24h | 7d | 30d

Overview

  • Samsung Electronics
  • MagicINFO 9 Server

02 Feb 2026
Published
02 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.07%

KEV

Description

An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1.

Statistics

  • 2 Posts

Last activity: 7 hours ago

Fediverse

Profile picture

🟠 CVE-2026-25201 - High (8.8)

An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server.
This issue affects MagicINFO 9 Server: less than 21.1090.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 11h ago

Bluesky

Profile picture
🚨 Critical Samsung MagicINFO flaw disclosed: CVE-2026-25201 allows unauthenticated attackers to upload arbitrary files, leading to remote code execution on MagicINFO 9 Server. Full report: basefortify.eu/cve_reports/... #CVE #Samsung #MagicINFO 🔐
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • OpenClaw
  • OpenClaw

01 Feb 2026
Published
01 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.04%

KEV

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Statistics

  • 2 Posts

Last activity: 8 hours ago

Fediverse

Profile picture

🟠 CVE-2026-25253 - High (8.8)

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 17h ago

Bluesky

Profile picture
💥 One click could completely compromise a OpenClaw / Moltbot / Clawdbot (CVE-2026-25253) The vulnerability is now fixed, but here's how it worked:
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Ivanti
  • Endpoint Manager Mobile

29 Jan 2026
Published
30 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
13.12%

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 4 Posts
  • 4 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture

Ivanti: Notfall-Update gegen Zero-Days

Wieder einmal fällt der US-Hersteller Ivanti mit gefährlichen (9,8 von 10) Sicherheitslücken auf, die zum Zeitpunkt der Updates bereits angegriffen werden. Sagte ich wieder einmal? Ja, einige vergangene Meldungen: hier, hier, hier oder hier. Die beiden Sicherheitslücken CVE-2026-1281 und CVE-2026-1340 wurden mit Notfall-Updates geschlossen. Angeblich kann der Hersteller nicht sagen, welche Schwäche genau angegriffen wird, da zu wenige bekannte Angriffe vorlägen. Ach ja, aber flicken konnte man die unbekannten Schwächen? Glaubwürdigkeit gleich null. Da drängt

pc-fluesterer.info/wordpress/2

#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #foss #hintertür #politik #UnplugTrump #usa #vorbeugen #vorfälle #wissen #zeroday

  • 3
  • 0
  • 0
  • 2h ago
Profile picture

‼️ CVE-2026-1281: Safe indicator check for Ivanti EPMM & CVE-2026-1340 related paths

GitHub: github.com/Ashwesker/Ashwesker

  • 0
  • 1
  • 0
  • 19h ago
Profile picture

Critical cybersecurity updates from February 1-2, 2026: Microsoft patched an actively exploited Office zero-day (CVE-2026-21509), and Fortinet fixed a critical FortiCloud SSO flaw (CVE-2026-24858). Ivanti released fixes for two exploited EPMM zero-days (CVE-2026-1281, CVE-2026-1340) by February 1, and Bitdefender reported Android RAT malware distributed via Hugging Face (February 2).

In technology, Apple overhauled its online Mac store for a "build-it-yourself" experience (February 1), and Google extended the Fitbit data migration deadline to Google accounts until May 2026.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture
Ivanti、EPMMの重大RCE 脆弱性2件を公表 ゼロデイ悪用も確認(CVE-2026-1281,CVE-2026-1340)-JPCERTも注意喚起 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Ivanti
  • Endpoint Manager Mobile

29 Jan 2026
Published
30 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.14%

KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 4 Posts
  • 4 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture

Ivanti: Notfall-Update gegen Zero-Days

Wieder einmal fällt der US-Hersteller Ivanti mit gefährlichen (9,8 von 10) Sicherheitslücken auf, die zum Zeitpunkt der Updates bereits angegriffen werden. Sagte ich wieder einmal? Ja, einige vergangene Meldungen: hier, hier, hier oder hier. Die beiden Sicherheitslücken CVE-2026-1281 und CVE-2026-1340 wurden mit Notfall-Updates geschlossen. Angeblich kann der Hersteller nicht sagen, welche Schwäche genau angegriffen wird, da zu wenige bekannte Angriffe vorlägen. Ach ja, aber flicken konnte man die unbekannten Schwächen? Glaubwürdigkeit gleich null. Da drängt

pc-fluesterer.info/wordpress/2

#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #foss #hintertür #politik #UnplugTrump #usa #vorbeugen #vorfälle #wissen #zeroday

  • 3
  • 0
  • 0
  • 2h ago
Profile picture

‼️ CVE-2026-1281: Safe indicator check for Ivanti EPMM & CVE-2026-1340 related paths

GitHub: github.com/Ashwesker/Ashwesker

  • 0
  • 1
  • 0
  • 19h ago
Profile picture

Critical cybersecurity updates from February 1-2, 2026: Microsoft patched an actively exploited Office zero-day (CVE-2026-21509), and Fortinet fixed a critical FortiCloud SSO flaw (CVE-2026-24858). Ivanti released fixes for two exploited EPMM zero-days (CVE-2026-1281, CVE-2026-1340) by February 1, and Bitdefender reported Android RAT malware distributed via Hugging Face (February 2).

