24h | 7d | 30d

Overview

  • Microsoft
  • Windows Notepad

10 Feb 2026
Published
11 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.08%

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.

Statistics

  • 75 Posts
  • 2312 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.

This CVE is an 8.8 severity RCE in Notepad of all things lmao.

Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.

We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭

msrc.microsoft.com/update-guid

#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology

  • 615
  • 509
  • 0
  • 13h ago
Profile picture fallback

Microsoft: I have made Notepad✨

Security researchers: You fucked up a perfectly good plaintext editor is what you did. Look at it. It's got RCEs.

cve.org/CVERecord?id=CVE-2026-

  • 116
  • 167
  • 0
  • 12h ago
Profile picture fallback

"Windows Notepad App Remote Code Execution Vulnerability"

That's it: I'm going back to AppleWorks, on my Apple IIe.

msrc.microsoft.com/update-guid

  • 77
  • 116
  • 0
  • 20h ago
Profile picture fallback

someone earlier today said "RCE in Notepad" and i was like "haha funny" and then someone ELSE said RCE in Notepad and then i was like youve gotta be fucking kidding me

  • 69
  • 113
  • 0
  • 19h ago
Profile picture fallback
  • 64
  • 83
  • 6
  • 20h ago
Profile picture fallback

"With AI, I can replace 20 software engineers with 1 'prompt engineer'"

A few months later: "plain text editor that was rewritten by AI to be more than that with RCE vulnerability".

(but congratulations to Microsoft for managing to put a remote execution vuln in something that should never have anything 'remote', like notepad)

  • 53
  • 72
  • 0
  • 17h ago
Profile picture fallback
  • 22
  • 32
  • 0
  • 9h ago
Profile picture fallback

maybe the real remote code execution vulnerability in Windows Notepad was the friends we made along the way

  • 22
  • 4
  • 0
  • 19h ago
Profile picture fallback

RE: tech.lgbt/@solonovamax/1160491

cve.org/CVERecord?id=CVE-2026-

WHAT'S THE NETWORK ELEMENT in FUCKING NOTEPAD

WHAT BIT COULD IT BEEEEEEEE

edit: ahhh! the notepad thing might not be copilot. the bug is that a URL in a markdown file can actually be a sploit that runs stuff as the user. so this may not be an ai story. dammit.

  • 19
  • 34
  • 0
  • 20h ago
Profile picture fallback

Microsoft hat NOTEPAD.EXE jetzt erfolgreich kaputt gespielt.

cve.org/CVERecord?id=CVE-2026-

#copilot #clippy

  • 9
  • 6
  • 0
  • 11h ago
Profile picture fallback

Microsoft Windows 11 enshitification continues with its screwing up what was a perfectly functional text file editor - Notepad - adding layers of garbage on it and congratulations, Notepad, yes, bleeding Notepad now has a code execution vulnerability on it.

cve.org/CVERecord?id=CVE-2026-

It's only the Windows 11 Notepad they've screwed up - anyone on any earlier version, which for safety's sake should only be online if it is Windows 10 with the Extended Service Updates (new one just today), is fine.

  • 7
  • 8
  • 0
  • 19h ago
Profile picture fallback

microsoft: we have made a new notepad.exe

everyone else: you f***ed up a perfectly good text editor, is what you did. look at it. it's got RCE.

cve.org/CVERecord?id=CVE-2026-

  • 7
  • 6
  • 0
  • 17h ago
Profile picture fallback

From the WTF department, sorry, I mean from Microsoft: an RCE in Notepad of all things. (Well, the new app with AI and stuff; not the old one.)

msrc.microsoft.com/update-guid

  • 6
  • 5
  • 0
  • 22h ago
Profile picture fallback

#Windows #sécurité
Oh misère, y'a même des failles RCE dans le Notepad de Windows ???
cve.org/CVERecord?id=CVE-2026-

  • 5
  • 0
  • 0
  • 11h ago
Profile picture fallback

lmao, it's 2026 and we have spaceships in the heliosphere, high-resolution images of Pluto and a permanent robotic presence, in orbit and on ground, on Mars.

plus remote code execution in fucking Notepad.

msrc.microsoft.com/update-guid

#slop

  • 3
  • 3
  • 0
  • 11h ago
Profile picture fallback

lol

Windows Notepad App Remote Code Execution Vulnerability

cve.org/CVERecord?id=CVE-2026-

  • 2
  • 5
  • 9
  • 11h ago
Profile picture fallback
  • 2
  • 3
  • 0
  • 23h ago
Profile picture fallback

Что ни день, то повод посмеяться над микрослопом.

