24h | 7d | 30d

Overview

  • F5
  • BIG-IP

15 Oct 2025
Published
27 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.08%

Description

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 1 Post
  • 53 Interactions

Last activity: 4 hours ago

Fediverse

Profile picture fallback

For F5 BIG-IP APM customers, CVE-2025-53521 is being exploited in the wild by a nation state threat actor

It allows unauth RCE and applies to the data plane (not the management interface) - the one available over the internet.

my.f5.com/manage/s/article/K00

Attackers have been deploying webshells, so boxes are still vuln post patching if already exploited prior.

  • 30
  • 23
  • 0
  • 4h ago

Overview

  • Kubernetes
  • Kubernetes

20 Sep 2021
Published
16 Sep 2024
Updated

CVSS v3.1
MEDIUM (4.1)
EPSS
0.18%

KEV

Description

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

Statistics

  • 4 Posts
  • 2 Interactions

Last activity: 5 hours ago

Fediverse

Profile picture fallback

Just released another entry in my blog series looking at the unpatchable vulnerabilities of Kubernetes.

Whilst the CVEs are quite old, understanding them is useful, both to understand if you need to apply mitigations and also for some of the low-level Kubernetes implementation details they involve.

securitylabs.datadoghq.com/art

  • 2
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture fallback
CVE-2020-8561 exploits an SSRF flaw in Kubernetes API server’s ValidatingWebhookConfiguration and profiling endpoints to expose full responses. Requires cluster-admin creds to escalate impact. #KubernetesSecurity #SSRF #CVE20208561
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8561 | Datadog Security Labs securitylabs.datadoghq.com/articles/unp...
  • 0
  • 0
  • 1
  • 5h ago

Overview

  • PTC
  • Windchill PDMLink

23 Mar 2026
Published
24 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.38%

KEV

Description

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0.

Statistics

  • 3 Posts

Last activity: 1 hour ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CISA flags CVE-2026-4681 in PTC Windchill PLM. German police issued physical warnings — high urgency! No active exploits, but risk to manufacturing & engineering data is severe. Audit & secure now. radar.offseq.com/threat/cisa-f

  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback

📰 Police Physically Warn Firms of Critical Unpatched RCE Flaw in PTC Windchill

🚨 CRITICAL FLAW: German police physically warn companies about a 10.0 CVSS RCE bug (CVE-2026-4681) in PTC Windchill & FlexPLM. CISA issues alert. No patch yet! ⚠️ #CVE20264681 #ZeroDay #Manufacturing

🔗 cyber.netsecops.io/articles/cr

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture fallback
“CISA warns of a critical flaw in PTC Windchill and FlexPLM (CVE-2026-4681), with no patch yet and potential for imminent exploitation.” securityaffairs.com/190049/secur...
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • aquasecurity
  • setup-trivy

23 Mar 2026
Published
27 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
26.61%

Description

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-trivy` with malicious commits. This incident is a continuation of the supply chain attack that began in late February 2026. Following the initial disclosure on March 1, credential rotation was performed but was not atomic (not all credentials were revoked simultaneously). The attacker could have use a valid token to exfiltrate newly rotated secrets during the rotation window (which lasted a few days). This could have allowed the attacker to retain access and execute the March 19 attack. Affected components include the `aquasecurity/trivy` Go / Container image version 0.69.4, the `aquasecurity/trivy-action` GitHub Action versions 0.0.1 – 0.34.2 (76/77), and the`aquasecurity/setup-trivy` GitHub Action versions 0.2.0 – 0.2.6, prior to the recreation of 0.2.6 with a safe commit. Known safe versions include versions 0.69.2 and 0.69.3 of the Trivy binary, version 0.35.0 of trivy-action, and version 0.2.6 of setup-trivy. Additionally, take other mitigations to ensure the safety of secrets. If there is any possibility that a compromised version ran in one's environment, all secrets accessible to affected pipelines must be treated as exposed and rotated immediately. Check whether one's organization pulled or executed Trivy v0.69.4 from any source. Remove any affected artifacts immediately. Review all workflows using `aquasecurity/trivy-action` or `aquasecurity/setup-trivy`. Those who referenced a version tag rather than a full commit SHA should check workflow run logs from March 19–20, 2026 for signs of compromise. Look for repositories named `tpcp-docs` in one's GitHub organization. The presence of such a repository may indicate that the fallback exfiltration mechanism was triggered and secrets were successfully stolen. Pin GitHub Actions to full, immutable commit SHA hashes, don't use mutable version tags.

