24h | 7d | 30d

Overview

  • GIGABYTE
  • Gigabyte Control Center

30 Mar 2026
Published
31 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.37%

KEV

Description

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
GIGABYTE Control Center vulnerable to arbitrary file write flaw (CVE-2026-4415) #patchmanagement
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Meta
  • react-server-dom-webpack

03 Dec 2025
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
66.27%

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture fallback

⚠️ Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

「 The campaign is assessed to be targeting Next.js applications that are vulnerable to CVE-2025-55182 (CVSS score: 10.0), a critical flaw in React Server Components and Next.js App Router that could result in remote code execution, for initial access, and then dropping the NEXUS Listener collection framework 」

thehackernews.com/2026/04/hack

#nextjs #infosec #react2shell #CVE202555182

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • MervinPraison
  • PraisonAI

03 Apr 2026
Published
03 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.08%

KEV

Description

PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split() and forwarded through the call chain to anyio.open_process() with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command execution as the process user. This issue has been patched in version 4.5.69.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: PraisonAI (v4.5.15 - <4.5.69) vulnerable to OS command injection via - -mcp, allowing arbitrary OS commands (CVE-2026-34935). Patch to 4.5.69+ now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Gardyn
  • Cloud API

03 Apr 2026
Published
03 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.03%

KEV

Description

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-25197 (CRITICAL): Gardyn Cloud API lets authenticated users access other profiles by tweaking ID in API calls (CWE-639). No patch yet — restrict access & monitor for abuse. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Python Software Foundation
  • CPython

06 Dec 2024
Published
04 Apr 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.25%

KEV

Description

Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
The python313-3.13.12-3.1 update for #OpenSUSE Tumbleweed resolves a heap buffer overflow (CVE-2024-12254) with escalation potential. Read more: 👉 tinyurl.com/yc4fpsa3 #Security
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • The GNU C Library
  • glibc

20 Mar 2026
Published
23 Mar 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture fallback
glibc: 2.42-58 -> 2.42-61, fixes CVE-2026-4438 https://github.com/NixOS/nixpkgs/pull/506517 #security
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • MervinPraison
  • PraisonAI

03 Apr 2026
Published
03 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.05%

KEV

Description

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via update_thread. When the application loads the thread list, the injected payload executes and grants full database access. This issue has been patched in version 4.5.90.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-34934: PraisonAI <4.5.90 affected by CRITICAL SQL injection (CVSS 9.8). Unauthenticated attackers can gain full DB access via unsanitized thread IDs. Upgrade to 4.5.90+ ASAP. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
Remote code execution in CentOS Web Panel - CVE-2025-70951 fenrisk.com/rce-centos-w...
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • kestra-io
  • kestra

03 Apr 2026
Published
03 Apr 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.14%

KEV

Description

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deployment) contains a SQL Injection vulnerability that leads to Remote Code Execution (RCE) in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated, simply visiting a crafted link is enough to trigger the vulnerability. The injected payload is executed by PostgreSQL using COPY ... TO PROGRAM ..., which in turn runs arbitrary OS commands on the host. This issue has been patched in version 1.3.7.

Statistics

  • 1 Post

Last activity: 10 hours ago

Fediverse

Profile picture fallback

⚠️ SQL Injection (CVSS 10, CRITICAL) in Kestra < 1.3.7 — authenticated users can trigger RCE via /api/v1/main/flows/search. Patch to v1.3.7 to mitigate. CVE-2026-34612. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • MervinPraison
  • PraisonAI

03 Apr 2026
Published
03 Apr 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.10%

KEV

Description

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith() method to the _safe_getattr wrapper, achieving arbitrary OS command execution on the host. This issue has been patched in version 1.5.90.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-34938 in PraisonAI <1.5.90 lets attackers bypass sandbox protections and achieve arbitrary OS command execution. Immediate upgrade to v1.5.90+ required. Full system compromise possible. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago
Showing 11 to 20 of 27 CVEs