CVE-2026-0227

Overview

Palo Alto Networks
Cloud NGFW

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS v4.0

MEDIUM (6.6)

EPSS

0.07%

MITRE

KEV

Description

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.

Statistics

6 Posts
5 Interactions

Last activity: 2 hours ago

Fediverse

cR0w @cR0w

Anyone hear of a PoC for CVE-2026-0227 yet?

PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal

https://security.paloaltonetworks.com/CVE-2026-0227

1
3
0
22h ago

ekiledjian @edwardk

Palo Alto Networks has released patches for a high-severity denial-of-service vulnerability (CVE-2026-0227) affecting its PAN-OS firewalls, which could cause them to enter maintenance mode and disrupt network availability.
https://www.csoonline.com/article/4117730/palo-alto-networks-patches-firewalls-after-discovery-of-a-new-denial-of-service-flaw-2.html

0
0
0
4h ago

Bluesky

IT-Connect @it-connect.bsky.social

🛑 Palo Alto Networks – CVE-2026-0227 Un attaquant distant non authentifié peut provoquer un DoS sur le firewall. Il peut aller jusqu'à faire entrer le firewall en mode maintenance. 👇 + d'infos - www.it-connect.fr/palo-alto-ne... #PaloAlto #infosec #cybersecurite

0
1
0
2h ago

CyberMaterial @cybermaterial.bsky.social

Palo Alto Fixes GlobalProtect DoS Flaw Read More: buff.ly/Hwoqdu9 #PaloAltoNetworks #GlobalProtect #PANOS #FirewallSecurity #DoSAttack #CVE20260227 #NetworkSecurity #PatchManagement #PerimeterDefense

0
0
0
23h ago

セキュリティ対策Lab @securitylab-jp.bsky.social

Palo Alto Networks、GlobalProtect有効時に未認証でファイアウォールを停止状態へ追い込むDoS 脆弱性（CVE-2026-0227） rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃

0
0
0
17h ago

Calimeg @calimegai.bsky.social

#PaloAlto corrige une faille DoS dans #GlobalProtect qui peut faire planter les firewalls sans connexion 🔒 Une vulnérabilité critique (CVE-2026-0227, score 7.7) avec PoC a été fixée dans le Gateway et Portal. #CyberSecurity #IAÉthique #InnovationIA https://kntn.ly/73536fac

0
0
0
10h ago

CVE-2025-20393

Overview

Cisco
Cisco Secure Email

17 Dec 2025

Published

15 Jan 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

6.44%

MITRE

KEV

Description

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

Statistics

6 Posts
1 Interaction

Last activity: 2 hours ago

Fediverse

ekiledjian @edwardk

Cisco has patched a critical AsyncOS vulnerability (CVE-2025-20393) that was exploited as a zero-day by the China-linked APT group UAT-9686 to gain root access and install persistence mechanisms like the AquaShell backdoor on Secure Email Gateway and Secure Email and Web Manager appliances.
https://securityaffairs.com/186985/apt/china-linked-apt-uat-9686-abused-now-patched-maximum-severity-asyncos-bug.html

0
0
0
4h ago

Bluesky

780th Military Intelligence Brigade (Cyber) @780thmibdecyber.bsky.social

Cisco fixed a critical AsyncOS flaw, tracked as CVE-2025-20393 (CVSS score of 10.0), affecting Secure Email Gateway and Email and Web Manager, previously exploited as a zero-day by China-linked APT group UAT-9686. Security Affairs securityaffairs.com/186985/apt/c... @securityaffairs

0
1
0
3h ago

Information Security Briefly @infosecbriefly.bsky.social

Cisco released updates fixing a maximum-severity AsyncOS vulnerability (CVE-2025-20393) exploited for root access and persistence on SEG and SEWM appliances.

0
0
0
17h ago

ohhara @shiojiri.com

Cisco finally fixes max-severity bug under attack for weeks • The Register https://www.theregister.com/2026/01/15/cisco_fixes_cve_2025_20393/

0
0
0
15h ago

Information Security Briefly @infosecbriefly.bsky.social

CVE-2025-20393 in Cisco AsyncOS Spam Quarantine permits remote root command execution on internet-exposed, vulnerable appliances configured with Spam Quarantine.

