24h | 7d | 30d

CVE-2026-50656

Overview

  • Microsoft
  • Microsoft Malware Protection Engine
16 Jun 2026
Published
17 Jun 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.34%
KEV

Description

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture fallback
tomcat @tomcat

🚨 Microsoft Defender zero-day RoguePlanet is now officially CVE-2026-50656.

Microsoft is preparing a patch for the Malware Protection Engine flaw, which can enable privilege escalation.

A public PoC describes a race condition that may grant SYSTEM-level privileges.

Read: thehackernews.com/2026/06/micr

  • 0
  • 1
  • 0
  • 7h ago
Profile picture fallback
halil deniz @halildeniz

New zero-day Local Privilege Escalation (EoP) flaw in Microsoft Defender: CVE-2026-50656 (RoguePlanet)! 🚨

Low-privilege users can abuse a TOCTOU race condition to hijack system paths and spawn an NT AUTHORITY\SYSTEM shell. Deep dive analysis here:👇

denizhalil.com/2026/06/18/cve-

#CVE202650656 #MicrosoftDefender #infosec

  • 0
  • 0
  • 0
  • 19h ago

Bluesky

Profile picture fallback
MalWhere? @malwhere.bsky.social
Post 1/3 🚨 New Windows Defender flaw CVE-2026-50656 ("RoguePlanet") has a public PoC exploit before a patch is available. The bug exploits a race condition in Defender and can lead to SYSTEM-level privilege escalation on Windows 10 & 11. #CyberSecurity #Windows #ThreatIntel #RougePlanet
  • 0
  • 1
  • 0
  • 6h ago

CVE-2026-35273

Overview

  • Oracle Corporation
  • PeopleSoft Enterprise PeopleTools
11 Jun 2026
Published
13 Jun 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.72%
KEV

Description

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 2 Posts
  • 7 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

CISA Adds Oracle PeopleSoft Zero-Day CVE-2026-35273 to KEV Catalog After Ransomware Gang Exploitation
#CyberSecurity
securebulletin.com/cisa-adds-o

  • 5
  • 0
  • 0
  • 7h ago

Bluesky

Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #Indusface includes "CERT-In's 12-Hour Patch Mandate: Is Your Organisation Ready to Respond at #AI Speed?" and "CVE-2026-35273: Active Exploitation of Oracle PeopleSoft Zero-Day Vulnerability". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF
  • 1
  • 1
  • 0
  • 20h ago

CVE-2026-55200

Overview

  • libssh2
  • libssh2
17 Jun 2026
Published
18 Jun 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.55%
KEV

Description

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

Statistics

  • 1 Post
  • 27 Interactions
Last activity: 18 hours ago

Fediverse

Profile picture fallback
:brdKnife: @cR0w

Oh my.

nvd.nist.gov/vuln/detail/CVE-2

sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

  • 12
  • 15
  • 0
  • 18h ago

CVE-2026-48907

Overview

  • joomlacontenteditor.net
  • Joomla Content Editor (JCE) extension for Joomla
05 Jun 2026
Published
17 Jun 2026
Updated
CVSS v4.0
CRITICAL (10.0)
EPSS
6.85%
KEV

Description

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

Statistics

  • 2 Posts
Last activity: Last hour

Fediverse

Profile picture fallback
Michael I Ransier @thecybermind

Alert: CVE-2026-48907. A severe access control flaw in Widget Factory Joomla Content Editor allows unauthenticated PHP script execution. Lock down your CMS. Read our tactical engineering runbook for full IOCs and endpoint hardening steps. thecybermind.co/unjv

🛡️

  • 0
  • 0
  • 0
  • 20h ago

Bluesky

Profile picture fallback
AlphaHunt Converge @alphahunt.io
KEV pressure sharpened too: Joomla/JCE CVE-2026-48907 remains patch-and-hunt now, with EPSS up to 93rd percentile. Check Point CVE-2026-50751 is worse: CISA lists known ransomware use and EPSS is ~98th percentile.
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-42530

Overview

  • F5
  • NGINX Open Source
17 Jun 2026
Published
18 Jun 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.76%
KEV

Description

NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This may cause a Use-after-Free in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 2 Posts
Last activity: Last hour

Fediverse

Profile picture fallback
Phantasm @phnt
nginx security update(s) coming to a distro mirror near you
https://www.cve.org/CVERecord?id=CVE-2026-42055
https://www.cve.org/CVERecord?id=CVE-2026-42530
  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
The Lobste.rs RSS feed @lobsters-feed.bsky.social
CVE-2026-42530: Use after free in nginx HTTP/3 QUIC module https://lobste.rs/s/pbvqlz #security
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-39813

