24h | 7d | 30d

Overview

  • Linux
  • Linux

21 May 2026
Published
08 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.12%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also used for proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from futex_requeue(). In the latter case waiter::task is not current, but remove_waiter() operates on current for the dequeue operation. That results in several problems: 1) the rbtree dequeue happens without waiter::task::pi_lock being held 2) the waiter task's pi_blocked_on state is not cleared, which leaves a dangling pointer primed for UAF around. 3) rt_mutex_adjust_prio_chain() operates on the wrong top priority waiter task Use waiter::task instead of current in all related operations in remove_waiter() to cure those problems. [ tglx: Fixup rt_mutex_adjust_prio_chain(), add a comment and amend the changelog ]

Statistics

  • 5 Posts
  • 7 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture fallback

15-Year-Old Linux Kernel GhostLock Flaw Lets Local Users Gain Root

CVE-2026-43499, dubbed GhostLock by Nebula Security, exposes a long-standing Linux kernel futex bug that can lead to local root access.

#kernel #linux-&-open-source-news #software #vulnerability
linuxiac.com/15-year-old-linux

  • 5
  • 1
  • 0
  • 14h ago

Bluesky

Profile picture fallback
GhostLock (CVE-2026-43499): una vulnerabilitat que porta 15 anys al kernel de Linux i que permet a qualsevol usuari amb accés local convertir-se en root sense necessitar permisos especials. També permet escapar de contenidors. Solucionat al kernel 7.1. thehackernews.com/2026/07/15-y...
  • 0
  • 1
  • 0
  • 8h ago
Profile picture fallback
We are shipping patched kernels for GhostLock (CVE-2026-43499), a new Linux kernel local-privilege-escalation flaw. Every supported AlmaLinux release is affected. Help us with testing and learn more: https://almalinux.org/blog/2026-07-09-ghostlock/?utm_medium=social&utm_source=bluesky
  • 0
  • 0
  • 1
  • 23h ago
Profile picture fallback
Falha GhostLock no Linux permite controlo total de sistemas desatualizados. Investigadores da Nebula Security divulgaram a vulnerabilidade GhostLock (CVE-2026-43499), que afeta a grande maioria das distribuições do Linux desde 2011. 🚨 #controlo #falha #linux
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • djangoproject
  • Django
  • django

03 Feb 2026
Published
30 Jun 2026
Updated

CVSS
Pending
EPSS
9.44%

KEV

Description

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: 13 hours ago

Fediverse

Profile picture fallback

CVE-2026-1207 is a Django SQL injection flaw (CVSS 8.3) in PostGIS raster lookups. Canada's CCCS says it is exploited in the wild. Patch now.

securityonline.info/django-sql

  • 1
  • 0
  • 0
  • 13h ago

Bluesky

Profile picture fallback
~Cybergcca~ Django CVE-2026-1207 actively exploited; Chrome and FreePBX vulnerabilities also patched in 3 advisories. - IOCs: CVE-2026-1207 - #CVE20261207 #Django #ThreatIntel
  • 0
  • 1
  • 0
  • 20h ago

Overview

  • Foxit Software Inc.
  • Foxit PDF Editor

08 Jul 2026
Published
09 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.12%

KEV

Description

When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the application failed to adequately verify the validity of the form objects and their internal dictionary pointers, resulting in accessing internal members of invalid or improperly initialized fields. This led to an illegal pointer read, ultimately causing the application to crash.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 10 hours ago

Fediverse

Profile picture fallback
This is in fact

Foxit Foxit Reader Javascript checkbox CBF_Widget code execution vulnerability (CVE-2026-57256)

(Hope this is just a temporary problem with the bot and I don't have to touch the HTML parser :P)

RE: https://infosec.place/objects/48afd31c-35ab-4cfa-b28d-4a27e66c1259
  • 0
  • 0
  • 0
  • 10h ago

Bluesky

Profile picture fallback
This is in fact Foxit Foxit Reader Javascript checkbox CBF_Widget code execution vulnerability (CVE-2026-57256,CVE-2026-57256) (Hope this is just a temporary problem with the bot and I don't have to touch the HTML parser :P) >Quoted post< Original->
  • 0
  • 1
  • 0
  • 10h ago

Overview

  • Dell
  • PowerFlex Manager

10 Jul 2026
Published
10 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
Pending

KEV

Description

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achieve arbitrary command execution as root, potentially leading to full appliance compromise and lateral movement into managed infrastructure.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Fediverse

