal

  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback

📰 SonicWall Warns of Two Zero-Days in SMA 1000 Under Active Exploit

SonicWall urges immediate patching for two actively exploited zero-days (CVE-2026-15409, CVE-2026-15410) in SMA 1000 series appliances. Flaws are chained for unauthenticated RCE. Both added to CISA KEV. #ZeroDay #SonicWall #InfoSec

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/so

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
SonicWall confirmed active exploitation of two SMA1000 zero-days, CVE-2026-15409 and CVE-2026-15410. Rapid7 says the first known abuse was June 22, and chained flaws can lead to full system compromise. #SonicWall #SMA1000 #CISA
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
Rapid7 reported active zero-day exploitation of SonicWall SMA1000 flaws CVE-2026-15409 and CVE-2026-15410, enabling appliance access, credential theft, TOTP seed harvesting, and movement into internal Active Directory. #SonicWall #SMA1000
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
SonicWall SMA1000 Series Appliances Affected By Multiple Vulnerabilities (CVE-2026-15409, CVE-2026-15410) #patchmanagement
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Microsoft
  • Microsoft Malware Protection Engine

16 Jun 2026
Published
15 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
3.39%

KEV

Description

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ".

Statistics

  • 2 Posts
  • 7 Interactions

Last activity: 10 hours ago

Fediverse

Profile picture fallback

RoguePlanet (CVE-2026-50656): la race condition in Microsoft Defender che regala privilegi SYSTEM
#tech
spcnet.it/rogueplanet-cve-2026
@informatica

  • 7
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture fallback
✨ RoguePlanet (CVE-2026-50656): la race condition in Microsoft Defender che regala privilegi SYSTEM Leggi il blog: spcnet.it/rogueplanet-...
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • F5
  • NGINX Plus

15 Jul 2026
Published
16 Jul 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.83%

KEV

Description

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable in a string expression under certain conditions. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Impact: This vulnerability may allow remote attackers to cause a denial-of-service (DoS) on the NGINX system or to possibly trigger a code execution. There is no control plane exposure; this is a data plane issue only.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 3 Posts
  • 1 Interaction

Last activity: 4 hours ago

Fediverse

Profile picture fallback

F5 Patches High-Severity NGINX Vulnerabilities That Could Lead to Code Execution

F5 patches three high-severity NGINX vulnerabilities, including CVE-2026-42533, that could enable memory corruption, crashes, and code execution

thecybersecguru.com/news/f5-ng

  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback

F5 patched the NGINX code execution flaw CVE-2026-42533, along with CVE-2026-60005 and CVE-2026-56434. Update NGINX Plus and Open Source builds now.

securityonline.info/nginx-code

  • 1
  • 0
  • 0
  • 17h ago

Bluesky

Profile picture fallback
⚠️ F5 patched 3 memory-safety flaws in NGINX incl. CVE-2026-42533 (CVSS 9.2) is a heap overflow via the map directive that crafted HTTP requests can trigger, with possible code exec if ASLR is off; plus an SSI use-after-free & a slice memory leak. Upgrade now to 1.31.3. Query: technology="Nginx"
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • ASUS
  • System Control Interface v3

15 Jul 2026
Published
15 Jul 2026
Updated

CVSS v4.0
HIGH (8.2)
EPSS
0.11%

KEV

Description

Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe cases, may lead to a Denial of Service (DoS) on the system. Refer to the '  Security Update for ASUS System Control Interface  ' section on the ASUS Security Advisory for more information.

Statistics

  • 3 Posts
  • 2 Interactions

Last activity: 5 hours ago

Bluesky

Profile picture fallback
ASUS bsitf.sys (CVE-2026-13585): Arbitrary Physical Memory Mapping via Unvalidated IOCTL
  • 1
  • 0
  • 1
  • 12h ago
Profile picture fallback
ASUS bsitf.sys (CVE-2026-13585): Arbitrary Physical Memory Mapping 0-day writeup + PoC
  • 1
  • 0
  • 0
  • 5h ago
Showing 1 to 10 of 52 CVEs