24h | 7d | 30d

CVE-2026-34040

Overview

  • moby
  • moby
31 Mar 2026
Published
02 Apr 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.01%
KEV

Description

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Statistics

  • 4 Posts
  • 1 Interaction
Last activity: 4 hours ago

Fediverse

Profile picture fallback
benzogaga33 :verified: @benzogaga33

Docker : la faille CVE-2026-34040 permet d’obtenir un accès root sur l’hôte ! it-connect.fr/docker-la-faille #ActuCybersécurité #Cybersécurité #Vulnérabilité #Docker

  • 1
  • 0
  • 0
  • 4h ago
Profile picture fallback
Sam Stepanyan :verified: 🐘 @securestep9

CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access:
👇
thehackernews.com/2026/04/dock

  • 0
  • 0
  • 1
  • 19h ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 CVE-2026-34040 : Contournement de l'autorisation Docker via corps HTTP surdimensionné 📝 ## 🔍 Contexte Publié le 7 avril 2026 par Vladimir Tokarev (C… https://cyberveille.ch/posts/2026-04-08-cve-2026-34040-contournement-de-l-autorisation-docker-via-corps-http-surdimensionne/ #AI_agent #Cyberveille
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-1340

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
09 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
73.80%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 3 Posts
Last activity: Last hour

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA added actively exploited Ivanti EPMM code injection flaw (CVE-2026-1340) to its KEV catalog. - IOCs: CVE-2026-1340 - #CVE20261340 #Ivanti #ThreatIntel
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Apr 8) CVE-2026-1340 Ivanti Endpoint Manager Mobile (EPMM) のコードインジェクション脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 CISA ordonne aux agences fédérales de patcher CVE-2026-1340 dans Ivanti EPMM avant le 11 avril 📝 📰 **Source** : BleepingComputer — **Date … https://cyberveille.ch/posts/2026-04-09-cisa-ordonne-aux-agences-federales-de-patcher-cve-2026-1340-dans-ivanti-epmm-avant-le-11-avril/ #CISA_KEV #Cyberveille
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-31790

Overview

  • OpenSSL
  • OpenSSL
07 Apr 2026
Published
08 Apr 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Izumi Tsutsui @tsutsuii

mail-index.netbsd.org/source-c
> Import OpenSSL-3.5.6 (previous was 3.5.5)
CVE-2026-31790, CVE-2026-2673, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789

mail-index.netbsd.org/source-c
> Import OpenSSH-10.3 (previous was 10.2)
これは CVE はなくて Security 関連仕様変更のみ?

mail-index.netbsd.org/source-c
> Import xz-5.8.3 (previous was 5.2.4)

> Fix a buffer overflow in lzma_index_append()
はあるけど、そもそも backdoor 以前のバージョンからの更新なのか?

少なくとも bind に加えて openssl は 11.0_RC4 不可避なのか

  • 1
  • 1
  • 0
  • 2h ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
Critical OpenSSL Flaw Exposes Sensitive Data: CVE-2026-31790 RSA KEM Vulnerability – Update Now! + Video Introduction: OpenSSL, the ubiquitous cryptographic library securing countless web servers, VPNs, and applications, has disclosed a moderate-severity vulnerability (CVE-2026-31790) in its RSA…
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
OpenSSL releases patch fixing seven vulnerabilities including CVE-2026-31790, a data leakage flaw from uninitialized memory in RSA key encapsulation. Affects versions 3.0 to 3.6. #OpenSSLUpdate #DataLeakage #CVE2026
  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-59718

Overview

  • Fortinet
  • FortiSwitchManager
09 Dec 2025
Published
20 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
7.62%
KEV

Description

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture fallback
Capstone Technologies Group @CapTechGroup

CVE-2025-59718 analysis shows attackers bypassing FortiGate SSO, exfiltrating configs, and establishing persistent VPN access over 2 weeks of dwell time. They targeted hypervisors, DCs, and backup infrastructure—classic pre-ransomware reconnaissance. Detection gaps: firewall config changes blend into routine admin tasks. #CVE202559718 #ransomware #firewall #incidentresponse #threatintel

bit.ly/4cf8M7B

  • 1
  • 0
  • 0
  • 22h ago

Bluesky

Profile picture fallback
Rapid7 @rapid7.com
Rapid7’s IR team was recently engaged around CVE-2025-59718 – a vuln that facilitates SSO login bypass in #Fortinet FortiGate appliances. In a new blog, dive into our investigative methodology, practical detection opportunities & more: r-7.co/3Q0CMwo
  • 0
  • 1
  • 0
  • 23h ago

CVE-2024-34359

Overview

  • abetlen
  • llama-cpp-python
10 May 2024
Published
02 Aug 2024
Updated
CVSS v3.1
CRITICAL (9.7)
EPSS
56.67%
KEV

Description

llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-python` depends on class `Llama` in `llama.py` to load `.gguf` llama.cpp or Latency Machine Learning Models. The `__init__` constructor built in the `Llama` takes several parameters to configure the loading and running of the model. Other than `NUMA, LoRa settings`, `loading tokenizers,` and `hardware settings`, `__init__` also loads the `chat template` from targeted `.gguf` 's Metadata and furtherly parses it to `llama_chat_format.Jinja2ChatFormatter.to_chat_handler()` to construct the `self.chat_handler` for this model. Nevertheless, `Jinja2ChatFormatter` parse the `chat template` within the Metadate with sandbox-less `jinja2.Environment`, which is furthermore rendered in `__call__` to construct the `prompt` of interaction. This allows `jinja2` Server Side Template Injection which leads to remote code execution by a carefully constructed payload.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 15 hours ago

