CVE-2022-0492

Overview

kernel

03 Mar 2022

Published

03 Jun 2026

Updated

CVSS

Pending

EPSS

28.12%

MITRE

KEV

Description

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

Statistics

2 Posts
4 Interactions

Last activity: 2 hours ago

Fediverse

Lautaro :mastodon: :pixelfed: @Lautaro_Ferrero

Alerta crítica en Linux: vulnerabilidad del kernel permite escape de contenedores y escalada de privilegios
https://somoslibres.org/index.php/bienvenido/103-ciberseguridad/14565-vulnerabilidad-linux-kernel-cve-2022-0492-escape-contenedores

2
2
0
14h ago

ekiledjian @edwardk

CISA has added the Linux kernel vulnerability CVE-2022-0492 to its Known Exploited Vulnerabilities catalog due to its use in privilege escalation attacks. This flaw allows attackers to manipulate cgroups to gain root-level access or escape containerized environments.
https://cybersecuritynews.com/linux-kernel-improper-authentication-vulnerability/

0
0
0
2h ago

CVE-2025-48595

Overview

Google
Android

01 Jun 2026

Published

03 Jun 2026

Updated

CVSS

Pending

EPSS

0.53%

MITRE

KEV

Description

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

2 Posts
2 Interactions

Last activity: 10 hours ago

Fediverse

𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

West Asia tensions escalate: The US military destroyed Iranian attack drones threatening the Strait of Hormuz following Iranian missile strikes on Bahrain and Kuwait on June 6-7. Indirect talks between Washington and Tehran continue amidst these clashes.

In technology, Microsoft unveiled its proprietary MAI (Microsoft AI) models at Build 2026, marking a strategic shift from OpenAI reliance. OpenAI also enhanced ChatGPT's memory capabilities with "Dreaming V3."

Cybersecurity highlights include an urgent Android zero-day fix (CVE-2025-48595) addressed in the June 2026 security patch, which was actively exploited. A Cisco SD-WAN vulnerability has also been actively exploited in the wild.

#AnonNews_irc #Cybersecurity #News

1
1
0
10h ago

CyberNetsecIO @netsecio

📰 Android Zero-Day Under Attack: Google Issues Urgent Patch for Privilege Escalation Flaw

⚠️ ANDROID ZERO-DAY! Google has patched CVE-2025-48595, a privilege escalation flaw actively exploited in the wild. The fix is in the June 2026 security update, which patches 124 flaws total. Update your Android device NOW! #Android #ZeroDay #CyberSe...

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/google-patches-actively-exploited-zero-day-flaw-in-android-fram…

0
0
0
22h ago

CVE-2026-20245

Overview

Cisco
Cisco Catalyst SD-WAN Manager

04 Jun 2026

Published

06 Jun 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.08%

MITRE

KEV

Description

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user. To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the that was published on May 14, 2026, and verify the configuration of the edge devices.

Statistics

2 Posts
1 Interaction

Last activity: Last hour

Fediverse

Can Artuc @canartuc

Cisco's PSIRT confirmed attackers are already exploiting CVE-2026-20245 in Catalyst SD-WAN Manager: an authenticated netadmin uploads a crafted file and runs arbitrary commands as root. In limited cases they pushed config changes to edge devices. Netadmin access is reachable by chaining two auth-bypass bugs, and there's no fixed release or workaround yet. If you run SD-WAN Manager, what are you doing to contain this until a patch ships?

#Cisco #security

0
0
0
2h ago

Bluesky

Cybersecurity News Everyday @hendryadrian.bsky.social

CISA added SolarWinds Serv-U DoS to KEV with no patch for CVE-2026-20245, while Cisco Catalyst SD-WAN Manager flaws and Android spyware, npm supply-chain abuse, and APT persistence tools were also highlighted. #SolarWinds #Cisco #China

1
0
0
Last hour

CVE-2026-3300

Overview

WPEverest
Everest Forms Pro

31 Mar 2026

Published

08 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.33%

MITRE

KEV

Description

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted form field values into a PHP code string without proper escaping before passing it to eval(). The sanitize_text_field() function applied to input does not escape single quotes or other PHP code context characters. This makes it possible for unauthenticated attackers to inject and execute arbitrary PHP code on the server by submitting a crafted value in any string-type form field (text, email, URL, select, radio) when a form uses the "Complex Calculation" feature.