Statistics

  • 3 Posts
  • 2 Interactions

Last activity: 9 hours ago

Fediverse

Profile picture fallback

CISA adds CVE-2026-33634 (Trivy) to KEV - active exploitation confirmed.

If it’s in KEV, it’s already a threat.

Source: cisa.gov/news-events/alerts/20

💬 Is KEV your top patch priority?
🔔 Follow TechNadu

  • 1
  • 0
  • 0
  • 17h ago
Profile picture fallback

📰 CISA KEV Alert: Actively Exploited Flaws in Langflow AI Framework and Trivy Scanner

📢 CISA KEV UPDATE: Two flaws now under active exploitation! A critical RCE in Langflow AI framework (CVE-2026-33017) and a supply-chain attack via Trivy scanner (CVE-2026-33634). Patch now! ⚠️ #KEV #CyberSecurity #RCE

🔗 cyber.netsecops.io/articles/ci

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture fallback
New KEV alert ⚠️ CVE-2026-33634 (Trivy) now actively exploited. KEV = real-world risk, not theory. 💬 Patch priority? 🔔 Follow TechNadu #CyberSecurity #KEV #InfoSec
  • 1
  • 0
  • 0
  • 17h ago

Overview

  • langflow-ai
  • langflow

20 Mar 2026
Published
26 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
5.65%

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.

Statistics

  • 3 Posts

Last activity: 1 hour ago

Fediverse

Profile picture fallback

📰 CISA KEV Alert: Actively Exploited Flaws in Langflow AI Framework and Trivy Scanner

📢 CISA KEV UPDATE: Two flaws now under active exploitation! A critical RCE in Langflow AI framework (CVE-2026-33017) and a supply-chain attack via Trivy scanner (CVE-2026-33634). Patch now! ⚠️ #KEV #CyberSecurity #RCE

🔗 cyber.netsecops.io/articles/ci

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture fallback
CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours | Sysdig www.sysdig.com/blog/cve-202...
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
#ばばさん通信ダイジェスト 賛否関わらず話題になった/なりそうなものを共有しています。 CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Microsoft
  • Windows 10 Version 21H2

13 Jan 2026
Published
26 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

Statistics

  • 3 Posts
  • 1 Interaction

Last activity: 16 hours ago

Bluesky

Profile picture fallback
SYSTEM Takeover: New Windows Error Reporting Flaw (CVE-2026-20817) Demands Immediate Action + Video Introduction: The Windows Error Reporting (WER) service, a critical component designed to capture crash dumps and telemetry, has become the latest attack vector for privilege escalation. Security…
  • 0
  • 1
  • 0
  • 16h ago
Profile picture fallback
Proof-of-Concept Released: Public Exploit Details for Windows Error Reporting LPE (CVE-2026-20817)
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
CVE-2026-20817: Windows Error Reporting Goes Nuclear – How a Single Flaw Forced Microsoft to Nuke Its Own Feature + Video Introduction: A recently patched Elevation of Privilege (EoP) vulnerability in the Windows Error Reporting (WER) service, tracked as CVE-2026-20817, has exposed a critical flaw…
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016