0
0
0
10h ago

Help Net Security @helpnetsecurity.com

Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) 📖 Read more: www.helpnetsecurity.com/2026/01/16/c... #APT #EmailSecurity #AsyncOS #vulnerability #Cyberespionage #CybersecurityNews #ITsec #InfoSecNews

0
0
0
2h ago

CVE-2026-21858

Overview

n8n-io
n8n

07 Jan 2026

Published

12 Jan 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

2.96%

MITRE

KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

2 Posts
2 Interactions

Last activity: 4 hours ago

Bluesky

Application Security Feed @appsecfeed.bsky.social

🗞️ New Vulnerability in n8n – CVE-2026-21858 🔗 https://www.schneier.com/blog/archives/2026/01/new-vulnerability-in-n8n.html

2
0
0
4h ago

CyberHub @cyberhub.blog

📌 Critical RCE Vulnerability (CVE-2026-21858) Discovered in n8n Affecting 100,000 Servers https://www.cyberhub.blog/article/18074-critical-rce-vulnerability-cve-2026-21858-discovered-in-n8n-affecting-100000-servers

0
0
0
17h ago

CVE-2026-0915

Overview

The GNU C Library
glibc

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS

Pending

EPSS

0.02%

MITRE

KEV

Description

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Statistics

3 Posts
2 Interactions

Last activity: Last hour

Fediverse

Anderson Nascimento @andersonc0d3

GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)

https://sourceware.org/pipermail/libc-announce/2026/000050.html

0
0
0
Last hour

buherator @buherator

GLIBC-SA-2026-0001: Integer overflow in memalign leads to heap corruption (CVE-2026-0861)

https://www.openwall.com/lists/oss-security/2026/01/16/5

GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)

https://www.openwall.com/lists/oss-security/2026/01/16/6

1
0
0
Last hour

Bluesky

buherator @buherator.bsky.social

GLIBC-SA-2026-0001: Integer overflow in memalign leads to heap corruption (CVE-2026-0861) www.openwall.com -> GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915) www.openwall.com -> Original->

0
1
0
Last hour

CVE-2026-22774

Overview

sveltejs
devalue

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.04%

MITRE

KEV

Description

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the typed array hydration expecting an ArrayBuffer as input, but not checking the assumption before creating the typed array. This vulnerability is fixed in 5.6.2.

Statistics

2 Posts

Last activity: 20 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-22774 - High (7.5)

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leadi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22774/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
21h ago

isabel @isabel

beautiful women called CVE-2026-22774 in my dms

0
0
0
20h ago

CVE-2025-12420

Overview

ServiceNow
Now Assist AI Agents

12 Jan 2026

Published

14 Jan 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.07%

MITRE

KEV

Description

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update to hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Additionally, the vulnerability is addressed in the listed Store App versions. We recommend that customers promptly apply an appropriate security update or upgrade if they have not already done so.

Statistics

3 Posts

Last activity: 3 hours ago

Fediverse

mark carter @Markcarter

Fascinating 🛡️ BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow 🛡️
Key Takeaways
AI agents significantly amplify the impact of traditional security flaws.
A Virtual Agent integration flaw (CVE-2025-12420) allowed unauthenticated attackers to impersonate any ServiceNow user using only an email address, bypassing MFA and SSO.
Virtual Agent APIs can become unintended execution paths for privileged AI workflows.
Internal topics such as AIA-Agent Invoker AutoChat enable AI agents to be executed outside expected deployment constraints.
Point-in-time fixes do not eliminate systemic risk from insecure provider and agent configurations.
Preventing abuse of agentic AI in conversational channels requires:
Strong provider configuration controls, including enforced MFA for account linking
Establishing an agent approval-process
Implementing lifecycle management policies to de-provision unused or stagnant agents.
https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow/ #InfoSec

0
0
1
4h ago

Jack Poller @poller

The ServiceNow 'BodySnatcher' vulnerability (CVE-2025-12420) shows why AI's race to market is a security disaster. Unauthenticated attackers hijacking AI agents to bypass MFA? This is what happens when we ship AI without proper security. My latest: https://securityboulevard.com/2026/01/were-moving-too-fast-why-ais-race-to-market-is-a-security-disaster/

0
0
0
3h ago

CVE-2025-64155

Overview

Fortinet
FortiSIEM

13 Jan 2026

Published

14 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.4)

EPSS

0.09%

MITRE

KEV

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

Statistics

3 Posts

Last activity: 15 hours ago

Bluesky

キタきつね @kitafox.bsky.social

重大な FortiSIEM の脆弱性に対する PoC エクスプロイトが公開されました (CVE-2025-64155) PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155) #HelpNetSecurity (Jan 15) www.helpnetsecurity.com/2026/01/15/f...

