24h | 7d | 30d

CVE-2026-26234

Overview

  • ALBRECHT JUNG GMBH & CO. KG
  • JUNG Smart Visu Server
12 Feb 2026
Published
12 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.07%
KEV

Description

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔎 CVE-2026-26234 (HIGH): JUNG Smart Visu Server (v1.0.830 – 1.1.1050) allows unauthenticated X-Forwarded-Host header injection — leads to cache poisoning, phishing, and redirects. Patch when available, restrict access, monitor logs. radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 9h ago

CVE-2026-20617

Overview

  • Apple
  • macOS
11 Feb 2026
Published
11 Feb 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to gain root privileges.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 16 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CVE-2026-20617 (CRITICAL): Race condition lets malicious apps escalate to root on macOS & Apple OS. No exploits in the wild yet — patch to Sonoma 14.8.4, Tahoe 26.3 ASAP! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 16h ago

CVE-2025-40536

Overview

  • SolarWinds
  • Web Help Desk
28 Jan 2026
Published
02 Feb 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
27.82%
KEV

Description

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CISA added one more vulnerability to the KEV Catalog today...

CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability: SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.

  • 0
  • 2
  • 0
  • Last hour

CVE-2026-26215

Overview

  • zyddnys
  • manga-image-translator
  • manga-image-translator
11 Feb 2026
Published
12 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.13%
KEV

Description

manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simple_execute/{method} and /execute/{method} deserialize attacker-controlled request bodies using pickle.loads() without validation. Although a nonce-based authorization check is intended to restrict access, the nonce defaults to an empty string and the check is skipped, allowing remote attackers to execute arbitrary code in the server context by sending a crafted pickle payload.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 14 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

CVE-2026-26215: CRITICAL RCE in zyddnys manga-image-translator (beta-0.3 & earlier). Unauthenticated attackers can exploit unsafe pickle.loads() in FastAPI endpoints to execute code. Disable endpoints & monitor for threats! radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 14h ago

CVE-2026-25676

Overview

  • M-Audio
  • M-Track Duo HD
12 Feb 2026
Published
12 Feb 2026
Updated
CVSS v3.0
HIGH (7.8)
EPSS
0.01%
KEV

Description

The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CVE-2026-25676: HIGH-severity DLL search path vuln in M-Audio M-Track Duo HD v1.0.0 installer. Local attackers can hijack DLLs to run code as admin. Restrict installer use, monitor for patches! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2021-44228

Overview

  • Apache Software Foundation
  • Apache Log4j2
10 Dec 2021
Published
21 Oct 2025
Updated
CVSS
Pending
EPSS
94.36%
KEV

Description

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
Zero-Day to Zero Trust: Inside the Log4Shell Apocalypse and How AI-Powered Hardening Can Save Your Stack + Video Introduction: In December 2021, the cybersecurity world shuddered as the Log4Shell vulnerability (CVE-2021-44228) tore through enterprise environments, earning a perfect 10.0 CVSS score…
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-26216

Overview

  • unclecode
  • Crawl4AI
  • crawl4ai
12 Feb 2026
Published
12 Feb 2026
Updated
CVSS v4.0
CRITICAL (10.0)
EPSS
Pending
KEV

Description

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was included in the allowed builtins, allowing unauthenticated remote attackers to import arbitrary modules and execute system commands. Successful exploitation allows full server compromise, including arbitrary command execution, file read and write access, sensitive data exfiltration, and lateral movement within internal networks.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CRITICAL RCE (CVE-2026-26216) in Crawl4AI <0.8.0: /crawl endpoint allows unauthenticated Python code injection via exec(), enabling server takeover & lateral movement. Restrict access, monitor activity, upgrade ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

CVE-2020-37178

Overview

  • Keepass
  • KeePass Password Safe
11 Feb 2026
Published
11 Feb 2026
Updated
CVSS v4.0
MEDIUM (4.6)
EPSS
0.02%
KEV

Description

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.

Statistics

  • 2 Posts
Last activity: 10 hours ago

Fediverse

Profile picture fallback
hbrpgm @hbrks

#Cve-2020-37178: Denial-of-Service-Schwachstelle in #Keepass
Eine Code-Injection-Schwachstelle im Hilfesystem der Passwort-Manager-Software kann zu Anwendungsabstürzen führen, stellt jedoch ein moderates Risiko dar.

🔗 p4u.xyz/ID_N29YJ_DS/1 (🇩🇪🇺🇸🇫🇷)

#Cybersecurity #Security #Threatintel #Osint #Alert #Bot

  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
hbrpgm @hbrks

#Cve-2020-37178: A Denial-of-Service Threat to #Keepass
A high-severity code injection flaw in #Keepass's help system, while not actively exploited, presents a tangible risk of application crashes and workflow disruption through crafted HTML content.

🔗 p4u.xyz/ID_N29YJ_DS/1 (🇩🇪🇺🇸🇫🇷)

#Cybersecurity #Security #Threatintel #Osint #Alert #Bot

  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-0969

Overview

  • HashiCorp
  • Shared library
12 Feb 2026
Published
12 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.07%
KEV

Description

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0.

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Socket~ High-severity RCE (CVE-2026-0969) in next-mdx-remote < 6.0.0 allows code execution when rendering untrusted server-side MDX content. - IOCs: CVE-2026-0969 - #CVE20260969 #RCE #ThreatIntel
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-55130

Overview

  • nodejs
  • node
20 Jan 2026
Published
22 Jan 2026
Updated
CVSS v3.0
HIGH (7.1)
EPSS
0.01%
KEV

Description

A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25.

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
#SUSE just patched Node.js 20 (CVE-2025-55130). The CVSS 7.5 is almost misleading—this isn't complex to execute. HTTP/2 continuation flood = CPU pegged at 100%. No auth needed. Just packets. Read more: 👉 tinyurl.com/53b3zctf #Security
  • 0
  • 0
  • 0
  • 5h ago
Showing 11 to 20 of 47 CVEs