24h | 7d | 30d

CVE-2026-0227

Overview

  • Palo Alto Networks
  • Cloud NGFW
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.6)
EPSS
0.07%
KEV

Description

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.

Statistics

  • 5 Posts
  • 1 Interaction
Last activity: 10 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Palo Alto Networks has released patches for a high-severity denial-of-service vulnerability (CVE-2026-0227) affecting its PAN-OS firewalls, which could cause them to enter maintenance mode and disrupt network availability.
csoonline.com/article/4117730/

  • 0
  • 0
  • 0
  • 17h ago
Profile picture
CyberNetsecIO @netsecio

📰 Palo Alto Networks Patches High-Severity DoS Flaw in PAN-OS Firewalls

Palo Alto Networks patches high-severity DoS flaw CVE-2026-0227 in PAN-OS. 🔒 The bug allows unauthenticated attackers to crash firewalls with GlobalProtect enabled. PoC exists. Patch immediately! #CyberSecurity #Vulnerability #PaloAltoNetworks

🔗 cyber.netsecops.io/articles/pa

  • 0
  • 0
  • 0
  • 10h ago

Bluesky

Profile picture
IT-Connect @it-connect.bsky.social
🛑 Palo Alto Networks – CVE-2026-0227 Un attaquant distant non authentifié peut provoquer un DoS sur le firewall. Il peut aller jusqu'à faire entrer le firewall en mode maintenance. 👇 + d'infos - www.it-connect.fr/palo-alto-ne... #PaloAlto #infosec #cybersecurite
  • 0
  • 1
  • 0
  • 14h ago
Profile picture
Calimeg @calimegai.bsky.social
#PaloAlto corrige une faille DoS dans #GlobalProtect qui peut faire planter les firewalls sans connexion 🔒 Une vulnérabilité critique (CVE-2026-0227, score 7.7) avec PoC a été fixée dans le Gateway et Portal. #CyberSecurity #IAÉthique #InnovationIA https://kntn.ly/73536fac
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
ripjyr.bsky.social @ripjyr.bsky.social
Paloaltoの脆弱性情報 「CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal (Severity: HIGH)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0227
  • 0
  • 0
  • 0
  • 10h ago

CVE-2025-20393

Overview

  • Cisco
  • Cisco Secure Email
17 Dec 2025
Published
15 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
6.44%
KEV

Description

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

Statistics

  • 4 Posts
  • 2 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Cisco has patched a critical AsyncOS vulnerability (CVE-2025-20393) that was exploited as a zero-day by the China-linked APT group UAT-9686 to gain root access and install persistence mechanisms like the AquaShell backdoor on Secure Email Gateway and Secure Email and Web Manager appliances.
securityaffairs.com/186985/apt

  • 0
  • 0
  • 0
  • 17h ago

Bluesky

Profile picture
780th Military Intelligence Brigade (Cyber) @780thmibdecyber.bsky.social
Cisco fixed a critical AsyncOS flaw, tracked as CVE-2025-20393 (CVSS score of 10.0), affecting Secure Email Gateway and Email and Web Manager, previously exploited as a zero-day by China-linked APT group UAT-9686. Security Affairs securityaffairs.com/186985/apt/c... @securityaffairs
  • 0
  • 2
  • 0
  • 16h ago
Profile picture
Information Security Briefly @infosecbriefly.bsky.social
CVE-2025-20393 in Cisco AsyncOS Spam Quarantine permits remote root command execution on internet-exposed, vulnerable appliances configured with Spam Quarantine.
  • 0
  • 0
  • 0
  • 23h ago
Profile picture
Help Net Security @helpnetsecurity.com
Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) 📖 Read more: www.helpnetsecurity.com/2026/01/16/c... #APT #EmailSecurity #AsyncOS #vulnerability #Cyberespionage #CybersecurityNews #ITsec #InfoSecNews
  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-53690

Overview

  • Sitecore
  • Experience Manager (XM)
03 Sep 2025
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.0)
EPSS
8.90%
KEV

