CVE-2026-45257

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

2 Posts
278 Interactions

Last activity: 6 hours ago

Fediverse

JRT @jrt

This is next level infosec shitposing:

"It is the FreeBSD analogue of Linux's Dirty Pipe, CopyFail, Fragnesia, and Dirty Frag — except we gave it a BETTER name, with a BETTER logo, on a BETTER website. The other bug websites? Disasters. Sad. Many people have told us this."

https://bumsrake.de/
#CVE202645257

133
144
0
6h ago

Anderson Nascimento @andersonc0d3

CVE-2026-45257: FreeBSD kTLS-RX in-place AES-GCM decrypt over sendfile(2) EXTPG mbufs to page-cache write / local root

https://seclists.org/oss-sec/2026/q2/881

0
1
0
18h ago

CVE-2026-10520

Overview

ivanti
Sentry

09 Jun 2026

Published

11 Jun 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

3.28%

MITRE

KEV

Description

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Statistics

8 Posts
51 Interactions

Last activity: 10 hours ago

Fediverse

Hacker Memes @i0null

RE: https://infosec.exchange/@i0null/113632100951178053

CVSS 10 in Ivanti again #CVE_2026_10520

https://www.bleepingcomputer.com/news/security/new-max-severity-ivanti-sentry-flaw-allows-code-execution-as-root/

https://nvd.nist.gov/vuln/detail/CVE-2026-10520

11
28
0
19h ago

CyberNetsecIO @netsecio

📰 Ivanti Patches Critical Sentry Flaws Allowing Root-Level RCE

⚠️ CRITICAL: Ivanti patches two severe flaws in Sentry, including a root-level unauthenticated RCE (CVE-2026-10520). Technical details are public, exploitation risk is high. Patch immediately! #Ivanti #Vulnerability #RCE #CyberSecurity

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/ivanti-sentry-critical-vulnerabilities-allow-root-rce/?utm_source=mastodon&utm_medium=social&utm_campaign=daily

0
0
0
23h ago

halil deniz @halildeniz

🚨 Ivanti Sentry Pre-Auth RCE (CVE-2026-10520) 🚨

Ivanti recently patched a CVSS 10.0 OS Command Injection flaw in Ivanti Sentry, granting remote, unauthenticated attackers instant root privileges.

In my latest post, I break down the exploit chain, covering mics-core.jar decompilation, Nuclei scanning, and Python PoC verification. Immediate patching is highly recommended.

👉 Full Analysis: https://denizhalil.com/2026/06/11/exploitation-ivanti-sentry-os-command-injection-cve-2026-10520/

#Cybersecurity #IvantiSentry #RCE #InfoSec #CVE202610520

0
0
0
18h ago

𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Geopolitical tensions heightened as the US conducted strikes in Iran following an Apache helicopter downing, with Iran responding by closing the Strait of Hormuz. In technology, Apple launched the Vision Pro 2, and over 30 countries enacted new AI regulations. Cybersecurity saw critical Ivanti Sentry flaws (CVE-2026-10520) patched, while South Korea fined Coupang $409M for a significant data breach.

#AnonNews_irc #Cybersecurity #News

0
0
0
10h ago

Bluesky

The Shadowserver Foundation @shadowserver.bsky.social

We are observing a large amount of Ivanti Sentry CVE-2026-10520 exploitation attempts based on the public PoC today. We see 19 vulnerable instances in our own scans, with at least 2 backdoored (thanks to Saudi NCA for the tip!). However, all remaining likely compromised too.

2
10
0
20h ago

The Shadowserver Foundation @shadowserver.bsky.social

While our detection is on the lowish side due to multiple Ivanti Sentry instances not reachable in our scans (blocklisted?), if you have not patched now you are most likely compromised. Vuln IP data shared in Vulnerable HTTP reporting tagged 'cve-2026-10520' www.shadowserver.org/what-we-do/n...

0
0
0
20h ago

キタきつね @kitafox.bsky.social

Ivanti Sentryの重大な脆弱性により、ルート権限でのリモートコード実行が可能になる（CVE-2026-10520） Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520) #HelpNetSecurity (Jun 10) www.helpnetsecurity.com/2026/06/10/i...

0
0
0
16h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Active attacks target CVE-2026-10520, a max-severity Ivanti Sentry command injection flaw that can grant root code execution on exposed gateways. Fixes are available. #Ivanti #Sentry #CVE202610520

0
0
0
10h ago

CVE-2026-5027

Overview

langflow-ai
langflow

27 Mar 2026

Published

27 Mar 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

4.08%

MITRE

KEV

Description

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').

Statistics

11 Posts
5 Interactions

Last activity: Last hour

Fediverse

🔒 Security Cyber @securitycyber

🚨 CRITICAL ALERT: N/A

CVSS 9.0/10

📋 WHAT IT IS:
Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. [...]

