24h | 7d | 30d

CVE-2026-8461

Overview

  • FFmpeg
  • FFmpeg
18 Jun 2026
Published
19 Jun 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.39%
KEV

Description

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg before version 8.1.2.

Statistics

  • 4 Posts
  • 3 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

FFmpeg MagicYUV decoder CRITICAL heap out-of-bounds bug (CVE-2026-8461): AVI/MKV/MOV files can trigger DoS or RCE in apps like Jellyfin, Nextcloud. Patch to 8.1.2 ASAP. radar.offseq.com/threat/ffmpeg

  • 1
  • 0
  • 0
  • 21h ago
Profile picture fallback
Marcus Wilhelmsson @marcus

If you’re collecting Linux ISOs, have a look at CVE-2026-8461 and patch when a patch is available.

  • 1
  • 0
  • 0
  • 8h ago

Bluesky

Profile picture fallback
TugaTech @tugate.ch
Foi descoberta uma vulnerabilidade crítica, denominada PixelSmash, na biblioteca FFmpeg, que pode permitir a execução remota de código em servidores Jellyfin e causar a negação de serviço em plataformas como Kodi. A falha, identificada como CVE-2026-8461, recebeu uma pontuação de gravidade significa
  • 1
  • 0
  • 0
  • 12h ago
Profile picture fallback
Il Software @mm-ilsoftware-bot.bsky.social
FFmpeg, scoperta la falla PixelSmash: rischio attacchi su Jellyfin, Kodi e Nextcloud La vulnerabilità CVE-2026-8461 nel decoder MagicYUV di... https://www.ilsoftware.it/ffmpeg-scoperta-la-falla-pixelsmash-rischio-attacchi-su-jellyfin-kodi-e-nextcloud/
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-47729

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 4 Posts
  • 2 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture fallback
benzogaga33 :verified: @benzogaga33

Squidbleed : une faille vieille de 29 ans fait fuiter les identifiants des utilisateurs du proxy Squid it-connect.fr/squidbleed-faill #ActuCybersécurité #Cybersécurité #Vulnérabilité

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture fallback
L'algorisme @lalgorisme.bsky.social
🧵Un bug introduït al codi de Squid el 1997 s'ha descobert el 2026, i, un cop més, l'ha caçat una IA. Permet que un usuari d'una xarxa compartida llegeixi la petició HTTP d'un altre, credencials i tokens de sessió inclosos. Es diu Squidbleed (CVE-2026-47729).
  • 1
  • 1
  • 0
  • 12h ago
Profile picture fallback
Il Software @mm-ilsoftware-bot.bsky.social
Squidbleed: falla di sicurezza rimasta nascosta in Squid Proxy per quasi 30 anni CVE-2026-47729, nota come Squidbleed, interessa Squid Proxy da quasi 29 anni:... https://www.ilsoftware.it/squidbleed-falla-sicurezza-nascosta-in-squid-proxy-per-29-anni/
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
IT-Connect @it-connect.bsky.social
Squidbleed (CVE-2026-47729) : un bug d'une ligne planqué depuis 1997 dans le proxy Squid. Repéré par une IA 👇 www.it-connect.fr/squidbleed-f... #cybersecurite
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-55200

Overview

  • libssh2
  • libssh2
17 Jun 2026
Published
18 Jun 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.54%
KEV

Description

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

Statistics

  • 2 Posts
  • 20 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Stéphane Bortzmeyer @bortzmeyer

Ah sinon, si vous utilisez du logiciel, vous allez être piraté. Cette fois, c'est SSH (CVE-2026-55200).
cve.org/CVERecord?id=CVE-2026-

  • 15
  • 5
  • 0
  • 10h ago
Profile picture fallback
The CyberSec Guru @guru

A critical flaw in libssh2 puts SSH clients at remote code execution risk

CVE-2026-55200 is a CVSS 9.2 heap overflow in libssh2 enabling pre-auth RCE on all versions through 1.11.1. Fix: commit 97acf3d

thecybersecguru.com/news/cve-2

  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-20971

Overview

  • Samsung Mobile
  • Samsung Mobile Devices
09 Jan 2026
Published
26 Feb 2026
Updated
CVSS v4.0
HIGH (7.3)
EPSS
0.13%
KEV

Description

Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.

Statistics

  • 3 Posts
Last activity: 2 hours ago

Fediverse

Profile picture fallback
The CyberSec Guru @guru

Eight-year-old Samsung Knox flaw exposed Galaxy devices to kernel attacks

Samsung patched CVE-2026-20971, a long-running Knox PROCA use-after-free flaw that affected Galaxy devices and could lead to kernel memory corruption

thecybersecguru.com/news/samsu

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
An eight-year Samsung KNOX kernel UAF vulnerability (CVE202620971, CVSS 7.8) enables exploitation via PROCA/FIVE race conditions and controlled reallocation.
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Eight-year-old CVE-2026-20971 in Samsung KNOX exposed Galaxy S9-S25 devices to kernel attacks via PROCA and FIVE. Samsung patched it in January 2026. #Samsung #KNOX #Galaxy
  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-20253

Overview

  • Splunk
  • Splunk Enterprise
10 Jun 2026
Published
19 Jun 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
92.10%
KEV

Description

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.