Была обнаружена уязвимость, которая позволяет злоумышленникам запускать произвольный код на компьютере жертвы через БЛОКНОТ, сука. Серьёзность уязвимости помечена как ВЫСОКАЯ

cve.org/CVERecord?id=CVE-2026-

  • 2
  • 1
  • 0
  • 9h ago
Profile picture fallback

🔥 Notepad colpito da vulnerabilità critica
Notepad in Windows 11 espone milioni di PC a un attacco remoto: la vulnerabilità CVE-2026-20841 sfrutta il supporto Markdown per eseguire codice malevolo con un semplice clic su un link

gomoot.com/notepad-di-windows-

#news #notepad #sicurezza #tech

  • 2
  • 0
  • 0
  • 5h ago
Profile picture fallback

1976:
In fünfzig Jahren werden wir fliegende Autos haben.

2026:
Schwere Sicherheitslücke in ... Notepad.

msrc.microsoft.com/update-guid

  • 1
  • 5
  • 0
  • 9h ago
Profile picture fallback

The year is 2026. Technology has progressed far. Too far, some would say, as they discover a RCE in fucking Notepad: msrc.microsoft.com/update-guid

  • 1
  • 2
  • 0
  • 22h ago
Profile picture fallback

Windows Notepad.exe CVE announced today, looks like code can be made to run on your machine if you click a dodgy markdown link. People describing it online as remote code execution, which I don't think it is. Still pretty bad though! #cve #Microsoft #Windows11
cve.org/CVERecord?id=CVE-2026-

  • 1
  • 2
  • 0
  • 10h ago
Profile picture fallback

Notepad++: alcune mie versioni erano vulnerabili

MS Notepad: hold my beer

msrc.microsoft.com/update-guid

  • 1
  • 2
  • 0
  • 7h ago
Profile picture fallback

Notepad... NOTEPAD!

CVE Record: CVE-2026-20841

cve.org/CVERecord?id=CVE-2026-

  • 1
  • 1
  • 0
  • 10h ago
Profile picture fallback

If there was ever a better time to leave #Windows than after #Microsoft started pushing AI and non-plaintext rendering into #Notepad causing #cve202620841 for #RCE then I'm not sure when a better time could be.

windowsforum.com/threads/cve-2

  • 1
  • 1
  • 0
  • 6h ago
Profile picture fallback

So yes, Microsoft did manage to enshittify notepad too: cve.org/CVERecord?id=CVE-2026-

A more-than-mature 30+ years old dumb utility to display text got rewritten to do "shtuff" and got pwned with a 8.8 CVSS.

Management, corporations and their demented KPIs should stay away from software.

  • 1
  • 0
  • 0
  • 5h ago
Profile picture fallback

Be sure to keep up with your text editor’s security updates, fellow Notepad users! I heard that vi fans are exploiting this in the wild to install ransomware on people’s computers. The ransomware won’t let you exit vi until you pay up cve.org/CVERecord?id=CVE-2026-

  • 0
  • 4
  • 0
  • 6h ago
Profile picture fallback

Falha crítica no Bloco de notas (CVE-2026-20841). Um invasor poderia colocar um link malicioso em um arquivo Markdown que, ao ser clicado pela vítima, executaria códigos remotamente. Quem mandou macular a simplicidade do Bloco de notas? Já tem correção disponível. cve.org/CVERecord?id=CVE-2026-

  • 0
  • 3
  • 0
  • 8h ago
Profile picture fallback

Remote Code Execution on notepad
FUCKING NOTEPAD

Microsoft, keep your claws out of the working code! Notepad does NOT need upgrades to be anything else than an entirely plain text editor.

