24h | 7d | 30d

Overview

  • Go standard library
  • os
  • os

08 Jul 2026
Published
08 Jul 2026
Updated

CVSS
Pending
EPSS
0.18%

KEV

Description

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")' will open "symlink" even when "symlink" is a symbolic link pointing outside of the root.

Statistics

  • 3 Posts
  • 9 Interactions

Last activity: 4 hours ago

Fediverse

Profile picture fallback
os: Root escape via symlink plus trailing slash (CVE-2026-39822) #golang

https://github.com/golang/go/issues/79005
  • 3
  • 3
  • 0
  • 8h ago

Bluesky

Profile picture fallback
os: Root escape via symlink plus trailing slash (CVE-2026-39822) #golang github.com -> Original->
  • 0
  • 2
  • 0
  • 8h ago
Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2026-39822 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/593 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 1
  • 0
  • 4h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

09 Jun 2026
Published
08 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
21.51%

KEV

Description

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

Statistics

  • 3 Posts

Last activity: Last hour

Fediverse

Profile picture fallback
[RSS] CVE-2026-47291: Remote Code Execution in the Windows HTTP.sys

https://www.thezdi.com/blog/2026/7/9/cve-2026-47291-remote-code-execution-in-the-windows-httpsys
  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture fallback
[RSS] CVE-2026-47291: Remote Code Execution in the Windows HTTP.sys www.thezdi.com -> Original->
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
CVE-2026-47291: Windows Critical Unauthenticated Remote Code Execution in HTTP.sys
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Microsoft
  • Microsoft Edge (Chromium-based)

11 Jul 2026
Published
12 Jul 2026
Updated

CVSS v3.1
HIGH (8.3)
EPSS
0.70%

KEV

Description

Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Statistics

  • 2 Posts

Last activity: 11 hours ago

Fediverse

Profile picture fallback

A new vulnerability with increased severity was disclosed for Microsoft Edge (CVE-2026-58281) vuldb.com/vuln/377832

  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback

HIGH severity CVE-2026-58281 in Microsoft Edge (Chromium-based) v1.0.0.0 lets attackers execute code remotely via deserialization of untrusted data. Patch from Microsoft is available. Full details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Dell
  • Dell Edge Gateway 3000

09 Jun 2026
Published
09 Jun 2026
Updated

CVSS v3.1
MEDIUM (5.7)
EPSS
0.12%

KEV

Description

Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Fediverse

Profile picture fallback

📰 Critical Dell BIOS Flaw Allows Plaintext Password Recovery in Milliseconds

🔒 Critical Dell BIOS flaw (CVE-2026-40639) allows instant recovery of admin passwords from SPI flash due to weak XOR encryption. Affects numerous Latitude, XPS & Wyse models. Physical access is all that's needed. Patch now! #Dell #BIOS #Vulnerabilit...

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/de

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
Dell BIOS Passwords: Weak XOR Encryption Allows Recovery from SPI Flash (CVE-2026-40639)
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • MervinPraison
  • PraisonAI

11 Jul 2026
Published
11 Jul 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
0.54%

KEV

Description

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat interface to write files to arbitrary filesystem locations and execute arbitrary shell commands with root privileges.

Statistics

  • 2 Posts

Last activity: 14 hours ago

Fediverse

Profile picture fallback

The severity is increased for this new vulnerability affecting MervinPraison PraisonAI (CVE-2026-61445) vuldb.com/vuln/377824

  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback

CVE-2026-61445 (CRITICAL, CVSS 9.4): PraisonAI <4.6.78 suffers path traversal & command injection via AICoder chat. Attackers gain root, write files anywhere. Restrict access & monitor — no patch yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Go standard library
  • crypto/tls
  • crypto/tls

08 Jul 2026
Published
08 Jul 2026
Updated

CVSS
Pending
EPSS
0.42%

KEV

Description

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 4 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2026-42505 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/594 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 1
  • 0
  • 4h ago

Overview

  • Linux
  • Linux

22 Apr 2026
Published
01 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
96.27%

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
🐧 ¿Cómo funciona 'Copy Fail'? El exploit de 732 bytes que otorga acceso Root en Linux (CVE-2026-31431) (+MITIGACIÓN) www.newstecnicas.com/2026/04/copy...
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • BeyondTrust
  • Remote Support

06 Jul 2026
Published
07 Jul 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.42%

KEV

Description

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture fallback

Deep dive into CVE-2026-40138! Discover how this critical pre-authentication bypass vulnerability impacts BeyondTrust RS & PRA solutions, how the exploit works under the hood, and immediate remediation steps to secure your enterprise.

👉 denizhalil.com/2026/07/10/cve-

#CVE202640138 #BeyondTrust #CyberSecurity

  • 0
  • 0
  • 0
  • Last hour

Overview

  • TRENDnet
  • TEW-821DAP

12 Jul 2026
Published
12 Jul 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.42%

KEV

Description

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation of the argument nslookup_target leads to buffer overflow. It is possible to initiate the attack remotely. The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. " This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post

Last activity: 7 hours ago

Fediverse

Profile picture fallback

CVE-2026-15483: HIGH (CVSS 8.7) buffer overflow in TRENDnet TEW-821DAP 1.12B01. Remote exploitation possible via /goform/tools_nslookup. No patch — device is EOL. Upgrade or replace to secure your network. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

Overview

  • openwrt
  • luci

12 Jul 2026
Published
12 Jul 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
Pending

KEV

Description

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture fallback

OpenWrt LuCI hit by CRITICAL XSS (CVE-2026-61876, CVSS 9.4): DHCPv6 hostnames not properly encoded, enabling adjacent attackers to inject scripts into admin browsers. Restrict interface access, monitor advisories. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago
Showing 1 to 10 of 37 CVEs