24h | 7d | 30d

Overview

  • Go standard library
  • os
  • os

08 Jul 2026
Published
08 Jul 2026
Updated

CVSS
Pending
EPSS
0.18%

KEV

Description

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")' will open "symlink" even when "symlink" is a symbolic link pointing outside of the root.

Statistics

  • 3 Posts
  • 9 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture fallback
os: Root escape via symlink plus trailing slash (CVE-2026-39822) #golang

https://github.com/golang/go/issues/79005
  • 3
  • 3
  • 0
  • 11h ago

Bluesky

Profile picture fallback
os: Root escape via symlink plus trailing slash (CVE-2026-39822) #golang github.com -> Original->
  • 0
  • 2
  • 0
  • 11h ago
Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2026-39822 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/593 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 1
  • 0
  • 7h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

09 Jun 2026
Published
08 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
21.51%

KEV

Description

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

Statistics

  • 3 Posts

Last activity: 3 hours ago

Fediverse

Profile picture fallback
[RSS] CVE-2026-47291: Remote Code Execution in the Windows HTTP.sys

https://www.thezdi.com/blog/2026/7/9/cve-2026-47291-remote-code-execution-in-the-windows-httpsys
  • 0
  • 0
  • 0
  • 12h ago

Bluesky

Profile picture fallback
[RSS] CVE-2026-47291: Remote Code Execution in the Windows HTTP.sys www.thezdi.com -> Original->
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
CVE-2026-47291: Windows Critical Unauthenticated Remote Code Execution in HTTP.sys
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Microsoft
  • Microsoft Edge (Chromium-based)

11 Jul 2026
Published
12 Jul 2026
Updated

CVSS v3.1
HIGH (8.3)
EPSS
0.70%

KEV

Description

Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Statistics

  • 3 Posts

Last activity: 2 hours ago

Fediverse

Profile picture fallback

A new vulnerability with increased severity was disclosed for Microsoft Edge (CVE-2026-58281) vuldb.com/vuln/377832

  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback

HIGH severity CVE-2026-58281 in Microsoft Edge (Chromium-based) v1.0.0.0 lets attackers execute code remotely via deserialization of untrusted data. Patch from Microsoft is available. Full details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback

It is possible to see elevated activities targeting Microsoft Edge (CVE-2026-58281) vuldb.com/vuln/377832/cti

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • TRENDnet
  • TEW-821DAP

12 Jul 2026
Published
12 Jul 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.42%

KEV

Description

A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. " This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Fediverse

Profile picture fallback

CVE-2026-15484: HIGH-severity buffer overflow (CVSS 8.7) in TRENDnet TEW-821DAP v1.12B01 — remote code execution possible. Device is EOL; no patch. Mitigate by isolating or replacing affected units. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback

CVE-2026-15484 - Critical buffer overflow in TRENDnet TEW-821DAP (EOL). Remote exploitation via /goform/tools_nslookup. CVSS 8.8. Product is unpatched and end-of-life. Replace immediately. #CVE #TRENDnet #infosec

valtersit.com/cve/CVE-2026-154

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Go standard library
  • crypto/tls
  • crypto/tls

08 Jul 2026
Published
08 Jul 2026
Updated

CVSS
Pending
EPSS
0.42%

KEV

Description

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 7 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2026-42505 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/594 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 1
  • 0
  • 7h ago

Overview

  • Linux
  • Linux

22 Apr 2026
Published
01 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
96.27%

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture fallback
🐧 ¿Cómo funciona 'Copy Fail'? El exploit de 732 bytes que otorga acceso Root en Linux (CVE-2026-31431) (+MITIGACIÓN) www.newstecnicas.com/2026/04/copy...
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • BeyondTrust
  • Remote Support

06 Jul 2026
Published
07 Jul 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.42%

KEV

Description

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

Deep dive into CVE-2026-40138! Discover how this critical pre-authentication bypass vulnerability impacts BeyondTrust RS & PRA solutions, how the exploit works under the hood, and immediate remediation steps to secure your enterprise.

👉 denizhalil.com/2026/07/10/cve-

#CVE202640138 #BeyondTrust #CyberSecurity

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture fallback

A severe vulnerability was disclosed for Tenda CH22 (CVE-2026-15543) vuldb.com/vuln/377893

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • TRENDnet
  • TEW-821DAP

12 Jul 2026
Published
12 Jul 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.42%

KEV

Description

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation of the argument nslookup_target leads to buffer overflow. It is possible to initiate the attack remotely. The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. " This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post

Last activity: 10 hours ago

Fediverse

Profile picture fallback

CVE-2026-15483: HIGH (CVSS 8.7) buffer overflow in TRENDnet TEW-821DAP 1.12B01. Remote exploitation possible via /goform/tools_nslookup. No patch — device is EOL. Upgrade or replace to secure your network. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • openwrt
  • luci

12 Jul 2026
Published
12 Jul 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
Pending

KEV

Description

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

OpenWrt LuCI hit by CRITICAL XSS (CVE-2026-61876, CVSS 9.4): DHCPv6 hostnames not properly encoded, enabling adjacent attackers to inject scripts into admin browsers. Restrict interface access, monitor advisories. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago
Showing 1 to 10 of 34 CVEs