24h | 7d | 30d

Overview

  • Linux
  • Linux

22 Apr 2026
Published
05 May 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
1.23%

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Statistics

  • 20 Posts
  • 78 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

Une très bonne synthèse sur la faille CopyFail impactant le noyau Linux : historique de la faille, mécanisme d'exploitation, gestion érratique de la divulgation, mitigation - par Linuxtricks #Infosec #Linux linuxtricks.fr/news/10-logicie

  • 17
  • 0
  • 0
  • 16h ago
Profile picture fallback

#CopyFail **UPDATE 2025-05-05:** Red Hat has released the kernel updates for Red Hat Enterprise Linux 9 and 10. So if you followed the steps I described in this thread, you can now simply do

dnf update

on affected machines to get the new kernel and do a

grubby --update-kernel=ALL --remove-args='initcall_blacklist=algif_aead_init'

to remove the mitigation described in this post, before you finish the process with a

reboot

to switch to the fixed kernel.

access.redhat.com/security/cve

  • 11
  • 20
  • 0
  • 23h ago
Profile picture fallback

NicFab Newsletter #19 is out.

This week:
→ EDPB marks 10 years of GDPR
→ AI Act trilogue stalls — high-risk rules still set for 2 August 2026
→ EU Age Verification App found vulnerable hours after launch
→ First European standard on trusted data transactions (EN 18235-1:2026)
→ CopyFail (CVE-2026-31431) added to CISA KEV
→ Minnesota first US state to ban nudification apps

nicfab.eu/en/newsletter-issues

#Privacy #DataProtection #AIAct #Cybersecurity #AI

  • 4
  • 2
  • 0
  • 20h ago
Profile picture fallback
  • 3
  • 2
  • 0
  • 22h ago
Profile picture fallback
  • 2
  • 4
  • 0
  • 12h ago
Profile picture fallback

CVE-2026-31431 #CopyFail shows that #LLM-assisted #cybersecurity research is:
1. Already there and massively impactful without #mythos.
2. Digestible by current governance systems of responsible disclosure.
3. Way more realistic than agents discovering, deploying and scaling exploits autonomously.
Details: xint.io/blog/copy-fail-linux-d

  • 2
  • 0
  • 0
  • 15h ago
Profile picture fallback

🚨ATENCIÓN: un bug en #linux lleva escondido 9 años en el sistema, se llama Copy Fail, está asociado a CVE-2026-31431, y afecta a una parte crítica del #kernel relacionada con algif_aead, la interfaz criptográfica usada para mover datos entre espacio de usuario y kernel.

en pocas palabras, un bug de Linux escondido durante 9 años puede permitir que un usuario sin privilegios escale hasta root en segundos.

Aquí en el video lo explica de que trata esta vulnerabilidad.👇 youtube.com/watch?v=R7_Jrm7zY-0

  • 1
  • 1
  • 0
  • 7h ago
Profile picture fallback

Sobre a CVE-31431 "Copy Fail":

Escrevi alguma coisa no github: github.com/darioomatos/cve-202

  • 1
  • 1
  • 0
  • 2h ago
Profile picture fallback

AlmaLinux 10.2 Beta is now live!

The release team of AlmaLinux, which is a free binary-compatible alternative to a commercial Linux distribution, Red Hat Enterprise Linux, has just released the beta version of the upcoming point release, which is AlmaLinux v10.2.

This beta version of AlmaLinux brings many improvements over the current version, which is version v10.1. The version is available for the following architectures listed:

  • Intel/AMD (x86_64)
  • Intel/AMD (x86_64_v2)
  • Intel/AMD 32-bit (i686) (userspace only, no installation)
  • ARM64 (aarch64)
  • IBM PowerPC (ppc64le)
  • IBM Z (s390x)

However, this beta version of AlmaLinux is not a production release, and is not guaranteed to be stable, especially when it comes to production installations. For users who rely on stability, you’ll have to wait until the official release. If you are curious about this beta version, and you intend to test and to report bugs and issues, you can download the beta version here.

AlmaLinux 10.2 brings i686 userspace packages to enable legacy 32-bit software, CI pipelines, and containerized workloads for users who rely on them in their workflow. It also presents you with updated toolsets and packages, such as the updated MariaDB 11.8, PHP 8.4, and Python 3.14. Security updates have also been provided, such as OpenSSL, Keylime, and SELinux policies, to enhance your computer’s security and to reduce attack vectors.

Also, a severe vulnerability that was left unnoticed since 2017, called Copy Fail (CVE-2026-31431) that exposed a flaw in authencesn, has been patched in this version of AlmaLinux, along with versions v10.x, v9.x, and v8.x.

You can learn more about this beta version here.

