CVE-2026-1703

Overview

Python Packaging Authority
pip
pip

02 Feb 2026

Published

02 Feb 2026

Updated

CVSS v4.0

LOW (2.0)

EPSS

0.02%

MITRE

KEV

Description

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.

Statistics

1 Post

Last activity: 4 hours ago

Bluesky

Lambda Watchdog @lambdawatchdog.bsky.social

🚨 New LOW CVE detected in AWS Lambda 🚨 CVE-2026-1703 impacts pip in 6 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/394 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless

0
0
0
4h ago

CVE-2025-47358

Overview

Qualcomm, Inc.
Snapdragon

02 Feb 2026

Published

03 Feb 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.01%

MITRE

KEV

Description

Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.

Statistics

1 Post

Last activity: 23 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-47358 - High (7.8)

Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47358/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
23h ago

CVE-2025-47397

Overview

Qualcomm, Inc.
Snapdragon

02 Feb 2026

Published

03 Feb 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.01%

MITRE

KEV

Description

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.

Statistics

2 Posts

Last activity: 20 hours ago

Fediverse

Zhuowei Zhang @zhuowei

Qualcomm released the security bulletin for February 2026: CVE-2025-47397 is the GPU IOMMU issue mentioned in 39c3’s Build a Fake Phone, Find Real Bugs session. (at the 28 minute mark) The presenter said that they’ll “update the presentation’s repository with the technical details once the CVE is shared publicly”, Looking forward to reading that…

0
0
0
21h ago

Zhuowei Zhang @zhuowei

Qualcomm’s CVE-2025-47397 patch doesn’t make sense on kernel 5.10: 5.10 isn’t vulnerable to the issue in the first place!

The bug was only introduced in kernel 5.15.

(Interestingly, some poor dev at MediaTek hit the exact same bug in 2022: searching for “iommu_map_sg cve” gives me this fix commit)

0
0
0
20h ago

CVE-2026-24514

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post

Last activity: 4 hours ago

Fediverse

Chris Short @ChrisShort

CVE-2026-24514 #devopsish #kubernetes #cve https://github.com/kubernetes/kubernetes/issues/136680

0
0
0
4h ago

CVE-2026-24071

Overview

Native Instruments
Native Access

02 Feb 2026

Published

03 Feb 2026

Updated

CVSS

Pending

EPSS

0.00%

MITRE

KEV

Description

It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler function uses _xpc_connection_get_pid(arg2) as argument for the hasValidSignature function. This value can not be trusted since it is vulnerable to PID reuse attacks.

Statistics

2 Posts

Last activity: 22 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2026-24071 - Critical (9.3)

It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24071/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
1
22h ago

CVE-2026-21936

Overview

Oracle Corporation
MySQL Cluster

20 Jan 2026

Published

21 Jan 2026

Updated

CVSS v3.1

MEDIUM (4.9)

EPSS

0.04%

MITRE

KEV

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Statistics

1 Post

Last activity: 3 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

Technical Deep Dive: #Ubuntu MySQL Security Patch USN-7994-1 The recently disclosed CVE-2026-21936 vulnerability exposes critical authentication flaws in #MySQL implementations. Read more :👉 tinyurl.com/mrybabhk #Security

0
0
0
3h ago

CVE-2025-14914

Overview

IBM
WebSphere Application Server Liberty

02 Feb 2026

Published

03 Feb 2026

Updated

CVSS v3.1

HIGH (7.6)

EPSS

0.04%

MITRE

KEV

Description

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.

Statistics

1 Post

Last activity: 23 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-14914 - High (7.6)

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14914/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

0
0
0
23h ago

CVE-2026-24936

Overview

ASUSTOR
ADM
AD Domain

03 Feb 2026

Published

03 Feb 2026

Updated

CVSS v4.0

CRITICAL (9.5)

EPSS

0.10%

MITRE

KEV

Description

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can overwrite critical system files, leading to a complete system compromise. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1.

Statistics

1 Post

Last activity: 7 hours ago

Bluesky

BaseFortify.eu @basefortify.bsky.social

🚨 Critical NAS vulnerability disclosed: CVE-2026-24936 affects ASUSTOR ADM and allows unauthenticated attackers to write arbitrary files to the system. This flaw can lead to full remote system compromise. Full analysis: basefortify.eu/cve_reports/... #CVE #ASUSTOR #NAS #CyberSecurity 🚨

0
0
0
7h ago

CVE-2026-24512

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post

Last activity: Last hour

Fediverse

K8sContributors @K8sContributors

CVE-2026-24512: ingress-nginx rules.http.paths.path nginx configuration injection - https://github.com/kubernetes/kubernetes/issues/136678

0
0
0
Last hour

CVE-2026-1340

Overview

Ivanti
Endpoint Manager Mobile

29 Jan 2026

Published

30 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.14%

MITRE

KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

2 Posts

Last activity: 5 hours ago

Fediverse

CERT.at @CERT_at

Aktuelle Neuigkeiten: Aktive Ausnutzung von Sicherheitslücken in Ivanti Endpoint Manager Mobile (CVE-2026-1281, CVE-2026-1340)
https://www.cert.at/de/aktuelles/2026/2/aktive-ausnutzung-von-sicherheitslucken-in-ivanti-endpoint-manager-mobile-cve-2026-1281-cve-2026-1340

0
0
0
5h ago

Bluesky

キタきつね @kitafox.bsky.social

Ivanti Endpoint Manager Mobile（EPMM）の脆弱性（CVE-2026-1281、CVE-2026-1340）に関する注意喚起 #JPCERTCC (Jan 30) www.jpcert.or.jp/at/2026/at26...

0
0
0
18h ago