24h | 7d | 30d

Overview

  • Apache Software Foundation
  • Apache HTTP Server

04 May 2026
Published
05 May 2026
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Statistics

  • 16 Posts
  • 160 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

"That 'responsible disclosure' Thing"

A post with the details of CVE-2026-23918, the double free vulnerability fixed in Apache httpd 2.4.67.

#apache
eissing.org/icing/posts/respon

  • 45
  • 32
  • 0
  • 11h ago
Profile picture fallback

DigitalOcean: Hey that Apache vuln thing needs upgrade on your droplet.

Me: Thanks! Are your distro repos updated to contain the patched version?

DO: lol no

[Edit: to be fair, this is Debian's fault, not DOs (see screenshot). At least DO told me!]

[Edit 2: that specific vuln was quietly fixed on Debian specifically well before this version?? Would be advisable for them to have said that now?
infosec.exchange/@tychotithonu ]

  • 19
  • 32
  • 0
  • 19h ago
Profile picture fallback

stable package 2.4.66-1~deb13u2 already includes the fix for CVE-2026-23918.

You an verify this by apt-get source apache2 and then checking out apache2-2.4.66/debian/patches/bug1125368.patch

The security tracker at security-tracker.debian.org/tr currently has wrong information. This is likely due to automation based on version numbers alone.

  • 6
  • 6
  • 0
  • 10h ago
Profile picture fallback

RE: chaos.social/@icing/1165269035

Aftermath: people, running Debian httpd 2.4.66, started complaining when they’ll get the 2.4.67 update to fix this RCE vulnerability. Which they already were protected from, but did not know. Because the CVE was not public at the time the fix was shipped.

[...]

Two security researchers found the vulnerability independently. Just scanning the 2.4.66 source code. This means the bad guys can no longer be kept in the dark. Coordinated disclosure no longer works.

  • 4
  • 5
  • 0
  • 8h ago
Profile picture fallback

Yang masih pakai #httpd nya #apache silahkan dicek, kena impact-nya gak

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE thehackernews.com/2026/05/crit

#cve #infosec

  • 3
  • 1
  • 0
  • 7h ago
Profile picture fallback

Mocne odkrycie - RCE bez uwierzytelnienia w serwerze Apache znalezione przez Bartłomieja Dmitruka ze striga.ai (detektor błędów oparty na AI) oraz Stanisława Strzałkowskiego z ISEC.pl. Na serwerze musi być włączone mod_http2 - ale na wielu jest.

cve.org/CVERecord?id=CVE-2026-
httpd.apache.org/security/vuln

  • 0
  • 2
  • 0
  • 2h ago
Profile picture fallback

@tychotithonus I just love the Debian security tracker, they manage the flood so good security-tracker.debian.org/tr

  • 0
  • 1
  • 0
  • 16h ago
Profile picture fallback

@Andres4NY Parent post updated, apparently CVE-2026-23918 was fixed much earlier?

  • 0
  • 1
  • 0
  • 8h ago
Profile picture fallback
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback

Doubling the Trouble

CVE-2026-23918 double free vulnerability PoC for Apache httpd <=2.4.66. Fixed in >=2.4.67
github.com/nflatrea/playground

  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback

📰 Critical RCE Flaw in Apache HTTP Server's HTTP/2 Module Patched

🚨 CRITICAL APACHE FLAW: A double-free bug (CVE-2026-23918) in Apache HTTP Server's http2 module allows for DoS and potential RCE. A PoC exploit exists. Upgrade to version 2.4.67 immediately! #Apache #CyberSecurity #Vulnerability #RCE