msrc.microsoft.com/update-guid

  • 0
  • 2
  • 0
  • 7h ago
Profile picture fallback

Really looking forward to the analysis of this remote code execution vulnerability in [checks notes] Windows Notepad

cve.org/CVERecord?id=CVE-2026-

  • 0
  • 1
  • 0
  • 11h ago
Profile picture fallback

The Vibe-coding Era at Microsoft is going greaaaaaaaat.... msrc.microsoft.com/update-guid

  • 0
  • 1
  • 0
  • 3h ago
Profile picture fallback

@m4rc3l CVE-2026-20841 #c3d2leaks

  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback

cve.org/CVERecord?id=CVE-2026-

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.

Notepad

over a network

  • 0
  • 0
  • 2
  • 19h ago
Profile picture fallback

Kein Kommentar. Wäre nicht zitierfähig. Aber...
RCE im Notizblock?! Wie verstrahlt- uhm "vibed" ist das denn?!

msrc.microsoft.com/update-guid

  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback

Remember when Microslop announced new AI-features in Notepad?
Well… Just as expected, RCEs are part of them.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841

  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback

What is it, Microsoft shited their pants again lol ​:neofox_laugh_tears:​
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Even this page didn't load properly
​:neofox_laugh_tears:​
#Microsoft #windows

  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback

8.8 severity vulnerability in Notepad. Everything is going great in the "30% of our code is written by AI" #Microsoft. cve.org/CVERecord?id=CVE-2026-
#CVE

  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback

What the.. how?

Notepad was the simplest application on windows. What have they done to it?

cve.org/CVERecord?id=CVE-2026-

  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback

Imagine being jail to an operating system where even the blast editor is vulnerable

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.

cve.org/CVERecord?id=CVE-2026-

Keep contributing and funding alternatives for all of us.

#windows #linux #foss #infosec #opensource

  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback

Looks like the vibe coders at Microsoft forgot to add "don't introduce command injection vulnerabilities" to their prompts?

cve.org/CVERecord?id=CVE-2026-

  • 0
  • 0
  • 0
  • 4h ago

Bluesky

Profile picture fallback
Here's my CVE-2026-20841 PoC (Not really, but I have a feeling it's something that rhymes with this).
  • 1
  • 3
  • 1
  • 3h ago
Profile picture fallback
Windows Notepad App Remote Code Execution Vulnerability CVE-2026-20841
  • 1
  • 2
  • 2
  • 6h ago
Profile picture fallback
La vulnérabilité CVE-2026-20841 sur Notepad (Windows 11) est incroyable 😨 : exécution de code à l'ouverture d'un fichier markedown (.md) Mettez dedans : [boum](file://c:/windows/system32/calc.exe) Ouvrez le en mode markdown et 💥 Méfiez-vous des fichiers md ! msrc.microsoft.com/update-guide...
  • 0
  • 1
  • 0
  • 4h ago
Profile picture fallback
🚨Windows Notepad security flaw (CVE-2026-20841) lets hackers execute code just by getting you to click a link. Microsoft fixed 58 bugs, including 6 ACTIVELY EXPLOITED zero-days. Patch NOW! 🔒 Read- www.cyberkendra.com/2026/02/new-...
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Windows Notepad App Remote Code Execution Vulnerability #HackerNews https://www.cve.org/CVERecord?id=CVE-2026-20841
  • 0
  • 0
  • 3
  • 12h ago
Profile picture fallback
Notepad's Markdown support contains a vulnerability (CVE-2026-20841) that can achieve remote code execution when users open a malicious Markdown file and click a link.
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
🌐Windows メモ帳アプリのリモートコード実行の脆弱性 https://www.cve.org/CVERecord?id=CVE-2026-20841 via #HackerNews
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
A Notepad Markdown vulnerability allowed remote code execution via malicious links; Microsoft patched CVE-2026-20841 and found no evidence of exploitation.
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • GNU
  • Inetutils

21 Jan 2026
Published
10 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
36.95%

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Statistics

  • 7 Posts
  • 48 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

I can't remember if I cried
When my `-f root` hit an ACL line
But something touched me deep inside…