🎯 WHO'S AFFECTED:
• See NVD for affected products

⚔️ HOW IT'S EXPLOITED:
Attack vector: unknown vector
Impact: impact varies

✅ WHAT TO DO:
1. Check if you're running affected software NOW
2. Apply patches immediately — this is critical
3. If no patch: i

0
0
0
18h ago

🔒 Security Cyber @securitycyber

🚨 ACTIVE EXPLOIT: AI Platform Langflow Under Attack

CVE-2026-5027 | CVSS 9.8 | Path Traversal

📋 WHAT IT IS:
Attackers are actively exploiting a critical path traversal vulnerability in Langflow — a popular open-source AI development platform. The flaw allows unauthenticated attackers to read arbitrary files on the server, including environment variables and API keys.

🎯 WHO'S AFFECTED:
• Langflow instances exposed to the internet
• Any AI/ML pipeline using Langflow for workflow orchestration
•

0
0
0
18h ago

The IT Nerd @The_IT_Nerd

Threat Actors exploiting High Severity Vulnerability in Langflow

Threat actors are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in Langflow, a popular low-code platform for building AI applications....

https://itnerd.blog/2026/06/11/threat-actors-exploiting-high-severity-vulnerability-in-langflow/

0
0
1
Last hour

Bluesky

BleepingComputer @bleepingcomputer.com

Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers.

1
2
0
19h ago

ReconBee @reconbee.bsky.social

Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE reconbee.com/unpatched-la... #Langflow #RCE #cybersecurity #cyberattack

1
0
0
9h ago

Ninja Owl @ninjaowl.ai

Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

1
0
0
8h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Attackers are exploiting CVE-2026-5027 in Langflow, using a path traversal flaw in /api/v2/files to write arbitrary files on exposed servers. The default unauthenticated auto-login makes access easier. #Langflow #CVE20265027 #Tenable

0
0
1
16h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Unpatched Langflow CVE-2026-5027 is being exploited for unauthenticated RCE via path traversal in /api/v2/files, allowing arbitrary file writes on exposed instances. #Langflow #CVE20265027 #RCE

0
0
0
16h ago

キタきつね @kitafox.bsky.social

パッチ未適用のLangflowの脆弱性CVE-2026-5027が悪用され、認証なしのリモートコード実行が可能に Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE #HackerNews (Jun 10) thehackernews.com/2026/06/unpa...

0
0
0
16h ago

CVE-2026-35273

Overview

Oracle Corporation
PeopleSoft Enterprise PeopleTools

11 Jun 2026

Published

11 Jun 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.02%

MITRE

KEV

Description

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

7 Posts
10 Interactions

Last activity: Last hour

Fediverse

Catalin Cimpanu @campuscodi

Oracle has released an out-of-band security alert for an unauth RCE in PeopleSoft

CVE-2026-35273

https://www.oracle.com/security-alerts/alert-cve-2026-35273.html

4
3
1
4h ago

OffSequence @offseq

CRITICAL: Oracle PeopleSoft PeopleTools 8.61 & 8.62 (CVE-2026-35273) has a remotely exploitable flaw (CVSS 9.8). Unauthenticated attackers can fully compromise affected systems. Apply patches immediately! https://radar.offseq.com/threat/cve-2026-35273-vulnerability-in-the-peoplesoft-ent-9ad1390c #OffSeq #Oracle #Vuln #Patch

1
0
0
12h ago

Bluesky

Spiegel＠がんばらない @mstdn.baldanders.info

＞Oracle Security Alert Advisory - CVE-2026-35273 https://www.oracle.com/security-alerts/alert-cve-2026-35273.html

1
0
0
14h ago

boredchilada @boredchilada.bsky.social

~Cybergcca~ Oracle PeopleSoft (CVE-2026-35273) exploited in the wild; GitLab CE/EE updates released. - IOCs: CVE-2026-35273 - #CVE202635273 #GitLab #Oracle #ThreatIntel

0
1
0
Last hour

Modat @modat-io.bsky.social

CVE-2026-35273: Unauthenticated RCE in Oracle PeopleSoft PeopleTools (8.61, 8.62) via the Environment Management component. Remotely exploitable with no credentials, can lead to full system compromise. Patch immediately. Query: web.html~"Please click here to PeopleSoft logon page"

0
0
0
4h ago

Information Security Briefly @infosecbriefly.bsky.social

Oracle issued an out-of-band advisory for CVE-2026-35273, a critical PeopleSoft vulnerability enabling unauthenticated remote code execution, with mitigations recommended immediately.