🔗 cyber.netsecops.io

  • 0
  • 0
  • 0
  • 7h ago

Bluesky

Profile picture fallback
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 1
  • 1
  • 0
  • 8h ago
Profile picture fallback
⚠️ Faille de sécurité Apache2 Une nouvelle vulnérabilité importante, identifiée sous la référence CVE-2026-23918, a été patchée dans la dernière version d'Apache2. Plus d'infos par ici 🔽 - www.it-connect.fr/faille-apach... #apache #linux #webserver #infosec
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
⚠️ CVE-2026-23918: Double free in Apache HTTP Server 2.4.66 HTTP/2 may allow unauth RCE via crafted requests, risking full server compromise. Update to 2.4.67 or disable HTTP/2/restrict access. Query: web.headers="Server: Apache/2.4.66"  The platform: magnify.modat.io
  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback
Vulnerabilidad crítica en Apache expone a millones de servidores a ataques RCE. Se ha parchado una vulnerabilidad grave (CVE-2026-23918) que permite la Ejecución Remota de Código (RCE) aprovechando un fallo en HTTP/2. #ciberseguridad #cybersecurity www.linkedin.com/pulse/vulner...
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Palo Alto Networks
  • Cloud NGFW

06 May 2026
Published
06 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

Description

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

Statistics

  • 26 Posts
  • 27 Interactions

Last activity: Last hour

Fediverse

Profile picture fallback

...sigh...
<insert HereWeGoAgain.gif meme>

~~~~~~~~~~~

Urgent Palo Alto Networks Security Advisory - Severity 9.3 · CRITICAL

Palo Alto Networks has published one new Security Advisory for a Critical Unauthenticated User initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal. This is available at security.paloaltonetworks.com/

We strongly advise PAN-OS customers to read the advisory and take appropriate action immediately to protect their devices.

  • 3
  • 0
  • 0
  • 16h ago
Profile picture fallback

So this PAN-OS bug, CVE-2026-0300.

Is there a good reason to expose this User-ID Authentication Portal to the internet in the first place? Yes yes, defend against insider threats and all that, but the opportunistic, across-the-ocean attack seems like it relies more on misconfiguration than anything.

It doesn't seem to be very useful to associate a user identity to an internet-based IP address in the first place, so don't do that? Or am I wildly misunderstanding the utility here? (At first I thought it was like a capture portal like you find on hotel WiFi, but it's more specialized than that I think.)

Regardless, @runZeroInc has a Rapid Response out for it now. No Palo Alto patches available yet.

runzero.com/blog/palo-alto-net

  • 1
  • 1
  • 0
  • 4h ago
Profile picture fallback

Today in send a packet to a border security appliance and get root.

security.paloaltonetworks.com/

  • 1
  • 0
  • 0
  • 12h ago
Profile picture fallback

📰 Critical Palo Alto Networks Zero-Day (CVE-2026-0300) Actively Exploited for RCE

🚨 CRITICAL ZERO-DAY: Palo Alto Networks warns of an unpatched, actively exploited RCE vulnerability (CVE-2026-0300) in PAN-OS firewalls. The flaw allows root access via the User-ID portal. Mitigate immediately! #CyberSecurity #ZeroDay #PANOS

🔗 cyber.netsecops.io

  • 1
  • 0
  • 0
  • 7h ago
Profile picture fallback

PAN-OS Vulnerability CVE-2026-0300 Under Active Exploitation - Enables Remote Code Execution (#RCE) - CVSS 9.3 no patch released yet, but expected soon!
👇
thehackernews.com/2026/05/palo

  • 0
  • 1
  • 1
  • 13h ago
Profile picture fallback

PAN-OS zero-day (CVE-2026-0300) exploited.
• Unauth RCE (root)
• Targets exposed portals
• Patches start May 13

technadu.com/palo-alto-network

Are you mitigating now?

  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback

CVE Record: CVE-2026-0300 - Title: PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal

cve.org/CVERecord?id=CVE-2026-

  • 0
  • 0
  • 0
  • 1h ago

Bluesky

Profile picture fallback
Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300) www.rapid7.com/blog/post/et...
  • 1
  • 0
  • 0
  • 7h ago
Profile picture fallback
🚨 On 5/6/26, #PaloAltoNetworks published a security advisory for a critical vuln. affecting PAN-OS PA-Series & VM-Series firewall appliances. CVE-2026-0300 carries a CVSSv4 score of 9.3 and has been confirmed as exploited in the wild by the vendor. More: r-7.co/48ML0Pf