Learn more Download #AlmaLinux #AlmaLinux10 #AlmaLinux102 #Linux #news #Tech #Technology #update
  • 1
  • 0
  • 0
  • 22h ago
Profile picture fallback

I just came across another article that was also published yesterday on #podman rootless containers and #copyfail. This one takes a closer look at the exploit itself and how the kernel handles the attempt to escalate privileges. It also draws a similar conclusion regarding the role of user namespaces in limiting exposure in rootless mode.

Great read! dragonsreach.it/2026/05/04/cve

  • 0
  • 3
  • 0
  • 5h ago
Profile picture fallback

Presenting, for absolutely no reason at all, CVE-2026-31431 as a 587-byte x86_64 static ELF:
github.com/Rat5ak/CVE-2026-314

  • 0
  • 0
  • 1
  • 16h ago

Bluesky

Profile picture fallback
CVE-2026-31431: Copy Fail vs. rootless containers https://lobste.rs/s/cvmqdt #security #linux
  • 0
  • 1
  • 0
  • 5h ago
Profile picture fallback
🚨 What if a Linux exploit never touched disk? Copy Fail (CVE-2026-31431) lets attackers become root by corrupting the page cache in memory. No file changes No integrity alerts Harder to detect CVSS 7.8 (High) 👉 basefortify.eu/posts/2026/0... #Linux #CyberSecurity #CopyFail
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
CVE-2026-31431 ('Copy Fail') added to CISA KEV May 1. Theori's Xint Code disclosed this 9-year-old Linux kernel LPE on 4/29. We reviewed 3,800 CISA ICS + 12,468 vendor advisories for ICS Linux exposure. ICSAP-AN-26-001: www.icsadvisoryproject.com/ics-advisory... #ICS #OTSecurity #CopyFail
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
🐧 ¿Cómo funciona ' #CopyFail'? El #exploit de 732 bytes que otorga acceso #Root en #Linux (CVE-2026-31431) (+MITIGACIÓN) www.newstecnicas.info.ve/2026/04/copy...
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
A critical Linux kernel bug, CVE-2026-31431, allows low-level users to gain full control of systems, prompting urgent patching efforts.
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
Linux kernel flaw CVE-2026-31431 exploited for root access; MOVEit CVE-2026-4670 enables remote breaches; DigiCert revokes 60 certificates after Zhong Stealer exposure; Pentagon advances AI security partnerships. #LinuxSecurity #DataCenter #USA
  • 0
  • 1
  • 0
  • 12h ago

Overview

  • Google
  • Android

04 May 2026
Published
05 May 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 10 Posts
  • 30 Interactions

Last activity: 8 hours ago

Fediverse

Profile picture fallback

Critical Android Zero-Click Vulnerability CVE-2026-0073 Allows Remote Shell Access Without User Interaction
#CyberSecurity
securebulletin.com/critical-an

  • 6
  • 2
  • 0
  • 19h ago
Profile picture fallback

Actualiza tu Android ya: este fallo permite atacar el móvil sin que pulses nada 👇
adslzone.net/noticias/moviles/
#Ciberseguridad #Seguridad #Privacidad 🔏

  • 6
  • 2
  • 0
  • 16h ago
Profile picture fallback

OpenSSL's "0 means fail and 1 means success and oh yeah -1 also means fail" APIs have been causing bugs for decades.

barghest.asia/blog/cve-2026-00

  • 2
  • 7
  • 0
  • 13h ago
Profile picture fallback

Today we are disclosing CVE-2026-0073:

A critical no-interaction proximal/adjacent remote code execution vulnerability in adbd's ADB-over-TCP authentication path.

Full technical write-up + exploit flow:

barghest.asia/blog/cve-2026-00

  • 2
  • 0
  • 0
  • 9h ago
Profile picture fallback

Barguest Research Group found a critical no-interaction remote RCE in Android's Wireless Debugging ADB functionality.

barghest.asia/blog/cve-2026-00

#android #adb #CVE #wirelessdebug #RCE #authbypass

  • 1
  • 2
  • 0
  • 13h ago
Profile picture fallback

CVE-2026-0073 affects Android’s System component and it can be exploited without any user interaction. securityweek.com/critical-remo

  • 0
  • 0
  • 1
  • 15h ago
Profile picture fallback

La importancia de las actualizaciones de seguridad en los sistemas operativos en teléfonos móviles que en realidad son pequeños ordenadores ⚠️ 📱 👾

Actualiza tu Android ya: este fallo permite atacar el móvil sin que pulses nada

adslzone.net/noticias/moviles/

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture fallback
Google patches a critical remote code execution flaw (CVE-2026-0073) in Android’s adbd. Exploitation requires no user interaction. No Wear OS, Pixel Watch, or Android Automotive fixes yet. #AndroidSecurity #RemoteCodeExec #USA
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
CVE-2026-0073: Zero-Click Exploit Bypasses Android’s Core Security – Your Device Is at Risk + Video Introduction A newly disclosed critical vulnerability in Android’s System component, tracked as CVE‑2026‑0073, allows remote attackers to execute arbitrary code as the `shell` user without any user…
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Apache Software Foundation
  • Apache HTTP Server