0
0
0
16h ago

セキュリティ対策Lab @securitylab-jp.bsky.social

FortiSIEMに未認証RCEのクリティカル脆弱性、PoC公開で悪用リスクが急上昇(CVE-2025-64155／CVE-2025-25256) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security

0
0
0
16h ago

OpsMatters @opsmatters.com

The latest update for #ArcticWolf includes "CVE-2025-64155: FortiSIEM Remote Unauthenticated Command Injection Vulnerability" and "CVE-2025-25249: Remote Code Execution Vulnerability in FortiOS and FortiSwitchManager". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl

0
0
0
15h ago

CVE-2025-36911

Overview

Google
Android

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

2 Posts

Last activity: 4 hours ago

Fediverse

ekiledjian @edwardk

A critical vulnerability (CVE-2025-36911) in Google Fast Pair lets attackers forcibly connect to Bluetooth accessories like earbuds without consent, dubbed “WhisperPair.”

Attackers within 46 feet can control accessories to play audio or record conversations, and can track users by registering as device owners. Hundreds of millions of devices from brands like Sony, JBL, and Logitech are affected.

Google patched Pixel devices, but users must also update their accessory firmware for full protection.https://www.securityweek.com/whisperpair-attack-leaves-millions-of-bluetooth-accessories-open-to-hijacking/

0
0
0
4h ago

Bluesky

L'algorisme @lalgorisme.bsky.social

WhisperPair aka CVE-2025-36911 afecta a centenars de milions d'auriculars i altaveus compatibles amb Google Fast Pair de marques com Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech i Google.

0
0
0
21h ago

CVE-2025-37164

Overview

Hewlett Packard Enterprise (HPE)
HPE OneView

16 Dec 2025

Published

08 Jan 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

81.31%

MITRE

KEV

Description

A remote code execution issue exists in HPE OneView.

Statistics

2 Posts

Last activity: 2 hours ago

Fediverse

ekiledjian @edwardk

Patch Now: Active Exploitation Underway for Critical HPE OneView Vulnerability
https://blog.checkpoint.com/research/patch-now-active-exploitation-underway-for-critical-hpe-oneview-vulnerability/

Check Point Research has identified an active, coordinated exploitation
campaign targeting CVE-2025-37164, a critical remote code execution
vulnerability affecting HPE OneView. The activity, observed directly in Check
Point telemetry, is attributed to the RondoDox botnet and represents a sharp
escalation from early probing attempts to large-scale, automated attacks.

Check Point has already blocked tens of thousands of exploitation attempts,
underscoring both the severity of the vulnerability and the urgency for
organizations to act.

On January 7, 2026 Check Point Research reported the campaign to CISA, and the
vulnerability was added to the Known Exploited Vulnerabilities KEV catalog
the same day.

0
0
0
3h ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

RondoDox botnet rapidly escalated automated exploitation of critical, unauthenticated remote code execution vulnerability CVE-2025-37164 in HPE OneView, causing tens of thousands of attack attempts.

0
0
0
2h ago

CVE-2025-9014

Overview

TP-Link Systems Inc.
TL-WR841N v14

15 Jan 2026

Published

15 Jan 2026

Updated

CVSS v4.0

MEDIUM (6.3)

EPSS

0.09%

MITRE

KEV

Description

A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N v14: before 250908.

Statistics

1 Post
3 Interactions

Last activity: 22 hours ago

Fediverse

cR0w @cR0w

TP-Link

https://www.cve.org/CVERecord?id=CVE-2025-9014

cc: @Dio9sys @da_667

#internetOfShit

1
2
0
22h ago