  • 1
  • 0
  • 0
  • 6h ago
Profile picture fallback
security.paloaltonetworks.com/CVE-2026-0300 Paloalto
  • 0
  • 1
  • 1
  • 10h ago
Profile picture fallback
Paloaltoの脆弱性情報 「CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal (Severity: CRITICAL)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0300
  • 0
  • 0
  • 3
  • 21h ago
Profile picture fallback
PATCH NOW: Critical PAN-OS 0-Day (CVE-2026-0300) Grants FULL ROOT Access to Palo Alto Firewalls – No Password Required + Video Introduction: An unauthenticated buffer overflow in Palo Alto Networks’ PAN-OS is being actively exploited in the wild, allowing attackers to achieve full root access on…
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
Palo Alto Networks will release patches for CVE-2026-0300, a critical zero-day buffer overflow in User-ID Authentication Portal enabling unauthenticated root code execution on PA and VM firewalls. #ZeroDayExploit #FirewallPatch #USA
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
🚨 Sicherheitslücke CVE-2026-0300 in PAN-OS-Firewalls aktiv ausgenutzt. ℹ Betroffen sind öffentlich zugängliche User-ID-Portale, mehrere Versionen. ☝️ Fixes nicht vor dem 13. Mai 2026 erwartet 🩹 Zugriff auf vertrauenswürdige Zonen beschränken oder deaktivieren thehackernews.com/2026/05/palo...
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
Root-level RCE vulnerability in Palo Alto firewalls exploited (CVE-2026-0300) 📖 Read more: www.helpnetsecurity.com/2026/05/06/p... #cybersecurity #cybersecuritynews #firewall #0day @paloaltonetworks.com
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
~Certeu~ A critical buffer overflow in PAN-OS User-ID Authentication Portal allows unauthenticated RCE as root. - IOCs: CVE-2026-0300 - #CVE2026_0300 #PANOS #ThreatIntel
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
~Cybergcca~ CCCS released 3 advisories, highlighting an actively exploited critical vulnerability (CVE-2026-0300) in Palo Alto PAN-OS. - IOCs: CVE-2026-0300 - #CVE2026_0300 #PaloAlto #ThreatIntel
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
📢 Zero-day critique CVE-2026-0300 dans PAN-OS exploité contre des firewalls Palo Alto 📝 ## 🗓️ Contexte Publié le 6 mai 2026 par Eduard Kovacs sur … https://cyberveille.ch/posts/2026-05-06-zero-day-critique-cve-2026-0300-dans-pan-os-exploite-contre-des-firewalls-palo-alto/ #CVE_2026_0300 #Cyberveille
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
~Cisa~ CISA added actively exploited CVE-2026-0300 (PAN-OS out-of-bounds write) to the KEV catalog. - IOCs: CVE-2026-0300 - #CVE2026_0300 #PaloAlto #ThreatIntel
  • 0
  • 0
  • 0
  • Last hour
Profile picture fallback
Palo Alto warns of critical software bug used in firewall attacks A patch for the bug, tracked as CVE-2026-0300, has not been published yet and Palo Alto Networks said it will be included in releases over the next two weeks.
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Linux
  • Linux

22 Apr 2026
Published
06 May 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
1.23%

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Statistics

  • 16 Posts
  • 25 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

Copy Fail CVE-2026-31431

> How they found it
> Taeyang Lee's earlier kernelCTF work had mapped out the AF_ALG attack surface. He realized that AF_ALG + splice creates a path where unprivileged userspace can feed page cache pages directly into the crypto subsystem and suspected that scatterlist page provenance may be an underexplored source of vulnerabilities.

#cve #linux #kernel #security

xint.io/blog/copy-fail-linux-d

  • 4
  • 1
  • 0
  • 6h ago
Profile picture fallback

#OpenShift hosters 🔊 Red Hat has released blocker for copy-fail vulnerability, no reboots needed:

access.redhat.com/solutions/71

#RedHat #CopyFail #CVE202631431

  • 2
  • 4
  • 0
  • 14h ago
Profile picture fallback

🚨ATENCIÓN: un bug en #linux lleva escondido 9 años en el sistema, se llama Copy Fail, está asociado a CVE-2026-31431, y afecta a una parte crítica del #kernel relacionada con algif_aead, la interfaz criptográfica usada para mover datos entre espacio de usuario y kernel.