04 May 2026
Published
05 May 2026
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Statistics

  • 9 Posts
  • 6 Interactions

Last activity: Last hour

Fediverse

Profile picture fallback

Critical Apache HTTP Server 2.4.67 Patches RCE Flaw CVE-2026-23918 — Upgrade All Servers Immediately
#CyberSecurity
securebulletin.com/critical-ap

  • 4
  • 0
  • 0
  • 19h ago
Profile picture fallback

HTTP Server Vulnerability CVE-2026-23918 Exposes Millions of Servers to Remote Code Execution Attacks.
Anyone running Apache httpd version 2.4.66 or earlier are strongly urged to upgrade immediately!

👇
gbhackers.com/apache-http-serv

  • 0
  • 0
  • 1
  • 16h ago
Profile picture fallback

@tychotithonus I just love the Debian security tracker, they manage the flood so good security-tracker.debian.org/tr

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
Apache HTTP Server patch 2.4.67 fixes a critical HTTP/2 double-free flaw (CVE-2026-23918) in mod_http2 allowing DoS and possible remote code execution via crafted HTTP/2 frames. #ApachePatch #HTTP2Bug #Poland
  • 1
  • 0
  • 0
  • 10h ago
Profile picture fallback
23 hours. That's how long it took Bitnami to go from a critical Apache RCE disclosure (CVE-2026-23918) to fully patched container images for Apache, WordPress, Drupal, Moodle, Matomo, and phpMyAdmin. Here's the full breakdown: community.broadcom.com/tanzu/blogs/...
  • 0
  • 1
  • 0
  • 13h ago
Profile picture fallback
high risk CVE-2026-23918 in Apache HTTP Server HTTP/2 implementation. cc @levhita.net
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • WebPros
  • cPanel

29 Apr 2026
Published
04 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
26.55%

Description

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Statistics

  • 7 Posts
  • 5 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

Über 40.000 Server durch Zero-Day-Lücke in cPanel kompromittiert. Die Schwachstelle CVE-2026-41940 ermöglicht Angreifern Admin-Zugriff ohne Authentifizierung. #cPanel #Sicherheitslücke winfuture.de/news,158509.html?

  • 1
  • 0
  • 1
  • 14h ago
Profile picture fallback

CVE-2026-41940 in cPanel & WHM under mass exploitation.
550K+ servers potentially exposed → auth bypass → ransomware deployment.
CISA urges immediate patching.

technadu.com/hackers-mass-expl

Patched yet?

  • 0
  • 0
  • 0
  • 13h ago

Bluesky

Profile picture fallback
The cPanel Situation Is… - Censys On April 29, 2026, CVE-2026-41940 was disclosed as a critical pre-authentication bypass affecting cPanel and WHM. The is Read more: https://censys.com/blog/the-cpanel-situation-is/
  • 1
  • 3
  • 0
  • 21h ago
Profile picture fallback
Critical cPanel & WHM flaw (CVE-2026-41940) is being actively exploited. 550K+ servers at risk → auth bypass → ransomware. Are you patched? #CyberSecurity
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
~Watchtowr~ A critical auth bypass (CVE-2026-41940) in all supported cPanel & WHM versions allows root access and is actively exploited in the wild. - IOCs: CVE-2026-41940 - #CVE202641940 #ThreatIntel #cPanel
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
The latest update for #BitSight includes "The UK Government's Open Letter on #AI Cyber Threats Underscores the Need for Measurable Security" and "Critical Vulnerability Alert: CVE-2026-41940 in cPanel, WHM, and WP Squared". #Cybersecurity #RiskManagement https://opsmtrs.com/43KoF0t
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Pending

05 May 2026
Published
05 May 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.

Statistics

  • 4 Posts
  • 4 Interactions

Last activity: 2 hours ago

Bluesky

Profile picture fallback
Critical #Bitcoin Core vulnerability (CVE-2024-52911) found in versions 0.14.0-29.0. Specially crafted blocks could cause remote node crashes or potential code execution by exploiting a memory error during transaction validation. Monitor official Bitcoin Core channels for patches. #crypto #security
  • 0
  • 2
  • 0
  • 14h ago
Profile picture fallback
🔥 Критическая уязвимость CVE-2024-52911 в Bitcoin Core! ⚠️ Около 43% узлов остаются под угрозой сбоев и RCE. Рекомендуется срочное обновление до v29+ для безопасности сети. #Bitcoin #CryptoNews #Blockchain
  • 0
  • 1
  • 0
  • 2h ago
Profile picture fallback
CRITICAL Bitcoin Core vulnerability (CVE-2024-52911) in versions 0.14.1-28.4 allows remote code execution/crashes. Discovered Nov '24, patched Dec '24. Yet, ~43% nodes vulnerable! Exploit is costly (high hash power), but risk remains. Upgrade ASAP! #crypto #blockchain #news
  • 0
  • 1
  • 0
  • 2h ago
Profile picture fallback
A critical memory safety vulnerability (CVE-2024-52911) in Bitcoin Core software versions 0.14.1 through 28.4 allowed miners to crash nodes or […]
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • MetInfo CMS
  • MetInfo CMS

01 Apr 2026
Published
03 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
14.31%

KEV

Description

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve remote code execution and gain full control over the affected server.

