24h | 7d | 30d

Overview

  • moby
  • moby

31 Mar 2026
Published
02 Apr 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.01%

KEV

Description

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Statistics

  • 4 Posts
  • 1 Interaction

Last activity: 4 hours ago

Fediverse

Profile picture fallback

CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access:
👇
thehackernews.com/2026/04/dock

  • 0
  • 0
  • 1
  • 19h ago

Bluesky

Profile picture fallback
📢 CVE-2026-34040 : Contournement de l'autorisation Docker via corps HTTP surdimensionné 📝 ## 🔍 Contexte Publié le 7 avril 2026 par Vladimir Tokarev (C… https://cyberveille.ch/posts/2026-04-08-cve-2026-34040-contournement-de-l-autorisation-docker-via-corps-http-surdimensionne/ #AI_agent #Cyberveille
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Ivanti
  • Endpoint Manager Mobile

29 Jan 2026
Published
09 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
73.80%

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 3 Posts

Last activity: Last hour

Bluesky

Profile picture fallback
~Cisa~ CISA added actively exploited Ivanti EPMM code injection flaw (CVE-2026-1340) to its KEV catalog. - IOCs: CVE-2026-1340 - #CVE20261340 #Ivanti #ThreatIntel
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Apr 8) CVE-2026-1340 Ivanti Endpoint Manager Mobile (EPMM) のコードインジェクション脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
📢 CISA ordonne aux agences fédérales de patcher CVE-2026-1340 dans Ivanti EPMM avant le 11 avril 📝 📰 **Source** : BleepingComputer — **Date … https://cyberveille.ch/posts/2026-04-09-cisa-ordonne-aux-agences-federales-de-patcher-cve-2026-1340-dans-ivanti-epmm-avant-le-11-avril/ #CISA_KEV #Cyberveille
  • 0
  • 0
  • 0
  • Last hour

Overview

  • OpenSSL
  • OpenSSL

07 Apr 2026
Published
08 Apr 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.

Statistics

  • 3 Posts
  • 2 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

mail-index.netbsd.org/source-c
> Import OpenSSL-3.5.6 (previous was 3.5.5)
CVE-2026-31790, CVE-2026-2673, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789

mail-index.netbsd.org/source-c
> Import OpenSSH-10.3 (previous was 10.2)
これは CVE はなくて Security 関連仕様変更のみ?

mail-index.netbsd.org/source-c
> Import xz-5.8.3 (previous was 5.2.4)

> Fix a buffer overflow in lzma_index_append()
はあるけど、そもそも backdoor 以前のバージョンからの更新なのか?

少なくとも bind に加えて openssl は 11.0_RC4 不可避なのか

  • 1
  • 1
  • 0
  • 2h ago

Bluesky

Profile picture fallback
Critical OpenSSL Flaw Exposes Sensitive Data: CVE-2026-31790 RSA KEM Vulnerability – Update Now! + Video Introduction: OpenSSL, the ubiquitous cryptographic library securing countless web servers, VPNs, and applications, has disclosed a moderate-severity vulnerability (CVE-2026-31790) in its RSA…
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
OpenSSL releases patch fixing seven vulnerabilities including CVE-2026-31790, a data leakage flaw from uninitialized memory in RSA key encapsulation. Affects versions 3.0 to 3.6. #OpenSSLUpdate #DataLeakage #CVE2026
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Fortinet
  • FortiSwitchManager

09 Dec 2025
Published
20 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
7.62%

Description

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: 22 hours ago

Fediverse

Profile picture fallback

CVE-2025-59718 analysis shows attackers bypassing FortiGate SSO, exfiltrating configs, and establishing persistent VPN access over 2 weeks of dwell time. They targeted hypervisors, DCs, and backup infrastructure—classic pre-ransomware reconnaissance. Detection gaps: firewall config changes blend into routine admin tasks. #CVE202559718 #ransomware #firewall #incidentresponse #threatintel

bit.ly/4cf8M7B

  • 1
  • 0
  • 0
  • 22h ago

Bluesky

Profile picture fallback
Rapid7’s IR team was recently engaged around CVE-2025-59718 – a vuln that facilitates SSO login bypass in #Fortinet FortiGate appliances. In a new blog, dive into our investigative methodology, practical detection opportunities & more: r-7.co/3Q0CMwo
  • 0
  • 1
  • 0
  • 23h ago