The day the telnet died

On January 14, 2026, global telnet traffic observed by the GreyNoise Global Observation Grid fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing (telnet-wise) from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.

labs.greynoise.io/grimoire/202

  • 20
  • 23
  • 0
  • 23h ago
Profile picture fallback

*Donning a tinfoil hat…*

"On January 14, 2026, at approximately 21:00 UTC, something changed in the internet’s plumbing. The GreyNoise Global Observation Grid recorded a sudden, sustained collapse in global telnet traffic…

"Six days later, on January 20, the security advisory for CVE-2026-24061 hit oss-security."

labs.greynoise.io/grimoire/202

#Linux #GNU #Security #TinFoilHat

  • 1
  • 1
  • 0
  • 20h ago
Profile picture fallback

2026-01-14: Il giorno in cui telnet morì

Il 14 gennaio 2026, il traffico #telnet globale osservato dai sensori di GreyNoise è crollato. Una riduzione sostenuta del 59%, diciotto ASN completamente silenziosi e cinque paesi completamente scomparsi dai nostri dati. Sei giorni dopo, la CVE-2026-24061 è scomparsa. La coincidenza è una delle possibili spiegazioni.

labs.greynoise.io/grimoire/202

@informatica

  • 1
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture fallback
💡 Summary: 2026年1月14日、グローバルのTelnetトラフィックが急減する「分岐」が発生。多くのASや国でTelnetセッションが一斉に減少し、特定のトランジット事業者がポート23のフィルタリングを実施した可能性が示唆された。これと同時期にGNU Inetutils Telnetdの深刻な認証回避脆弱性CVE-2026-24061が公表され、脆弱性周知と合わせたインフラ側の対応が進んだと推測される。現状、Telnetトラフィックは依然として基線の約3割程度に低下したままで、今後の対策としてTelnetdの更新・無効化が推奨されている。
  • 1
  • 1
  • 0
  • 4h ago
Profile picture fallback
https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/ 2026年1月14日、世界のTelnetトラフィックが突如59%減少しました。 これは、深刻なTelnetの脆弱性(CVE-2026-24061)が公表される6日前の出来事です。 Tier 1プロバイダーがCVE公開前にポート23のフィルタリングを実施した可能性が指摘されています。
  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback
Tier-1 transit operators likely applied port 23 filtering after advance warning of a critical GNU InetUtils telnetd flaw (CVE-2026-24061), collapsing Telnet traffic.
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
How CVE-2026–24061 Grants Instant Root via Telnet https://medium.com/@mhammadalkhateeb22/how-cve-2026-24061-grants-instant-root-via-telnet-ad49019572e6?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise

10 Feb 2026
Published
11 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
6.66%

Description

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 5 Posts

Last activity: 2 hours ago

Fediverse

Profile picture fallback

🔐 CVE-2026-21514
CVE-2026-21514

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21514
🛡️ CWE: CWE-807
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: msrc.microsoft.com/update-guid cisa.gov/known-exploited-vulne

  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback

A critical zero-day vulnerability in Microsoft Word, identified as CVE-2026-21514, has been disclosed. The flaw is being actively exploited in the wild.
cybersecuritynews.com/microsof

  • 0
  • 0
  • 1
  • 7h ago
Profile picture fallback
  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
~Cisa~ CISA added six new actively exploited vulnerabilities to its KEV catalog, urging immediate patching. - IOCs: CVE-2026-21510, CVE-2026-21513, CVE-2026-21514 - #CISA #KEV #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Microsoft
  • Windows 11 version 26H1

10 Feb 2026
Published
11 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
8.84%

Description

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Statistics

  • 3 Posts
  • 7 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture fallback

Microsoft has disclosed a zero-day vulnerability (CVE-2026-21513) in the MSHTML Framework that allows attackers to bypass security features and gain high-level access to affected systems. This critical vulnerability, with a CVSS score of 8.8, has a network-based attack vector and is already being exploited in the wild, necessitating immediate patching.
gbhackers.com/mshtml-framework

