24h | 7d | 30d

Overview

  • The GNU C Library
  • glibc

15 Jan 2026
Published
16 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: Last hour

Fediverse

Profile picture

1996? That's like forever ago: CVE-2026-0915: GNU C Library Fixes A Security Issue Present Since 1996 - Phoronix phoronix.com/news/Glibc-Securi

  • 1
  • 1
  • 0
  • Last hour
Profile picture

CVE-2026-0915: GNU C Library Fixes A Security Issue Present Since 1996

CVE-2026-0915 was published on Friday as a security issue with the GNU C Library "glibc" for code introduced 30 years ago. The latest Glibc Git code is now patched for this issue introduced in 1996...

https://www.phoronix.com/news/Glibc-Security-Fix-For-1996-Bug

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Sitecore
  • Experience Manager (XM)

03 Sep 2025
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.0)
EPSS
10.18%

Description

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 1 hour ago

Fediverse

Profile picture

📰 China-Linked APT 'UAT-8837' Targets North American Critical Infrastructure

🇨🇳 A China-linked APT group, UAT-8837, is actively targeting North American critical infrastructure, warns Cisco Talos. The group exploits flaws like CVE-2025-53690 and uses tools like Earthworm for espionage. #APT #CyberSecurity #ThreatIntel #China

🔗 cyber.netsecops.io/articles/ch

  • 0
  • 1
  • 0
  • 23h ago
Profile picture

A China-linked hacker group, UAT-8837, has been exploiting a Sitecore zero-day vulnerability (CVE-2025-53690) for initial access to North American critical infrastructure. The group, active since at least 2025, focuses on obtaining credentials and network information using various open-source and living-off-the-land tools.
bleepingcomputer.com/news/secu

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Palo Alto Networks
  • Cloud NGFW

15 Jan 2026
Published
15 Jan 2026
Updated

CVSS v4.0
MEDIUM (6.6)
EPSS
0.07%

KEV

Description

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.

Statistics

  • 2 Posts

Last activity: 23 hours ago

Fediverse

Profile picture

📰 Palo Alto Networks Patches High-Severity DoS Flaw in PAN-OS Firewalls

Palo Alto Networks patches high-severity DoS flaw CVE-2026-0227 in PAN-OS. 🔒 The bug allows unauthenticated attackers to crash firewalls with GlobalProtect enabled. PoC exists. Patch immediately! #CyberSecurity #Vulnerability #PaloAltoNetworks

🔗 cyber.netsecops.io/articles/pa

  • 0
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture
Paloaltoの脆弱性情報 「CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal (Severity: HIGH)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0227
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Modular DS
  • Modular DS
  • modular-connector

14 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.04%

KEV

Description

Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1.

Statistics

  • 2 Posts

Last activity: 11 hours ago

Fediverse

Profile picture

📰 Critical Flaw in WordPress Plugin 'Modular DS' Actively Exploited for Admin Takeover

🚨 CRITICAL 10.0 CVSS FLAW: Modular DS WordPress plugin is being actively exploited! CVE-2026-23550 allows unauthenticated admin takeover. 40,000+ sites at risk. Update to version 2.5.2 NOW. #WordPress #Vulnerability #CyberSecurity #PatchNow

🔗 cyber.netsecops.io/articles/mo

  • 0
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture
Modular DS bug hands hackers instant WordPress admin access (CVE-2026-23550) #appsec
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Microsoft
  • Windows 10 Version 1809

13 Jan 2026
Published
16 Jan 2026
Updated

CVSS v3.1
MEDIUM (5.5)
EPSS
6.56%

Description

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 12 hours ago

Fediverse

Profile picture

CERT-In issues high-severity alert for Windows 10, Windows 11 and Microsoft Office over CVE-2026-20805 vulnerability. Microsoft confirms exploit in the wild, urges urgent updates. english.mathrubhumi.com/techno #WindowsSecurity #MicrosoftAlert #CERTIn #CyberSecurity

  • 1
  • 1
  • 0
  • 12h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture
OpenStack Admin Forgery: CVE-2026-22797 Lets Users ‘Ask’ for Root
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Meta
  • react-server-dom-webpack

03 Dec 2025
Published
11 Dec 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
55.12%

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture
📢 Next.js/NextAuth : forger des cookies d’authentification via le NEXTAUTH_SECRET 📝 Dans un billet technique publié le 14 janvier 2026, l’auteur détaill… https://cyberveille.ch/posts/2026-01-16-next-js-nextauth-forger-des-cookies-dauthentification-via-le-nextauth-secret/ #CVE_2025_55182 #Cyberveille
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • anomalyco
  • opencode

12 Jan 2026
Published
13 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.10%

KEV

Description

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture

‼️CVE-2026-22812: OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

PoC/Exploit: github.com/rohmatariow/CVE-202

CVSS: 8.8
CVE Published: January 12th, 2026
Exploit Published: January 16th, 2026
Advisory: github.com/anomalyco/opencode/

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

  • 0
  • 0
  • 0
  • 17h ago

Overview

  • MCPJam
  • inspector

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.49%

KEV

Description

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.

Statistics

  • 2 Posts

Last activity: 21 hours ago

Fediverse

Profile picture

🔴 CVE-2026-23744 - Critical (9.8)

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installatio...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 21h ago

Overview

  • AMD
  • AMD EPYC™ 9004 Series Processors

16 Jan 2026
Published
16 Jan 2026
Updated

CVSS v4.0
MEDIUM (4.6)
EPSS
0.01%

KEV

Description

Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture

New CVE-2025-29943: StackWarp shows AMD SEV-SNP CVMs on Zen1–5 can have their stack pointer warped cross-hyperthread via an undocumented MSR, enabling RSA key theft and auth bypass even on fully patched Zen 5; mitigation today is disabling SMT and deploying AMD’s microcode fixes.

stackwarpattack.com/stackwarp_

  • 0
  • 0
  • 0
  • 1h ago
Showing 1 to 10 of 40 CVEs