Description

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

Statistics

  • 4 Posts
  • 1 Interaction
Last activity: 10 hours ago

Fediverse

Profile picture
CyberNetsecIO @netsecio

📰 China-Linked APT 'UAT-8837' Targets North American Critical Infrastructure

🇨🇳 A China-linked APT group, UAT-8837, is actively targeting North American critical infrastructure, warns Cisco Talos. The group exploits flaws like CVE-2025-53690 and uses tools like Earthworm for espionage. #APT #CyberSecurity #ThreatIntel #China

🔗 cyber.netsecops.io/articles/ch

  • 0
  • 1
  • 0
  • 10h ago
Profile picture
ekiledjian @edwardk

A China-linked APT group, UAT-8837, is exploiting a Sitecore zero-day vulnerability (CVE-2025-53690) to target American critical infrastructure, deploying open-source tools to harvest credentials and sensitive information.
thehackernews.com/2026/01/chin

  • 0
  • 0
  • 0
  • 17h ago
Profile picture
ekiledjian @edwardk

UAT-8837 targets critical infrastructure sectors in North America
blog.talosintelligence.com/uat

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium
confidence is a China-nexus advanced persistent threat (APT) actor based on
overlaps in tactics, techniques, and procedures (TTPs) with those of other
known China-nexus threat actors.

Based on UAT-8837's TTPs and post-compromise activity Talos has observed
across multiple intrusions, we assess with medium confidence that this actor
is primarily tasked with obtaining initial access to high-value organizations.

Although UAT-8837's targeting may appear sporadic, since at least 2025,
the group has clearly focused on targets within critical Infrastructure
sectors in North America.

After obtaining initial access — either by successful exploitation of
vulnerable servers or by using compromised credentials — UAT-8837
predominantly deploys open-source tools to harvest sensitive information such
as credentials, security configurations, and domain and Active Directory (AD)
information to create multiple channels of access to their victims. The threat
actor uses a combination of tools in their post-compromise hands-on-keyboard
operations, including Earthworm, Sharphound, DWAgent, and Certipy. The TTPs,
tooling, and remote infrastructure associated with UAT-8837 were also seen in
the recent exploitation of CVE-2025-53690, a ViewState Deserialization
zero-day vulnerability in SiteCore products, indicating that UAT-8837 may have
access to zero-day exploits.

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture
Kevin Poireault @leekthehack.bsky.social
🔎 VulnWatch Friday: CVE-2025-53690 🔓 China-linked hacking group UAT-8837 is exploiting CVE-2025-53690 (Sitecore vulnerability) to breach North American critical infrastructure, deploying the WeepSteel backdoor, according to @talosintelligence.com.
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-0915

Overview

  • The GNU C Library
  • glibc
15 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Statistics

  • 3 Posts
  • 5 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture
Anderson Nascimento @andersonc0d3

GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)

sourceware.org/pipermail/libc-

  • 0
  • 0
  • 0
  • 13h ago
Profile picture
buherator @buherator
GLIBC-SA-2026-0001: Integer overflow in memalign leads to heap corruption (CVE-2026-0861)

https://www.openwall.com/lists/oss-security/2026/01/16/5

GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)

https://www.openwall.com/lists/oss-security/2026/01/16/6
  • 3
  • 1
  • 0
  • 13h ago

Bluesky

Profile picture
buherator @buherator.bsky.social
GLIBC-SA-2026-0001: Integer overflow in memalign leads to heap corruption (CVE-2026-0861) www.openwall.com -> GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915) www.openwall.com -> Original->
  • 0
  • 1
  • 0
  • 13h ago

CVE-2025-12420

Overview

  • ServiceNow
  • Now Assist AI Agents
12 Jan 2026
Published
14 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.07%
KEV

Description

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update to  hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Additionally, the vulnerability is addressed in the listed Store App versions. We recommend that customers promptly apply an appropriate security update or upgrade if they have not already done so.

