24h | 7d | 30d

Overview

  • Microsoft
  • Windows Admin Center

17 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.06%

KEV

Description

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 14 hours ago

Bluesky

Profile picture fallback
A Windows Admin Center authentication flaw (CVE-2026-26119) lets authorized users escalate privileges across networks, potentially granting widespread administrative control.
  • 1
  • 1
  • 0
  • 14h ago

Overview

  • Pending

07 May 2001
Published
08 Aug 2024
Updated

CVSS
Pending
EPSS
61.72%

KEV

Description

CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 11 hours ago

Fediverse

Profile picture fallback

@TheBreadmonkey Fun fact: In the movie the The Matrix Reloaded - Trinity executes a real world exploit (CVE-2001-0144) against an SSH server using nmap.

Not So Fun Fact: There's probably some system somewhere exposed to Mr. Internet still running that vulnerable version of SSH

  • 0
  • 2
  • 0
  • 11h ago

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise

26 Jan 2026
Published
13 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
9.21%

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 1 hour ago

Bluesky

Profile picture fallback
Quick dance with CVE-2026-21509, a "Security Feature Bypass Vulnerability" and an emergency out-of-band fix from January Patch Tuesday (and an obligatory exaggerated YouTube thumbnail -- I apologize and appreciate folks who understand algorithm nuance) youtu.be/Ck8IPInn74A
  • 0
  • 1
  • 1
  • 1h ago

Overview

  • Pending

18 Feb 2026
Published
18 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.10%

KEV

Description

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters (firstname, lastname, username, password, user_id) into SQL queries without validation or parameterization.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
CVE Alert: CVE-2025-70152 - CVSS 9.8/10 code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These end... https://www.cyberhub.blog/cves/CVE-2025-70152
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Pending

18 Feb 2026
Published
18 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.11%

KEV

Description

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
CVE Alert: CVE-2025-70150 - CVSS 9.8/10 CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via... https://www.cyberhub.blog/cves/CVE-2025-70150
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
29 Jan 2026
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2025-69419 impacts openssl-fips-provider-latest in 40 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/419 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • curl
  • curl

08 Jan 2026
Published
16 Jan 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2025-14017 impacts curl-minimal in 40 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/409 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Pending

04 Dec 2025
Published
05 Dec 2025
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.

Statistics

  • 2 Posts

Last activity: 1 hour ago

Bluesky

Profile picture fallback
Critical security update for #Fedora users! A new patch for Fvwm3 (CVE-2025-65637) fixes a high-severity Denial-of-Service flaw in the logrus logging library. Read more:πŸ‘‰ tinyurl.com/mu6ftvdx #Security
  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
πŸ”§ #Fedora 42 Security Corner A critical patch for fvwm3 just dropped (FEDORA-2026-439af2cc95) addressing CVE-2025-65637. This is a nasty one: a remote DoS in the Logrus library. Read more: πŸ‘‰ tinyurl.com/3xt2t8hr #Security
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)

06 Feb 2026
Published
14 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.9)
EPSS
49.74%

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
The Apex Convergence: How ZeroDayRAT and BeyondTrust CVE-2026-1731 Bridge Mobile Spying to Physical Breaches +Β Video Introduction: A new class of sophisticated threat, termed a "High-Convergence" vector, has been detected, demonstrating a terrifying evolution in cyber-physical attacks. By…
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • curl
  • curl

08 Jan 2026
Published
08 Jan 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2025-15079 impacts curl-minimal in 40 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/412 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 3h ago
Showing 11 to 20 of 68 CVEs