0
0
0
2h ago

CVE-2026-11645

Overview

Google
Chrome

08 Jun 2026

Published

10 Jun 2026

Updated

CVSS

Pending

EPSS

5.47%

MITRE

KEV

Description

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

4 Posts
1 Interaction

Last activity: 4 hours ago

Fediverse

CyberNetsecIO @netsecio

📰 Google Patches Fifth Actively Exploited Chrome Zero-Day of 2026

⚠️ Google patches its FIFTH Chrome zero-day this year! CVE-2026-11645 is a high-severity V8 bug actively exploited in the wild. Update your browser to version 149.0.7827.103+ immediately! #CyberSecurity #ZeroDay #GoogleChrome #PatchNow

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/google-patches-fifth-actively-exploited-chrome-zero-day-of-2026-cve-2026-11645/?utm_source=mastodon&utm_m…

1
0
0
23h ago

𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Here's a summary of recent geopolitical, technology, and cybersecurity news:

Geopolitical: US-Iran tensions escalated with retaliatory strikes following a helicopter downing near the Strait of Hormuz. Israel's ongoing actions in Lebanon against Hezbollah are straining fragile ceasefire efforts in the region.

Technology: Apple unveiled AI-powered Siri updates and iOS 27 at WWDC. Microsoft advanced hybrid quantum-classical AI algorithms for optimization. Over 30 countries have enacted AI regulations.

Cybersecurity: CISA issued new risk-based vulnerability remediation deadlines for federal agencies, citing AI-driven automated attacks. Google patched a critical Chrome zero-day (CVE-2026-11645) actively exploited in the wild.

#AnonNews_irc #Cybersecurity #News

0
0
0
18h ago

Bluesky

Opera Privacy and Security Team @opera-security.bsky.social

Important security update: Opera browsers have received a security fix for the latest zero-day vulnerability in Chromium, CVE-2026-11645. Update now to the latest versions - learn more: blogs.opera.com/security/202...

0
0
0
4h ago

Il Software @mm-ilsoftware-bot.bsky.social

Chrome sotto attacco: basta visitare una pagina web per essere compromessi Google ha corretto CVE-2026-11645, una vulnerabilità zero-day nel motore V8 di Chr... https://www.ilsoftware.it/chrome-corregge-zero-day-gia-sfruttato-perche-aggiornare-subito/

0
0
0
7h ago

CVE-2026-9058

Overview

Krajowa Izba Rozliczeniowa
Szafir SDK

25 May 2026

Published

26 May 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.04%

MITRE

KEV

Description

Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") even when the trust status of the signer's certificate could not be established (i.e. /VerifyingTaskItem/Signature/VerificationResult/SigningCertificate/@certificateType == "nondetermined"). This causes consuming applications to incorrectly treat the signature as valid despite an unverified certificate chain, enabling authentication bypass and user impersonation. This issue was fixed in version 463.

Statistics

1 Post
38 Interactions

Last activity: 9 hours ago

Fediverse

m0bi ⁂ @m0bi

🐛 Media tego tematu nie podjęły, następuje coś w stylu "ciszej nad tą trumną". O co chodzi?

Przez lata w ZUS, krócej w innych instytucjach, można było zalogować się do systemu niemal każdej (z małymi wyjątkami) instytucji państwowej, odpowiednio preparując dokument do "Logowania podpisem kwalifikowanym".

Wystarczyło znać imię, nazwisko i pesel.

Na czym polegał błąd?
Na złej interpretacji struktury zwracanej przez SDK.
W skrócie: ignorowano pole zawierające informację, czy przesłany podpis jest zaufany, ograniczając się do sprawdzenia, czy proces przetwarzania zakończył się bez błędów.
Tak, przy spreparowanych kluczach i dokumencie proces przetwarzania kończył się bez błędów...

Wnioski? Państwo nie dowozi w software. Nie dowozi w audyty (jeśli były?).

Dodatkowy smaczek?

Od zgłoszenia, naprawa potrafiła trwać miesiące!

Co by się stało, gdyby kod był otwarty?
Poddany audytowi społeczności, która jest bardzo zainteresowana systemami udostępnianymi przez państwo? Zapewne problem zostałby wyłapany, bo to jakby podstawa podstaw...

No ale systemy są zamknięte, bo wg decydentów tak jest bezpieczniej... To błąd i myślenie "odwrotne".

