24h | 7d | 30d

CVE-2026-0509

Overview

  • SAP_SE
  • SAP NetWeaver Application Server ABAP and ABAP Platform
10 Feb 2026
Published
10 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.6)
EPSS
Pending
KEV

Description

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🛡️ CRITICAL: CVE-2026-0509 in SAP NetWeaver ABAP (7.22 – 9.19) lets authenticated users run unauthorized background RFCs, risking integrity & availability. Patch when available, restrict S_RFC, monitor RFC usage. Details: radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 2h ago

CVE-2025-55182

Overview

  • Meta
  • react-server-dom-webpack
03 Dec 2025
Published
11 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
60.90%
KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Miguel Afonso Caetano @remixtures

"Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation.

The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) vulnerability. The campaign has been attributed to a threat cluster known as TeamPCP (aka DeadCatx3, PCPcat, PersyPCP, and ShellForce).

TeamPCP is known to be active since at least November 2025, with the first instance of Telegram activity dating back to July 30, 2025. The TeamPCP Telegram channel currently has over 700 members, where the group publishes stolen data from diverse victims across Canada, Serbia, South Korea, the U.A.E., and the U.S. Details of the threat actor were first documented by Beelzebub in December 2025 under the name Operation PCPcat.

"The operation's goals were to build a distributed proxy and scanning infrastructure at scale, then compromise servers to exfiltrate data, deploy ransomware, conduct extortion, and mine cryptocurrency," Flare security researcher Assaf Morag said in a report published last week."

thehackernews.com/2026/02/team

#CyberSecurity #TeamPCP #Ransomware #CloudComputong #Cryptocurrencies

  • 0
  • 1
  • 0
  • 11h ago

CVE-2026-24476

Overview

  • shaarli
  • Shaarli
26 Jan 2026
Published
27 Jan 2026
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
0.03%
KEV

Description

Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with `"` prematurely ends the `<input>` tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 4 hours ago

Fediverse

Profile picture fallback
James Valleroy @jvalleroy

I've uploaded new versions of the Shaarli package (bookmarks app) in Debian with a security fix.

The package versions with the fix:
- 0.16.1+dfsg-1 in testing and unstable
- 0.14.0+dfsg-2+deb13u1 in stable-security
- 0.12.1+dfsg-8+deb12u2 in oldstable-security

More information about the issue:
github.com/shaarli/Shaarli/sec
security-tracker.debian.org/tr

#Shaarli #Debian #FreedomBox

  • 0
  • 1
  • 0
  • 4h ago

CVE-2026-0488

Overview

  • SAP_SE
  • SAP CRM and SAP S/4HANA (Scripting Editor)
10 Feb 2026
Published
10 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
Pending
KEV

Description

An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impact on confidentiality, integrity, and availability.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔥 CVE-2026-0488 (CVSS 9.9): CRITICAL auth bypass in SAP CRM & S/4HANA Scripting Editor. Authenticated users can run arbitrary SQL, risking full DB compromise. Patch fast, restrict access! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-25894

Overview

  • frangoteam
  • FUXA
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.5)
EPSS
Pending
KEV

Description

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CRITICAL: CVE-2026-25894 in frangoteam FUXA (<1.2.10) lets unauthenticated attackers forge admin JWT tokens & execute code. Patch to 1.2.10+, audit secrets, restrict access. Protect your ICS! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-21509

Overview

  • Microsoft
  • Microsoft Office 2019
26 Jan 2026
Published
06 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
2.91%
KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
How to detect CVE-2026-21509 exploits
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-25154

Overview

  • localsend
  • localsend
30 Jan 2026
Published
02 Feb 2026
Updated
CVSS v3.1
MEDIUM (6.1)
EPSS
0.03%
KEV

Description

LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" session, the LocalSend application starts a local HTTP server to host the selected files. The client-side logic for this web interface is contained in `app/assets/web/main.js`. Note that at [0], the `handleFilesDisplay` function constructs the HTML for the file list by iterating over the files received from the server. Commit 8f3cec85aa29b2b13fed9b2f8e499e1ac9b0504c contains a patch.

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture fallback
nixpkgs security changes @nixpkgssecuritychanges.gerbet.me
localsend: patch CVE-2026-25154 https://github.com/NixOS/nixpkgs/pull/488826 #security
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-0858

Overview

  • net.sourceforge.plantuml:plantuml
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v4.0
MEDIUM (5.1)
EPSS
0.04%
KEV

Description

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to arbitrary script execution in the context of applications that render the SVG.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical security advisory: CVE-2026-0858 in PlantUML represents a stored cross-site scripting vulnerability enabling arbitrary script execution through GraphViz diagrams. Read more: 👉 tinyurl.com/3stzs37p #Fedora #Security
  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-25895

Overview

  • frangoteam
  • FUXA
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.5)
EPSS
Pending
KEV

Description

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

CRITICAL: CVE-2026-25895 in frangoteam FUXA (<1.2.10) enables unauthenticated path traversal — arbitrary file writes on SCADA/HMI servers. Patch to 1.2.10+ ASAP to mitigate severe OT risk! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-0041

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT for #openSUSE users: Critical Chromium patch (SUSE-2026-1861/CVE-2026-0041) is live. This high-severity vulnerability requires immediate action. Read more: 👉 tinyurl.com/4d4rc5uu #Security
  • 0
  • 0
  • 0
  • 17h ago
Showing 11 to 20 of 34 CVEs