24h | 7d | 30d

Overview

  • SGLang
  • SGLang

20 Apr 2026
Published
20 Apr 2026
Updated

CVSS
Pending
EPSS
0.29%

KEV

Description

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

Statistics

  • 4 Posts
  • 2 Interactions

Last activity: 12 hours ago

Fediverse

Bluesky

Profile picture fallback
A critical vulnerability (CVE-2026-5760) with a CVSS score of 9.8 allows remote code execution in the SGLang framework. The flaw […]
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
SGLang CVE-2026-5760 (CVSS 9.8) 悪意のあるGGUFモデルファイルを介してリモートコード実行が可能になる SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files #HackerNews (Apr 20) thehackernews.com/2026/04/sgla...
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
A critical command-injection vulnerability CVE-2026-5760 (CVSS 9.8) in SGLang’s /v1/rerank allows RCE via malicious GGUF models using Jinja2 SSTI payloads. Mitigation: use ImmutableSandboxedEnvironment. #SGLangFlaw #RemoteExecution #CERT
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager

25 Feb 2026
Published
21 Apr 2026
Updated

CVSS v3.1
MEDIUM (6.5)
EPSS
1.97%

Description

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

Statistics

  • 2 Posts

Last activity: 6 hours ago

Bluesky

Profile picture fallback
CISA、シスコ製品やZimbraなどの脆弱性8件をKEVカタログに追加(CVE-2026-20133ほか) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/45360/
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133) 📖 Read more: www.helpnetsecurity.com/2026/04/21/c... #cybersecurity #cybersecuritynews #government @cisco.com @vulncheck.bsky.social #CISA
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • SolarWinds
  • Web Help Desk

23 Sep 2025
Published
10 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
29.28%

Description

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 11 hours ago

Fediverse

Profile picture fallback

QEMU abuse rising 🚨
QEMU used for stealth VMs, SSH tunnels, persistence
CVE-2025-26399, CitrixBleed2 exploited
💬 Monitoring VM layer yet?

Source: securityweek.com/hackers-abuse

Follow TechNadu

  • 1
  • 0
  • 0
  • 11h ago

Bluesky

Profile picture fallback
Hackers are exploiting QEMU VMs to create reverse SSH tunnels for deploying ransomware and RATs. Campaigns STAC4713 and STAC3725 leveraged SonicWall VPNs, SolarWinds CVE-2025-26399, and CitrixBleed2 CVE-2025-5777. #GoldEncounter #QEMUAbuse #USA
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 12 Interactions

Last activity: 9 hours ago

Fediverse

Profile picture fallback

Ruby 4.0.3 has been released. It updates ERB to 6.0.1.1 for CVE-2026-41316.

If your application calls Marshal.load on untrusted data AND has both erb and activesupport loaded, please update your ERB version. You may update Ruby to 4.0.3 to do so.

ruby-lang.org/en/news/2026/04/

  • 5
  • 7
  • 0
  • 9h ago

Overview

  • 0xJacky
  • nginx-ui

30 Mar 2026
Published
16 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
7.55%

KEV

Description

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as "allow all". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover. At time of publication, there are no publicly available patches.

Statistics

  • 1 Post
  • 5 Interactions

Last activity: 9 hours ago

Fediverse

Profile picture fallback

Critical CVE-2026-33032 (MCPwn): Actively Exploited nginx-ui Flaw Enables Full Web Server Takeover in Two HTTP Requests
#CyberSecurity
securebulletin.com/critical-cv

  • 5
  • 0
  • 0
  • 9h ago

Overview

  • spinnaker
  • spinnaker

20 Apr 2026
Published
20 Apr 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.06%

KEV

Description

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression Language) to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT restricting that context to a set of trusted classes, but allowing FULL JVM access. This enabled a user to use arbitrary java classes which allow deep access to the system. This enabled the ability to invoke commands, access files, etc. Versions 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2 contain a patch. As a workaround, disable echo entirely.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 5 hours ago

Fediverse

Profile picture fallback

Spinnaker, the open-source continuous delivery platform from Netflix and Google, patched CVE-2026-32613, a CVSS 9.9 remote code execution in the Echo notification service. Echo did not restrict its Spring Expression Language context to trusted classes, giving attackers full Java process access. Maintainers back-ported across four branches (2026.1.0, 2026.0.1, 2025.4.2, 2025.3.2). Quality is what maintainers do the week a critical hits an old branch.

#OpenSource #DevOps #CyberSec #Spinnaker

  • 0
  • 1
  • 0
  • 5h ago

Overview

  • NewSoft
  • NewSoftOA

21 Apr 2026
Published
21 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
6.34%

KEV

Description

NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 14 hours ago

Fediverse

Profile picture fallback

🚨 NewSoftOA faces a critical OS command injection (CVE-2026-5965, CVSS 9.3). Unauthenticated local attackers can run arbitrary OS commands. No patch yet — restrict access & monitor vendor updates! radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 14h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture fallback
HDR images can pwn your SUSE server via GEGL (CVE-2026-2049 style). Instead of waiting for patches, learn to audit image parsers for good. Read more: 👉 tinyurl.com/3tuvc47p #SUSE
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

14 Apr 2026
Published
21 Apr 2026
Updated

CVSS v3.1
MEDIUM (4.3)
EPSS
0.03%

KEV

Description

Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
PoC Exploit Unleashed: Windows Snipping Tool Leaks NTLM Hashes via Malicious Deep Links – Patch Now! + Video Introduction: A newly disclosed proof-of-concept (PoC) exploit for CVE-2026-33829 demonstrates how Microsoft’s Snipping Tool can be abused to leak Net-NTLM credential hashes simply by…
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Sudo project
  • Sudo

30 Jun 2025
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
38.49%

Description

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Statistics

  • 1 Post

Last activity: 9 hours ago

Fediverse

Profile picture fallback

VDE-2026-032
Endress+Hauser: sudo vulnerability affects Endress+Hauser MCS200HW

The display unit of the Endress+Hauser MCS200HW is affected by a sudo chroot vulnerability.
CVE-2025-32463

certvde.com/en/advisories/vde-

endress-hauser.csaf-tp.certvde

  • 0
  • 0
  • 0
  • 9h ago
Showing 1 to 10 of 44 CVEs