Statistics

  • 3 Posts
Last activity: 14 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
CISAがSplunk Enterprise史上初のKEV追加-脆弱性 CVE-2026-20253がサイバー攻撃に悪用 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews #cyberattack #incident
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
Red Hot Cyber @redhotcyber.bsky.social
9,8 su 10! Gli Hacker criminali stanno sfruttando un bug critico su Splunk Enterprise 📌 Link all'articolo : www.redhotcyber.com/post/98-su-1... A cura di Luigi Zullo #redhotcyber #news #cybersecurity #hacking #vulnerabilita #splunk #cve202620253
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
boredchilada @boredchilada.bsky.social
~Checkpoint~ Weekly threat intel highlights FortiSandbox & Splunk zero-days, AI agent exploits, and major breaches at Texas Parks & Klue. - IOCs: CVE-2026-39813, CVE-2026-50656, CVE-2026-20253 - #DataBreach #ThreatIntel #Vulnerabilities
  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-10521

Overview

  • MB connect line
  • mbCONNECT24
23 Jun 2026
Published
23 Jun 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
0.31%
KEV

Description

An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability.

Statistics

  • 3 Posts
Last activity: 7 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-068
MB connect line: Authenticated unintended access to critical program parameters in mbCONNECT24/mymbCONNECT24

There is a vulnerability in mbCONNECT24/mymbCONNECT24 that allows an authenticated remote attacker to access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters.
CVE-2026-10521

certvde.com/en/advisories/vde-

mbconnectline.csaf-tp.certvde.

  • 0
  • 0
  • 1
  • 11h ago
Profile picture fallback
OffSequence @offseq

CVE-2026-10521 (HIGH, CVSS 8.6) in mbCONNECT24: Remote attackers with high privileges can access hidden configs, risking full system compromise. No patch yet — restrict access & monitor vendor updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-48907

Overview

  • joomlacontenteditor.net
  • Joomla Content Editor (JCE) extension for Joomla
05 Jun 2026
Published
20 Jun 2026
Updated
CVSS v4.0
CRITICAL (10.0)
EPSS
80.42%
KEV

Description

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

Statistics

  • 2 Posts
  • 6 Interactions
Last activity: 7 hours ago

Bluesky

Profile picture fallback
The Shadowserver Foundation @shadowserver.bsky.social
Last week we added scanning for Joomla JCE editor extension CVE-2026-48907 vulnerable instances. This RCE vulnerability is exploited in the wild & on US CISA KEV. 4840 vulnerable instances seen 2026-06-22 down from 5146 on 2026-06-19. Top affected: US dashboard.shadowserver.org/statistics/c...
  • 3
  • 3
  • 0
  • 7h ago
Profile picture fallback
The Shadowserver Foundation @shadowserver.bsky.social
Raw IP data shared in our Vulnerable HTTP reporting www.shadowserver.org/what-we-do/n... tagged 'cve-2026-48907' filtered by network/constituency Dashboard Tree Map view: dashboard.shadowserver.org/statistics/c... Patch info: www.joomlacontenteditor.net/news/jce-sec...
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-39813

Overview

  • Fortinet
  • FortiSandbox
14 Apr 2026
Published
18 Jun 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
16.74%
KEV

Description

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via specially crafted HTTP requests.

Statistics

  • 2 Posts
Last activity: Last hour

Fediverse

Profile picture fallback
CyberNetsecIO @netsecio

📰 FortiSandbox Vulnerabilities Chained for Root-Level Takeover, Active Exploits in Wild

🚨 ACTIVE EXPLOITATION: Threat actors are chaining three FortiSandbox vulnerabilities (CVE-2026-39813, et al.) for unauthenticated RCE and full root takeover. Patch immediately to prevent sandbox compromise. #infosec #vulnerability #fortinet

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/ex

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
boredchilada @boredchilada.bsky.social
~Checkpoint~ Weekly threat intel highlights FortiSandbox & Splunk zero-days, AI agent exploits, and major breaches at Texas Parks & Klue. - IOCs: CVE-2026-39813, CVE-2026-50656, CVE-2026-20253 - #DataBreach #ThreatIntel #Vulnerabilities
  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-50656

Overview

  • Microsoft
  • Microsoft Malware Protection Engine
16 Jun 2026
Published
23 Jun 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
3.39%
KEV

Description

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.

Statistics

  • 2 Posts
Last activity: 21 hours ago

Fediverse

Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Geopolitical tensions escalate as US-Iran talks stall amidst renewed Israel-Hezbollah strikes and Trump's Strait of Hormuz threats; Iran reportedly closed the waterway. In technology, Anthropic's Fable 5 AI models remain offline due to a US export ban. Cybersecurity alerts include active exploitation of Microsoft Defender zero-day (CVE-2026-50656), Cisco SD-WAN, and Splunk flaws.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture fallback
boredchilada @boredchilada.bsky.social
~Checkpoint~ Weekly threat intel highlights FortiSandbox & Splunk zero-days, AI agent exploits, and major breaches at Texas Parks & Klue. - IOCs: CVE-2026-39813, CVE-2026-50656, CVE-2026-20253 - #DataBreach #ThreatIntel #Vulnerabilities
  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-10263

Overview

  • Arm
  • C1-Ultra
09 Jun 2026
Published
09 Jun 2026
Updated
CVSS
Pending
EPSS
0.66%
KEV

Description

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Bryan Steele :flan_beard: @brynet

Mark Kettenis has brought over the generic binary codepatching infrastructure to the #OpenBSD/arm64 kernel, and is using it to NOP out costly mitigations for microarchitectural vulnerabilities on CPUs that are not vulnerable.

The codepatch code is put in a separate section which gets unmapped after boot, making it unavailable for use in ROP attacks. :flan_thumbs:​

The commit addresses CVE-2025-10263 too, I guess. :flan_hacker:​

marc.info/?l=openbsd-cvs&m=178

  • 2
  • 1
  • 0
  • 7h ago
Showing 1 to 10 of 69 CVEs