CVE-2026-1340

Overview

Ivanti
Endpoint Manager Mobile

29 Jan 2026

Published

09 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

73.80%

MITRE

KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

5 Posts

Last activity: 1 hour ago

Fediverse

TechNadu @technadu

CISA adds CVE-2026-1340 (Ivanti EPMM) to KEV ⚠️

Active exploitation confirmed
Known vulns = real attack surface
Are KEVs in your patch priority?

Source: https://www.cisa.gov/news-events/alerts/2026/04/08/cisa-adds-one-known-exploited-vulnerability-catalog

💬 Engage
🔔 Follow TechNadu

#InfoSec #KEV #CISA #VulnMgmt

0
0
0
1h ago

Bluesky

piggo @pigondrugs.bsky.social

~Cisa~ CISA added actively exploited Ivanti EPMM code injection flaw (CVE-2026-1340) to its KEV catalog. - IOCs: CVE-2026-1340 - #CVE20261340 #Ivanti #ThreatIntel

0
0
0
22h ago

キタきつね @kitafox.bsky.social

CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Apr 8) CVE-2026-1340 Ivanti Endpoint Manager Mobile (EPMM) のコードインジェクション脆弱性 www.cisa.gov/news-events/...

0
0
0
17h ago

CyberVeille @cyberveille-ch.bsky.social

📢 CISA ordonne aux agences fédérales de patcher CVE-2026-1340 dans Ivanti EPMM avant le 11 avril 📝 📰 **Source** : BleepingComputer — **Date … https://cyberveille.ch/posts/2026-04-09-cisa-ordonne-aux-agences-federales-de-patcher-cve-2026-1340-dans-ivanti-epmm-avant-le-11-avril/ #CISA_KEV #Cyberveille

0
0
0
5h ago

TechNadu @technadu.com

New KEV entry 🚨 CVE-2026-1340 (Ivanti EPMM) - actively exploited Known vulnerabilities still driving attacks Are you prioritizing KEVs? 💬 Join the discussion 🔔 Follow TechNadu #CyberSecurity #KEV #CISA #InfoSec

0
0
0
1h ago

CVE-2026-34040

Overview

moby
moby

31 Mar 2026

Published

02 Apr 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.01%

MITRE

KEV

Description

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Statistics

2 Posts
1 Interaction

Last activity: 8 hours ago

Fediverse

benzogaga33 :verified: @benzogaga33

Docker : la faille CVE-2026-34040 permet d’obtenir un accès root sur l’hôte ! https://www.it-connect.fr/docker-la-faille-cve-2026-34040-permet-dobtenir-un-acces-root-sur-lhote/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Docker

1
0
0
8h ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 CVE-2026-34040 : Contournement de l'autorisation Docker via corps HTTP surdimensionné 📝 ## 🔍 Contexte Publié le 7 avril 2026 par Vladimir Tokarev (C… https://cyberveille.ch/posts/2026-04-08-cve-2026-34040-contournement-de-l-autorisation-docker-via-corps-http-surdimensionne/ #AI_agent #Cyberveille

0
0
0
21h ago

CVE-2024-34359

Overview

abetlen
llama-cpp-python

10 May 2024

Published

02 Aug 2024

Updated

CVSS v3.1

CRITICAL (9.7)

EPSS

56.67%

MITRE

KEV

Description

llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-python` depends on class `Llama` in `llama.py` to load `.gguf` llama.cpp or Latency Machine Learning Models. The `__init__` constructor built in the `Llama` takes several parameters to configure the loading and running of the model. Other than `NUMA, LoRa settings`, `loading tokenizers,` and `hardware settings`, `__init__` also loads the `chat template` from targeted `.gguf` 's Metadata and furtherly parses it to `llama_chat_format.Jinja2ChatFormatter.to_chat_handler()` to construct the `self.chat_handler` for this model. Nevertheless, `Jinja2ChatFormatter` parse the `chat template` within the Metadate with sandbox-less `jinja2.Environment`, which is furthermore rendered in `__call__` to construct the `prompt` of interaction. This allows `jinja2` Server Side Template Injection which leads to remote code execution by a carefully constructed payload.

Statistics

2 Posts
1 Interaction

Last activity: 19 hours ago

Fediverse

YAYAFA @yayafa

Llama Drama：AIアプリ開発用Pythonパッケージに重大な欠陥システムやデータが侵害される恐れ(CVE-2024-34359) | Codebook｜Security News https://www.yayafa.com/2776397/ #AgenticAi #AI #ArtificialGeneralIntelligence #ArtificialIntelligence #LLAMA #Meta #MetaAI #エージェント型AI #人工知能 #汎用人工知能

0
1
0
20h ago

Bluesky

yayafa.bsky.social @yayafa.bsky.social

Llama Drama：AIアプリ開発用Pythonパッケージに重大な欠陥システムやデータが侵害される恐れ(CVE-2024-34359) | Codebook｜Security News https://www.yayafa.com/2776397/ 5月18〜20日：サイバーセキュリティ関連ニュースAIアプリケーション開発用Pythonパッケージに重大な欠陥　システムやデータが侵害される恐れ（CVE-2024-34359） SecurityWeek – May 17 [...]

