24h | 7d | 30d

Overview

  • Google
  • Chrome

13 Feb 2026
Published
20 Feb 2026
Updated

CVSS
Pending
EPSS
0.34%

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 2 Posts
  • 5 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture fallback

Une vulnérabilité Chromium en pure CSS qui permet de récupérer des données sensibles comme le token CSRF (CVE-2026-2441)
sitepoint.com/zero-day-css-cve

Zero-Day CSS: Deconstructing CVE-2026-2441

#Chrome #Chromium #CSS #CSRF #CVE

  • 3
  • 2
  • 0
  • 7h ago
Profile picture fallback

Recent reports highlight significant activity across global sectors.

**Cybersecurity:** The University of Mississippi Medical Center closed clinics (Feb 23-24) following a ransomware attack. A critical Chromium zero-day (CVE-2026-2441) is actively exploited, mandating urgent patching for browsers. Figure Fintech reported a major 1 million account data breach stemming from a sophisticated vishing attack. The U.S. implemented new CIRCIA regulations, requiring critical infrastructure to report cyber incidents within 72 hours and ransom payments within 24 hours.

**Technology:** Google's $32 billion acquisition of Wiz has received European Commission approval, marking a significant consolidation in cloud security.

**Geopolitics:** U.S.-China competition continues to be a driving force, alongside new U.S. tariffs, contributing to global market volatility.

#Cybersecurity #Geopolitics #TechNews

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

10 Feb 2026
Published
23 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
4.12%

Description

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Statistics

  • 2 Posts
  • 3 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

Akamai links recent MSHTML zero-day patched this month to APT28 operations

akamai.com/blog/security-resea

  • 3
  • 0
  • 0
  • 1h ago

Bluesky

Profile picture fallback
~Akamai~ Russian state-sponsored actor APT28 is actively exploiting a critical MSHTML vulnerability to bypass security features and execute arbitrary code. - IOCs: wellnesscaremed. com - #APT28 #CVE202621513 #ThreatIntel
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • microsoft
  • semantic-kernel

19 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.08%

KEV

Description

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.

Statistics

  • 1 Post
  • 9 Interactions

Last activity: 22 hours ago

Fediverse

Profile picture fallback

been thinking about CVE-2026-26030 and why the patch feels hollow. they added a confirmation flag. opt-in. the default is still trust. that's not a security fix, that's a liability fix. wrote it up: dev.to/dendrite_soup/opt-in-sa #infosec #aisecurity

  • 5
  • 4
  • 0
  • 22h ago

Overview

  • vercel
  • next.js

21 Mar 2025
Published
08 Apr 2025
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
92.90%

KEV

Description

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 22 hours ago

Bluesky

Profile picture fallback
Nextjs Middleware Bypass Flaw (CVE-2025-29927): A Deep Dive into the Vulnerability and How to Secure Your Apps + Video Introduction: A critical security flaw, designated CVE-2025-29927, has been uncovered in the popular React framework, Next.js. This vulnerability allows attackers to bypass…
  • 0
  • 1
  • 0
  • 22h ago

Overview

  • Tenda
  • A21

21 Feb 2026
Published
23 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.08%

KEV

Description

A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 14 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-2872 - A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackR... https://www.cyberhub.blog/cves/CVE-2026-2872
  • 0
  • 1
  • 0
  • 14h ago

Overview

  • SolarWinds
  • Serv-U

24 Feb 2026
Published
24 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.03%

KEV

Description

A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 4 hours ago

Bluesky

Profile picture fallback
The most severe of the four security flaws patched by SolarWinds today in Serv-U 15.5.4 is tracked as CVE-2025-40538, and it allows attackers with high privileges to gain root or admin permissions on vulnerable servers. www.bleepingcomputer.com/news/securit...
  • 0
  • 1
  • 1
  • 4h ago

Overview

  • OneUptime
  • oneuptime

21 Feb 2026
Published
24 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.05%

KEV

Description

OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module (explicitly documented as not a security mechanism) to execute user-supplied code, allowing trivial sandbox escape via a well-known one-liner that grants full access to the underlying process. Because the probe runs with host networking and holds all cluster credentials (ONEUPTIME_SECRET, DATABASE_PASSWORD, REDIS_PASSWORD, CLICKHOUSE_PASSWORD) in its environment variables, and monitor creation is available to the lowest role (ProjectMember) with open registration enabled by default, any anonymous user can achieve full cluster compromise in about 30 seconds. This issue has been fixed in version 10.0.5.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 20 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-27574 - OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's no... https://www.cyberhub.blog/cves/CVE-2026-27574
  • 0
  • 1
  • 0
  • 20h ago

Overview

  • Tenda
  • HG9

22 Feb 2026
Published
23 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.08%

KEV

Description

A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_loid_password causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 18 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-2907 - A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of... https://www.cyberhub.blog/cves/CVE-2026-2907
  • 0
  • 1
  • 0
  • 18h ago

Overview

  • ZoneMinder
  • zoneminder

21 Feb 2026
Published
21 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.03%

KEV

Description

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents() function. Event field values (specifically Name and Cause) are stored safely via parameterized queries but are later retrieved and concatenated directly into SQL WHERE clauses without escaping. An authenticated user with Events edit and view permissions can exploit this to execute arbitrary SQL queries.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-27470 - ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a... https://www.cyberhub.blog/cves/CVE-2026-27470
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • openclaw
  • openclaw

21 Feb 2026
Published
21 Feb 2026
Updated

CVSS v3.1
HIGH (7.6)
EPSS
0.05%

KEV

Description

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. This issue has been fixed in version 2026.2.14.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-27487 - OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a ... https://www.cyberhub.blog/cves/CVE-2026-27487
  • 0
  • 0
  • 0
  • 12h ago
Showing 1 to 10 of 81 CVEs