Overview
Description
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
Statistics
- 1 Post
Last activity: 10 hours ago
Bluesky
Overview
Description
A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
Statistics
- 1 Post
Last activity: 4 hours ago
Fediverse
CVE-2026-2926: HIGH-severity stack buffer overflow in D-Link DWR-M960 v1.01.07. Remote, unauthenticated code execution possible. Public PoC released — no vendor patch yet. Isolate devices, monitor endpoints, restrict access. Details: https://radar.offseq.com/threat/cve-2026-2926-stack-based-buffer-overflow-in-d-lin-b63cbef8 #OffSeq #DLink #Infosec
Overview
Description
A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
Statistics
- 1 Post
Last activity: 13 hours ago
Fediverse
⚠️ CVE-2026-2904 (HIGH): Buffer overflow in UTT HiPER 810G v1.7.7-171114 via /goform/ConfigExceptAli. Remote, unauthenticated RCE/DoS risk. Public exploit code available — restrict access & monitor. https://radar.offseq.com/threat/cve-2026-2904-buffer-overflow-in-utt-hiper-810g-b0bb6f4a #OffSeq #Vulnerability #NetworkSecurity
Overview
Description
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.
Statistics
- 1 Post
Last activity: 6 hours ago
Fediverse
🏁 CISA gives feds 3 days to patch actively exploited Dell bug
「 The bug affects Dell RecoverPoint for Virtual Machines and stems from hardcoded credentials that can allow attackers to gain unauthorized access. Dell disclosed and patched the issue earlier this week, noting that criminals had already been exploiting it before a fix was available 」
https://go.theregister.com/feed/www.theregister.com/2026/02/20/cisa_dell_vulnerability/
Overview
- Artifex Software
- MuPDF
06 Feb 2026
Published
06 Feb 2026
Updated
CVSS v4.0
MEDIUM (5.9)
EPSS
0.06%
KEV
Description
MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes.
Statistics
- 1 Post
Last activity: 2 hours ago
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- Lodash
- Lodash
- lodash
21 Jan 2026
Published
21 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.02%
KEV
Description
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.
The issue permits deletion of properties but does not allow overwriting their original behavior.
This issue is patched on 4.17.23
Statistics
- 1 Post
Last activity: 22 hours ago
Overview
- Red Hat
- Red Hat Enterprise Linux 10
- libblockdev
19 Jun 2025
Published
11 Nov 2025
Updated
CVSS
Pending
EPSS
0.01%
KEV
Description
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
Statistics
- 1 Post
Last activity: 3 hours ago
Bluesky
Overview
Description
A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.
Statistics
- 1 Post
Last activity: 3 hours ago
Bluesky
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
Last activity: 23 hours ago