13 Jan 2026
Published
19 Mar 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
7.10%

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Fediverse

Profile picture fallback

Zwei kritische Schwachstellen beherrschen die Lage für deutsche Unternehmen.
Das BSI warnt vor einer aktiv ausgenutzten Lücke in Microsoft SharePoint. Die CISA hatte die Schwachstelle am 18. März in ihren Katalog ausgenutzter Sicherheitslücken aufgenommen. CERT-EU veröffentlichte am 25. März ein Advisory und verwies auf Maßnahmen aus der ToolShell-Angriffskampagne des Vorjahres. Der CVSS-Score liegt bei 9.8 von 10 und wurde hochgestuft, nachdem sich herausstellte, dass eine Ausnutzung auch ohne Authentifizierung möglich ist.
Parallel dazu hat CERT-Bund am 24. März Alarm wegen zweier Schwachstellen in Citrix NetScaler ADC und NetScaler Gateway geschlagen. CVE-2026-3055 ermöglicht es nicht authentifizierten Angreifern, aktive Session-Token aus dem Speicher betroffener Geräte auszulesen. CVE-2026-4368 kann durch eine Race Condition zur Übernahme fremder Benutzersitzungen führen. Besonders gefährdet sind Systeme, die als SAML Identity Provider konfiguriert sind, also eine in Unternehmensumgebungen weit verbreitete Konfiguration für Single Sign-On. Sicherheitsforscher bewerten eine baldige aktive Ausnutzung als sehr wahrscheinlich.
Sofortmaßnahmen: SharePoint patchen, NetScaler aktualisieren und aktiven Sessions beenden.

Cybersicherheitswarnung 2026-238220-1032 (25.03.2026) | CERT-Bund WID-SEC-2026-0836 (24.03.2026)
CVE-2026-20963 | CVE-2026-3055 | CVE-2026-4368
#Informationssicherheit #CISO #BSI #SharePoint #Citrix #NetScaler #Patchmanagement #NIS2 #CyberSecurity #ITSicherheit

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • open-telemetry
  • opentelemetry-java-instrumentation

27 Mar 2026
Published
27 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.50%

KEV

Description

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. All three of the following conditions must be true to exploit this vulnerability: First, OpenTelemetry Java instrumentation is attached as a Java agent (`-javaagent`) on Java 16 or earlier. Second, JMX/RMI port has been explicitly configured via `-Dcom.sun.management.jmxremote.port` and is network-reachable. Third, gadget-chain-compatible library is present on the classpath. This results in arbitrary remote code execution with the privileges of the user running the instrumented JVM. For JDK >= 17, no action is required, but upgrading is strongly encouraged. For JDK < 17, upgrade to version 2.26.1 or later. As a workaround, set the system property `-Dotel.instrumentation.rmi.enabled=false` to disable the RMI integration.

Statistics

  • 1 Post
  • 4 Interactions

Last activity: 22 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-33701 affects opentelemetry-java-instrumentation <2.26.1. Unauthenticated RCE possible on Java ≤16 via unsafe RMI deserialization. Upgrade to 2.26.1+ or disable RMI now! Details: radar.offseq.com/threat/cve-20

  • 3
  • 1
  • 0
  • 22h ago

Overview

  • Apple
  • visionOS

11 Dec 2024
Published
03 Nov 2025
Updated

CVSS
Pending
EPSS
0.28%

KEV

Description

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.

Statistics

  • 1 Post
  • 8 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

Good to know but every vulnerability we discovered and reported to Apple also affected the Lockdown Mode. This includes CVE-2024-54492 that impacted the Passwords app. An option to "Allow Contacting Websites" was added starting iOS 26

#privacy #security #iOS #Apple #infosec
--------
Apple Says No iPhone in Lockdown Mode Has Ever Been Hacked

macrumors.com/2026/03/27/no-ip

  • 2
  • 6
  • 0
  • 1h ago

Overview

  • djangoproject
  • Django
  • django

03 Feb 2026
Published
03 Feb 2026
Updated

CVSS
Pending
EPSS
5.46%

KEV

Description

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.

Statistics

  • 1 Post
  • 5 Interactions

Last activity: 16 hours ago

Bluesky

Profile picture fallback
CrowdSec confirme la première exploitation active de CVE-2026-1207, une faille d'injection SQL dans Django - IT SOCIAL itsocial.fr/cybersecurit...
  • 1
  • 4
  • 0
  • 16h ago
Showing 1 to 10 of 45 CVEs