24h | 7d | 30d

Overview

  • Microsoft
  • Windows 10 Version 1607

10 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
1.62%

Description

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture fallback
RDPulse: The New Open-Source Tool Exposing Hidden RDP Risks in Your Network (CVE-2026-21533 Context) + Video Introduction Remote Desktop Protocol remains one of the most targeted attack vectors in enterprise environments, yet security teams struggle to understand how exposed RDP services actually…
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • D-Link
  • DWR-M960

22 Feb 2026
Published
22 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture fallback

CVE-2026-2926: HIGH-severity stack buffer overflow in D-Link DWR-M960 v1.01.07. Remote, unauthenticated code execution possible. Public PoC released — no vendor patch yet. Isolate devices, monitor endpoints, restrict access. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • UTT
  • HiPER 810G

22 Feb 2026
Published
22 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-2904 (HIGH): Buffer overflow in UTT HiPER 810G v1.7.7-171114 via /goform/ConfigExceptAli. Remote, unauthenticated RCE/DoS risk. Public exploit code available — restrict access & monitor. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Dell
  • RecoverPoint for Virtual Machines

17 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
28.78%

Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

🏁 CISA gives feds 3 days to patch actively exploited Dell bug

「 The bug affects Dell RecoverPoint for Virtual Machines and stems from hardcoded credentials that can allow attackers to gain unauthorized access. Dell disclosed and patched the issue earlier this week, noting that criminals had already been exploiting it before a fix was available 」

go.theregister.com/feed/www.th

#exploit #CVE202622769 #cybersecurity

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Artifex Software
  • MuPDF

06 Feb 2026
Published
06 Feb 2026
Updated

CVSS v4.0
MEDIUM (5.9)
EPSS
0.06%

KEV

Description

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
Critical MuPDF vulnerability (CVE-2026-25556) lands for #Fedora 42. This isn't just a viewer issue—it's a DoS risk in a core parsing library. Read more: 👉 tinyurl.com/tnrw9wpn #Security
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
The #Debian LTS project has disclosed DLA-4487-1, addressing two critical vulnerabilities (CVE-2026-2049, CVE-2026-2050) in the GEGL image processing library. Read more: 👉 tinyurl.com/zbuh7nf7 #Security
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Lodash
  • Lodash
  • lodash

21 Jan 2026
Published
21 Jan 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.02%

KEV

Description

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
Critical patch for #openSUSE Leap 16.0: SLE-WU-2026-38129-5. It fixes prototype pollution in Cockpit (CVE-2025-13465) and js-yaml (CVE-2025-64718). Read more: 👉 tinyurl.com/47j9sufj #Security
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • libblockdev

19 Jun 2025
Published
11 Nov 2025
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
No Kernel, No Problem: Chaining CVE-2025-6018 & CVE-2025-6019 for Root on a Patched Linux Box + Video Introduction: Modern Linux security relies on defense-in-depth, assuming that while the kernel is hardened, user-space misconfigurations can still lead to full system compromise. This article…
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • pam

23 Jul 2025
Published
06 Nov 2025
Updated

CVSS
Pending
EPSS
0.09%

KEV

Description

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
No Kernel, No Problem: Chaining CVE-2025-6018 & CVE-2025-6019 for Root on a Patched Linux Box + Video Introduction: Modern Linux security relies on defense-in-depth, assuming that while the kernel is hardened, user-space misconfigurations can still lead to full system compromise. This article…
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
The #Debian LTS project has disclosed DLA-4487-1, addressing two critical vulnerabilities (CVE-2026-2049, CVE-2026-2050) in the GEGL image processing library. Read more: 👉 tinyurl.com/zbuh7nf7 #Security
  • 0
  • 0
  • 0
  • 23h ago
Showing 11 to 20 of 21 CVEs