Statistics

  • 4 Posts

Last activity: 13 hours ago

Fediverse

Profile picture fallback

📰 Critical MetInfo CMS Vulnerability Under Active Exploitation

🚨 ACTIVE EXPLOITATION! A critical RCE flaw (CVE-2026-29014, CVSS 9.8) in MetInfo CMS is being widely exploited. Unauthenticated attackers can gain full server control. Patch immediately! #CVE #RCE #CyberSecurity #Vulnerability

🔗 cyber.netsecops.io

  • 0
  • 0
  • 0
  • 13h ago

Bluesky

Profile picture fallback
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks https://thehackernews.com/2026/05/metinfo-cms-cve-2026-29014-exploited.html
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
Threat actors are actively exploiting CVE-2026-29014, a critical code injection flaw in MetInfo CMS. The vulnerability allows remote, unauthenticated attackers […]
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Weaver Network Co., Ltd.
  • E-cology

07 Apr 2026
Published
05 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.18%

KEV

Description

Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-execution helpers and achieve arbitrary command execution on the system. Exploitation evidence was first observed by the Shadowserver Foundation on 2026-03-31 (UTC).

Statistics

  • 3 Posts

Last activity: 5 hours ago

Fediverse

Profile picture fallback

CVE‑2026‑22679 is a critical unauthenticated RCE in Weaver E‑cology 10.0 exploited within five days of patch release. Attackers abused an exposed debug API endpoint to execute system commands. No workaround exists — upgrade to build 20260312 immediately.

thecybermind.co/2026/05/05/cve

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture fallback
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
Une faille critique RCE dans #Weaver E-cology (<20260312) est activement exploitée via l’API Debug (CVE-2026-22679, CVSS 9.8). Risque majeur d’exécution de code à distance non authentifiée ⚠️ #CyberSecurity #Automatisation
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • FreeBSD
  • FreeBSD

30 Apr 2026
Published
01 May 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to dhclient-script(8), which evaluates it. A rogue DHCP server may be able to execute arbirary code as root on a system running dhclient.

Statistics

  • 1 Post
  • 41 Interactions

Last activity: 20 hours ago

Fediverse

Profile picture fallback

AISLE boasts about their AI tooling and CVE-2026-42511:

"Our autonomous AI system found another critical vulnerability in the FreeBSD DHCP stack - an unauthenticated remote code execution vulnerability with root privileges.

This finding is significant not only because RCE as root is about as severe as it gets, but also because FreeBSD was explicitly included in Anthropic’s Mythos announcement, and Mythos did not identify this issue."

  • 12
  • 29
  • 0
  • 20h ago

Overview

  • D-Link
  • DNS-320L

04 Apr 2024
Published
21 Oct 2025
Updated

CVSS v3.1
HIGH (7.3)
EPSS
94.42%

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 20 hours ago

Fediverse

Profile picture fallback
[RSS] pyghidra-mcp Meets Ghidra GUI: Drive Project-Wide RE with Local AI

https://clearbluejar.github.io/posts/pyghidra-mcp-meets-ghidra-gui-drive-project-wide-re-with-local-ai/

+ CVE-2024-3273 analysis (D-Link)
  • 0
  • 0
  • 0
  • 20h ago

Bluesky

Profile picture fallback
[RSS] pyghidra-mcp Meets Ghidra GUI: Drive Project-Wide RE with Local AI clearbluejar.github.io -> + CVE-2024-3273 analysis (D-Link Original->
  • 0
  • 1
  • 0
  • 20h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts

Last activity: Last hour

Fediverse

Profile picture fallback

...sigh...
<insert HereWeGoAgain.gif meme>

~~~~~~~~~~~

Urgent Palo Alto Networks Security Advisory - Severity 9.3 · CRITICAL

Palo Alto Networks has published one new Security Advisory for a Critical Unauthenticated User initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal. This is available at security.paloaltonetworks.com/

We strongly advise PAN-OS customers to read the advisory and take appropriate action immediately to protect their devices.

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
Paloaltoの脆弱性情報 「CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal (Severity: CRITICAL)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0300
  • 0
  • 0
  • 0
  • 5h ago
Showing 1 to 10 of 54 CVEs