24h | 7d | 30d

Overview

  • Microsoft
  • ASP.NET Core 10.0

21 Apr 2026
Published
22 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.04%

KEV

Description

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Statistics

  • 10 Posts
  • 3 Interactions

Last activity: 5 hours ago

Fediverse

Profile picture fallback

From the .NET blog...

In case you missed it earlier...

.NET 10.0.7 Out-of-Band Security Update
devblogs.microsoft.com/dotnet/ #dotnet #MaintenanceUpdates #NET10 #CVE202640372 #OOB #Security

  • 1
  • 1
  • 0
  • 18h ago
Profile picture fallback

Microsoft has released an emergency .NET 10.0.7 update to fix a critical elevation of privilege vulnerability (CVE-2026-40372) in the Microsoft.AspNetCore.DataProtection NuGet package, affecting versions 10.0.0 through 10.0.6. This vulnerability could allow attackers to bypass integrity validation and escalate privileges, and Microsoft strongly advises immediate updating of the package.
cybersecuritynews.com/emergenc

  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback

CVE-2026-40372 in ASP.NET Core enables privilege escalation via cryptographic validation flaws.
Patch released - but token persistence risk remains without key rotation.

Source: thehackernews.com/2026/04/micr

Follow TechNadu. Insights? 👇

  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback

CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability esecurityplanet.com/threats/cv

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture fallback
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
ASP.NET Core vuln (CVE-2026-40372) → SYSTEM access risk. Crypto validation flaw = forged tokens possible. Patch helps, but key rotation is critical. Follow TechNadu for more. Thoughts? #CyberSecurity #Infosec #Microsoft
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
~Cybergcca~ Security updates released for GitLab CE/EE and a critical OOB patch for Microsoft .NET (CVE-2026-40372). - IOCs: CVE-2026-40372 - #GitLab #Microsoft #ThreatIntel
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug thehackernews.com/2026/04/micr...
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016

14 Apr 2026
Published
22 Apr 2026
Updated

CVSS v3.1
MEDIUM (6.5)
EPSS
7.94%

Description

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 6 Posts

Last activity: Last hour

Fediverse

Profile picture fallback

Over 1,370 Microsoft SharePoint servers are exposed online to a spoofing vulnerability (CVE-2026-32201), which is actively exploited in the wild. This critical flaw, identified by The Shadowserver Foundation, allows unauthorized attackers to bypass security protocols and potentially compromise sensitive corporate data, highlighting a significant patch management problem for many organizations.
gbhackers.com/1370-microsoft-s

  • 0
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture fallback
📢 Plus de 1 300 serveurs SharePoint non patchés exposés à CVE-2026-32201, exploitée en zero-day 📝 📰 **Source** : BleepingComputer, article de … https://cyberveille.ch/posts/2026-04-22-plus-de-1-300-serveurs-sharepoint-non-patches-exposes-a-cve-2026-32201-exploitee-en-zero-day/ #CISA_KEV #Cyberveille
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Over 1,300 Microsoft SharePoint servers remain unpatched against zero-day spoofing flaw CVE-2026-32201, affecting Server 2016, 2019, and Subscription Edition. Fewer than 200 patched despite active exploitation. #MicrosoftSharePoint #CISA #USA
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
“security flaw tracked as CVE-2026-32201 affects SharePoint Enterprise Server 2016, SharePoint Server 2019 & SharePoint Server Subscription Edition (.. latest on-premises version which uses a ‘continuous update’ model).” www.bleepingcomputer.com/news/securit... @microsoft.com @bleepingcomputer.com
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks (CVE-2026-32201) #patchmanagement
  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
Over 1,300 internet-exposed Microsoft SharePoint servers remain unpatched against a spoofing flaw, CVE-2026-32201, posing significant security risks.
  • 0
  • 0
  • 0
  • Last hour

Overview

  • PackageKit
  • PackageKit

22 Apr 2026
Published
22 Apr 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
Pending

KEV

Description

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5. A local unprivileged user can install arbitrary RPM packages as root, including executing RPM scriptlets, without authentication. The vulnerability is a TOCTOU race condition on `transaction->cached_transaction_flags` combined with a silent state-machine guard that discards illegal backward transitions while leaving corrupted flags in place. Three bugs exist in `src/pk-transaction.c`: 1. Unconditional flag overwrite (line 4036): `InstallFiles()` writes caller-supplied flags to `transaction->cached_transaction_flags` without checking whether the transaction has already been authorized/started. A second call blindly overwrites the flags even while the transaction is RUNNING. 2. Silent state-transition rejection (lines 873–882): `pk_transaction_set_state()` silently discards backward state transitions (e.g. `RUNNING` → `WAITING_FOR_AUTH`) but the flag overwrite at step 1 already happened. The transaction continues running with corrupted flags. 3. Late flag read at execution time (lines 2273–2277): The scheduler's idle callback reads cached_transaction_flags at dispatch time, not at authorization time. If flags were overwritten between authorization and execution, the backend sees the attacker's flags.

Statistics

  • 5 Posts
  • 7 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

Forgot your root password? No problem! With #PackageKit <= 1.3.4 you can do all the fun root action on any Linux system you have local access to, no privileges required!

Don't like that? Then PLEASE UPDATE your system ASAP to PackageKit >= 1.3.5 or any fixed distro package. Fixes for this vulnerability should already be available everywhere since today.

You can read more about CVE-2026-41651 on the security researcher's blog:
github.security.telekom.com/20

#pack2theroot #osssecurity

  • 3
  • 3
  • 0
  • 6h ago
Profile picture fallback

PackageKit GHSA-f55j-vvr9-69xv / "Pack2TheRoot" / CVE-2026-41651
请尽快更新
All PackageKit versions between >= 1.0.2 and <= 1.3.4 are vulnerable.
Debian 12 1.2.6-5+deb12u1
Debian 13 1.3.1-1+deb13u1
上游修复版本 1.3.5

This release fixes a critical security vulnerability that allows unprivileged local users to obtain root privileges on any distribution that uses PackageKit.

