24h | 7d | 30d

Overview

  • rsjoomla.com
  • rsjoomla.com RSFiles extension for Joomla

11 Jul 2026
Published
11 Jul 2026
Updated

CVSS v4.0
CRITICAL (10.0)
EPSS
Pending

KEV

Description

The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 3 hours ago

Fediverse

Profile picture fallback

Some increased actor activities are shown targeting rsjoomla RSFiles Plugin (CVE-2026-57827) vuldb.com/vuln/377784/cti

  • 0
  • 1
  • 0
  • 3h ago
Profile picture fallback

CVE-2026-57827 (CRITICAL): RSFiles for Joomla v1.0 – 1.17.11 lets unauthenticated attackers upload & execute arbitrary files (RCE, CWE-434). No patch — restrict/disable the extension & monitor for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Linux
  • Linux

21 May 2026
Published
08 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.12%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also used for proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from futex_requeue(). In the latter case waiter::task is not current, but remove_waiter() operates on current for the dequeue operation. That results in several problems: 1) the rbtree dequeue happens without waiter::task::pi_lock being held 2) the waiter task's pi_blocked_on state is not cleared, which leaves a dangling pointer primed for UAF around. 3) rt_mutex_adjust_prio_chain() operates on the wrong top priority waiter task Use waiter::task instead of current in all related operations in remove_waiter() to cure those problems. [ tglx: Fixup rt_mutex_adjust_prio_chain(), add a comment and amend the changelog ]

Statistics

  • 3 Posts

Last activity: Last hour

Fediverse

Profile picture fallback

GhostLock (CVE-2026-43499): What It Is and Why We Patched All Managed Servers

This article provides an overview of recently patched #security vulnerability, Ghostlock (CVE-2026-43499).
GhostLock (CVE-2026-43499): What It Is, Why It Matters, and How Rad Web Hosting Protected Customer Servers
Published: July 10, 2026

When a critical operating system vulnerability is disclosed, every hour counts. That's why ...
Continued 👉 blog.radwebhosting.com/ghostlo #privilegeescalation #criticalvulnerability

  • 0
  • 0
  • 1
  • 20h ago

Bluesky

Profile picture fallback
📢 GhostLock (CVE-2026-43499) : stack-UAF dans le noyau Linux depuis 15 ans, exploit stable à 97% 📝 ## 🔍 Contexte Publié le 7 juillet 2026 p… https://cyberveille.ch/posts/2026-07-11-ghostlock-cve-2026-43499-stack-uaf-dans-le-noyau-linux-depuis-15-ans-exploit-stable-a-97/ #CVE_2026_43499 #Cyberveille
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Linux
  • Linux

04 Jul 2026
Published
08 Jul 2026
Updated

CVSS
Pending
EPSS
0.18%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and computed GFNs; the bug could be triggered by changing a PDE mapping from outside the guest, and then deleting a memslot. The rmap_remove() call would miss entries created after the PDE change because the GFN of the leaf SPTE does not match the GFN of the struct kvm_mmu_page. A similar hole however remains if the modified PDE points to a non-leaf page. In this case the gfn can be made to match, but the role does not match: the original large 2MB page creates a kvm_mmu_page with direct=1, while the new 4KB needs a kvm_mmu_page with direct=0. However, kvm_mmu_get_child_sp() does not compare the role, and therefore reuses the page. The next step is installing a leaf (4KB) SPTE on the new path which records an rmap entry under the gfn resolved by the walk. But when that child is zapped its parent kvm_mmu_page has direct=1 and kvm_mmu_page_get_gfn() computes the gfn for the 4KB page as sp->gfn + index instead of using sp->shadowed_translation[] (or sp->gfns[] in older kernels). It therefore fails to remove the recorded entry. When the memslot is dropped the shadow page is freed but the rmap entry survives, as in the scenario that was already fixed. Code that later walks that gfn (dirty logging, MMU notifier invalidation, and so on) dereferences an sptep that lies in the freed page, causing the use-after-free.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 22 hours ago

Fediverse

Profile picture fallback

🆕 Vulnerability-Lookup now imports Microsoft CSAF VEX documents from MSRC — joining the Red Hat VEX feed as a vendor VEX enrichment source.

Per-CVE VEX statements (product status, severity) are attached directly to CVE records, visible on the vulnerability page and via the API with the full CSAF documents.

