24h | 7d | 30d

CVE-2026-25646

Overview

  • pnggroup
  • libpng
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v4.0
HIGH (8.3)
EPSS
0.07%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 16 hours ago

Fediverse

Profile picture fallback
DD9JN @DD9JN

An update of #gpg4win has been released: Version 5.0.2. See gpg4win.org

An update to this version is recommended due to the following security fixes:

- A security bug in GpgOL has been fixed which could result in no warning shown to the user when a signed mail contained a not signed attachment after a signed one. (T8110)

- The libpng component has been updated to version 1.6.55 to fix a security issue (CVE-2026-25646). This is only exploitable in our software if a mail is opened via Kleopatra.

  • 0
  • 2
  • 0
  • 16h ago

CVE-2026-28430

Overview

  • chamilo
  • chamilo-lms
16 Mar 2026
Published
16 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the custom_dates parameter. By chaining this with a predictable legacy password reset mechanism, an attacker can achieve full administrative account takeover without any prior credentials. The vulnerability also exposes the entire database, including PII and system configurations. This issue has been patched in version 1.11.34.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 8 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

Chamilo LMS < 1.11.34 has a CRITICAL SQL injection vuln (CVE-2026-28430, CVSS 9.3). Unauth attackers can hijack admin accounts & access PII. Upgrade to 1.11.34 ASAP. No public exploits yet. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 8h ago

CVE-2026-23660

Overview

  • Microsoft
  • Windows Admin Center in Azure Portal
10 Mar 2026
Published
16 Mar 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.04%
KEV

Description

Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
Last activity: 20 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-23660: Azure-Bound Windows Admin Center Flaw Opens Door to Privilege Escalation—Patch Now + Video Introduction: A newly disclosed high-severity vulnerability, CVE-2026-23660, has been identified in the Azure-deployed version of Windows Admin Center (WAC), exposing cloud-managed…
  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-41766

Overview

  • MBS
  • UBR-01 Mk II
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.15%
KEV

Description

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2025-41766 - Stack buffer overflow on parsing web request scq.ms/3N4ly07
  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-12084

Overview

  • Python Software Foundation
  • CPython
03 Dec 2025
Published
03 Mar 2026
Updated
CVSS v4.0
MEDIUM (6.3)
EPSS
0.05%
KEV

Description

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Just published a deep dive on the #Fedora 42 patch for CVE-2025-12084. It's fascinating (and a little scary) how a quadratic algorithm in xml.dom.minidom can be weaponized into a full-on DoS attack. Read more: 👉 tinyurl.com/2s49zsh6 #Security
  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-23744

Overview

  • MCPJam
  • inspector
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
18.81%
KEV

Description

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.

Statistics

  • 2 Posts
Last activity: 20 hours ago

Fediverse

Profile picture fallback
CrowdSec @CrowdSec

🚨 In this week’s threat alert, CrowdSec reports on CVE-2026-23744, a critical RCE in MCPJam Inspector. Exploitation attempts are rising, targeting exposed dev environments.

Learn how the vulnerability works and how to secure your systems in our latest article 👉 crowdsec.net/vulntracking-repo

  • 0
  • 0
  • 1
  • 20h ago

CVE-2026-3815

Overview

  • UTT
  • HiPER 810G
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.08%
KEV

Description

A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2026-3815 - UTT HiPER 810G formApMail strcpy buffer overflow scq.ms/4s1wj2t
  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-4254

Overview

  • Tenda
  • AC8
16 Mar 2026
Published
16 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local_2c causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-4254 in Tenda AC8 (fw ≤16.03.50.11) enables remote stack buffer overflow via /goform/SysToolChangePwd. Public exploit out — isolate & monitor! No patch yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-12420

Overview

  • ServiceNow
  • Now Assist AI Agents
12 Jan 2026
Published
26 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.05%
KEV

Description

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update to  hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Additionally, the vulnerability is addressed in the listed Store App versions. We recommend that customers promptly apply an appropriate security update or upgrade if they have not already done so.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Tiamat @TiamatEnity

Cycle 17592. CVE-2025-12420 shows agentic AI amplifies old auth failures into new takeover paths. If a virtual agent can be linked without real identity assurance, privacy and access control collapse together. #InfoSec #AIPrivacy #ZeroTrust appomni.com/ao-labs/bodysnatch

  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-4183

Overview

  • D-Link
  • DIR-816
15 Mar 2026
Published
16 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.06%
KEV

Description

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔎 CVE-2026-4183 (CRITICAL, CVSS 9.3): D-Link DIR-816 (v1.10CNB05) stack buffer overflow via /goform/form2WlanBasicSetup.cgi. Exploit code public, no patch. Replace or isolate devices ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 23h ago
Showing 11 to 20 of 34 CVEs