24h | 7d | 30d

CVE-2025-38617

Overview

  • Linux
  • Linux
22 Aug 2025
Published
03 Nov 2025
Updated
CVSS
Pending
EPSS
0.00%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race in packet_bind() and packet_notifier()"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily released. And the fix was similarly to temporarily set po->num to zero to keep the socket unhooked until the lock is retaken. The po->bind_lock in packet_set_ring and packet_notifier precede the introduction of git history.

Statistics

  • 2 Posts
  • 10 Interactions
Last activity: 17 hours ago

Bluesky

Profile picture fallback
0xor0ne @0xor0ne.bsky.social
Analysis and exploitation of CVE-2025-38617, a race condition based use-after-free vulnerability in the Linux kernel’s packet socket subsystem blog.calif.io/p/a-race-wit... #Linux #infosec
  • 1
  • 8
  • 0
  • 17h ago
Profile picture fallback
CyberHub @cyberhub.blog
📌 A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets https://www.cyberhub.blog/article/20975-a-race-within-a-race-exploiting-cve-2025-38617-in-linux-packet-sockets
  • 0
  • 1
  • 0
  • 20h ago

CVE-2026-27944

Overview

  • 0xJacky
  • nginx-ui
05 Mar 2026
Published
06 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.05%
KEV

Description

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.

Statistics

  • 2 Posts
Last activity: 3 hours ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
重大なNginx UIの欠陥CVE-2026-27944により、サーバーのバックアップが危険にさらされる Critical Nginx UI flaw CVE-2026-27944 exposes server backups #SecurityAffairs (Mar 8) securityaffairs.com/189123/secur...
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
ohhara @shiojiri.com
Critical Nginx UI flaw CVE-2026-27944 exposes server backups https://securityaffairs.com/189123/security/critical-nginx-ui-flaw-cve-2026-27944-exposes-server-backups.html
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-28432

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
大松鼠 @snullp

@cdn0x12 感觉CVE-2026-28432这个问题长毛象前年(?)似乎也有类似的,后来修好了。

  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
KIP/JΛYCHØU ⁂ :neocat_cofe: @admin

Moe.Pub更新完成!

今回のアップデートでは重大な脆弱性を修正しています。可及的速やかにアップデートしてください。
This update contains serious vulnerability fixes. Please update to this or the latest version of Misskey as soon as possible.
本次更新修复了多个重要漏洞。请尽快更新至此版本或最新版本的 Misskey。

Release2026.3.1:github.com/misskey-dev/misskey
非官方公告:transfem.social/notes/ajkq30j9
Docker更新:misskey-hub.net/cn/docs/for-ad
更新日志:github.com/misskey-dev/misskey
实例:moe.pub / mk.moe.pub
开放注册:True

#fediverse #misskey #CVE202628431 #CVE202628432 #CVE202628433 #CVE #Update

  • 0
  • 2
  • 0
  • 3h ago

CVE-2026-25253

Overview

  • OpenClaw
  • OpenClaw
01 Feb 2026
Published
03 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.05%
KEV

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 17 hours ago

Fediverse

Profile picture fallback
Tiamat @TiamatEnity

🚨 SECURITY ALERT: 42,089 OpenClaw AI instances exposed with critical RCE vulnerability (CVE-2026-25253, CVSS 8.8).

93% lack authentication. 1.5M API tokens compromised. One-click shell access via malicious websites.

Full analysis + protection strategies:
dev.to/tiamatenity/your-ai-ass

#infosec #privacy #cybersecurity #ai

  • 2
  • 0
  • 0
  • 17h ago
Profile picture fallback
Tiamat @TiamatEnity

🚨 Every AI conversation is a data breach.

42,000+ OpenClaw instances exposing credentials. 1.5M API tokens leaked. CVE-2026-25253: one-click RCE.

TIAMAT Privacy Proxy: Scrub PII before it reaches OpenAI/Anthropic/Groq. User IP stays hidden. 20% margin routing.

Privacy is infrastructure now. tiamat.live

#InfoSec #Privacy #Cybersecurity #OpenClaw

  • 1
  • 0
  • 0
  • 20h ago

CVE-2026-2441

Overview

  • Google
  • Chrome
13 Feb 2026
Published
26 Feb 2026
Updated
CVSS
Pending
EPSS
0.14%
KEV

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 23 hours ago

Fediverse

Profile picture fallback
kazuhito @kazuhito

They Hacked the CSS: Inside Chrome’s First Zero-Day of 2026 (CVE-2026–2441) infosecwriteups.com/they-hacke

  • 1
  • 0
  • 0
  • 23h ago

CVE-2026-3768

Overview

  • Tenda
  • F453
08 Mar 2026
Published
08 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚩 CVE-2026-3768 (HIGH, CVSS 8.7): Stack buffer overflow in Tenda F453 v1.0.0.3 — remote, unauthenticated exploit possible. Public exploit code released. Patch ASAP or restrict remote access! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 5h ago

CVE-2026-3804

Overview

  • Tenda
  • i3
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ HIGH severity: CVE-2026-3804 in Tenda i3 v1.0.0.6(2204) enables remote stack-based buffer overflow via /goform/WifiMacFilterSet. Exploit is public — prioritize mitigation or isolation. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 2h ago

CVE-2026-27137

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509
06 Mar 2026
Published
08 Mar 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 20 hours ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🔍 Lambda Watchdog detected that CVE-2026-27137 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/436 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 1
  • 0
  • 20h ago

CVE-2026-28289

Overview

  • freescout-help-desk
  • freescout
03 Mar 2026
Published
05 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.03%
KEV

Description

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution (RCE) on the server by uploading a malicious .htaccess file using a zero-width space character prefix to bypass the security check. The vulnerability exists in the sanitizeUploadedFileName() function in app/Http/Helper.php. The function contains a Time-of-Check to Time-of-Use (TOCTOU) flaw where the dot-prefix check occurs before sanitization removes invisible characters. This vulnerability is fixed in 1.8.207.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 13 hours ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 FreeScout: Zero‑click RCE non authentifié (CVE‑2026‑28289) corrigé en v1.8.207 📝 Source: OX Security (OX Research). https://cyberveille.ch/posts/2026-03-08-freescout-zero-click-rce-non-authentifie-cve-2026-28289-corrige-en-v1-8-207/ #CVE_2026_28289 #Cyberveille
  • 0
  • 1
  • 0
  • 13h ago

CVE-2026-28794

Overview

  • middleapi
  • orpc
06 Mar 2026
Published
06 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.32%
KEV

Description

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.6, a prototype pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject arbitrary properties into the global Object.prototype. Because this pollution persists for the lifetime of the Node.js process and affects all objects, it can lead to severe security breaches, including authentication bypass, denial of service, and potentially Remote Code Execution. This issue has been patched in version 1.13.6.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2026-28794 - oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization scq.ms/4b7tqWn
  • 0
  • 1
  • 0
  • 2h ago
Showing 1 to 10 of 32 CVEs