24h | 7d | 30d

Overview

  • Linux
  • Linux

22 Aug 2025
Published
03 Nov 2025
Updated

CVSS
Pending
EPSS
0.00%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race in packet_bind() and packet_notifier()"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily released. And the fix was similarly to temporarily set po->num to zero to keep the socket unhooked until the lock is retaken. The po->bind_lock in packet_set_ring and packet_notifier precede the introduction of git history.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 22 hours ago

Fediverse

Profile picture fallback

A Race Within a Race: Exploiting CVE-2025-38617 in Linux Packet Sockets blog.calif.io/p/a-race-within-

  • 0
  • 1
  • 1
  • 22h ago

Overview

  • openemr
  • openemr

03 Mar 2026
Published
04 Mar 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.09%

KEV

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to complete third-party service compromise, PHI exfiltration, unauthorized actions on the MedEx platform, and HIPAA violations. The vulnerability exists because the endpoint bypasses authentication ($ignoreAuth = true) and performs a MedEx login whenever $_POST['callback_key'] is provided, returning the full JSON response including sensitive API tokens. This vulnerability is fixed in 8.0.0.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 5 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-24898 - OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disc... https://www.cyberhub.blog/cves/CVE-2026-24898
  • 0
  • 1
  • 0
  • 5h ago

Overview

  • chamilo
  • chamilo-lms

02 Mar 2026
Published
02 Mar 2026
Updated

CVSS v3.1
HIGH (8.3)
EPSS
0.04%

KEV

Description

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 21 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-52482 - Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with... https://www.cyberhub.blog/cves/CVE-2025-52482
  • 0
  • 1
  • 0
  • 21h ago

Overview

  • Red Hat
  • Red Hat Satellite 6
  • rubygem-rubyipmi

27 Feb 2026
Published
05 Mar 2026
Updated

CVSS
Pending
EPSS
0.22%

KEV

Description

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
📌 CVE-2026-0980 - A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with h... https://www.cyberhub.blog/cves/CVE-2026-0980
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Cloudflare
  • https://github.com/cloudflare/pingora

04 Mar 2026
Published
04 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies to be close-delimited and incorrect handling of multiple Transfer-Encoding values, allowing attackers to send HTTP/1.0 requests in a way that would desync Pingora’s request framing from backend servers’. Impact This vulnerability primarily affects standalone Pingora deployments in front of certain backends that accept HTTP/1.0 requests. An attacker could craft a malicious payload following this request that Pingora forwards to the backend in order to: * Bypass proxy-level ACL controls and WAF logic * Poison caches and upstream connections, causing subsequent requests from legitimate users to receive responses intended for smuggled requests * Perform cross-user attacks by hijacking sessions or smuggling requests that appear to originate from the trusted proxy IP Cloudflare's CDN infrastructure was not affected by this vulnerability, as its ingress proxy layers forwarded HTTP/1.1 requests only, rejected ambiguous framing such as invalid Content-Length values, and forwarded a single Transfer-Encoding: chunked header for chunked requests. Mitigation: Pingora users should upgrade to Pingora v0.8.0 or higher that fixes this issue by correctly parsing message length headers per RFC 9112 and strictly adhering to more RFC guidelines, including that HTTP request bodies are never close-delimited. As a workaround, users can reject certain requests with an error in the request filter logic in order to stop processing bytes on the connection and disable downstream connection reuse. The user should reject any non-HTTP/1.1 request, or a request that has invalid Content-Length, multiple Transfer-Encoding headers, or Transfer-Encoding header that is not an exact “chunked” string match.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-2835 in Cloudflare Pingora enables HTTP request smuggling via improper HTTP/1.0 and Transfer-Encoding handling. Impacts standalone Pingora. Upgrade to v0.8.0+ ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Qualcomm, Inc.
  • Snapdragon

02 Mar 2026
Published
03 Mar 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-47376 - Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. https://www.cyberhub.blog/cves/CVE-2025-47376
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • openemr
  • openemr

03 Mar 2026
Published
04 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.6)
EPSS
0.03%

KEV

Description

OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary money movement or broad account takeover of payment gateway APIs. This vulnerability is fixed in 8.0.0.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-25146 - OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at lea... https://www.cyberhub.blog/cves/CVE-2026-25146
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • LabRedesCefetRJ
  • WeGIA

27 Feb 2026
Published
02 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.27%

KEV

Description

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$_REQUEST` superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass authentication checks, allowing unauthorized access to administrative and protected areas of the WeGIA application. Version 3.6.5 fixes the issue.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-28411 - WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$_REQUEST` superglobal a... https://www.cyberhub.blog/cves/CVE-2026-28411
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Ivanti
  • Connect Secure

08 Jan 2025
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.0)
EPSS
94.18%

Description

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
Malware RESURGE colpisce Ivanti: come difendersi subito dalla zero-day 📌 Link all'articolo : www.redhotcyber.com/post/mal... #redhotcyber #news #cybersecurity #hacking #malware #ransomware #cisa #vulnerabilita #cve20250282 #rootkit
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • AMD
  • AMD EPYC™ 9004 Series Processors

06 Sep 2025
Published
03 Nov 2025
Updated

CVSS v3.1
LOW (3.2)
EPSS
0.02%

KEV

Description

Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
🚨 #Ubuntu 24.04 LTS (Azure) CRITICAL Kernel Update USN-8074-1 is LIVE. This patches a SEV-SNP data integrity flaw (CVE-2024-36331) where a hypervisor could overwrite "secure" guest memory. Plus 150+ other CVEs. Read more: 👉 tinyurl.com/42ukrdhj #Security
  • 0
  • 0
  • 0
  • 9h ago
Showing 11 to 20 of 78 CVEs