24h | 7d | 30d

Overview

  • misskey-dev
  • misskey

09 Mar 2026
Published
09 Mar 2026
Updated

CVSS v4.0
HIGH (7.1)
EPSS
Pending

KEV

Description

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or disabled. This vulnerability is fixed in 2026.3.1.

Statistics

  • 3 Posts
  • 5 Interactions

Last activity: 10 hours ago

Fediverse

Profile picture fallback
Misskey/Sharkey "extremely severe" vulnerabilities

https://www.openwall.com/lists/oss-security/2026/03/09/7

#Fediverse #ActivityPub #misskey #sharkey

CVE-2026-28431
CVE-2026-28432
CVE-2026-28433
  • 2
  • 0
  • 0
  • 11h ago
Profile picture fallback

Moe.Pub更新完成!

今回のアップデートでは重大な脆弱性を修正しています。可及的速やかにアップデートしてください。
This update contains serious vulnerability fixes. Please update to this or the latest version of Misskey as soon as possible.
本次更新修复了多个重要漏洞。请尽快更新至此版本或最新版本的 Misskey。

Release2026.3.1:github.com/misskey-dev/misskey
非官方公告:transfem.social/notes/ajkq30j9
Docker更新:misskey-hub.net/cn/docs/for-ad
更新日志:github.com/misskey-dev/misskey
实例:moe.pub / mk.moe.pub
开放注册:True

#fediverse #misskey #CVE202628431 #CVE202628432 #CVE202628433 #CVE #Update

  • 0
  • 3
  • 0
  • 23h ago

Bluesky

Profile picture fallback
Misskey/Sharkey "extremely severe" vulnerabilities www.openwall.com -> #Fediverse #ActivityPub #misskey #sharkey CVE-2026-28431 CVE-2026-28432 CVE-2026-28433 Original->
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • middleapi
  • orpc

06 Mar 2026
Published
09 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.32%

KEV

Description

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.6, a prototype pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject arbitrary properties into the global Object.prototype. Because this pollution persists for the lifetime of the Node.js process and affects all objects, it can lead to severe security breaches, including authentication bypass, denial of service, and potentially Remote Code Execution. This issue has been patched in version 1.13.6.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 21 hours ago

Bluesky

Profile picture fallback
CVE-2026-28794 - oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization scq.ms/4b7tqWn
  • 0
  • 1
  • 0
  • 21h ago

Overview

  • Linux
  • Linux

12 Nov 2025
Published
01 Dec 2025
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling The cpu_latency_qos_add/remove/update_request interfaces lack internal synchronization by design, requiring the caller to ensure thread safety. The current implementation relies on the 'pm_qos_enabled' flag, which is insufficient to prevent concurrent access and cannot serve as a proper synchronization mechanism. This has led to data races and list corruption issues. A typical race condition call trace is: [Thread A] ufshcd_pm_qos_exit() --> cpu_latency_qos_remove_request() --> cpu_latency_qos_apply(); --> pm_qos_update_target() --> plist_del <--(1) delete plist node --> memset(req, 0, sizeof(*req)); --> hba->pm_qos_enabled = false; [Thread B] ufshcd_devfreq_target --> ufshcd_devfreq_scale --> ufshcd_scale_clks --> ufshcd_pm_qos_update <--(2) pm_qos_enabled is true --> cpu_latency_qos_update_request --> pm_qos_update_target --> plist_del <--(3) plist node use-after-free Introduces a dedicated mutex to serialize PM QoS operations, preventing data races and ensuring safe access to PM QoS resources, including sysfs interface reads.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 17 hours ago

Bluesky

Profile picture fallback
Urgent for SUSE Linux Micro 6.2 admins! A new important kernel live patch (SUSE-SU-2026:20643-1) is out for CVE-2025-40130. Read more: 👉 tinyurl.com/2p4d9uu5 #SUSE #Security
  • 0
  • 1
  • 0
  • 17h ago

Overview

  • Tenda
  • F453

08 Mar 2026
Published
08 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3729 - A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation... https://www.cyberhub.blog/cves/CVE-2026-3729
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • VMware
  • Aria Operations
  • vmware-aria-operations

25 Feb 2026
Published
04 Mar 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
7.35%

Description

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.  To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001  Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
🌟 ニュースの詳細 イオン系列の「フードスタイル」1号店が東京・三田にオープンし、惣菜やこだわりの生鮮食品を販売しています。ブルボンの「プチシリーズ」発売30周年を記念して、オリジナルグッズやPayPayポイントがもらえるキャンペーンが実施されています。 🌸 技術と社会の進展 最新の技術ニュースでは、CISAがVMware Aria OperationsのコマンドインジェクションCVE-2026-22719をKEVカタログに追加し、Broadcomがパッチをリリースしたことが報告されています。AI社会の進展とその影響についての議論も盛んになっています。 🌸 ニュースの感想 最近のニュースは、世
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Changing
  • IDExpert Windows Logon Agent

02 Mar 2026
Published
02 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.13%

KEV

Description

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-2999 - IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the s... https://www.cyberhub.blog/cves/CVE-2026-2999
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • exiftool

24 Feb 2026
Published
27 Feb 2026
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.20%

KEV

Description

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 13.50 is capable of addressing this issue. Patch name: e9609a9bcc0d32bd252a709a562fb822d6dd86f7. Upgrading the affected component is recommended.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

La vulnerabilidad de ExifTool: cómo una imagen puede infectar los sistemas macOS

Vía: @kasperskyes

kaspersky.es/blog/exiftool-mac

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Devolutions
  • Server

09 Mar 2026
Published
09 Mar 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

CVE-2026-3638 (HIGH): Devolutions Server ≤ 2025.3.11.0 has missing authorization in restore APIs — low-priv users can reinstate deleted accounts, risking privilege escalation. Restrict API access & monitor logs! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Tenda
  • FH1202

09 Mar 2026
Published
09 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3810 - A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The man... https://www.cyberhub.blog/cves/CVE-2026-3810
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Tenda
  • FH1202

09 Mar 2026
Published
09 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3808 - A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary... https://www.cyberhub.blog/cves/CVE-2026-3808
  • 0
  • 0
  • 0
  • 11h ago
Showing 11 to 20 of 90 CVEs