Overview

  • Fortinet
  • FortiSandbox
14 Apr 2026
Published
18 Jun 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
18.70%
KEV

Description

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via specially crafted HTTP requests.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Christoph Schmees @PC_Fluesterer

Fortinet: Da rollt die Lawine an

Nach dem Notfall-Update vor zwei Monaten wurden drei weitere kritische Sicherheitslücken in Fortinet-Produkten gefunden: CVE-2026-39808 und CVE-2026-39813 wurden im April noch geflickt, CVE-2026-25089 erst letzte Woche. Alle drei werden aktuell aktiv für Angriffe ausgenutzt, obwohl Flicken dagegen vorliegen. Anscheinend spielen nicht alle Anwender die verfügbaren (!) Updates zeitnah ein.

Parallel dazu beobachten Sicherheitsforscher/innen eine massive Angriffswelle gegen Fortinet Firewalls*, die auf Passwort-Diebstahl aus ist. Ein Zusammenhang mit den Sicherheitslücken

pc-fluesterer.info/wordpress/2

#2fa #closedsource #cybercrime #exploits #firewall #hersteller #Microsoft #passwort #sicherheit #UnplugTrump #verschlüsselung #vorfälle #vpn #zahlen #encryption

  • 0
  • 1
  • 0
  • 3h ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
Fortinet FortiSandboxの3件の脆弱性が積極的にサイバー攻撃に悪用中(CVE-2026-39813・39808・25089) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews #cyberattack
  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-42069

Overview

  • getkirby
  • kirby
09 May 2026
Published
12 May 2026
Updated
CVSS v4.0
HIGH (7.1)
EPSS
0.23%
KEV

Description

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 4 hours ago

Fediverse

Profile picture fallback
nyanbinary @nyanbinary

the moment you visit cve.org you are loading 1.xMB of data. This includes everything except binary data (images etc) and CVE data itself.

You wanna learn more about the board? the DOM is built from that one script & populated from a json blob in that script. Well, a string which is then decoded

Wanna look up the contact method for NVIDIAs CNA? Every website on the path to get there is built from that script & already contained in that script as a json blob.

Want to know the geometry of Antarctica? You bet there is a couple of polygons in that script! (I don't know where they are used).

Every linked youtube video that explains something? It's in there!!

Or in other words: You are downloading 1.xMB of data (uncompressed: 4MB) that is probably not very cacheable data past the current session & of which you probably aren't gonna use much of anyway - you just clicked a link to see whats up with CVE-2026-42069 & now you downloaded 400kB of CNA data!

  • 2
  • 2
  • 0
  • 4h ago

CVE-2026-12530

Overview

  • AWS
  • bedrock-agentcore
17 Jun 2026
Published
18 Jun 2026
Updated
CVSS v4.0
HIGH (8.4)
EPSS
0.30%
KEV

Description

Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK versions >= 1.1.3 and < 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments. To mitigate this issue, users should upgrade to version 1.6.1.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 18 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: CVE-2026-12530 impacts AWS Bedrock AgentCore Python SDK (v1.1.3 – 1.6.1). Incomplete input sanitization in install_packages() lets attackers abuse pip flags. Update now! radar.offseq.com/threat/cve-20

  • 2
  • 0
  • 0
  • 18h ago

CVE-2026-28573

Overview

  • Google
  • Android
18 Jun 2026
Published
18 Jun 2026
Updated
CVSS v4.0
CRITICAL (10.0)
EPSS
0.22%
KEV

Description

In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

CRITICAL: CVE-2026-28573 targets Android 14 & 16 via missing permission check, enabling persistent local DoS — no user interaction or privileges needed. Patch status unknown. Stay updated: radar.offseq.com/threat/cve-20

  • 1
  • 1
  • 0
  • 7h ago

CVE-2026-8024

Overview

  • iba
  • ibaPDA
18 Jun 2026
Published
18 Jun 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-051
iba: Deserialization vulnerability in ibaPDA and ibaDatCoordinator

Remote Code Execution (RCE) running under the service user account, thereby allowing privilege escalation.
CVE-2026-8024

certvde.com/en/advisories/vde-

iba.csaf-tp.certvde.com/.well-

  • 1
  • 1
  • 0
  • 6h ago
Showing 1 to 10 of 56 CVEs