24h | 7d | 30d

Overview

  • Facebook
  • WhatsApp for Android

01 May 2026
Published
01 May 2026
Updated

CVSS v3.1
MEDIUM (4.3)
EPSS
0.01%

KEV

Description

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggering OS-controlled custom URL scheme handlers. We have not seen evidence of exploitation in the wild.

Statistics

  • 2 Posts
  • 5 Interactions

Last activity: 23 hours ago

Fediverse

Profile picture fallback

Vulnerability CVE-2026-23866 Lets Attackers Leverage Instagram Reels to Execute Malicious URLs:

👇
cybersecuritynews.com/whatsapp

  • 2
  • 3
  • 1
  • 23h ago

Overview

  • Adobe
  • Acrobat Reader

11 Apr 2026
Published
14 Apr 2026
Updated

CVSS v3.1
HIGH (8.6)
EPSS
9.59%

Description

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Statistics

  • 1 Post
  • 4 Interactions

Last activity: 15 hours ago

Fediverse

Profile picture fallback

CVE-2026-34621: Una vulnerabilidad de tipo «zero-day» en Adobe Acrobat Reader permite la ejecución de código a través de archivos PDF maliciosos

blog.elhacker.net/2026/05/cve-

  • 2
  • 2
  • 0
  • 15h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 3 Interactions

Last activity: 19 hours ago

Fediverse

Profile picture fallback

Traefik v3.6.15 patches CVE-2026-41181 so update ASAP. Also includes ACME fixes, Kubernetes ExternalName service improvements, and an updated Errors middleware. Check the migration guide before upgrading. #selfhosted #homelab

github.com/traefik/traefik/rel

  • 2
  • 1
  • 1
  • 19h ago

Overview

  • cloudways
  • Breeze Cache

23 Apr 2026
Published
23 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
13.13%

KEV

Description

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited if "Host Files Locally - Gravatars" is enabled, which is disabled by default.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 14 hours ago

Fediverse

Profile picture fallback

Attackers Actively Exploiting Critical Vulnerability in Breeze Cache Plugin

A critical arbitrary file upload vulnerability (CVE-2026-3844, CVSS 9.8) in the Breeze Cache plugin for WordPress is being actively exploited.

Update to version 2.4.5. Review the report to ensure your site is not affected.

wordfence.com/blog/2026/05/att

#WordPress #WebSecurity #Wordfence

  • 0
  • 1
  • 0
  • 14h ago

Overview

  • PHPOffice
  • PhpSpreadsheet

05 May 2026
Published
05 May 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
Pending

KEV

Description

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when the filename argument to IOFactory::load() is user-controlled, an attacker can supply a PHP stream wrapper path (such as phar://, ftp://, or ssh2.sftp://) that passes the is_file() check in File::assertFile(). The phar:// wrapper triggers deserialization of the PHAR metadata, which can lead to remote code execution if a suitable gadget chain is available in the application. The ftp:// and ssh2.sftp:// wrappers can be used for server-side request forgery. This issue has been fixed in versions 1.30.3, 2.1.15, 2.4.4, 3.10.4, and 5.6.0.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 10 hours ago

Fediverse

Profile picture fallback

🚨 PHPOffice PhpSpreadsheet CRITICAL vuln (CVE-2026-34084): RCE & SSRF possible via user input to IOFactory::load() (phar://, ftp://, ssh2.sftp://). Affected: v1.x – 5.5.0. Upgrade to a fixed version now! radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 10h ago

Overview

  • Progress Software
  • MOVEit Automation

30 Apr 2026
Published
01 May 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.19%

KEV

Description

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 6 hours ago

Bluesky

Profile picture fallback
Linux kernel flaw CVE-2026-31431 exploited for root access; MOVEit CVE-2026-4670 enables remote breaches; DigiCert revokes 60 certificates after Zhong Stealer exposure; Pentagon advances AI security partnerships. #LinuxSecurity #DataCenter #USA
  • 0
  • 1
  • 0
  • 19h ago
Profile picture fallback
Critical 98 MOVEit Automation Flaw Opens Enterprise File Transfer Systems to Unauthenticated Takeover + Video Introduction: A critical authentication bypass vulnerability (CVE-2026-4670, CVSS 9.8) and a high-severity privilege escalation flaw (CVE-2026-5174, CVSS 7.7) have been disclosed in…
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
⚠️ #Vulnerabilidad 'Ghost-Print' (CVE-2026-4412): Fallo en la cola de impresión de #Windows que afecta a redes corporativas (+MITIGACIÓN) www.newstecnicas.info.ve/2026/04/vuln...
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

10 Mar 2026
Published
14 Apr 2026
Updated

CVSS v3.1
HIGH (8.0)
EPSS
0.04%

KEV

Description

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
🛡️ CVE-2026-25172: El 'Hotpatch' urgente de Microsoft para #Windows11 que debes aplicar ya (Sin reiniciar) www.newstecnicas.info.ve/2026/04/cve-...
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Microsoft
  • Microsoft SQL Server 2016 Service Pack 3 (GDR)

10 Mar 2026
Published
14 Apr 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.08%

KEV

Description

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
Microsoft corrige Zero-Day crítico en SQL Server que permite a atacantes tomar el control total como admin | CVE-2026-21262 www.newstecnicas.info.ve/2026/03/micr...
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • D-Link
  • DI-8100

05 May 2026
Published
05 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: Buffer overflow in D-Link DI-8100 (16.07.26A1) via /url_rule.asp POST handler. Remote, unauthenticated RCE possible. Public exploit available. No official patch yet. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago
Showing 11 to 20 of 50 CVEs