24h | 7d | 30d

CVE-2026-21513

Overview

  • Microsoft
  • Windows 10 Version 1607
10 Feb 2026
Published
27 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
4.12%
KEV

Description

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture fallback
The Financial Standard @thefinancialstandard

Urgent APT28 Cyber Attack Tied to MSHTML 0-Day

APT28 linked to CVE-2026-21513 MSHTML 0-day exploit. Urgent action is needed to mitigate cyber attack risks and protect sensitive data.

Read more: api.thefinancialstandard.com/a

#finance #cybersecurity #fintech #news

  • 1
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
Microsoft patched CVE-2026-21513, a high-severity MSHTML Framework vulnerability exploited as a zero-day by Russia-linked APT28, allowing attackers to bypass security features and achieve code execution through malicious files.
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
Rene Robichaud @neroqc.bsky.social
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday thehackernews.com/2026/03/apt2...
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-3000

Overview

  • Changing
  • IDExpert Windows Logon Agent
02 Mar 2026
Published
02 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.10%
KEV

Description

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them.

Statistics

  • 2 Posts
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CVE-2026-3000 (CRITICAL): IDExpert Windows Logon Agent v2.7.3.230719 allows unauthenticated remote code execution via malicious DLL download. Disable agent, monitor for unusual activity, restrict outbound traffic. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
🚨🔒 Attention all users! 📢 A new vulnerability has been identified: CVE-2026-3000 - Changing IDExpert Windows Logon Agent. This critical flaw allows for remote code execution, posing serious security risks to your systems. scq.ms/4sn9kic
  • 0
  • 0
  • 0
  • 6h ago

CVE-2024-50050

Overview

  • Meta Platforms, Inc
  • Llama Stack
23 Oct 2024
Published
24 Oct 2024
Updated
CVSS
Pending
EPSS
2.26%
KEV

Description

Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead.

Statistics

  • 2 Posts
Last activity: 12 hours ago

Bluesky

Profile picture fallback
Tech Trending @tech-trending.bsky.social
ローカルLLMの脆弱性があるんか?〜CVE-2024-50050から学ぶ「自分だけで使ってるから安全」の落とし穴〜 - Qiita https://qiita.com/GeneLab_999/items/08873f6569a2b96a276c
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
topickapp (IT技術系ニュースサイト) @topickapp.bsky.social
https://qiita.com/GeneLab_999/items/08873f6569a2b96a276c ローカルLLMにも脆弱性があり、「自分だけで使っているから安全」は誤解だと解説します。 CVE-2024-50050等、ネットワーク経由や悪意あるモデルファイルによる攻撃リスクを紹介。 利用形態ごとのリスク判定と、Ollamaなどの具体的な防御策やアップデート方法が学べます。
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-0714

Overview

  • Moxa
  • UC-1200A Series
05 Feb 2026
Published
05 Feb 2026
Updated
CVSS v4.0
HIGH (7.0)
EPSS
0.01%
KEV

Description

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of eMMC contents. This attack cannot be performed through brief or opportunistic physical access and requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis. Remote exploitation is not possible.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 4 hours ago

Fediverse

Profile picture fallback
benzogaga33 :verified: @benzogaga33

TPM-Sniffing LUKS Keys on an Embedded Linux Device [CVE-2026-0714] cyloq.se/en/research/cve-2026-

  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
DragonJAR @dragonjar

En las últimas 24 horas se identificaron graves vulnerabilidades en dispositivos Linux con TPM que permiten extraer claves cifradas, fallas en OpenClaw que comprometían agentes de IA y explotaciones masivas en Sangoma FreePBX mediante inyección de comandos; la actualización y parches son esenciales para proteger tus sistemas. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 02/03/26 📆 |====

🔐 VULNERABILIDAD CRÍTICA EN DISPOSITIVOS LINUX CON TPM Y CIFRADO LUKS

Investigadores han revelado una falla de seguridad (CVE-2026-0714) que permite a atacantes con acceso físico extraer claves de cifrado almacenadas en chips TPM 2.0 mediante la interceptación de datos en la interfaz SPI. Este método pone en riesgo la protección de sistemas industriales, IoT y dispositivos embebidos que utilizan cifrado LUKS, subrayando la necesidad de reforzar la seguridad física y lógica de estos entornos. Protege tus sistemas y conoce los detalles técnicos esenciales para mitigar esta amenaza. Descubre más sobre esta vulnerabilidad en djar.co/8u4GOt