Statistics

2 Posts
1 Interaction

Last activity: 2 hours ago

Fediverse

ekiledjian @edwardk

Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin to execute arbitrary code and seize administrative control of WordPress websites. Users should update to the patched version immediately and scan their systems for suspicious accounts like 'diksimarina'.
https://www.bleepingcomputer.com/news/security/critical-everest-forms-pro-flaw-exploited-to-take-over-wordpress-sites/

0
0
0
2h ago

Bluesky

Cybersecurity News Everyday @hendryadrian.bsky.social

CVE-2026-3300 in Everest Forms Pro v1.9.12 and earlier is being exploited for unauthenticated code execution on WordPress, letting attackers create rogue admin accounts. #EverestFormsPro #WordPress #Wordfence

0
1
0
21h ago

CVE-2026-4372

Overview

huggingface
huggingface/transformers

24 May 2026

Published

26 May 2026

Updated

CVSS v3.0

HIGH (7.8)

EPSS

0.09%

MITRE

KEV

Description

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious `config.json` file containing the `_attn_implementation_internal` field set to an attacker-controlled HuggingFace Hub repository ID. When a victim loads this model using the standard `AutoModelForCausalLM.from_pretrained()` API, the library downloads and executes arbitrary Python code from the attacker's repository with the victim's full OS privileges. This issue arises due to unfiltered deserialization of configuration attributes, insufficient sanitization of internal fields, and unsandboxed execution of downloaded kernels. The vulnerability bypasses the `trust_remote_code` security mechanism, is invisible to the victim, and exploits the standard documented usage pattern, making it particularly severe. Users are advised to upgrade to version 5.3.0 or later to mitigate this issue.

Statistics

1 Post
2 Interactions

Last activity: 16 hours ago

Bluesky

SkynetAndChill.com @druce.ai

CVE-2026-4372 allows remote code execution via malicious Hugging Face model configs, bypassing trust_remote_code=False in Transformers.

1
1
0
16h ago

CVE-2026-39210

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post
1 Interaction

Last activity: 13 hours ago

Fediverse

OffSequence @offseq

depthfirst’s AI agent found 21 FFmpeg zero-days (MEDIUM, CVE-2026-39210 – 39218), mainly heap/stack overflows — oldest since 2003. No active exploitation. Patches rolling out. Update ASAP. https://radar.offseq.com/threat/depthfirsts-ai-agent-found-21-ffmpeg-zero-days-cve-99cb219d #OffSeq #FFmpeg #AI #MemorySafety

1
0
0
13h ago

CVE-2026-11413

Overview

JingDong
JD Cloud Box AX6600

06 Jun 2026

Published

06 Jun 2026

Updated

CVSS v4.0

HIGH (8.7)

EPSS

0.04%

MITRE

KEV

Description

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

1 Post
1 Interaction

Last activity: 16 hours ago

Fediverse

OffSequence @offseq

⚠️ HIGH severity: Stack-based buffer overflow in JingDong JD Cloud Box AX6600 v4.5.3.r4546 (CVE-2026-11413). Remote code execution possible. Vendor silent, no patch. Isolate devices & monitor for updates. https://radar.offseq.com/threat/cve-2026-11413-stack-based-buffer-overflow-in-jing-2be3fa19 #OffSeq #Vulnerability #IoTSecurity

1
0
0
16h ago

CVE-2026-11334

Overview

tittuvarghese
CollegeManagementSystem

05 Jun 2026

Published

05 Jun 2026

Updated

CVSS v4.0

MEDIUM (6.9)

EPSS

0.03%

MITRE

KEV

Description

A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboard_page/forms/fetch.php. Performing a manipulation of the argument department_code results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

Statistics

1 Post
1 Interaction

Last activity: 17 hours ago

Fediverse

Hugo | DevOps | Cybersecurity @hugovalters

CVE-2026-11334 - SQL injection in Tittuvarghese CollegeManagementSystem. Remote exploit via department_code parameter. CVSS 7.3. Public exploit available. Update immediately if using this software. #CVE #infosec #SQLi

https://www.valtersit.com/cve/CVE-2026-11334/

1
0
0
17h ago

CVE-2024-21182

Overview

Oracle Corporation
WebLogic Server

16 Jul 2024

Published

02 Jun 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

89.65%

MITRE

KEV

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Statistics

1 Post

Last activity: 22 hours ago

Fediverse

CyberNetsecIO @netsecio

📰 CISA KEV Alert: Two-Year-Old Oracle WebLogic Flaw Now Under Active Attack

🚨 CISA KEV ALERT: A 2-year-old Oracle WebLogic flaw (CVE-2024-21182) is now under active attack. The RCE bug allows unauthenticated compromise. If you're running a vulnerable version, patch immediately or restrict access! #CyberSecurity #KEV #Oracle

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/two-year-old-oracle-weblogic-flaw-cve-2024-21182-under-active-exploitation/?utm_…

0
0
0
22h ago

CVE-2016-1546

Overview

Pending

06 Jul 2016

Published

05 Aug 2024

Updated

CVSS

Pending

EPSS

41.50%

MITRE

KEV

Description

The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.

Statistics

1 Post

Last activity: 22 hours ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 HTTP/2 Bomb : exploit DoS distant découvert par l'IA Codex affectant nginx, Apache, IIS, Envoy 📝 ## 🗓️ Contexte Publié le 2 juin 2026 sur … https://cyberveille.ch/posts/2026-06-06-http-2-bomb-exploit-dos-distant-decouvert-par-l-ia-codex-affectant-nginx-apache-iis-envoy/ #CVE_2016_1546 #Cyberveille

0
0
0
22h ago