Example with both Red Hat and Microsoft VEX:
vulnerability.circl.lu/vuln/CV

#VEX #CSAF #VulnerabilityManagement #CVE #OpenSource

  • 2
  • 1
  • 0
  • 22h ago

Overview

  • TP-Link
  • Tapo C200

07 Mar 2022
Published
17 Sep 2024
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
72.18%

KEV

Description

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 6 hours ago

Bluesky

Profile picture fallback
Interesting Git repos of the week: Strategy: * https://github.com/connectans/awesome-CISSP-CCSP - so you want to CIISP? Bugs: * https://github.com/dinosn/apache-activemq-rce-research - queue jumping * https://github.com/hacefresko/CVE-2021-4045 - popping the TP-Link Tapo * […]
  • 1
  • 2
  • 0
  • 6h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: Last hour

Fediverse

Profile picture fallback

A new vulnerability with increased severity was disclosed for Trendnet TEW-635BRM (CVE-2026-15480) vuldb.com/vuln/377787

  • 1
  • 0
  • 0
  • Last hour

Overview

  • libp2p
  • rust-libp2p

31 Mar 2026
Published
31 Mar 2026
Updated

CVSS v4.0
HIGH (8.2)
EPSS
0.33%

KEV

Description

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled, near-maximum backoff value, the value is accepted and stored as an Instant near the representable upper bound. On a later heartbeat, the implementation performs unchecked Instant + Duration arithmetic (backoff_time + slack), which can overflow and panic with: overflow when adding duration to instant. This issue is reachable from any Gossipsub peer over normal TCP + Noise + mplex/yamux connectivity and requires no further authentication beyond becoming a protocol peer. This issue has been patched in version 0.49.4.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 19 hours ago

Bluesky

Profile picture fallback
Coordinated AI agents found a remotely exploitable libp2p gossipsub bug (CVE-2026-34219) but produced many false positives requiring human triage.
  • 0
  • 2
  • 0
  • 19h ago

Overview

  • tilt-dev
  • tilt

10 Jul 2026
Published
10 Jul 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.40%

KEV

Description

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux router with no authenticating middleware. When the HUD is bound to a non-loopback address, an unauthenticated network caller can trigger developer-defined resources, tamper with Tiltfile arguments, read full engine state including the session token, and invoke apiserver resources through the token-attaching /proxy handler. This issue is fixed in version 0.37.4.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 14 hours ago

Fediverse

Profile picture fallback

CVE-2026-55884: tilt-dev tilt (0.20.8 – 0.37.3) has a CRITICAL auth bypass. Exposes dev resources & session tokens if HUD is bound to non-loopback. Upgrade to 0.37.4 ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 14h ago

Overview

  • Red Hat
  • Red Hat OpenShift AI (RHOAI)
  • rhoai/odh-built-in-detector-rhel9

10 Jul 2026
Published
10 Jul 2026
Updated

CVSS
Pending
EPSS
0.26%

KEV

Description

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file reads, potentially resulting in sensitive information disclosure, such as cloud provider credentials or access to internal network services.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 21 hours ago

Fediverse

Profile picture fallback

access.redhat.com/security/cve

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions.

:neobot_giggle:

  • 0
  • 1
  • 0
  • 21h ago

Overview

  • Microsoft
  • Microsoft Malware Protection Engine

16 Jun 2026
Published
08 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
3.39%

KEV

Description

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ".

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 23 hours ago

Bluesky

Profile picture fallback
Microsoft vydal aktualizaci Malware Protection Engine (verze 1.1.26060.3008) pro opravu kritické chyby CVE-2026-50656 v systému Defender. „RoguePlanet“ umožňoval útočníkům získat systémové oprávnění
  • 0
  • 1
  • 0
  • 23h ago

Overview

  • Progress
  • MOVEit Transfer

08 Jul 2026
Published
09 Jul 2026
Updated

CVSS v3.1
LOW (3.5)
EPSS
0.31%

KEV

Description

Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules). This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture fallback

A lot of offensive activities were identified targeting Progress MOVEit Transfer (CVE-2026-8801) vuldb.com/vuln/376996/cti

  • 0
  • 0
  • 0
  • 20h ago
Showing 1 to 10 of 37 CVEs