  • 6
  • 0
  • 0
  • 7h ago
Profile picture fallback

🔐 CVE-2026-21513
CVE-2026-21513

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21513
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: msrc.microsoft.com/update-guid cisa.gov/known-exploited-vulne

  • 0
  • 1
  • 0
  • 21h ago

Bluesky

Profile picture fallback
~Cisa~ CISA added six new actively exploited vulnerabilities to its KEV catalog, urging immediate patching. - IOCs: CVE-2026-21510, CVE-2026-21513, CVE-2026-21514 - #CISA #KEV #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • n8n-io
  • n8n

04 Feb 2026
Published
05 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
0.03%

KEV

Description

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2.

Statistics

  • 3 Posts
  • 3 Interactions

Last activity: 3 hours ago

Fediverse

Profile picture fallback

🐞 Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security // Het Mehta

「 CVE-2026-25049, a critical vulnerability with a CVSS score of 9.4 that let attackers execute arbitrary system commands on n8n servers. What makes this particularly interesting (and painful for n8n’s security team) is that this vulnerability bypassed a security fix they had just deployed two months earlier 」

hetmehta.com/posts/n8n-type-co

#typescript #rce #cybersecurity #CVE202625049

  • 1
  • 1
  • 0
  • 3h ago

Bluesky

Profile picture fallback
Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security https://lobste.rs/s/wepiig #security
  • 0
  • 1
  • 0
  • 13h ago
Profile picture fallback
n8n Vulnerability Analysis: CVE-2025-68613, CVE-2026-21858, CVE-2026-25049
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Microsoft
  • Windows 10 Version 1809

10 Feb 2026
Published
11 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
6.40%

Description

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 16 hours ago

Fediverse

Profile picture fallback

🔐 CVE-2026-21510
CVE-2026-21510

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21510
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: msrc.microsoft.com/update-guid cisa.gov/known-exploited-vulne

  • 0
  • 1
  • 0
  • 21h ago

Bluesky

Profile picture fallback
~Cisa~ CISA added six new actively exploited vulnerabilities to its KEV catalog, urging immediate patching. - IOCs: CVE-2026-21510, CVE-2026-21513, CVE-2026-21514 - #CISA #KEV #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • n8n-io
  • n8n

19 Dec 2025
Published
22 Dec 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
71.72%

KEV

Description

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.

Statistics

  • 2 Posts

Last activity: 8 hours ago

Bluesky

Profile picture fallback
0128.CVE-2025-68613 — n8n 工作流自動化平臺中的已認證遠程代碼執行 (RCE) 漏洞
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
n8n Vulnerability Analysis: CVE-2025-68613, CVE-2026-21858, CVE-2026-25049
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • SmarterTools
  • SmarterMail

22 Jan 2026
Published
27 Jan 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
55.52%

Description

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 3 hours ago

Bluesky

Profile picture fallback
Storm-2603 Exploits CVE-2026-23760 to Stage Warlock Ransomware "This appears to be the first observed exploitation linking the China-based actor to the vulnerability as an entry point for its “Warlock” ransomware operations." ReliaQuest Threat Research reliaquest.com/blog/threat-...
  • 0
  • 1
  • 0
  • 3h ago

Overview

  • jquery-validation

15 Apr 2025
Published
15 Apr 2025
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.25%

KEV

Description

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 17 hours ago

Fediverse

Profile picture fallback

@zachleat

Should be a lot more! They don't organise frontend and npm vuln that way. This doesn't even mention JavaScript:

cve.org/CVERecord?id=CVE-2025-

The search relies on descriptions for which standard terms are "an ongoing area of research" 🧐

cve.org/ResourcesSupport/FAQs#

  • 0
  • 1
  • 0
  • 17h ago

Overview

  • Microsoft
  • Azure AI Language Authoring

10 Feb 2026
Published
11 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.16%

KEV

Description

Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-21531: Critical RCE in Azure AI Language Authoring SDK v1.0.0 via deserialization of untrusted data. Unauthenticated attackers can execute code remotely. Restrict access & monitor endpoints until patched. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago
Showing 1 to 10 of 40 CVEs