24h | 7d | 30d

Overview

  • VMware
  • Aria Operations
  • vmware-aria-operations

25 Feb 2026
Published
04 Mar 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.47%

Description

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.  To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001  Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001

Statistics

  • 8 Posts
  • 5 Interactions

Last activity: Last hour

Fediverse

Profile picture fallback

The recently patched CVE-2026-22719 can be exploited by an unauthenticated attacker for remote code execution. securityweek.com/vmware-aria-o

  • 0
  • 0
  • 1
  • Last hour

Bluesky

Profile picture fallback
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks.
  • 0
  • 5
  • 0
  • 13h ago
Profile picture fallback
CISA added CVE-2026-22719, a high-severity command injection vulnerability in Broadcom VMware Aria Operations, to its Known Exploited Vulnerabilities catalog due to active exploitation in the wild.
  • 0
  • 0
  • 1
  • 7h ago
Profile picture fallback
CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback
~Cisa~ CISA added actively exploited Qualcomm and VMware Aria vulnerabilities to its KEV catalog. - IOCs: CVE-2026-21385, CVE-2026-22719 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
CISAが2つの既知の脆弱性をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Mar 3) CVE-2026-21385 Qualcomm の複数のチップセットにおけるメモリ破損の脆弱性 CVE-2026-22719 Broadcom VMware Aria Operations コマンドインジェクション脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Qualcomm, Inc.
  • Snapdragon

02 Mar 2026
Published
04 Mar 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

Description

Memory corruption while using alignments for memory allocation.

Statistics

  • 6 Posts

Last activity: Last hour

Fediverse

Profile picture fallback

The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups. darkreading.com/threat-intelli

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited https://packetstorm.news/news/view/40625 #news
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
Google confirme la faille CVE-2026-21385 dans un composant Android Qualcomm, exploitée en conditions réelles. Problème de dépassement mémoire (score 7.8) lié au Graphics. #Qualcomm #CyberSecurity #Android 📱
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
~Cisa~ CISA added actively exploited Qualcomm and VMware Aria vulnerabilities to its KEV catalog. - IOCs: CVE-2026-21385, CVE-2026-22719 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
CISAが2つの既知の脆弱性をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Mar 3) CVE-2026-21385 Qualcomm の複数のチップセットにおけるメモリ破損の脆弱性 CVE-2026-22719 Broadcom VMware Aria Operations コマンドインジェクション脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Google
  • Chrome

06 Jan 2026
Published
26 Feb 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

Statistics

  • 3 Posts
  • 1 Interaction

Last activity: 19 hours ago

Fediverse

Profile picture fallback

The flaw, tracked as CVE-2026-0628, was uncovered by researchers at Palo Alto Networks' Unit 42 who found that rogue Chrome extensions could manipulate how the browser handled requests to the embedded Gemini Live side panel. theregister.com/2026/03/03/goo

  • 0
  • 0
  • 1
  • 23h ago

Bluesky

Profile picture fallback
Chrome CVE-2026-0628 let malicious extensions hijack Gemini panel for privilege escalation, local file access, and surveillance.
  • 0
  • 1
  • 0
  • 19h ago

Overview

  • ModelScope
  • ms-agent

02 Mar 2026
Published
03 Mar 2026
Updated

CVSS
Pending
EPSS
0.13%

KEV

Description

A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.

Statistics

  • 2 Posts

Last activity: 10 hours ago

Bluesky

Profile picture fallback
CVE-2026-2256: Unpatched Flaw in MS-Agent Lets Hackers Hijack AI Assistants
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
CVE-2026-2256: MS-Agentの未修正の脆弱性により、ハッカーがAIアシスタントを乗っ取ることができる CVE-2026-2256: Unpatched Flaw in MS-Agent Lets Hackers Hijack AI Assistants #DailyCyberSecurity (Mar 3) securityonline.info/cve-2026-225...
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager

25 Feb 2026
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
2.60%

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

Statistics

  • 3 Posts

Last activity: 18 hours ago

Bluesky

Profile picture fallback
The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind. www.darkreading.com/vulnerabilit...
  • 0
  • 0
  • 1
  • 23h ago
Profile picture fallback
Cisco Zero-Day CVE-2026-20127 and the EU’s CRA Shockwave: How Railway Cybersecurity Just Changed Forever + Video Introduction: The convergence of a maximum-severity zero-day exploit and the European Commission’s first official Cyber Resilience Act (CRA) guidance has created a critical juncture for…
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Juniper Networks
  • Junos OS Evolved

25 Feb 2026
Published
04 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.33%

KEV

Description

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required. This issue affects Junos OS Evolved on PTX Series: * 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO. This issue does not affect Junos OS Evolved versions before 25.4R1-EVO. This issue does not affect Junos OS.

Statistics

  • 4 Posts

Last activity: 1 hour ago

Bluesky

Profile picture fallback
Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE) - watchTowr Labs
  • 0
  • 0
  • 2
  • 22h ago
Profile picture fallback
📌 Junos OS Evolved Vulnerability (CVE-2026-21902 RCE) Detailed by watchTowr Labs https://www.cyberhub.blog/article/20676-junos-os-evolved-vulnerability-cve-2026-21902-rce-detailed-by-watchtowr-labs
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Microsoft
  • ASP.NET Core 2.3

14 Oct 2025
Published
22 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
0.36%

KEV

Description

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 4 hours ago

Fediverse

Profile picture fallback

VDE-2026-001
METTLER TOLEDO: ASP.NET core vulnerability in LabX

LabX 21.2.12 (formerly known as LabX Cloud 1.2.12) is affected by the ASP.NET core vulnerability CVE-2025-55315.
CVE-2025-55315

certvde.com/en/advisories/vde-

mettler-toledo.csaf-tp.certvde

  • 1
  • 1
  • 0
  • 4h ago

Overview

  • kernel

07 Mar 2022
Published
21 Oct 2025
Updated

CVSS
Pending
EPSS
83.44%

Description

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 17 hours ago

Bluesky

Profile picture fallback
~Elastic~ Elastic details the evolution of Linux rootkits, covering userland, LKM, eBPF, and emerging io_uring hooking techniques. - IOCs: CVE-2022-0847 - #Linux #Rootkit #ThreatIntel
  • 0
  • 1
  • 0
  • 17h ago

Overview

  • QwikDev
  • qwik

03 Mar 2026
Published
03 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
Pending

KEV

Description

Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where require() is available at runtime. This vulnerability is fixed in 1.19.1.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 8 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-27971: QwikDev qwik <1.19.1 has a CRITICAL RCE flaw via unsafe deserialization in server-side RPC. No auth needed — patch to 1.19.1+ now! Exploits are trivial if require() is exposed. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 8h ago

Overview

  • Linux
  • Linux

22 Aug 2025
Published
03 Nov 2025
Updated

CVSS
Pending
EPSS
0.00%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race in packet_bind() and packet_notifier()"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily released. And the fix was similarly to temporarily set po->num to zero to keep the socket unhooked until the lock is retaken. The po->bind_lock in packet_set_ring and packet_notifier precede the introduction of git history.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 7 hours ago

Fediverse

Profile picture fallback

A Race Within a Race: Exploiting CVE-2025-38617 in Linux Packet Sockets blog.calif.io/p/a-race-within-

  • 0
  • 1
  • 0
  • 7h ago
Showing 1 to 10 of 68 CVEs