24h | 7d | 30d

CVE-2025-0520

Overview

  • ShowDoc
  • ShowDoc
29 Apr 2025
Published
19 Nov 2025
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
2.03%
KEV

Description

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.

Statistics

  • 3 Posts
  • 3 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture fallback
Hackread.com @Hackread

📢⚠️ Hackers are exploiting a 5-year-old #ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide.

Read: hackread.com/showdoc-vulnerabi

#CyberSecurity #Vulnerability #CyberAttacks

  • 0
  • 0
  • 1
  • 22h ago

Bluesky

Profile picture fallback
Hackread.com @hackread.bsky.social
📢⚠️ Hackers are exploiting a 5-year-old #ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide. Read: hackread.com/showdoc-vuln... #CyberSecurity #Vulnerability #CyberAttacks
  • 1
  • 2
  • 0
  • 22h ago

CVE-2024-3721

Overview

  • TBK
  • DVR-4104
13 Apr 2024
Published
01 Aug 2024
Updated
CVSS v3.1
MEDIUM (6.3)
EPSS
83.86%
KEV

Description

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 1 hour ago

Fediverse

Profile picture fallback
tomcat @tomcat

Attackers are exploiting CVE-2024-3721 in TBK DVRs to deploy Mirai variant Nexcorium.

It spreads via old exploits and default creds, persists on devices, and launches DDoS attacks. EoL TP-Link routers are also being targeted via known flaws.

🔗 Read → thehackernews.com/2026/04/mira

  • 0
  • 1
  • 0
  • 3h ago

Bluesky

Profile picture fallback
Sami Laiho @samilaiho.com
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet thehackernews.com/2026/04/mira...
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-4440

Overview

  • Google
  • Chrome
20 Mar 2026
Published
21 Mar 2026
Updated
CVSS
Pending
EPSS
0.07%
KEV

Description

Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical)

Statistics

  • 1 Post
  • 14 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Catalin Cimpanu @campuscodi

Exploit code for a recently patched Chrome vulnerability has leaked online via a misconfigured server.

Security firm Breakglass believes the code is the work of a "professional exploit developer," and most intended for "sale or government use."

intel.breakglass.tech/post/cve

  • 7
  • 7
  • 0
  • 2h ago

CVE-2026-33829

Overview

  • Microsoft
  • Windows 10 Version 1607
14 Apr 2026
Published
17 Apr 2026
Updated
CVSS v3.1
MEDIUM (4.3)
EPSS
0.06%
KEV

Description

Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post
  • 7 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Bezpieka Nadaje @bezpieka

CVE-2026-33829 - kolejny ciekawy błąd w Windowsie.
Jeżeli masz zainstalowane "Narzędzie Wycinanie" (a najprawdopodobniej masz) - wystarczy, że wejdziesz na spreparowaną stronę internetową, żeby Twoje hasło do Windowsa (hash NTLM) popłynęło na serwer atakującego.

  • 5
  • 2
  • 0
  • 2h ago

CVE-2026-40342

Overview

  • FirebirdSQL
  • firebird
17 Apr 2026
Published
17 Apr 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.08%
KEV

Description

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server's OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 17 hours ago

Fediverse

Profile picture fallback
Jernej SimoncĚŚiÄŤ ďż˝ @jernej__s

Hey, @cR0w, another ../ for you: vuldb.com/cve/CVE-2026-40342

  • 1
  • 3
  • 0
  • 17h ago

CVE-2025-4802

Overview

  • The GNU C Library
  • glibc
16 May 2025
Published
26 Feb 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 22 hours ago

Bluesky

Profile picture fallback
0xor0ne @0xor0ne.bsky.social
Analysis of CVE-2025-4802: glibc 2.27-2.38 fails to sanitize LD_LIBRARY_PATH before dlopen() in statically linked SUID binaries, allowing arbitrary library loading and LPE. allelesecurity.com/libc-vuln-an... Infosec
  • 1
  • 1
  • 0
  • 22h ago

CVE-2026-6570

Overview

  • kodcloud
  • KodExplorer
19 Apr 2026
Published
19 Apr 2026
Updated
CVSS v4.0
MEDIUM (5.1)
EPSS
Pending
KEV

Description

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture fallback
OffSequence @offseq

CVE-2026-6570 (MEDIUM): kodcloud KodExplorer (v4.0 – 4.52) suffers an auth bypass in initInstall, allowing remote unauthorized access. No fix yet — restrict access & monitor for updates. radar.offseq.com/threat/cve-20

  • 1
  • 1
  • 0
  • 1h ago

CVE-2026-39973

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
iBotPeaches @iBotPeaches

apktool 3.0.2 is out!

- performance boosts
- CVE-2026-39973 fix
- bug fixes for splits & Meta apks

apktool.org/blog/apktool-3.0.2

  • 1
  • 1
  • 0
  • Last hour

CVE-2026-3055

Overview

  • NetScaler
  • ADC
23 Mar 2026
Published
31 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
55.71%
KEV

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 21 hours ago

Fediverse

Profile picture fallback
Javvad Malik :verified: @Javvad

NetScaler is doing it again. Third time in three years we're patching memory leaks that hand attackers your session tokens on a plate. CISA's already got it on the emergency list. If you run one, stop reading this and patch now.

cybersec.picussecurity.com/s/c

  • 1
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture fallback
Javvad Malik @j4vv4d.com
NetScaler is doing it again. Third time in three years we're patching memory leaks that hand attackers your session tokens on a plate. CISA's already got it on the emerg... https://cybersec.picussecurity.com/s/cve-2026-3055-cve-2026-4368-inside-the-netscaler-citrixbleed-3-memory-overread-26799
  • 0
  • 2
  • 0
  • 21h ago

CVE-2026-4368

Overview

  • NetScaler
  • ADC
23 Mar 2026
Published
24 Mar 2026
Updated
CVSS v4.0
HIGH (7.7)
EPSS
0.02%
KEV

Description

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 21 hours ago

Fediverse

Profile picture fallback
Javvad Malik :verified: @Javvad

NetScaler is doing it again. Third time in three years we're patching memory leaks that hand attackers your session tokens on a plate. CISA's already got it on the emergency list. If you run one, stop reading this and patch now.

cybersec.picussecurity.com/s/c

  • 1
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture fallback
Javvad Malik @j4vv4d.com
NetScaler is doing it again. Third time in three years we're patching memory leaks that hand attackers your session tokens on a plate. CISA's already got it on the emerg... https://cybersec.picussecurity.com/s/cve-2026-3055-cve-2026-4368-inside-the-netscaler-citrixbleed-3-memory-overread-26799
  • 0
  • 2
  • 0
  • 21h ago
Showing 1 to 10 of 34 CVEs