0
0
0
19h ago

CVE-2026-5859

Overview

Google
Chrome

08 Apr 2026

Published

08 Apr 2026

Updated

CVSS

Pending

EPSS

0.03%

MITRE

KEV

Description

Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Statistics

2 Posts

Last activity: 1 hour ago

Fediverse

OffSequence @offseq

⚠️ CRITICAL: CVE-2026-5859 in Chrome WebML (<147.0.7727.55) allows heap corruption via integer overflow. Remote code execution possible if exploited. Patch not fully confirmed — check vendor advisory for updates: https://radar.offseq.com/threat/cve-2026-5859-integer-overflow-in-google-chrome-baee9cba #OffSeq #Chrome #Vuln #InfoSec

0
0
0
15h ago

Bluesky

Undercode Testing @undercode.bsky.social

Critical Chrome 0-Days Under Active Exploit? 6K Bounty Flaws Let Attackers Hijack Your Browser Remotely + Video Introduction Google’s Chrome 147 stable channel update patches two critical heap buffer overflow vulnerabilities (CVE-2026-5858 and CVE-2026-5859) in the Web Machine Learning (WebML) API…

0
0
0
1h ago

CVE-2026-5281

Overview

Google
Chrome

01 Apr 2026

Published

02 Apr 2026

Updated

CVSS

Pending

EPSS

3.28%

MITRE

KEV

Description

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Statistics

1 Post
4 Interactions

Last activity: 6 hours ago

Fediverse

N_{Dario Fadda} @nuke

Chrome’s Fourth Zero-Day of 2026: CISA Orders Federal Agencies to Patch CVE-2026-5281 by April 15
#CyberSecurity
https://securebulletin.com/chromes-fourth-zero-day-of-2026-cisa-orders-federal-agencies-to-patch-cve-2026-5281-by-april-15/

4
0
0
6h ago

CVE-2020-8562

Overview

Kubernetes
Kubernetes

01 Feb 2022

Published

16 Sep 2024

Updated

CVSS v3.1

LOW (2.2)

EPSS

0.06%

MITRE

KEV

Description

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.

Statistics

1 Post
5 Interactions

Last activity: 7 hours ago

Fediverse

Rory McCune @raesene

Next in my series of blogs on unpatchable Kubernetes vulnerabilities is out. This time it's about TOCTOUs and SSRF

https://securitylabs.datadoghq.com/articles/unpatchable-kubernetes-vulnerabilities-cve-2020-8562/

3
2
0
7h ago

CVE-2026-31790

Overview

OpenSSL
OpenSSL

07 Apr 2026

Published

08 Apr 2026

Updated

CVSS

Pending

EPSS

0.02%

MITRE

KEV

Description

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.

Statistics

2 Posts
2 Interactions

Last activity: 6 hours ago

Fediverse

Izumi Tsutsui @tsutsuii

https://mail-index.netbsd.org/source-changes/2026/04/08/msg161497.html
> Import OpenSSL-3.5.6 (previous was 3.5.5)
CVE-2026-31790, CVE-2026-2673, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789

https://mail-index.netbsd.org/source-changes/2026/04/08/msg161500.html
> Import OpenSSH-10.3 (previous was 10.2)
これは CVE はなくて Security 関連仕様変更のみ？

https://mail-index.netbsd.org/source-changes/2026/04/08/msg161505.html
> Import xz-5.8.3 (previous was 5.2.4)

> Fix a buffer overflow in lzma_index_append()
はあるけど、そもそも backdoor 以前のバージョンからの更新なのか？

少なくとも bind に加えて openssl は 11.0_RC4 不可避なのか

1
1
0
6h ago

Bluesky

Cybersecurity News Everyday @hendryadrian.bsky.social

OpenSSL releases patch fixing seven vulnerabilities including CVE-2026-31790, a data leakage flaw from uninitialized memory in RSA key encapsulation. Affects versions 3.0 to 3.6. #OpenSSLUpdate #DataLeakage #CVE2026

0
0
0
20h ago

CVE-2024-1490

Overview

WAGO
CC100 (0751-9x01)

09 Apr 2026

Published

09 Apr 2026

Updated

CVSS v3.1

HIGH (7.2)

EPSS

0.23%

MITRE

KEV

Description

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.

Statistics

1 Post
2 Interactions

Last activity: 7 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2024-008
Wago: Vulnerability in WBM through Open VPN

A security vulnerability has been identified in the Web-Based Management (WBM) function when OpenVPN is enabled.
#CVE CVE-2024-1490

https://certvde.com/en/advisories/vde-2024-008/
#oCSAF
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2024-008.json

1
1
0
7h ago

CVE-2026-0233

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post
1 Interaction

Last activity: 23 hours ago

Bluesky

ripjyr.bsky.social @ripjyr.bsky.social

Paloaltoの脆弱性情報「CVE-2026-0233 Autonomous Digital Experience Manager: Improper validation of ADEM certificate (Severity: MEDIUM)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0233

0
1
0
23h ago

CVE-2025-27152

Overview

axios
axios

07 Mar 2025

Published

07 Mar 2025

Updated

CVSS v4.0

HIGH (7.7)

EPSS

0.07%

MITRE

KEV

Description

axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.

Statistics

1 Post
1 Interaction

Last activity: 2 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Microsoft~ Storm-2755 uses AiTM & SEO poisoning to bypass MFA & divert Canadian employee payrolls. - IOCs: bluegraintours. com, CVE-2025-27152 - #AiTM #Storm2755 #ThreatIntel

0
1
0
2h ago