24h | 7d | 30d

CVE-2026-1281

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
14.89%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 9 Posts
  • 6 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture
Anonymous :verified: @youranonnewsirc

Latest News (Jan 29-30, 2026):

Tech: Apple plans "Apple Intelligence" with Google Gemini integration, coinciding with Google's Chrome "auto browse" launch. China approved Nvidia H200 chip sales to its tech giants.

Cybersecurity: The FBI launched "Operation Winter SHIELD" to protect critical infrastructure. A major ShinyHunters phishing campaign targets Okta SSO accounts, and Ivanti EPMM (CVE-2026-1281) is a newly exploited vulnerability.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 21h ago
Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CVE-2026-1281 & CVE-2026-1340: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Zero-Day: Yes
CVSS: Both 9.8
CVE Published: January 29th, 2026
KEV Catalog: January 29th, 2026

Affected Vendor: Ivanti
Vulnerability Type: Remote Code Execution (RCE)

Advisory: forums.ivanti.com/s/article/Se

  • 1
  • 1
  • 0
  • 22h ago
Profile picture
CyberNetsecIO @netsecio

📰 CRITICAL: Ivanti Patches Two Actively Exploited RCE Zero-Days in EPMM

🚨 CRITICAL UPDATE: Ivanti patches two actively exploited zero-day RCEs (CVE-2026-1281, CVE-2026-1340) in EPMM. Both are CVSS 9.8. Unauthenticated attackers can gain full control. Patch immediately! #Ivanti #ZeroDay #CyberSecurity #RCE

🔗 cyber.netsecops.io/articles/iv

  • 0
  • 0
  • 0
  • 23h ago
Profile picture
schrotthaufen @schrotthaufen

Not sure I like that I didn’t need the explanation about variable expansion to understand wtf happened 😅

labs.watchtowr.com/someone-kno

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture
The Shadowserver Foundation @shadowserver.bsky.social
Spike in Ivanti EPMM CVE-2026-1281 RCE exploitation attempts seen by our sensors last 24 hours from at least 13 source IPs. In our scans, we see ~1600 exposed instances worldwide (no vulnerability assessment). Top exposed: Germany (516) Ivanti hotfix guidance: forums.ivanti.com/s/article/Se...
  • 1
  • 3
  • 0
  • 1h ago
Profile picture
The Shadowserver Foundation @shadowserver.bsky.social
CVE-2026-1281 has been added to CISA Known Exploited Vulnerability catalog: www.cisa.gov/news-events/... Additional background from watchTowr: labs.watchtowr.com/someone-know...
  • 0
  • 0
  • 0
  • 1h ago
Profile picture
CyberHub @cyberhub.blog
📌 Expert Bash Exploitation Uncovered in Ivanti EPMM Pre-Auth RCE Vulnerabilities (CVE-2026-1281 & CVE-2026-1340) https://www.cyberhub.blog/article/18811-expert-bash-exploitation-uncovered-in-ivanti-epmm-pre-auth-rce-vulnerabilities-cve-2026-1281-cve-2026-1340
  • 0
  • 0
  • 0
  • 21h ago
Profile picture
Information Security Briefly @infosecbriefly.bsky.social
Ivanti patched two critical EPMM zero-day RCE vulnerabilities (CVE-2026-1281, CVE-2026-1340) that were being exploited in the wild.
  • 0
  • 0
  • 0
  • 19h ago
Profile picture
OpsMatters @opsmatters.com
The latest update for #ArcticWolf includes "CVE-2026-1281 and CVE-2026-1340: Unauthenticated RCE Zero-Day Vulnerabilities in Ivanti Endpoint Manager Mobile" and "CVE-2026-24858: FortiCloud SSO Authentication Bypass Vulnerability Exploited". #cybersecurity #infosec https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-1340

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.16%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 6 Posts
  • 2 Interactions
Last activity: 16 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CVE-2026-1281 & CVE-2026-1340: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Zero-Day: Yes
CVSS: Both 9.8
CVE Published: January 29th, 2026
KEV Catalog: January 29th, 2026

Affected Vendor: Ivanti
Vulnerability Type: Remote Code Execution (RCE)

Advisory: forums.ivanti.com/s/article/Se

  • 1
  • 1
  • 0
  • 22h ago
Profile picture
CyberNetsecIO @netsecio

📰 CRITICAL: Ivanti Patches Two Actively Exploited RCE Zero-Days in EPMM

🚨 CRITICAL UPDATE: Ivanti patches two actively exploited zero-day RCEs (CVE-2026-1281, CVE-2026-1340) in EPMM. Both are CVSS 9.8. Unauthenticated attackers can gain full control. Patch immediately! #Ivanti #ZeroDay #CyberSecurity #RCE

🔗 cyber.netsecops.io/articles/iv

  • 0
  • 0
  • 0
  • 23h ago
Profile picture
schrotthaufen @schrotthaufen

Not sure I like that I didn’t need the explanation about variable expansion to understand wtf happened 😅

labs.watchtowr.com/someone-kno

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
📌 Expert Bash Exploitation Uncovered in Ivanti EPMM Pre-Auth RCE Vulnerabilities (CVE-2026-1281 & CVE-2026-1340) https://www.cyberhub.blog/article/18811-expert-bash-exploitation-uncovered-in-ivanti-epmm-pre-auth-rce-vulnerabilities-cve-2026-1281-cve-2026-1340
  • 0
  • 0
  • 0
  • 21h ago
Profile picture
Information Security Briefly @infosecbriefly.bsky.social
Ivanti patched two critical EPMM zero-day RCE vulnerabilities (CVE-2026-1281, CVE-2026-1340) that were being exploited in the wild.
  • 0
  • 0
  • 0
  • 19h ago
Profile picture
OpsMatters @opsmatters.com
The latest update for #ArcticWolf includes "CVE-2026-1281 and CVE-2026-1340: Unauthenticated RCE Zero-Day Vulnerabilities in Ivanti Endpoint Manager Mobile" and "CVE-2026-24858: FortiCloud SSO Authentication Bypass Vulnerability Exploited". #cybersecurity #infosec https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-0921

Overview

  • Mitsubishi Electric Corporation
  • GENESIS64
15 May 2025
Published
09 Jan 2026
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
0.02%
KEV

Description

Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS version 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric BizViz all versions, and Mitsubishi Electric Iconics Digital Solutions BizViz all versions allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.