Fediverse

Profile picture fallback
YAYAFA @yayafa

Llama Drama:AIアプリ開発用Pythonパッケージに重大な欠陥 システムやデータが侵害される恐れ(CVE-2024-34359) | Codebook|Security News yayafa.com/2776397/ #AgenticAi #AI #ArtificialGeneralIntelligence #ArtificialIntelligence #LLAMA #Meta #MetaAI #エージェント型AI #人工知能 #汎用人工知能

  • 0
  • 1
  • 0
  • 15h ago

Bluesky

Profile picture fallback
yayafa.bsky.social @yayafa.bsky.social
Llama Drama:AIアプリ開発用Pythonパッケージに重大な欠陥 システムやデータが侵害される恐れ(CVE-2024-34359) | Codebook|Security News https://www.yayafa.com/2776397/ 5月18〜20日:サイバーセキュリティ関連ニュースAIアプリケーション開発用Pythonパッケージに重大な欠陥 システムやデータが侵害される恐れ(CVE-2024-34359) SecurityWeek – May 17 [...]
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-0232

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
Last activity: 18 hours ago

Fediverse

Profile picture fallback
HackerWorkspace @hackerworkspace

CVE-2026-0232 Cortex XDR Agent: Local Administrator can disable the agent on Windows

security.paloaltonetworks.com/

Read on HackerWorkspace: hackerworkspace.com/article/cv

  • 0
  • 0
  • 0
  • 19h ago

Bluesky

Profile picture fallback
ripjyr.bsky.social @ripjyr.bsky.social
Paloaltoの脆弱性情報 「CVE-2026-0232 Cortex XDR Agent: Local Administrator can disable the agent on Windows (Severity: MEDIUM)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0232
  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-0740

Overview

  • SaturdayDrive
  • Ninja Forms - File Uploads
07 Apr 2026
Published
08 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.08%
KEV

Description

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulnerability was partially patched in version 3.3.25 and fully patched in version 3.3.27.

Statistics

  • 2 Posts
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Bernhard Biedermann @Bied

#WordPress - Nachrichten direkt aus der PlugIn Hölle live. 🤢

"With over 600,000 downloads, Ninja Forms is a popular WordPress form builder that lets users create forms without coding using a drag-and-drop interface. Its File Upload extension, included in the same suite, serves 90,000 customers."

CVE-2026-0740 severity rating 9.8

"After patch reviews and a partial fix on February 10, the vendor released a complete fix in version 3.3.27, available since March 19."

"Identified as CVE-2026-0740, the issue is currently exploited in attacks. According to WordPress security company Defiant, its Wordfence firewall blocked more than 3,600 attacks over the past 24 hours."

Bin gespannt wie viele Naivlinge es diesmal erwischt? 🙈

Fragen Sie immer einen erfahrenen Spezialisten wie man sein #WordPress sicher betreiben muss. 😊

bleepingcomputer.com/news/secu

#WordPress

  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
RS Web Solutions (RSWEBSOLS) @rswebsols

Hackers Take Advantage of Major Vulnerability in Ninja Forms Plugin for WordPress #wordpress

Critical vulnerability in Ninja Forms File Uploads for WordPress prompts urgent action. CVE-2026-0740 allows unauthenticated file uploads and potential remote code execution. Wordfence reports thousands of attacks daily. Upgrade to version 3.3.27+ now: ift.tt/K0kScOZ

Source: ift.tt/K0kScOZ | Image: ift.tt/ufylkGI

  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-5281

Overview

  • Google
  • Chrome
01 Apr 2026
Published
02 Apr 2026
Updated
CVSS
Pending
EPSS
3.28%
KEV

Description

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

Chrome’s Fourth Zero-Day of 2026: CISA Orders Federal Agencies to Patch CVE-2026-5281 by April 15
#CyberSecurity
securebulletin.com/chromes-fou

  • 4
  • 0
  • 0
  • 1h ago

CVE-2020-8562

Overview

  • Kubernetes
  • Kubernetes
01 Feb 2022
Published
16 Sep 2024
Updated
CVSS v3.1
LOW (2.2)
EPSS
0.06%
KEV

Description

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.

Statistics

  • 1 Post
  • 5 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Rory McCune @raesene

Next in my series of blogs on unpatchable Kubernetes vulnerabilities is out. This time it's about TOCTOUs and SSRF

securitylabs.datadoghq.com/art

  • 3
  • 2
  • 0
  • 2h ago

CVE-2024-1490

Overview

  • WAGO
  • CC100 (0751-9x01)
09 Apr 2026
Published
09 Apr 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.23%
KEV

Description

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2024-008
Wago: Vulnerability in WBM through Open VPN

A security vulnerability has been identified in the Web-Based Management (WBM) function when OpenVPN is enabled.
CVE-2024-1490

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 1
  • 1
  • 0
  • 2h ago
Showing 1 to 10 of 42 CVEs