CVE-2026-9058

Prezentacja Michała Leszczyńskiego, który odkrył, odpowiedzialnie zgłosił i PRZYPILNOWAŁ naprawienia podatności (44 minuty):

https://www.youtube.com/watch?v=pMdnS8I18Ts

Invidious:
https://inv.nadeko.net/watch?v=pMdnS8I18Ts

#bezpieczeństwo #zaufanie #KluczPubliczny #CERT #PKI #MinisterstwoCyfryzacji #Państwo #systemy

24
14
0
9h ago

CVE-2026-0257

Overview

Palo Alto Networks
Cloud NGFW

13 May 2026

Published

09 Jun 2026

Updated

CVSS v4.0

HIGH (7.8)

EPSS

58.79%

MITRE

KEV

Description

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

Statistics

3 Posts

Last activity: Last hour

Fediverse

CyberNetsecIO @netsecio

📰 Active Exploitation of Critical PAN-OS Auth Bypass (CVE-2026-0257) Detected in the Wild

⚠️ Active Exploitation Alert! Unidentified actors are exploiting PAN-OS auth bypass CVE-2026-0257 to access GlobalProtect VPNs. CISA KEV listed. Patch or apply mitigations immediately to prevent unauthorized access. #PANOS #CVE #CyberSecurity

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/active-exploitation-of-pan-os-cve-2026-0257/?utm_source=mastodon&utm_mediu…

0
0
0
23h ago

Bluesky

boredchilada @boredchilada.bsky.social

~Arcticwolf~ Arctic Wolf observes ongoing exploitation of CVE-2026-0257 in Palo Alto GlobalProtect, leading to VPN access and Impacket-based reconnaissance. - IOCs: 104[. ]207[. ]144[. ]154, 179[. ]43[. ]172[. ]213 - ...

0
0
0
Last hour

OpsMatters @opsmatters.com

The latest update for #ArcticWolf includes "Arctic Wolf Observes an Increase in Palo Alto #Networks GlobalProtect Authentication Bypass Exploitation via CVE-2026-0257". #cybersecurity #infosec https://opsmtrs.com/2ZFbaTl

0
0
0
Last hour

CVE-2026-50751

Overview

checkpoint
Quantum Security Gateway

08 Jun 2026

Published

10 Jun 2026

Updated

CVSS

Pending

EPSS

11.84%

MITRE

KEV

Description

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Statistics

4 Posts

Last activity: 1 hour ago

Bluesky

キタきつね @kitafox.bsky.social

Check Point Software Technologies社製品における認証バイパスの脆弱性（CVE-2026-50751）に関する注意喚起 #JPCERTCC (Jun 10) www.jpcert.or.jp/at/2026/at26...

0
0
0
19h ago

xc0py.bsky.social @xc0py.bsky.social

Security Advisory – Action Required – Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) blog.checkpoint.com/security/che...

0
0
0
5h ago

Spiegel's crawler @crawler.baldanders.info

＞注意喚起: Check Point Software Technologies社製品における認証バイパスの脆弱性（CVE-2026-50751）に関する注意喚起 (公開) https://www.jpcert.or.jp/at/2026/at260016.html

0
0
0
1h ago

Spiegel's crawler @crawler.baldanders.info

＞ Check Point Software Technologies製品の脆弱性対策について(CVE-2026-50751) https://www.ipa.go.jp/security/security-alert/2026/alert20260610.html

0
0
0
1h ago

CVE-2026-42897

Overview

Microsoft
Microsoft Exchange Server 2016 Cumulative Update 23

14 May 2026

Published

09 Jun 2026

Updated

CVSS v3.1

HIGH (8.1)

EPSS

7.86%

MITRE

KEV

Description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Statistics

2 Posts

Last activity: 4 hours ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

Patch Tuesday updates address an actively exploited Microsoft Exchange Server vulnerability, CVE-2026-42897, added to CISA KEV and requiring fixes by May 29.

0
0
0
10h ago

IT-Administrator Magazin @it-administrator.de

Drei Wochen lang war der Exchange Emergency Mitigation Service die einzige Absicherung gegen CVE-2026-42897. Jetzt liefert Microsoft dauerhafte Patches und empfiehlt die Installation so schnell wie möglich. www.it-administrator.de/microsoft-ex...

0
0
0
4h ago

CVE-2025-10263

Overview

Arm
C1-Ultra

09 Jun 2026

Published

09 Jun 2026

Updated

CVSS

Pending

EPSS

0.03%

MITRE

KEV

Description

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.

Statistics

2 Posts

Last activity: Last hour

Fediverse

🔒 Security Cyber @securitycyber

🚨 [CRITICAL INFRASTRUCTURE ALERT]: CVE-2025-10263

• CVE ID: CVE-2025-10263
• CVSS Score: 9.1 (Critical)
• Affected: Microsoft Record Flaws

What it is:

https://securitycyber.uk

0
0
0
2h ago

benzogaga33 :verified: @benzogaga33

Linux Sees Patches for "Critical" Vulnerability Affecting Many Arm CPUs https://www.phoronix.com/news/Arm-CPU-Critical-CVE-2025-10263

0
0
0
Last hour