Statistics

  • 2 Posts
Last activity: 9 hours ago

Fediverse

Profile picture
HackerWorkspace @hackerworkspace

Privileged File System Vulnerability Present in a SCADA System

unit42.paloaltonetworks.com/ic

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture
piggo @pigondrugs.bsky.social
~Paloalto~ A privileged file system vulnerability in Iconics Suite allows local attackers to corrupt critical files, leading to a denial-of-service condition. - IOCs: CVE-2025-0921 - #CVE20250921 #SCADA #ThreatIntel
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-20045

Overview

  • Cisco
  • Cisco Unified Communications Manager
21 Jan 2026
Published
22 Jan 2026
Updated
CVSS v3.1
HIGH (8.2)
EPSS
0.89%
KEV

Description

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.

Statistics

  • 2 Posts
  • 7 Interactions
Last activity: Last hour

Fediverse

Profile picture
Glenn 📎 @ntkramer

🍩 & - Since its disclosure 11 days ago, 95% of the exploitation attempts of CVE-2026-20045, a critical vulnerability in Cisco Unified Communications Manager, have used a distinctive user-agent: Mozilla/5.0 (compatible; CiscoExploit/1.0) and are heavily targeted against our Cisco Unified Communications Manager (UCM) sensors.

We're tracking it here: viz.greynoise.io/tags/cisco-un

Appears to be from github.com/Ashwesker/Ashwesker

  • 2
  • 5
  • 1
  • Last hour

CVE-2026-0755

Overview

  • Gemini MCP Tool
  • gemini-mcp-tool
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
1.27%
KEV

Description

gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the execAsync method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27783.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CVE-2026-0755: Reported Zero-Day in Gemini MCP Tool Could Allow Remote Code Execution

Zero-Day: Yes
CVSS: 9.8
CVE Published: January 23rd, 2026

Affected Vendor: Gemini MCP Tool
Vulnerability Type: Remote Code Execution (RCE)

Advisory: github.com/advisories/GHSA-28q

  • 2
  • 2
  • 0
  • 22h ago

CVE-2026-20929

Overview

  • Microsoft
  • Windows 10 Version 1809
13 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.06%
KEV

Description

Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture
ekiledjian @edwardk

A new technique abuses Kerberos TGS requests and DNS CNAME resolution to allow attackers to impersonate users by relaying authentication tickets. This method, detailed in research by Cymulate, enables lateral movement and privilege escalation, and while Microsoft has patched HTTP-related vulnerabilities (CVE-2026-20929), the core DNS CNAME abuse remains a threat.
cymulate.com/blog/kerberos-aut

  • 1
  • 1
  • 0
  • 1h ago

CVE-2024-24576

Overview

  • rust-lang
  • rust
09 Apr 2024
Published
04 Nov 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
81.37%
KEV

Description

Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected. The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument. On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted. One exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution. Due to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an `InvalidInput` error when it cannot safely escape an argument. This error will be emitted when spawning the process. The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture
HackerNoon @hackernoon

The severity of this vulnerability was critical if you were invoking batch files on Windows with untrusted arguments. hackernoon.com/rust-cve-2024-2 #rust

  • 1
  • 0
  • 0
  • Last hour

CVE-2022-37393

Overview

  • Synacor
  • Zimbra Server
16 Aug 2022
Published
17 Sep 2024
Updated
CVSS
Pending
EPSS
5.12%
KEV

Description

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 19 hours ago

Fediverse

Profile picture
Ron Bowes @iagox86

@Weld When I was at Rapid7, we were firm that we wouldn't sign anything preventing us from disclosing. Sometimes that made it real difficult to talk to the company

Sadly the link to the disclosure is dead now, but this was my favourite: attackerkb.com/topics/92AeLOE1

  • 0
  • 4
  • 0
  • 19h ago

CVE-2025-8088

Overview

  • win.rar GmbH
  • WinRAR
08 Aug 2025
Published
21 Oct 2025
Updated
CVSS v4.0
HIGH (8.4)
EPSS
4.61%
KEV

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 Exploitation massive de la faille WinRAR CVE-2025-8088 par des acteurs étatiques et criminels 📝 Source: Google Threat Intelligence Gro… https://cyberveille.ch/posts/2026-01-29-exploitation-massive-de-la-faille-winrar-cve-2025-8088-par-des-acteurs-etatiques-et-criminels/ #CVE_2025_8088 #Cyberveille
  • 0
  • 0
  • 0
  • 22h ago

CVE-2024-28397

Overview

  • Pending
20 Jun 2024
Published
02 Aug 2024
Updated
CVSS
Pending
EPSS
67.46%
KEV

Description

An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.

Statistics

  • 2 Posts
Last activity: 2 hours ago

Fediverse

Profile picture
0xdf @0xdf

CodeTwo from HackTheBox features a js2py sandbox escape via CVE-2024-28397, MD5 hash cracking from SQLite, and abusing npbackup-cli sudo permissions to read root's SSH key from backups.

0xdf.gitlab.io/2026/01/31/htb-

  • 0
  • 0
  • 1
  • 2h ago
Showing 1 to 10 of 28 CVEs