🛡️ PARCHE DISPONIBLE PARA LA VULNERABILIDAD "CLAWJACKED" EN OPENCLAW

La reciente vulnerabilidad "ClawJacked" permitía a sitios web maliciosos tomar control de agentes de inteligencia artificial de OpenClaw para robar información sensible de los usuarios. Esta falla ha sido corregida con el lanzamiento del parche 2026.2.26, que fortalece la protección contra estas formas avanzadas de secuestro de datos. Actualizar a la última versión es vital para mantener la integridad y privacidad de tus datos en entornos AI. Protege tu información y conoce cómo aplicar el parche aquí djar.co/G7w8x5

🚨 EXPLOTACIÓN MASIVA DE LA VULNERABILIDAD CVE-2025-64328 EN SANGOMA FREEPBX

Más de 900 instancias de Sangoma FreePBX han sido comprometidas debido a una vulnerabilidad de inyección de comandos que permitió a los atacantes instalar shells web maliciosos. Esta brecha grave expone sistemas de comunicación empresarial a accesos no autorizados y posible robo de información. La actualización inmediata y la implementación de medidas de monitoreo son imprescindibles para evitar intrusiones. Infórmate sobre la amenaza y cómo proteger tu sistema en djar.co/NJJH

  • 1
  • 1
  • 0
  • 4h ago

CVE-2023-4911

Overview

  • glibc
  • glibc
03 Oct 2023
Published
13 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
57.16%
KEV

Description

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-002
Endress+Hauser: buffer overflow in glibc ld.so leading to privilege escalation

A vulnerability has been identified in WAGO devices utilized in Endress+Hauser IoT solutions. WAGO has provided fixes for these vulnerabilities, which have been integrated into the solutions by Endress+Hauser.
CVE-2023-4911

certvde.com/en/advisories/vde-

endress-hauser.csaf-tp.certvde

  • 1
  • 1
  • 0
  • 8h ago

CVE-2026-3399

Overview

  • Tenda
  • F453
01 Mar 2026
Published
01 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.05%
KEV

Description

A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 HIGH severity: CVE-2026-3399 impacts Tenda F453 (v1.0.0.3) via buffer overflow in httpd's fromGstDhcpSetSer. Remotely exploitable, public exploit available. Patch or mitigate now to prevent device takeover! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 13h ago

CVE-2026-3061

Overview

  • Google
  • Chrome
23 Feb 2026
Published
26 Feb 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 21 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🛑 URGENT: #Fedora 43 Chromium Update Required Three high-severity vulnerabilities (CVE-2026-3061, CVE-3062, CVE-3063) have been patched in Chromium 145.0.7632.116. Read more: 👉 tinyurl.com/bdfdd8dp #Security
  • 0
  • 1
  • 0
  • 21h ago

CVE-2026-27593

Overview

  • statamic
  • cms
24 Feb 2026
Published
27 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.01%
KEV

Description

Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid account on the site, and the actual user must blindly click the link in their email even though they didn't request the reset. This has been fixed in 6.3.3 and 5.73.10.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 22 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-27593 - Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability ... https://www.cyberhub.blog/cves/CVE-2026-27593
  • 0
  • 1
  • 0
  • 22h ago

CVE-2026-2239

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 22 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical security advisory for #Fedora 43: GIMP 3.0.8-5 fixes CVE-2026-2239, a heap-buffer-overflow in the PSD loader. This is a DoS vector using crafted PSDs. Read more: 👉 tinyurl.com/2tks99p8 #Security
  • 0
  • 1
  • 0
  • 22h ago

CVE-2026-25989

Overview

  • ImageMagick
  • ImageMagick
24 Feb 2026
Published
28 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.06%
KEV

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-25989 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG... https://www.cyberhub.blog/cves/CVE-2026-25989
  • 0
  • 1
  • 0
  • 10h ago
Showing 1 to 10 of 48 CVEs