24h | 7d | 30d

CVE-2026-5194

Overview

  • wolfSSL
  • wolfSSL
09 Apr 2026
Published
10 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.03%
KEV

Description

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 5 hours ago

Bluesky

Profile picture fallback
L'algorisme @lalgorisme.bsky.social
🧵CVE-2026-5194: vulnerabilitat crítica a wolfSSL, la biblioteca TLS present en 5.000 milions de dispositius, principalment IoT, electrònica de xarxa, automoció, PLCs industrials i equipament mèdic. La vulnerabilitat permet als atacants fer acceptar certificats falsificats com a
  • 0
  • 2
  • 0
  • 5h ago

CVE-2026-32288

Overview

  • Go standard library
  • archive/tar
  • archive/tar
08 Apr 2026
Published
13 Apr 2026
Updated
CVSS
Pending
EPSS
0.00%
KEV

Description

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🔍 Lambda Watchdog detected that CVE-2026-32288 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/461 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 1
  • 0
  • 11h ago

CVE-2026-32105

Overview

  • neutrinolabs
  • xrdp
17 Apr 2026
Published
17 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary implementation to validate the 8-byte integrity signature, causing it to be silently ignored. An unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this missing check to modify encrypted traffic in transit without detection. It does not affect connections where the TLS security layer is enforced. This issue has been fixed in version 0.10.6. If users are unable to immediately upgrade, they should configure xrdp.ini to enforce TLS security (security_layer=tls) to ensure end-to-end integrity.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CVE-2026-32105 (CRITICAL): neutrinolabs xrdp <0.10.6 does not validate MAC on Classic RDP Security layer, allowing MITM attackers to modify encrypted traffic. Upgrade to 0.10.6 or enforce TLS in xrdp.ini! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-53521

Overview

  • F5
  • BIG-IP
15 Oct 2025
Published
31 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
41.41%
KEV

Description

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture fallback
OpsMatters @handle.invalid
The latest update for #ForwardNetworks includes "How Forward Helps You Respond to CVE-2025-53521 and the CISA KEV Listing for F5 BIG-IP #APM" and "How Forward Networks Helps You Respond to CISA Emergency Directive 26-03". #Cybersecurity #NetworkVerification #ZeroTrust https://opsmtrs.com/3hHdhMJ
  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-24061

Overview

  • GNU
  • Inetutils
21 Jan 2026
Published
25 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
88.02%
KEV

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture fallback
tobru 🇨🇭 🧑‍🚒 @tobru

2026-01-14: The Day the telnet Died

"On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation."

Link: labs.greynoise.io/grimoire/202

#linkdump #blogpost #filtering #internet #isp #security #telnet

  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-32289

Overview

  • Go standard library
  • html/template
  • html/template
08 Apr 2026
Published
13 Apr 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🔍 Lambda Watchdog detected that CVE-2026-32289 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/462 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-37749

Overview

  • Pending
17 Apr 2026
Published
17 Apr 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL SQL injection (CVE-2026-37749) in CodeAstro Simple Attendance Management System v1.0: Remote unauthenticated attackers can bypass authentication via index.php. Restrict access & deploy WAFs until a patch arrives. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-31843

Overview

  • goodoneuz
  • pay-uz
  • goodoneuz/pay-uz
16 Apr 2026
Published
16 Apr 2026
Updated
CVSS v4.0
CRITICAL (10.0)
EPSS
0.89%
KEV

Description

The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any() without authentication middleware, enabling remote access without credentials. User-controlled input is directly written into executable PHP files using file_put_contents(). These files are later executed via require() during normal payment processing workflows, resulting in remote code execution under default application behavior. The payment secret token mentioned by the vendor is unrelated to this endpoint and does not mitigate the vulnerability.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CVE-2026-31843: CRITICAL improper access control in goodoneuz/pay-uz <=2.2.24 allows unauthenticated PHP file overwrite & RCE via /payment/api/editable/update. No patch yet — restrict endpoint access! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-32283

Overview

  • Go standard library
  • crypto/tls
  • crypto/tls
08 Apr 2026
Published
13 Apr 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🔍 Lambda Watchdog detected that CVE-2026-32283 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/460 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-27820

Overview

  • ruby
  • zlib
16 Apr 2026
Published
16 Apr 2026
Updated
CVSS v4.0
LOW (1.7)
EPSS
0.04%
KEV

Description

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New UNKNOWN CVE detected in AWS Lambda 🚨 CVE-2026-27820 impacts zlib in 2 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/480 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 11h ago
Showing 11 to 20 of 43 CVEs