24h | 7d | 30d

CVE-2026-0915

Overview

  • The GNU C Library
  • glibc
15 Jan 2026
Published
16 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: Last hour

Fediverse

Profile picture
Christine Hall @BrideOfLinux

1996? That's like forever ago: CVE-2026-0915: GNU C Library Fixes A Security Issue Present Since 1996 - Phoronix phoronix.com/news/Glibc-Securi

  • 1
  • 1
  • 0
  • Last hour
Profile picture
@phoronix

CVE-2026-0915: GNU C Library Fixes A Security Issue Present Since 1996

CVE-2026-0915 was published on Friday as a security issue with the GNU C Library "glibc" for code introduced 30 years ago. The latest Glibc Git code is now patched for this issue introduced in 1996...

https://www.phoronix.com/news/Glibc-Security-Fix-For-1996-Bug

  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-53690

Overview

  • Sitecore
  • Experience Manager (XM)
03 Sep 2025
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.0)
EPSS
10.18%
KEV

Description

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 1 hour ago

Fediverse

Profile picture
CyberNetsecIO @netsecio

📰 China-Linked APT 'UAT-8837' Targets North American Critical Infrastructure

🇨🇳 A China-linked APT group, UAT-8837, is actively targeting North American critical infrastructure, warns Cisco Talos. The group exploits flaws like CVE-2025-53690 and uses tools like Earthworm for espionage. #APT #CyberSecurity #ThreatIntel #China

🔗 cyber.netsecops.io/articles/ch

  • 0
  • 1
  • 0
  • 23h ago
Profile picture
ekiledjian @edwardk

A China-linked hacker group, UAT-8837, has been exploiting a Sitecore zero-day vulnerability (CVE-2025-53690) for initial access to North American critical infrastructure. The group, active since at least 2025, focuses on obtaining credentials and network information using various open-source and living-off-the-land tools.
bleepingcomputer.com/news/secu

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-0227

Overview

  • Palo Alto Networks
  • Cloud NGFW
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.6)
EPSS
0.07%
KEV

Description

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.

Statistics

  • 2 Posts
Last activity: 23 hours ago

Fediverse

Profile picture
CyberNetsecIO @netsecio

📰 Palo Alto Networks Patches High-Severity DoS Flaw in PAN-OS Firewalls

Palo Alto Networks patches high-severity DoS flaw CVE-2026-0227 in PAN-OS. 🔒 The bug allows unauthenticated attackers to crash firewalls with GlobalProtect enabled. PoC exists. Patch immediately! #CyberSecurity #Vulnerability #PaloAltoNetworks

🔗 cyber.netsecops.io/articles/pa

  • 0
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture
ripjyr.bsky.social @ripjyr.bsky.social
Paloaltoの脆弱性情報 「CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal (Severity: HIGH)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0227
  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-23550

Overview

  • Modular DS
  • Modular DS
  • modular-connector
14 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.04%
KEV

Description

Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1.

Statistics

  • 2 Posts
Last activity: 11 hours ago

Fediverse

Profile picture
CyberNetsecIO @netsecio

📰 Critical Flaw in WordPress Plugin 'Modular DS' Actively Exploited for Admin Takeover

🚨 CRITICAL 10.0 CVSS FLAW: Modular DS WordPress plugin is being actively exploited! CVE-2026-23550 allows unauthenticated admin takeover. 40,000+ sites at risk. Update to version 2.5.2 NOW. #WordPress #Vulnerability #CyberSecurity #PatchNow

🔗 cyber.netsecops.io/articles/mo

  • 0
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture
Eyal Estrin ☁️ @eyalestrin.bsky.social
Modular DS bug hands hackers instant WordPress admin access (CVE-2026-23550) #appsec
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-20805

Overview

  • Microsoft
  • Windows 10 Version 1809
13 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
MEDIUM (5.5)
EPSS
6.56%
KEV

Description

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture
Mathrubhumi English @Mathrubhumi_English

CERT-In issues high-severity alert for Windows 10, Windows 11 and Microsoft Office over CVE-2026-20805 vulnerability. Microsoft confirms exploit in the wild, urges urgent updates. english.mathrubhumi.com/techno #WindowsSecurity #MicrosoftAlert #CERTIn #CyberSecurity

  • 1
  • 1
  • 0
  • 12h ago

CVE-2026-22797

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture
CrowdCyber @crowdcyber.bsky.social
OpenStack Admin Forgery: CVE-2026-22797 Lets Users ‘Ask’ for Root
  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-55182

Overview

  • Meta
  • react-server-dom-webpack
03 Dec 2025
Published
11 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
55.12%
KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 Next.js/NextAuth : forger des cookies d’authentification via le NEXTAUTH_SECRET 📝 Dans un billet technique publié le 14 janvier 2026, l’auteur détaill… https://cyberveille.ch/posts/2026-01-16-next-js-nextauth-forger-des-cookies-dauthentification-via-le-nextauth-secret/ #CVE_2025_55182 #Cyberveille
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-22812

Overview

  • anomalyco
  • opencode
12 Jan 2026
Published
13 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.10%
KEV

Description

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️CVE-2026-22812: OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

PoC/Exploit: github.com/rohmatariow/CVE-202

CVSS: 8.8
CVE Published: January 12th, 2026
Exploit Published: January 16th, 2026
Advisory: github.com/anomalyco/opencode/

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-23744

Overview

  • MCPJam
  • inspector
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.49%
KEV

Description

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.

Statistics

  • 2 Posts
Last activity: 21 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2026-23744 - Critical (9.8)

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installatio...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 21h ago

CVE-2025-29943

Overview

  • AMD
  • AMD EPYC™ 9004 Series Processors
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v4.0
MEDIUM (4.6)
EPSS
0.01%
KEV

Description

Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture
ekiledjian @edwardk

New CVE-2025-29943: StackWarp shows AMD SEV-SNP CVMs on Zen1–5 can have their stack pointer warped cross-hyperthread via an undocumented MSR, enabling RSA key theft and auth bypass even on fully patched Zen 5; mitigation today is disabling SMT and deploying AMD’s microcode fixes.

stackwarpattack.com/stackwarp_

  • 0
  • 0
  • 0
  • 1h ago
Showing 1 to 10 of 40 CVEs