24h | 7d | 30d

Overview

  • Ivanti
  • Endpoint Manager Mobile

29 Jan 2026
Published
30 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
32.27%

KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 3 Posts

Last activity: 5 hours ago

Fediverse

Profile picture fallback

@christopherkunz didn't see this in your Toots yet, but hope you already saw it somewhere else:

bsi.bund.de/SharedDocs/Cybersi

Version 1.3: Ivanti EPMM - Aktive Angriffe über Zero-Day Schwachstellen beobachtet

Schwachstellen CVE-2026-1281 und CVE-2026-1340

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback

2 nylige #0day (CVE-2026-1281 og CVE-2026-1340) i Ivanti EPMM-platformen er blevet udnyttet i siden mindst sommeren 2025

Tysklands 🇩🇪 cyber-sikkerheds-agentur har fundet beviser for kompromittering under efterforskningen af angrebene

De 2 zero-days er blevet knyttet til angreb på det hollandske 🇳🇱 data-beskyttelses-agentur og Europa-Kommissionen 🇪🇺

Palo Alto Networks har nogle detaljer om angrebene, som nu omfatter både spionage og cyber-kriminalitet
unit42.paloaltonetworks.com/iv

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture fallback
Exploitation of two patched Ivanti EPMM critical vulnerabilities (CVE-2026-1281, CVE-2026-1340) has surged, enabling remote unauthenticated code execution and full MDM compromise.
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Ivanti
  • Endpoint Manager Mobile

29 Jan 2026
Published
30 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
43.87%

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 3 Posts

Last activity: 5 hours ago

Fediverse

Profile picture fallback

@christopherkunz didn't see this in your Toots yet, but hope you already saw it somewhere else:

bsi.bund.de/SharedDocs/Cybersi

Version 1.3: Ivanti EPMM - Aktive Angriffe über Zero-Day Schwachstellen beobachtet

Schwachstellen CVE-2026-1281 und CVE-2026-1340

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback

2 nylige #0day (CVE-2026-1281 og CVE-2026-1340) i Ivanti EPMM-platformen er blevet udnyttet i siden mindst sommeren 2025

Tysklands 🇩🇪 cyber-sikkerheds-agentur har fundet beviser for kompromittering under efterforskningen af angrebene

De 2 zero-days er blevet knyttet til angreb på det hollandske 🇳🇱 data-beskyttelses-agentur og Europa-Kommissionen 🇪🇺

Palo Alto Networks har nogle detaljer om angrebene, som nu omfatter både spionage og cyber-kriminalitet
unit42.paloaltonetworks.com/iv

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture fallback
Exploitation of two patched Ivanti EPMM critical vulnerabilities (CVE-2026-1281, CVE-2026-1340) has surged, enabling remote unauthenticated code execution and full MDM compromise.
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Microsoft, Inc
  • Windows 11

28 Jul 2025
Published
28 Jul 2025
Updated

CVSS v4.0
MEDIUM (5.4)
EPSS
0.02%

KEV

Description

DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to load Base DLLs that would ordinarily not be loaded from the application directory. Fixed in release 24H2, but present in all earlier versions of Windows 11 for ARM CPUs.

Statistics

  • 1 Post
  • 18 Interactions

Last activity: 20 hours ago

Fediverse

Profile picture fallback

I earned my first CVE credit (CVE-2025-7676) for helping with a Windows ARM vuln. So, to commemorate the credit, @reverseics presented me last week with a Trophy of Perpetual Futility, because there’s always more work to do.

raw.githubusercontent.com/reid

  • 1
  • 17
  • 0
  • 20h ago

Overview

  • Microsoft
  • Windows 10 Version 1507

08 Apr 2025
Published
13 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.47%

Description

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 20 hours ago

Bluesky

Profile picture fallback
SEO poisoning ➡️ Fake RVTools ➡️ Python backdoor ➡️ PipeMagic ➡️ CVE-2025-29824 ➡️ #Ransomexx — domain-wide in <19 hrs. The Python backdoor connected to azure-secure-agent[.]com (87.251.67[.]241), enabling cmd/PowerShell exec, payload download, screenshots, and IP discovery.
  • 0
  • 2
  • 0
  • 20h ago

Overview

  • nikkhokkho
  • FileOptimizer

18 Feb 2026
Published
19 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.03%

KEV

Description

FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when opening options.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 9 hours ago

Bluesky

Profile picture fallback
📌 CVE-2019-25358 https://www.cyberhub.blog/article/alert-cve-2019-25358
  • 0
  • 1
  • 0
  • 9h ago

Overview

  • Pending

16 Feb 2026
Published
17 Feb 2026
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 11 hours ago

Fediverse

Profile picture fallback

"OX Security discovered a vulnerability (CVE-2025-65716) in Markdown Preview Enhanced that enables a crafted Markdown file to execute JavaScript in the Markdown preview, allowing local port enumeration and exfiltration to an attacker-controlled server."

ox.security/blog/cve-2025-6571

  • 0
  • 1
  • 0
  • 11h ago

Overview

  • TryGhost
  • Ghost

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.4)
EPSS
Pending

KEV

Description

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-26980: CRITICAL SQL Injection in TryGhost Ghost CMS (3.24.0 – 6.19.0). Unauth attackers can read DB data remotely. Patch to 6.19.1 now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Genivia Inc.
  • gSOAP

18 Feb 2026
Published
19 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.43%

KEV

Description

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal sequences.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture fallback
📌 CVE-2019-25355 https://www.cyberhub.blog/article/alert-cve-2019-25355
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Tsinghua Unigroup
  • Electronic Archives System

18 Feb 2026
Published
19 Feb 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.04%

KEV

Description

A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-2684 https://www.cyberhub.blog/article/alert-cve-2026-2684
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • kovidgoyal
  • calibre

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. Function extract_pictures only checks startswith('Pictures'), and does not sanitize '..' sequences. calibre's own ZipFile.extractall() in utils/zipfile.py does sanitize '..' via _get_targetpath(), but extract_pictures() bypasses this by using manual zf.read() + open(). This issue has been fixed in version 9.3.0.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

🛑 CRITICAL CVE-2026-26064 in calibre <9.3.0: Path traversal in extract_pictures enables arbitrary file writes & remote code execution on Windows. Patch to 9.3.0+ ASAP. User interaction required. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago
Showing 11 to 20 of 84 CVEs