Statistics

  • 3 Posts
Last activity: 15 hours ago

Fediverse

Profile picture
mark carter @Markcarter

Fascinating 🛡️ BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow 🛡️
Key Takeaways
AI agents significantly amplify the impact of traditional security flaws.
A Virtual Agent integration flaw (CVE-2025-12420) allowed unauthenticated attackers to impersonate any ServiceNow user using only an email address, bypassing MFA and SSO.
Virtual Agent APIs can become unintended execution paths for privileged AI workflows.
Internal topics such as AIA-Agent Invoker AutoChat enable AI agents to be executed outside expected deployment constraints.
Point-in-time fixes do not eliminate systemic risk from insecure provider and agent configurations.
Preventing abuse of agentic AI in conversational channels requires:
Strong provider configuration controls, including enforced MFA for account linking
Establishing an agent approval-process
Implementing lifecycle management policies to de-provision unused or stagnant agents.
appomni.com/ao-labs/bodysnatch

  • 0
  • 0
  • 1
  • 17h ago
Profile picture
Jack Poller @poller

The ServiceNow 'BodySnatcher' vulnerability (CVE-2025-12420) shows why AI's race to market is a security disaster. Unauthenticated attackers hijacking AI agents to bypass MFA? This is what happens when we ship AI without proper security. My latest: securityboulevard.com/2026/01/

  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-37164

Overview

  • Hewlett Packard Enterprise (HPE)
  • HPE OneView
16 Dec 2025
Published
08 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
81.31%
KEV

Description

A remote code execution issue exists in HPE OneView.

Statistics

  • 2 Posts
Last activity: 15 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Patch Now: Active Exploitation Underway for Critical HPE OneView Vulnerability
blog.checkpoint.com/research/p

Check Point Research has identified an active, coordinated exploitation
campaign targeting CVE-2025-37164, a critical remote code execution
vulnerability affecting HPE OneView. The activity, observed directly in Check
Point telemetry, is attributed to the RondoDox botnet and represents a sharp
escalation from early probing attempts to large-scale, automated attacks.

Check Point has already blocked tens of thousands of exploitation attempts,
underscoring both the severity of the vulnerability and the urgency for
organizations to act.

On January 7, 2026 Check Point Research reported the campaign to CISA, and the
vulnerability was added to the Known Exploited Vulnerabilities KEV catalog
the same day.

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture
Information Security Briefly @infosecbriefly.bsky.social
RondoDox botnet rapidly escalated automated exploitation of critical, unauthenticated remote code execution vulnerability CVE-2025-37164 in HPE OneView, causing tens of thousands of attack attempts.
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-21858

Overview

  • n8n-io
  • n8n
07 Jan 2026
Published
12 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
2.96%
KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 17 hours ago

Bluesky

Profile picture
Application Security Feed @appsecfeed.bsky.social
🗞️ New Vulnerability in n8n – CVE-2026-21858 🔗 https://www.schneier.com/blog/archives/2026/01/new-vulnerability-in-n8n.html
  • 2
  • 0
  • 0
  • 17h ago

CVE-2026-0861

Overview

  • The GNU C Library
  • glibc
14 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.

Statistics

  • 2 Posts
  • 5 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture
buherator @buherator
GLIBC-SA-2026-0001: Integer overflow in memalign leads to heap corruption (CVE-2026-0861)

https://www.openwall.com/lists/oss-security/2026/01/16/5

GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)

https://www.openwall.com/lists/oss-security/2026/01/16/6
  • 3
  • 1
  • 0
  • 13h ago

Bluesky

Profile picture
buherator @buherator.bsky.social
GLIBC-SA-2026-0001: Integer overflow in memalign leads to heap corruption (CVE-2026-0861) www.openwall.com -> GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915) www.openwall.com -> Original->
  • 0
  • 1
  • 0
  • 13h ago

CVE-2025-64155

Overview

  • Fortinet
  • FortiSIEM
13 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.4)
EPSS
0.09%
KEV

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture
raptor :C_H: @raptor

CVE-2025-64155: Three Years of Remotely Rooting the

horizon3.ai/attack-research/di

  • 1
  • 0
  • 0
  • 11h ago

CVE-2025-62582

Overview

  • Delta Electronics
  • DIAView
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%
KEV

Description

Delta Electronics DIAView has multiple vulnerabilities.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 13 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-62582 - Critical (9.8)

Delta Electronics DIAView has multiple vulnerabilities.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 1
  • 0
  • 13h ago
Showing 1 to 10 of 64 CVEs