en pocas palabras, un bug de Linux escondido durante 9 años puede permitir que un usuario sin privilegios escale hasta root en segundos.

Aquí en el video lo explica de que trata esta vulnerabilidad.👇 youtube.com/watch?v=R7_Jrm7zY-0

  • 1
  • 1
  • 0
  • 23h ago
Profile picture fallback

Sobre a CVE-31431 "Copy Fail":

Escrevi alguma coisa no github: github.com/darioomatos/cve-202

  • 1
  • 1
  • 0
  • 18h ago
Profile picture fallback

I just came across another article that was also published yesterday on #podman rootless containers and #copyfail. This one takes a closer look at the exploit itself and how the kernel handles the attempt to escalate privileges. It also draws a similar conclusion regarding the role of user namespaces in limiting exposure in rootless mode.

Great read! dragonsreach.it/2026/05/04/cve

  • 0
  • 3
  • 0
  • 21h ago
Profile picture fallback

#TUTORIALES

📢 Cómo comprobar y mitigar la vulnerabilidad Copy Fail (CVE-2026-31431) en GNU/Linux

Detecta si tu sistema GNU/Linux es vulnerable a Copy Fail (CVE-2026-31431) y aprende a aplicar el fix correctamente.

voidnull.es/como-comprobar-y-m

  • 0
  • 2
  • 0
  • 11h ago
Profile picture fallback

#Linode (#Akamai Cloud) has published documentation on how to mitigate #CopyFail for both new and existing instances running there:

linode.com/docs/guides/cve-202

  • 0
  • 1
  • 0
  • 7h ago
Profile picture fallback

Copy.fail: a small Linux kernel bug with an unusually big blast radius jorijn.com/en/blog/copy-fail-c

  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback

Une analyse bien documentée de cette faille, qui est bien complexe, et basée sur une somme de mauvais comportements dans le noyau linuxtricks.fr/news/10-logicie #linux #sécurité #faille #analyse

  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback

CISA warns: CopyFail Linux vuln exploited.
• Privilege escalation → root
• Impacts major distros
• Patch deadline May 15

technadu.com/cisa-warns-of-sev

Are you patched?

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
CVE-2026-31431: Copy Fail vs. rootless containers https://lobste.rs/s/cvmqdt #security #linux
  • 0
  • 1
  • 0
  • 21h ago
Profile picture fallback
CVE-2026-31431: Copy Fail vs. rootless containers https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/ (http://news.ycombinator.com/item?id=48017813)
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • ollama
  • ollama
  • ollama/ollama

04 May 2026
Published
04 May 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.09%

KEV

Description

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and server/quantization.go (WriteTo()), the server reads past the allocated heap buffer. The leaked memory contents may include environment variables, API keys, system prompts, and concurrent users' conversation data, and can be exfiltrated by uploading the resulting model artifact through the /api/push endpoint to an attacker-controlled registry. The /api/create and /api/push endpoints have no authentication in the upstream distribution. Default deployments bind to 127.0.0.1, but the documented OLLAMA_HOST=0.0.0.0 configuration is widely used in practice (large public-internet exposure observed).

Statistics

  • 4 Posts
  • 1 Interaction

Last activity: 4 hours ago

Fediverse

Profile picture fallback
[RSS] Bleeding Llama: Critical Unauthenticated Memory Leak in Ollama (CVE-2026-7482)

https://www.cyera.com/research/bleeding-llama-critical-unauthenticated-memory-leak-in-ollama
  • 0
  • 1
  • 0
  • 4h ago

Bluesky

Profile picture fallback
Critical Remote Memory Leak Vulnerability in Ollama (CVE-2026-7482) #appsec
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
Regulatory actions hit Kochava over location data and privacy settlements impact Forbes. Data exposures found in Vimeo and Canvas. Critical flaws like Bleeding Llama (CVE-2026-7482) and MOVEit exploited amid active threat groups. #DataPrivacy #US
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
[RSS] Bleeding Llama: Critical Unauthenticated Memory Leak in Ollama (CVE-2026-7482) www.cyera.com -> Original->
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • WebPros
  • cPanel

29 Apr 2026
Published
06 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
26.55%

Description

