Overview
Description
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.
To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001
Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001
Statistics
- 8 Posts
- 5 Interactions
Last activity: Last hour
Fediverse
The recently patched CVE-2026-22719 can be exploited by an unauthenticated attacker for remote code execution. https://www.securityweek.com/vmware-aria-operations-vulnerability-exploited-in-the-wild/
Bluesky
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks.
CISA added CVE-2026-22719, a high-severity command injection vulnerability in Broadcom VMware Aria Operations, to its Known Exploited Vulnerabilities catalog due to active exploitation in the wild.
CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
~Cisa~
CISA added actively exploited Qualcomm and VMware Aria vulnerabilities to its KEV catalog.
-
IOCs: CVE-2026-21385, CVE-2026-22719
-
#CISA #KEV #ThreatIntel
Overview
Description
Memory corruption while using alignments for memory allocation.
Statistics
- 6 Posts
Last activity: Last hour
Fediverse
The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups. https://www.darkreading.com/threat-intelligence/qualcomm-zero-day-exploited-targeted-android-attacks
Bluesky
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited https://packetstorm.news/news/view/40625 #news
Google confirme la faille CVE-2026-21385 dans un composant Android Qualcomm, exploitée en conditions réelles. Problème de dépassement mémoire (score 7.8) lié au Graphics. #Qualcomm #CyberSecurity #Android 📱
~Cisa~
CISA added actively exploited Qualcomm and VMware Aria vulnerabilities to its KEV catalog.
-
IOCs: CVE-2026-21385, CVE-2026-22719
-
#CISA #KEV #ThreatIntel
Overview
Description
Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
Statistics
- 3 Posts
- 1 Interaction
Last activity: 19 hours ago
Fediverse
The flaw, tracked as CVE-2026-0628, was uncovered by researchers at Palo Alto Networks' Unit 42 who found that rogue Chrome extensions could manipulate how the browser handled requests to the embedded Gemini Live side panel. https://www.theregister.com/2026/03/03/google_chrome_bug_gemini/
Overview
Description
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
Statistics
- 2 Posts
Last activity: 10 hours ago
Overview
Description
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.
Statistics
- 3 Posts
Last activity: 18 hours ago
Bluesky
The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind. www.darkreading.com/vulnerabilit...
Overview
- Juniper Networks
- Junos OS Evolved
25 Feb 2026
Published
04 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.33%
KEV
Description
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root.
The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device.
Please note that this service is enabled by default as no specific configuration is required.
This issue affects Junos OS Evolved on PTX Series:
* 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO.
This issue does not affect Junos OS Evolved versions before 25.4R1-EVO.
This issue does not affect Junos OS.
Statistics
- 4 Posts
Last activity: 1 hour ago
Bluesky
Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE) - watchTowr Labs
Overview
- Microsoft
- ASP.NET Core 2.3
14 Oct 2025
Published
22 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.36%
KEV
Description
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
Statistics
- 1 Post
- 2 Interactions
Last activity: 4 hours ago
Fediverse
#OT #Advisory VDE-2026-001
METTLER TOLEDO: ASP.NET core vulnerability in LabX
LabX 21.2.12 (formerly known as LabX Cloud 1.2.12) is affected by the ASP.NET core vulnerability CVE-2025-55315.
#CVE CVE-2025-55315
https://certvde.com/en/advisories/vde-2026-001/
#oCSAF
#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-001.json
Description
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Statistics
- 1 Post
- 1 Interaction
Last activity: 17 hours ago
Overview
- QwikDev
- qwik
03 Mar 2026
Published
03 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
Pending
KEV
Description
Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where require() is available at runtime. This vulnerability is fixed in 1.19.1.
Statistics
- 1 Post
- 1 Interaction
Last activity: 8 hours ago
Fediverse
⚠️ CVE-2026-27971: QwikDev qwik <1.19.1 has a CRITICAL RCE flaw via unsafe deserialization in server-side RPC. No auth needed — patch to 1.19.1+ now! Exploits are trivial if require() is exposed. https://radar.offseq.com/threat/cve-2026-27971-cwe-502-deserialization-of-untruste-b59de789 #OffSeq #CVE202627971 #RCE #JavaScript #InfoSec
Overview
Description
In the Linux kernel, the following vulnerability has been resolved:
net/packet: fix a race in packet_set_ring() and packet_notifier()
When packet_set_ring() releases po->bind_lock, another thread can
run packet_notifier() and process an NETDEV_UP event.
This race and the fix are both similar to that of commit 15fe076edea7
("net/packet: fix a race in packet_bind() and packet_notifier()").
There too the packet_notifier NETDEV_UP event managed to run while a
po->bind_lock critical section had to be temporarily released. And
the fix was similarly to temporarily set po->num to zero to keep
the socket unhooked until the lock is retaken.
The po->bind_lock in packet_set_ring and packet_notifier precede the
introduction of git history.
Statistics
- 1 Post
- 1 Interaction
Last activity: 7 hours ago
Fediverse
A Race Within a Race: Exploiting CVE-2025-38617 in Linux Packet Sockets https://blog.calif.io/p/a-race-within-a-race-exploiting-cve