24h | 7d | 30d

CVE-2026-23866

Overview

  • Facebook
  • WhatsApp for Android
01 May 2026
Published
01 May 2026
Updated
CVSS v3.1
MEDIUM (4.3)
EPSS
0.01%
KEV

Description

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggering OS-controlled custom URL scheme handlers. We have not seen evidence of exploitation in the wild.

Statistics

  • 2 Posts
  • 5 Interactions
Last activity: 23 hours ago

Fediverse

Profile picture fallback
Sam Stepanyan :verified: 🐘 @securestep9

Vulnerability CVE-2026-23866 Lets Attackers Leverage Instagram Reels to Execute Malicious URLs:

👇
cybersecuritynews.com/whatsapp

  • 2
  • 3
  • 1
  • 23h ago

CVE-2026-34621

Overview

  • Adobe
  • Acrobat Reader
11 Apr 2026
Published
14 Apr 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
9.59%
KEV

Description

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 15 hours ago

Fediverse

Profile picture fallback
elhacker.NET @elhackernet

CVE-2026-34621: Una vulnerabilidad de tipo «zero-day» en Adobe Acrobat Reader permite la ejecución de código a través de archivos PDF maliciosos

blog.elhacker.net/2026/05/cve-

  • 2
  • 2
  • 0
  • 15h ago

CVE-2026-41181

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 19 hours ago

Fediverse

Profile picture fallback
DB Tech @dbtechyt

Traefik v3.6.15 patches CVE-2026-41181 so update ASAP. Also includes ACME fixes, Kubernetes ExternalName service improvements, and an updated Errors middleware. Check the migration guide before upgrading. #selfhosted #homelab

github.com/traefik/traefik/rel

  • 2
  • 1
  • 1
  • 19h ago

CVE-2026-3844

Overview

  • cloudways
  • Breeze Cache
23 Apr 2026
Published
23 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
13.13%
KEV

Description

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited if "Host Files Locally - Gravatars" is enabled, which is disabled by default.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 14 hours ago

Fediverse

Profile picture fallback
Wordfence @wordfence

Attackers Actively Exploiting Critical Vulnerability in Breeze Cache Plugin

A critical arbitrary file upload vulnerability (CVE-2026-3844, CVSS 9.8) in the Breeze Cache plugin for WordPress is being actively exploited.

Update to version 2.4.5. Review the report to ensure your site is not affected.

wordfence.com/blog/2026/05/att

#WordPress #WebSecurity #Wordfence

  • 0
  • 1
  • 0
  • 14h ago

CVE-2026-34084

Overview

  • PHPOffice
  • PhpSpreadsheet
05 May 2026
Published
05 May 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
Pending
KEV

Description

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when the filename argument to IOFactory::load() is user-controlled, an attacker can supply a PHP stream wrapper path (such as phar://, ftp://, or ssh2.sftp://) that passes the is_file() check in File::assertFile(). The phar:// wrapper triggers deserialization of the PHAR metadata, which can lead to remote code execution if a suitable gadget chain is available in the application. The ftp:// and ssh2.sftp:// wrappers can be used for server-side request forgery. This issue has been fixed in versions 1.30.3, 2.1.15, 2.4.4, 3.10.4, and 5.6.0.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 PHPOffice PhpSpreadsheet CRITICAL vuln (CVE-2026-34084): RCE & SSRF possible via user input to IOFactory::load() (phar://, ftp://, ssh2.sftp://). Affected: v1.x – 5.5.0. Upgrade to a fixed version now! radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 10h ago

CVE-2026-4670

Overview

  • Progress Software
  • MOVEit Automation
30 Apr 2026
Published
01 May 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.19%
KEV

Description

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 6 hours ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Linux kernel flaw CVE-2026-31431 exploited for root access; MOVEit CVE-2026-4670 enables remote breaches; DigiCert revokes 60 certificates after Zhong Stealer exposure; Pentagon advances AI security partnerships. #LinuxSecurity #DataCenter #USA
  • 0
  • 1
  • 0
  • 19h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Critical 98 MOVEit Automation Flaw Opens Enterprise File Transfer Systems to Unauthenticated Takeover + Video Introduction: A critical authentication bypass vulnerability (CVE-2026-4670, CVSS 9.8) and a high-severity privilege escalation flaw (CVE-2026-5174, CVSS 7.7) have been disclosed in…
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-4412

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 20 hours ago

Bluesky

Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.info.ve
⚠️ #Vulnerabilidad 'Ghost-Print' (CVE-2026-4412): Fallo en la cola de impresión de #Windows que afecta a redes corporativas (+MITIGACIÓN) www.newstecnicas.info.ve/2026/04/vuln...
  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-25172

Overview

  • Microsoft
  • Windows 10 Version 1607
10 Mar 2026
Published
14 Apr 2026
Updated
CVSS v3.1
HIGH (8.0)
EPSS
0.04%
KEV

Description

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Statistics

  • 1 Post
Last activity: 18 hours ago

Bluesky

Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.info.ve
🛡️ CVE-2026-25172: El 'Hotpatch' urgente de Microsoft para #Windows11 que debes aplicar ya (Sin reiniciar) www.newstecnicas.info.ve/2026/04/cve-...
  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-21262

Overview

  • Microsoft
  • Microsoft SQL Server 2016 Service Pack 3 (GDR)
10 Mar 2026
Published
14 Apr 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.08%
KEV

Description

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.info.ve
Microsoft corrige Zero-Day crítico en SQL Server que permite a atacantes tomar el control total como admin | CVE-2026-21262 www.newstecnicas.info.ve/2026/03/micr...
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-7854

Overview

  • D-Link
  • DI-8100
05 May 2026
Published
05 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CRITICAL: Buffer overflow in D-Link DI-8100 (16.07.26A1) via /url_rule.asp POST handler. Remote, unauthenticated RCE possible. Public exploit available. No official patch yet. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago
Showing 11 to 20 of 50 CVEs