24h | 7d | 30d

CVE-2025-24054

Overview

  • Microsoft
  • Windows 10 Version 1507
11 Mar 2025
Published
13 Feb 2026
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
7.83%
KEV

Description

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Steele Fortress @steelefortress

CISA just added CVE-2025-24054 to its Known Exploited Vulnerabilities catalog, mandating federal agencies patch Windows systems against an NTLM hash-leaking flaw already weaponized in the wild.

Read more: steelefortress.com/6o7x90

CyberDefense

  • 0
  • 1
  • 0
  • 7h ago

CVE-2026-7164

Overview

  • FreeBSD
  • FreeBSD
30 Apr 2026
Published
30 Apr 2026
Updated
CVSS
Pending
EPSS
0.06%
KEV

Description

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent of the configured ruleset.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Graham Perrin @grahamperrin

2/

CVE-2026-7164 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:14.pf <security.freebsd.org/advisorie> credited to Igor Gabriel Sousa e Souza.

I can't easily find any information about this person.

  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-7191

Overview

  • AWS
  • QnABot on AWS
27 Apr 2026
Published
28 Apr 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.07%
KEV

Description

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Content Designer interface, which bypasses the intended expression sandbox through JavaScript prototype manipulation. This may grant direct access to backend resources (Lambda environment variables, OpenSearch indices, S3 objects, DynamoDB tables) that are not exposed through normal administrative interfaces. We recommend you upgrade to version 7.3.0 or above.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture fallback
Eyal Estrin ☁️ @eyalestrin.bsky.social
CVE-2026-7191- Arbitrary Code Execution via Sandbox Bypass in QnABot on AWS #patchmanagement
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-26015

Overview

  • arc53
  • DocsGPT
29 Apr 2026
Published
30 Apr 2026
Updated
CVSS v4.0
CRITICAL (10.0)
EPSS
0.29%
KEV

Description

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: CVE-2026-26015 in DocsGPT 0.15.0-0.16.0 enables unauthenticated RCE via command injection (CVSS 10). All deployments at risk — patch to 0.16.0 or later now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-42167

Overview

  • ProFTPD
  • ProFTPD
28 Apr 2026
Published
29 Apr 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.24%
KEV

Description

mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

Statistics

  • 3 Posts
Last activity: 23 hours ago

Fediverse

Profile picture fallback
Constantin Milos @Tinolle

CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD
zeropath.com/blog/proftpd-cve-

  • 0
  • 0
  • 2
  • 23h ago

CVE-2026-7424

Overview

  • AWS
  • FreeRTOS-Plus-TCP
29 Apr 2026
Published
29 Apr 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.01%
KEV

Description

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled. To mitigate this issue, users should upgrade to version V4.2.6 or V4.4.1 or newer.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture fallback
Eyal Estrin ☁️ @eyalestrin.bsky.social
CVE-2026-7424 - Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP #patchmanagement
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-5402

Overview

  • Wireshark Foundation
  • Wireshark
30 Apr 2026
Published
30 Apr 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.04%
KEV

Description

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CVE-2026-5402: HIGH severity heap buffer overflow in Wireshark 4.6.0 – 4.6.4 TLS dissector. Exploitation can lead to DoS or code execution. No patch yet — avoid untrusted TLS traffic. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-7470

Overview

  • Tenda
  • 4G300
30 Apr 2026
Published
30 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.05%
KEV

Description

A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CVE-2026-7470: HIGH severity stack buffer overflow in Tenda 4G300 (US_4G300V1.0Mt_V1.01.42_CN_TDC01). Exploit public, no patch yet. Restrict access & monitor for activity. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-14956

Overview

  • WebAssembly
  • Binaryen
19 Dec 2025
Published
24 Feb 2026
Updated
CVSS v4.0
MEDIUM (4.8)
EPSS
0.04%
KEV

Description

A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Just patched CVE-2025-14956 on Fedora? Good. Now learn how to find the next buffer overflow before it's disclosed. Read more-> tinyurl.com/kn4byfmj #Fedora
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-4412

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
Last activity: 6 hours ago

Bluesky

Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.info.ve
⚠️ #Vulnerabilidad 'Ghost-Print' (CVE-2026-4412): Fallo en la cola de impresión de #Windows que afecta a #redes corporativas (+MITIGACIÓN) www.newstecnicas.info.ve/2026/04/vuln...
  • 0
  • 0
  • 1
  • 6h ago
Showing 11 to 20 of 38 CVEs