24h | 7d | 30d

CVE-2026-1340

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
09 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
73.80%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 3 Posts
Last activity: 9 hours ago

Fediverse

Profile picture fallback
TechNadu @technadu

CISA adds CVE-2026-1340 (Ivanti EPMM) to KEV ⚠️

Active exploitation confirmed
Known vulns = real attack surface
Are KEVs in your patch priority?

Source: cisa.gov/news-events/alerts/20

💬 Engage
🔔 Follow TechNadu

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 CISA ordonne aux agences fédérales de patcher CVE-2026-1340 dans Ivanti EPMM avant le 11 avril 📝 📰 **Source** : BleepingComputer — **Date … https://cyberveille.ch/posts/2026-04-09-cisa-ordonne-aux-agences-federales-de-patcher-cve-2026-1340-dans-ivanti-epmm-avant-le-11-avril/ #CISA_KEV #Cyberveille
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
TechNadu @technadu.com
New KEV entry 🚨 CVE-2026-1340 (Ivanti EPMM) - actively exploited Known vulnerabilities still driving attacks Are you prioritizing KEVs? 💬 Join the discussion 🔔 Follow TechNadu #CyberSecurity #KEV #CISA #InfoSec
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-5859

Overview

  • Google
  • Chrome
08 Apr 2026
Published
08 Apr 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Statistics

  • 2 Posts
Last activity: 9 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CRITICAL: CVE-2026-5859 in Chrome WebML (<147.0.7727.55) allows heap corruption via integer overflow. Remote code execution possible if exploited. Patch not fully confirmed — check vendor advisory for updates: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
Critical Chrome 0-Days Under Active Exploit? 6K Bounty Flaws Let Attackers Hijack Your Browser Remotely + Video Introduction Google’s Chrome 147 stable channel update patches two critical heap buffer overflow vulnerabilities (CVE-2026-5858 and CVE-2026-5859) in the Web Machine Learning (WebML) API…
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-34040

Overview

  • moby
  • moby
31 Mar 2026
Published
02 Apr 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.01%
KEV

Description

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
benzogaga33 :verified: @benzogaga33

Docker : la faille CVE-2026-34040 permet d’obtenir un accès root sur l’hôte ! it-connect.fr/docker-la-faille #ActuCybersécurité #Cybersécurité #Vulnérabilité #Docker

  • 1
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Critical Flowise RCE (CVE-2025-59528) actively exploited via CustomMCP; Docker Engine (CVE-2026-34040) & Ninja Forms (CVE-2026-0740) need patches. APT28 hijacks MikroTik/TP-Link DNS to steal Microsoft creds. #FlowiseRCE #APT28DNS #Russia
  • 0
  • 1
  • 0
  • 2h ago

CVE-2026-5281

Overview

  • Google
  • Chrome
01 Apr 2026
Published
02 Apr 2026
Updated
CVSS
Pending
EPSS
3.28%
KEV

Description

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

Chrome’s Fourth Zero-Day of 2026: CISA Orders Federal Agencies to Patch CVE-2026-5281 by April 15
#CyberSecurity
securebulletin.com/chromes-fou

  • 4
  • 0
  • 0
  • 14h ago

CVE-2026-0740

Overview

  • SaturdayDrive
  • Ninja Forms - File Uploads
07 Apr 2026
Published
08 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.08%
KEV

Description

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulnerability was partially patched in version 3.3.25 and fully patched in version 3.3.27.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
RS Web Solutions (RSWEBSOLS) @rswebsols

Hackers Take Advantage of Major Vulnerability in Ninja Forms Plugin for WordPress #wordpress

Critical vulnerability in Ninja Forms File Uploads for WordPress prompts urgent action. CVE-2026-0740 allows unauthenticated file uploads and potential remote code execution. Wordfence reports thousands of attacks daily. Upgrade to version 3.3.27+ now: ift.tt/K0kScOZ

Source: ift.tt/K0kScOZ | Image: ift.tt/ufylkGI

  • 0
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Critical Flowise RCE (CVE-2025-59528) actively exploited via CustomMCP; Docker Engine (CVE-2026-34040) & Ninja Forms (CVE-2026-0740) need patches. APT28 hijacks MikroTik/TP-Link DNS to steal Microsoft creds. #FlowiseRCE #APT28DNS #Russia
  • 0
  • 1
  • 0
  • 2h ago

CVE-2020-8562

Overview

  • Kubernetes
  • Kubernetes
01 Feb 2022
Published
16 Sep 2024
Updated
CVSS v3.1
LOW (2.2)
EPSS
0.06%
KEV

Description

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.

Statistics

  • 1 Post
  • 6 Interactions
Last activity: 15 hours ago

Fediverse

Profile picture fallback
Rory McCune @raesene

Next in my series of blogs on unpatchable Kubernetes vulnerabilities is out. This time it's about TOCTOUs and SSRF

securitylabs.datadoghq.com/art

  • 3
  • 3
  • 0
  • 15h ago

CVE-2024-1490

Overview

  • WAGO
  • CC100 (0751-9x01)
09 Apr 2026
Published
09 Apr 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.23%
KEV

Description

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 15 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2024-008
Wago: Vulnerability in WBM through Open VPN

A security vulnerability has been identified in the Web-Based Management (WBM) function when OpenVPN is enabled.
CVE-2024-1490

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 1
  • 1
  • 0
  • 15h ago

CVE-2008-0166

Overview

  • Pending
13 May 2008
Published
07 Aug 2024
Updated
CVSS
Pending
EPSS
2.49%
KEV

Description

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Daniel Böhmer @dboehmer

Who still remembers the #Debian RNG patch disaster??

nvd.nist.gov/vuln/detail/cve-2

I just realized this will very soon be 18 (eighteen) years ago! 😲 Feeling old yet?

  • 0
  • 1
  • 0
  • 5h ago

CVE-2025-27152

Overview

  • axios
  • axios
07 Mar 2025
Published
07 Mar 2025
Updated
CVSS v4.0
HIGH (7.7)
EPSS
0.07%
KEV

Description

axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Microsoft~ Storm-2755 uses AiTM & SEO poisoning to bypass MFA & divert Canadian employee payrolls. - IOCs: bluegraintours. com, CVE-2025-27152 - #AiTM #Storm2755 #ThreatIntel
  • 0
  • 1
  • 0
  • 10h ago

CVE-2023-50224

Overview

  • TP-Link
  • TL-WR841N
03 May 2024
Published
21 Oct 2025
Updated
CVSS v3.0
MEDIUM (6.5)
EPSS
1.50%
KEV

Description

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 16 hours ago

Bluesky

Profile picture fallback
LeMagIT @lemagit.bsky.social
⚠️ Votre MFA est contournée si votre routeur est vulnérable ! APT28 utilise CVE-2023-50224 pour attaques "AiTM" et voler vos tokens. Sécurisez vos équipements de bordure. #CyberResilience [lire]
  • 0
  • 1
  • 0
  • 16h ago
Showing 1 to 10 of 50 CVEs