Profile picture fallback

We have just added an important vulnerability affecting Dell PowerFlex Manager (CVE-2026-56688) vuldb.com/vuln/377475

  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback

Dell PowerFlex Manager <5.1.0.1 faces CRITICAL OS command injection (CVE-2026-56688, CVSS 9.1). High-priv attackers can execute root commands — full compromise risk. No patch yet. Limit admin remote access & monitor activity. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

09 Jun 2026
Published
08 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
21.51%

KEV

Description

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

Statistics

  • 7 Posts

Last activity: 2 hours ago

Fediverse

Profile picture fallback

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

  • 0
  • 0
  • 5
  • 15h ago

Bluesky

Profile picture fallback
CVE-2026-47291 enables remote unauthenticated exploitation of HTTP.sys via crafted HTTP requests, potentially causing denial-of-service or kernel-privileged code execution.
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • NetScaler
  • ADC

17 Jun 2025
Published
26 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
99.90%

Description

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Statistics

  • 2 Posts

Last activity: 3 hours ago

Bluesky

Profile picture fallback
@huntress.com IABs exploit CVE-2025-5777 to hijack Citrix sessions, escalate privileges, and deploy DragonForce ransomware. - IOCs: relay. dltsolutions. top, relay. eurofin. digital, opa. tlsd. shop - #CitrixBleed2 #DragonForce #ThreatIntel
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
NetScaler remains the access-risk pressure point. CVE-2025-5777 is KEV-listed with known ransomware use and extreme EPSS. Patch, terminate sessions, review auth anomalies, and prove exposed gateways weren’t already touched.
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Microsoft
  • Microsoft Malware Protection Engine

16 Jun 2026
Published
08 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
3.39%

KEV

Description

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as &quot;RoguePlanet &quot;.

Statistics

  • 2 Posts

Last activity: 4 hours ago

Bluesky

Profile picture fallback
A Defender Malware Protection Engine patch for CVE-2026-50656 may trigger mpengine.dll to leak data and write massive files, exhausting disk space on Windows 10/11.
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
RoguePlanet Fallout: Microsoft’s Defender Patch Fixes One Zero-Day but Opens Two More Attack Vectors + Video Introduction: Microsoft’s emergency patch for the RoguePlanet Windows Defender zero-day (CVE-2026-50656) has sparked a new wave of security concerns after researcher Chaotic Eclipse (aka…
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • langflow-ai
  • langflow

07 Apr 2025
Published
23 Jun 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
99.99%

Description

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 10 hours ago

Fediverse

Profile picture fallback

Sysdig documented JADEPUFFER, the first agentic ransomware run end-to-end by an AI agent. It breached Langflow via CVE-2025-3248 and extorted a database.

securityonline.info/jadepuffer

  • 1
  • 0
  • 0
  • 10h ago

Overview

  • pechenki
  • TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot

10 Jul 2026
Published
10 Jul 2026
Updated

CVSS v3.1
HIGH (7.2)
EPSS
0.31%

KEV

Description

The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for unauthenticated attackers to inject malicious scripts via Telegram chat titles that execute when an administrator opens the TelSender settings page and clicks the "Tested" button.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 2 hours ago

Fediverse

Profile picture fallback

CVE-2026-15298 - DOM-Based XSS in Telsender WordPress plugin up to 1.14.14. Unauthenticated attackers can inject scripts via Telegram chat titles, executing when admin clicks "Tested". CVSS 7.2. No patch available. Disable plugin until fixed. #CVE #WordPress #infosec

valtersit.com/cve/CVE-2026-152

  • 0
  • 1
  • 0
  • 2h ago

Overview

  • hoppscotch
  • hoppscotch

09 Jul 2026
Published
09 Jul 2026
Updated

CVSS v3.1
HIGH (7.2)
EPSS
0.52%

KEV

Description

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILER_SMTP_URL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into sendmail transport options, allowing an admin to execute arbitrary commands as root in the backend container after restart and mail sending. This issue is fixed in version 2026.6.0.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 7 hours ago

Fediverse

Profile picture fallback

CVE-2026-59721 - OS Command Injection in Hoppscotch. CVSS 7.2. Admin can execute arbitrary commands as root via SMTP config. Upgrade to 2026.6.0 immediately. #CVE #Hoppscotch #infosec

valtersit.com/cve/CVE-2026-597

  • 0
  • 1
  • 0
  • 7h ago
Showing 1 to 10 of 78 CVEs