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Statistics

  • 4 Posts

Last activity: 7 hours ago

Bluesky

Profile picture fallback
~Watchtowr~ A critical auth bypass (CVE-2026-41940) in all supported cPanel & WHM versions allows root access and is actively exploited in the wild. - IOCs: CVE-2026-41940 - #CVE202641940 #ThreatIntel #cPanel
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
The latest update for #BitSight includes "The UK Government's Open Letter on #AI Cyber Threats Underscores the Need for Measurable Security" and "Critical Vulnerability Alert: CVE-2026-41940 in cPanel, WHM, and WP Squared". #Cybersecurity #RiskManagement https://opsmtrs.com/43KoF0t
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
🟢 Cómo solucionar la #vulnerabilidad CVE-2026-41940 en cPanel/WHM: #Parche de seguridad urgente para #acceso root www.newstecnicas.info.ve/2026/05/solu...
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Pending

05 May 2026
Published
06 May 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.

Statistics

  • 3 Posts
  • 2 Interactions

Last activity: 18 hours ago

Bluesky

Profile picture fallback
🔥 Критическая уязвимость CVE-2024-52911 в Bitcoin Core! ⚠️ Около 43% узлов остаются под угрозой сбоев и RCE. Рекомендуется срочное обновление до v29+ для безопасности сети. #Bitcoin #CryptoNews #Blockchain
  • 0
  • 1
  • 0
  • 18h ago
Profile picture fallback
CRITICAL Bitcoin Core vulnerability (CVE-2024-52911) in versions 0.14.1-28.4 allows remote code execution/crashes. Discovered Nov '24, patched Dec '24. Yet, ~43% nodes vulnerable! Exploit is costly (high hash power), but risk remains. Upgrade ASAP! #crypto #blockchain #news
  • 0
  • 1
  • 0
  • 18h ago
Profile picture fallback
A critical memory safety vulnerability (CVE-2024-52911) in Bitcoin Core software versions 0.14.1 through 28.4 allowed miners to crash nodes or […]
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Google
  • Android

04 May 2026
Published
05 May 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 3 Posts

Last activity: 7 hours ago

Fediverse

Overview

  • GitHub
  • Enterprise Server

10 Mar 2026
Published
29 Apr 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.30%

KEV

Description

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7 and 3.19.4.

Statistics

  • 1 Post
  • 12 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

So, #GitHub is having a rough go of it lately. With significant instability and frequent outages in the last month and platform uptime dropping below 85%.

But the most fun trick? Any authenticated user could execute arbitrary commands on GitHub's backend servers with a single git push command - using nothing but a standard git client. (Because their architecture didn’t sterilize semicolons, thus prompt injection.)

On GitHub Enterprise Server, the vulnerability grants full server compromise, including access to all hosted repositories and internal secrets.

GitHub Enterprise Server customers should upgrade ASAP. Wiz dot io data indicates that 88% of instances were still vulnerable.

wiz.io/blog/github-rce-vulnera

#infosec #live #githubEnterprise #rce

  • 9
  • 3
  • 0
  • 2h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 9 Interactions

Last activity: 20 hours ago

Fediverse

Profile picture fallback

Kaspersky researchers just found and presented a Snapdragon 410/210/617 bootrom exploit - CVE-2026-25262 in this month’s Qualcomm security bulletin.

It’s well known that every forensics tool supported exploiting those SoCs from the bootrom, but for 9 years, nobody knew how they were doing it.

This is some amazing research that finally solves the mystery..

I’m sure the BananaHackers community of Snapdragon 210 flip phone modders will find a use for this.

  • 5
  • 4
  • 0
  • 20h ago

Overview

  • D-Link
  • DNS-320L

04 Apr 2024
Published
21 Oct 2025
Updated

CVSS v3.1
HIGH (7.3)
EPSS
94.42%

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: Last hour

Fediverse

Profile picture fallback

pyghidra-mcp v0.2.0 is out with new --gui mode. 👀

Your local LLM drives a real Ghidra CodeBrowser, not a plugin.

New blog post shows firmware RE of the CVE-2024-3273 RCE chain with Gemma4.

clearbluejar.github.io/posts/p

  • 2
  • 1
  • 0
  • Last hour
Showing 1 to 10 of 45 CVEs