Overview

  • abetlen
  • llama-cpp-python

10 May 2024
Published
02 Aug 2024
Updated

CVSS v3.1
CRITICAL (9.7)
EPSS
56.67%

KEV

Description

llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-python` depends on class `Llama` in `llama.py` to load `.gguf` llama.cpp or Latency Machine Learning Models. The `__init__` constructor built in the `Llama` takes several parameters to configure the loading and running of the model. Other than `NUMA, LoRa settings`, `loading tokenizers,` and `hardware settings`, `__init__` also loads the `chat template` from targeted `.gguf` 's Metadata and furtherly parses it to `llama_chat_format.Jinja2ChatFormatter.to_chat_handler()` to construct the `self.chat_handler` for this model. Nevertheless, `Jinja2ChatFormatter` parse the `chat template` within the Metadate with sandbox-less `jinja2.Environment`, which is furthermore rendered in `__call__` to construct the `prompt` of interaction. This allows `jinja2` Server Side Template Injection which leads to remote code execution by a carefully constructed payload.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 15 hours ago

Fediverse

Profile picture fallback

Llama Drama:AIアプリ開発用Pythonパッケージに重大な欠陥 システムやデータが侵害される恐れ(CVE-2024-34359) | Codebook|Security News yayafa.com/2776397/ #AgenticAi #AI #ArtificialGeneralIntelligence #ArtificialIntelligence #LLAMA #Meta #MetaAI #エージェント型AI #人工知能 #汎用人工知能

  • 0
  • 1
  • 0
  • 15h ago

Bluesky

Profile picture fallback
Llama Drama:AIアプリ開発用Pythonパッケージに重大な欠陥 システムやデータが侵害される恐れ(CVE-2024-34359) | Codebook|Security News https://www.yayafa.com/2776397/ 5月18〜20日:サイバーセキュリティ関連ニュースAIアプリケーション開発用Pythonパッケージに重大な欠陥 システムやデータが侵害される恐れ(CVE-2024-34359) SecurityWeek – May 17 [...]
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts

Last activity: 18 hours ago

Bluesky

Profile picture fallback
Paloaltoの脆弱性情報 「CVE-2026-0232 Cortex XDR Agent: Local Administrator can disable the agent on Windows (Severity: MEDIUM)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0232
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • SaturdayDrive
  • Ninja Forms - File Uploads

07 Apr 2026
Published
08 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.08%

KEV

Description

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulnerability was partially patched in version 3.3.25 and fully patched in version 3.3.27.

Statistics

  • 2 Posts

Last activity: 10 hours ago

Fediverse

Profile picture fallback

#WordPress - Nachrichten direkt aus der PlugIn Hölle live. 🤢

"With over 600,000 downloads, Ninja Forms is a popular WordPress form builder that lets users create forms without coding using a drag-and-drop interface. Its File Upload extension, included in the same suite, serves 90,000 customers."

CVE-2026-0740 severity rating 9.8

"After patch reviews and a partial fix on February 10, the vendor released a complete fix in version 3.3.27, available since March 19."

"Identified as CVE-2026-0740, the issue is currently exploited in attacks. According to WordPress security company Defiant, its Wordfence firewall blocked more than 3,600 attacks over the past 24 hours."

Bin gespannt wie viele Naivlinge es diesmal erwischt? 🙈

Fragen Sie immer einen erfahrenen Spezialisten wie man sein #WordPress sicher betreiben muss. 😊

bleepingcomputer.com/news/secu

#WordPress

  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback

Hackers Take Advantage of Major Vulnerability in Ninja Forms Plugin for WordPress #wordpress

Critical vulnerability in Ninja Forms File Uploads for WordPress prompts urgent action. CVE-2026-0740 allows unauthenticated file uploads and potential remote code execution. Wordfence reports thousands of attacks daily. Upgrade to version 3.3.27+ now: ift.tt/K0kScOZ

Source: ift.tt/K0kScOZ | Image: ift.tt/ufylkGI

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Google
  • Chrome

01 Apr 2026
Published
02 Apr 2026
Updated

CVSS
Pending
EPSS
3.28%

Description

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
  • 4 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

Chrome’s Fourth Zero-Day of 2026: CISA Orders Federal Agencies to Patch CVE-2026-5281 by April 15
#CyberSecurity
securebulletin.com/chromes-fou

  • 4
  • 0
  • 0
  • 1h ago

Overview

  • Kubernetes
  • Kubernetes

01 Feb 2022
Published
16 Sep 2024
Updated

CVSS v3.1
LOW (2.2)
EPSS
0.06%

KEV

Description

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.

Statistics

  • 1 Post
  • 5 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

Next in my series of blogs on unpatchable Kubernetes vulnerabilities is out. This time it's about TOCTOUs and SSRF

securitylabs.datadoghq.com/art

  • 3
  • 2
  • 0
  • 2h ago

Overview

  • WAGO
  • CC100 (0751-9x01)

09 Apr 2026
Published
09 Apr 2026
Updated

CVSS v3.1
HIGH (7.2)
EPSS
0.23%

KEV

Description

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

VDE-2024-008
Wago: Vulnerability in WBM through Open VPN

A security vulnerability has been identified in the Web-Based Management (WBM) function when OpenVPN is enabled.
CVE-2024-1490

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 1
  • 1
  • 0
  • 2h ago
Showing 1 to 10 of 42 CVEs