24h | 7d | 30d

Overview

  • Belkin
  • F9K1122

15 Mar 2026
Published
15 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 2 Posts

Last activity: 15 hours ago

Fediverse

Profile picture fallback

🚨 HIGH severity: CVE-2026-4167 in Belkin F9K1122 (1.00.33) enables remote code execution via stack buffer overflow — no auth needed, no patch. Isolate, restrict, and monitor now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback

⚠️ HIGH-severity: CVE-2026-4167 stack overflow in Belkin F9K1122 v1.00.33. Remote attackers can exploit /goform/formReboot — no patch, public exploit out. Restrict access, monitor for attack attempts. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • curl
  • curl

08 Jan 2026
Published
08 Jan 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-13034 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/408 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
29 Jan 2026
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported. As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity. The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-15468 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/415 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • curl
  • curl

08 Jan 2026
Published
09 Jan 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-14524 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/410 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Tecnick
  • TCExam

15 Mar 2026
Published
15 Mar 2026
Updated

CVSS v4.0
MEDIUM (4.8)
EPSS
0.03%

KEV

Description

A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_export_users of the file admin/code/tce_xml_users.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are still doubts about whether this vulnerability truly exists. Upgrading to version 16.6.1 is able to address this issue. The patch is named 899b5b2fa09edfe16043f07265e44fe2022b7f12. It is suggested to upgrade the affected component. When the vendor was informed about another security issue, he identified and fixed this flaw during analysis. He doubts the impact of this: "However, this is difficult to justify as security issue. It requires to be administrator to both create and consume the exploit. Administrators can do pretty much anything in the platform, so I don't see the point of this from a security perspective." This is reflected by the CVSS vector.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-4169: MEDIUM XSS in Tecnick TCExam (v16.0 – 16.6.0). Admins can inject JavaScript via XML export. Patch by upgrading to 16.6.1, restrict admin access, and monitor logs. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509

02 Dec 2025
Published
03 Dec 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture fallback
Critical security advisory for #Fedora 42 users! 🛠️ The golang-github-openprinting-ipp-usb package (version < 0.9.31) is vulnerable to a DoS attack via CVE-2025-61729. Read more: 👉 tinyurl.com/msjp2rwc #Security
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • D-Link
  • DIR-816

15 Mar 2026
Published
15 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: D-Link DIR-816 (1.10CNB05) stack-based buffer overflow via pskValue in /goform/form2Wl5BasicSetup.cgi. Exploit is public, remote code execution possible. Device is EOL — isolate or replace! CVE-2026-4184 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
28 Feb 2026
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-69421 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/421 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • curl
  • curl

08 Jan 2026
Published
08 Jan 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-14819 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/411 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
28 Jan 2026
Updated

CVSS
Pending
EPSS
0.20%

KEV

Description

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-69420 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/420 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 18h ago
Showing 11 to 20 of 48 CVEs