In technology, Apple overhauled its online Mac store for a "build-it-yourself" experience (February 1), and Google extended the Fitbit data migration deadline to Google accounts until May 2026.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture
Ivanti、EPMMの重大RCE 脆弱性2件を公表 ゼロデイ悪用も確認(CVE-2026-1281,CVE-2026-1340)-JPCERTも注意喚起 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
29 Jan 2026
Updated

CVSS
Pending
EPSS
0.39%

KEV

Description

Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Bluesky

Profile picture
📢 OpenSSL: débordement de pile CVE-2025-15467 exposant à une exécution de code (RCE) 📝 Selon JFrog Security Research (research.jfrog.com), une nouvelle v… https://cyberveille.ch/posts/2026-02-02-openssl-debordement-de-pile-cve-2025-15467-exposant-a-une-execution-de-code-rce/ #CMS_PKCS_7 #Cyberveille
  • 0
  • 0
  • 0
  • 2h ago
Profile picture
The latest update for #CyCognito includes "Emerging Threat: CVE-2025-15467 – OpenSSL CMS AuthEnvelopedData Stack-Based Buffer Overflow" and "Emerging Threat: CVE-2026-24061 – Telnet Authentication Bypass in GNU Inetutils". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Microsoft
  • Microsoft Office 2019

26 Jan 2026
Published
30 Jan 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
2.91%

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 2 Posts

Last activity: 1 hour ago

Fediverse

Profile picture

Critical cybersecurity updates from February 1-2, 2026: Microsoft patched an actively exploited Office zero-day (CVE-2026-21509), and Fortinet fixed a critical FortiCloud SSO flaw (CVE-2026-24858). Ivanti released fixes for two exploited EPMM zero-days (CVE-2026-1281, CVE-2026-1340) by February 1, and Bitdefender reported Android RAT malware distributed via Hugging Face (February 2).

In technology, Apple overhauled its online Mac store for a "build-it-yourself" experience (February 1), and Google extended the Fitbit data migration deadline to Google accounts until May 2026.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture
Ukraine’s Computer Emergency Response Team has warned of a new wave of targeted cyberattacks exploiting a critical MS Office vulnerability (CVE-2026-21509) disclosed on January 26, 2026 cert.gov.ua/article/6287...
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • n8n-io
  • n8n

07 Jan 2026
Published
12 Jan 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
5.37%

KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 7 hours ago

Fediverse

Profile picture

RCE Threat in Workflow Automation
⚠️ CVE-2026-21858 — Critical unauthenticated remote code execution in n8n self-hosted instances can allow complete takeover if left unpatched.
Check remediation guidance here:
👉 cvedatabase.com/cve/CVE-2026-2 #CyberSecurity #DevOps

  • 0
  • 1
  • 0
  • 7h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • bootc

27 Jan 2026
Published
27 Jan 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 3 hours ago

Bluesky

Profile picture
🚨 Security Alert for Linux Administrators & #DevOps Teams 🚨 A critical buffer overflow vulnerability (CVE-2026-1484) in the core glib2 library has been patched by #SUSE (SUSE-2026-0355-1). Read more: 👉 tinyurl.com/328yctsd #Security
  • 0
  • 1
  • 0
  • 3h ago

Overview

  • Johnson Controls
  • Metasys

30 Jan 2026
Published
30 Jan 2026
Updated

CVSS v4.0
CRITICAL (9.5)
EPSS
0.60%

KEV

Description

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects  * Metasys: Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation,  * Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation,  * LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1,  * System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior,  * Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture

A critical SQL injection vulnerability (CVE-2025-26385) with a maximum CVSS score of 10.0 affects multiple Johnson Controls products, including Application and Data Server (ADS) and Extended Application and Data Server (ADX), allowing remote attackers to execute arbitrary SQL commands without authentication. The vulnerability impacts systems used in critical infrastructure sectors such as commercial facilities, energy, government, and transportation, and CISA recommends network isolation, firewalls, and VPNs for mitigation.
cybersecuritynews.com/johnson-

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • kimai
  • kimai

18 Jan 2026
Published
20 Jan 2026
Updated

CVSS v3.1
MEDIUM (6.8)
EPSS
0.03%

KEV

Description

Kimai is a web-based multi-user time-tracking application. Prior to version 2.46.0, Kimai's export functionality uses a Twig sandbox with an overly permissive security policy (`DefaultPolicy`) that allows arbitrary method calls on objects available in the template context. An authenticated user with export permissions can deploy a malicious Twig template that extracts sensitive information including environment variables, all user password hashes, serialized session tokens, and CSRF tokens. Version 2.46.0 patches this issue.

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture
[release-25.11] kimai: 2.44.0 -> 2.46.0; fixes CVE-2026-23626 https://github.com/NixOS/nixpkgs/pull/483486 #security
  • 0
  • 0
  • 0
  • 21h ago
Showing 1 to 10 of 45 CVEs