24h | 7d | 30d

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 19 hours ago

Bluesky

Profile picture fallback
Paloaltoの脆弱性情報 「CVE-2026-0233 Autonomous Digital Experience Manager: Improper validation of ADEM certificate (Severity: MEDIUM)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0233
  • 0
  • 1
  • 0
  • 19h ago

Overview

  • TP-Link
  • TL-WR841N

03 May 2024
Published
21 Oct 2025
Updated

CVSS v3.0
MEDIUM (6.5)
EPSS
1.50%

Description

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 4 hours ago

Bluesky

Profile picture fallback
⚠️ Votre MFA est contournée si votre routeur est vulnérable ! APT28 utilise CVE-2023-50224 pour attaques "AiTM" et voler vos tokens. Sécurisez vos équipements de bordure. #CyberResilience [lire]
  • 0
  • 1
  • 0
  • 4h ago

Overview

  • FontForge
  • FontForge

31 Dec 2025
Published
31 Dec 2025
Updated

CVSS v3.0
HIGH (8.8)
EPSS
0.20%

KEV

Description

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated array. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28563.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
🚨 NEW CVE-2025-15270: FontForge memory corruption in #Rocky Linux 9 core execution module. CVSS 7.8 (High). Affects font rasterization stack. Read more: 👉 tinyurl.com/end6xede #Security
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • nyariv
  • SandboxJS

06 Apr 2026
Published
06 Apr 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.06%

KEV

Description

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for example Math.random = ...), but this protection can be bypassed through an exposed callable constructor path: this.constructor.call(target, attackerObject). Because this.constructor resolves to the internal SandboxGlobal function and Function.prototype.call is allowed, attacker code can write arbitrary properties into host global objects and persist those mutations across sandbox instances in the same process. This vulnerability is fixed in 0.8.36.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
CVE-2026-34208 (CVSS 10): SandboxJSで重大なサンドボックス脱出の脆弱性が発見されました CVE-2026-34208 (CVSS 10): Critical Sandbox Escape Uncovered in SandboxJS #DailyCyberSecurity (Apr 8) securityonline.info/sandboxjs-es...
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • D-Link
  • DIR-882

09 Apr 2026
Published
09 Apr 2026
Updated

CVSS v4.0
HIGH (8.6)
EPSS
0.19%

KEV

Description

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

🔒 CVE-2026-5844: HIGH-severity OS command injection in D-Link DIR-882 (v1.01B02). Remote attackers can execute arbitrary OS commands. No official fix — upgrade or restrict remote access. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • npm
  • cli

23 Jan 2026
Published
26 Feb 2026
Updated

CVSS v3.0
HIGH (7.0)
EPSS
0.01%

KEV

Description

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25430.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
📢 Node.js sur Windows : escalade de privilèges via résolution de modules non contrôlée (Discord, npm CLI) 📝 ## 🔍 Contexte Publié l… https://cyberveille.ch/posts/2026-04-08-node-js-sur-windows-escalade-de-privileges-via-resolution-de-modules-non-controlee-discord-npm-cli/ #CVE_2026_0775 #Cyberveille
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
Paloaltoの脆弱性情報 「CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration (Severity: HIGH)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0234
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

10 Mar 2026
Published
07 Apr 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.07%

KEV

Description

Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
CVE-2026-24291-Windows權限提升漏洞“RegPwn”復現分析
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Totolink
  • A7100RU

09 Apr 2026
Published
09 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.89%

KEV

Description

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post

Last activity: 7 hours ago

Fediverse

Profile picture fallback

🔒 CVE-2026-5851: CRITICAL OS command injection in Totolink A7100RU (7.4cu.2313_b20191024). Remote, unauthenticated RCE possible via /cgi-bin/cstecgi.cgi. Exploit public, no patch. Isolate device and check for updates! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

Overview

  • xwiki
  • xwiki-platform

08 Apr 2026
Published
08 Apr 2026
Updated

CVSS v4.0
HIGH (8.6)
EPSS
0.03%

KEV

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of the whole instance. Note that script right already constitutes a high level of access that we don't recommend giving to untrusted users. This vulnerability is fixed in 17.4.8 and 17.10.1.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-33229 (HIGH): XWiki Platform (17.0.0-rc-1 <17.4.8, 17.5.0-rc-1 <17.10.1) allows users with script rights to bypass sandboxing & execute arbitrary Python code. Patch to 17.4.8/17.10.1 now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago
Showing 11 to 20 of 40 CVEs