  • 0
  • 1
  • 0
  • 7h ago
Profile picture fallback

There is a great report out there by @dtcert

Telekom Red Team (great work guys) found a high severity LPE vulnerability in PackageKit daemon. In the report the distros of Ubuntu, Debian and Fedora and some more are mentioned as affected. Some left traces to hunt for the exploitation comes with the report, which is helpful.

edit: now known as CVE-2026-41651

github.security.telekom.com/20

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture fallback
Pack2TheRoot (CVE-2026-41651): Cross-Distro Local Privilege Escalation Vulnerability
  • 0
  • 0
  • 1
  • 1h ago

Overview

  • Apache Software Foundation
  • Apache ActiveMQ Broker
  • org.apache.activemq:activemq-broker

07 Apr 2026
Published
17 Apr 2026
Updated

CVSS
Pending
EPSS
59.64%

Description

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue

Statistics

  • 3 Posts
  • 1 Interaction

Last activity: 1 hour ago

Fediverse

Profile picture fallback

Thousands of Apache ActiveMQ instances remain unpatched weeks after a critical remote code injection vulnerability (CVE-2026-34197) was discovered, highlighting a dangerous lag in security updates. Experts warn that with AI capable of rapidly weaponizing newly found bugs, slow patching cycles are a significant network security risk.
csoonline.com/article/4161532/

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
6000+ Apache ActiveMQ Instances Vulnerable to CVE-2026-34197 exposed Online: cybersecuritynews.com/apache-activ...
  • 1
  • 0
  • 0
  • 16h ago
Profile picture fallback
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-34197 "This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise."
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Pending

07 Jun 2023
Published
20 Dec 2025
Updated

CVSS
Pending
EPSS
89.90%

Description

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

Statistics

  • 3 Posts
  • 5 Interactions

Last activity: 20 hours ago

Fediverse

Profile picture fallback

TP-Link router owners beware | A Deep Dive Into Attempted Exploitation of CVE-2023-33538 #devopsish unit42.paloaltonetworks.com/ex

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • OpenBSD
  • OpenBSD

20 Apr 2026
Published
21 Apr 2026
Updated

CVSS v3.1
MEDIUM (4.3)
EPSS
0.01%

KEV

Description

In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is zero.

Statistics

  • 2 Posts
  • 3 Interactions

Last activity: 18 hours ago

Fediverse

Profile picture fallback

Another1 - CVE-2026-41285 - OpenBSD

nvd.nist.gov/vuln/detail/CVE-2

(Project asswing was not involved)

  • 0
  • 0
  • 0
  • 18h ago

Bluesky

Profile picture fallback
Another1 - CVE-2026-41285 - OpenBSD nvd.nist.gov/vuln/detail/... (Project asswing was not involved)
  • 2
  • 1
  • 0
  • 18h ago

Overview

  • SGLang
  • SGLang

20 Apr 2026
Published
20 Apr 2026
Updated

CVSS
Pending
EPSS
0.29%

KEV

Description

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

Statistics

  • 3 Posts
  • 1 Interaction

Last activity: 7 hours ago

Bluesky

Profile picture fallback
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 1
  • 0
  • 21h ago
Profile picture fallback
⚠️ Manual Técnico: #Reparación del CVE-2026-5760 en el #Framework de IA #SGLang www.newstecnicas.info.ve/2026/04/manu...
  • 0
  • 0
  • 1
  • 7h ago

Overview

  • Microsoft
  • Microsoft Defender Antimalware Platform

14 Apr 2026
Published
22 Apr 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.06%

Description

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Statistics

  • 2 Posts

Last activity: Last hour

Fediverse

Profile picture fallback

Three publicly available exploits, BlueHammer, RedSun, and UnDefend, are being used to turn Microsoft Defender into an attacker tool, with two enabling SYSTEM-level access and one disrupting Defender's update mechanism. While a patch exists for BlueHammer (CVE-2026-33825), RedSun and UnDefend exploit separate flaws, allowing attackers to escalate privileges or weaken defenses with minimal modifications.
darkreading.com/cyberattacks-d

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
CISA has added the Microsoft Defender insufficient granularity of access control vulnerability CVE-2026-33825 to its KEV Catalog www.cisa.gov/known-exploi...
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Fortinet
  • FortiClientEMS

04 Apr 2026
Published
21 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
35.12%

Description

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Statistics

  • 1 Post
  • 4 Interactions

Last activity: 11 hours ago

Fediverse

Profile picture fallback

Critical Fortinet FortiClient EMS Zero-Day CVE-2026-35616 Exploited Before Official Patch Was Released
#CyberSecurity
securebulletin.com/critical-fo

  • 4
  • 0
  • 0
  • 11h ago

Overview

  • Google
  • Chrome

15 Apr 2026
Published
16 Apr 2026
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Statistics

  • 2 Posts

Last activity: 10 hours ago

Bluesky

Profile picture fallback
【脆弱性情報】 CVE-2026-6299 chromeの脆弱性について Google Chrome の 147.0.7727.101 より前のバージョンにおいて、Prerender に解放後使用の脆弱性が存在します。細工された HTML ページを介して、遠隔の攻撃者が任意のコードを実行できる可能性があります。
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
Google、Chrome 147で31件の脆弱性を修正、Criticalは5件(CVE-2026-6296、CVE-2026-6297、CVE-2026-6298、CVE-2026-6299、CVE-2026-6358を) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 23h ago
Showing 1 to 10 of 42 CVEs