24h | 7d | 30d

CVE-2026-2329

Overview

  • Grandstream
  • GXP1610
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.14%
KEV

Description

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

Statistics

  • 2 Posts
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

CRITICAL: Grandstream VoIP phones hit by unauthenticated RCE (CVE-2026-2329) — allows call interception & device compromise. No patch yet. Restrict access, disable remote mgmt, and monitor for threats. radar.offseq.com/threat/critic

  • 0
  • 0
  • 0
  • 22h ago

Bluesky

Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-2909

Overview

  • Tenda
  • HG9
22 Feb 2026
Published
22 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.05%
KEV

Description

A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 19 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 HIGH-severity (CVSS 8.7): Stack buffer overflow in Tenda HG9 (v300001138) via /boaform/formPing. Remote code execution possible with public exploit available. Restrict access, monitor, and patch ASAP! Details: radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 19h ago

CVE-2026-22769

Overview

  • Dell
  • RecoverPoint for Virtual Machines
17 Feb 2026
Published
19 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
28.78%
KEV

Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 13 hours ago

Fediverse

Profile picture fallback
jbz @jbz

🏁 CISA gives feds 3 days to patch actively exploited Dell bug

「 The bug affects Dell RecoverPoint for Virtual Machines and stems from hardcoded credentials that can allow attackers to gain unauthorized access. Dell disclosed and patched the issue earlier this week, noting that criminals had already been exploiting it before a fix was available 」

go.theregister.com/feed/www.th

#exploit #CVE202622769 #cybersecurity

  • 1
  • 0
  • 0
  • 13h ago

CVE-2026-25727

Overview

  • time-rs
  • time
06 Feb 2026
Published
06 Feb 2026
Updated
CVSS v4.0
MEDIUM (6.8)
EPSS
0.05%
KEV

Description

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 9 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Is your #Fedora 42 build environment secure? 🛡️ A new high-severity vulnerability (CVE-2026-25727) targets python-uv-build, risking total system crashes via stack exhaustion. 🐍💥 Read more: 👉 tinyurl.com/2uh6ha34 #Security
  • 0
  • 1
  • 0
  • 10h ago
Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
The latest uv update for #Fedora 42 (0.10.2) is a mandatory security patch. It fixes CVE-2026-25727, a stack exhaustion DoS in python-uv-build. Read mroe: 👉 tinyurl.com/2p9sryzj #Security
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical Security Update for #Fedora 42 Users A new update is available for python-uv-build (version 0.10.2) that addresses a significant Denial of Service vulnerability (CVE-2026-25727). Read more: 👉 tinyurl.com/58czbect #Security
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-2926

Overview

  • D-Link
  • DWR-M960
22 Feb 2026
Published
22 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

CVE-2026-2926: HIGH-severity stack buffer overflow in D-Link DWR-M960 v1.01.07. Remote, unauthenticated code execution possible. Public PoC released — no vendor patch yet. Isolate devices, monitor endpoints, restrict access. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-26958

Overview

  • FiloSottile
  • filippo.io/edwards25519
19 Feb 2026
Published
20 Feb 2026
Updated
CVSS v4.0
LOW (1.7)
EPSS
0.04%
KEV

Description

filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult is called on an initialized point that is not the identity point, it returns an incorrect result. If the method is called on an uninitialized point, the behavior is undefined. In particular, if the receiver is the zero value, MultiScalarMult returns an invalid point that compares Equal to every other point. Note that MultiScalarMult is a rarely used, advanced API. For example, users who depend on filippo.io/edwards25519 only through github.com/go-sql-driver/mysql are not affected. This issue has been fixed in version 1.1.1.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 Filippo Valsorda appelle à désactiver Dependabot au profit de govulncheck pour des alertes vulnérabilités p…📝 … https://cyberveille.ch/posts/2026-02-22-filippo-valsorda-appelle-a-desactiver-dependabot-au-profit-de-govulncheck-pour-des-alertes-vulnerabilites-pertinentes/ #CVE_2026_26958 #Cyberveil…
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-27161

Overview

  • GetSimpleCMS-CE
  • GetSimpleCMS-CE
20 Feb 2026
Published
20 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.07%
KEV

Description

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled (common in hardened or shared hosting environments), these protections are silently ignored, allowing unauthenticated attackers to list and download sensitive files including authorization.xml, which contains cryptographic salts and API keys. This issue does not have a fix at the time of publication.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture fallback
Securitycipher @securitycipher.bsky.social
How I found CVE-2026–27161 (Sensitive Disclosure) | Cyber Tamarin https://cybertamarin.medium.com/how-i-found-cve-2026-27161-sensitive-disclosure-cyber-tamarin-9b2e62dac238?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-21533

Overview

  • Microsoft
  • Windows 10 Version 1607
10 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
1.62%
KEV

Description

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
RDPulse: The New Open-Source Tool Exposing Hidden RDP Risks in Your Network (CVE-2026-21533 Context) + Video Introduction Remote Desktop Protocol remains one of the most targeted attack vectors in enterprise environments, yet security teams struggle to understand how exposed RDP services actually…
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-2925

Overview

  • D-Link
  • DWR-M960
22 Feb 2026
Published
22 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔎 HIGH severity: D-Link DWR-M960 v1.01.07 vulnerable to stack-based buffer overflow (CVE-2026-2925) via Bridge VLAN config. Remote exploit now public — monitor exposure & await patches. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-2904

Overview

  • UTT
  • HiPER 810G
22 Feb 2026
Published
22 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CVE-2026-2904 (HIGH): Buffer overflow in UTT HiPER 810G v1.7.7-171114 via /goform/ConfigExceptAli. Remote, unauthenticated RCE/DoS risk. Public exploit code available — restrict access & monitor. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 20h ago
Showing 1 to 10 of 18 CVEs