24h | 7d | 30d

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 3 Interactions

Last activity: 20 hours ago

Fediverse

Profile picture fallback

2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC

haproxy.com/blog/cves-2026-qui

  • 2
  • 1
  • 0
  • 23h ago

Bluesky

Profile picture fallback
#Debian DSA-6130-1 is out. HAProxy + QUIC = potential instant crash. Here is exactly what CVE-2026-26081 does and how to fix it without breaking your SLOs. 🧵 Read more: 👉 tinyurl.com/4s6uptr7 #Security
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • SolarWinds
  • Web Help Desk

28 Jan 2026
Published
13 Feb 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
76.95%

Description

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

Statistics

  • 3 Posts
  • 2 Interactions

Last activity: 11 hours ago

Fediverse

Profile picture fallback

‼️ CISA added one more vulnerability to the KEV Catalog today...

CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability: SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.

  • 0
  • 2
  • 0
  • 18h ago

Bluesky

Profile picture fallback
~Cisa~ CISA adds four actively exploited vulnerabilities affecting Microsoft, Notepad++, SolarWinds, and Apple to its KEV catalog, requiring remediation. - IOCs: CVE-2024-43468, CVE-2025-15556, CVE-2025-40536 - #CISA #KEV #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
CVE-2024-43468 Microsoft Configuration Manager SQL Injection Vulnerability CVE-2025-15556 Notepad++ Download of Code Without Integrity Check Vulnerability CVE-2025-40536 SolarWinds Web Help Desk Security Control Bypass Vulnerability CVE-2026-20700 Apple Multiple Buffer Overflow Vulnerability
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • GNU
  • Inetutils

21 Jan 2026
Published
10 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
83.89%

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Statistics

  • 1 Post
  • 4 Interactions

Last activity: 17 hours ago

Fediverse

Profile picture fallback

2026-01-14: The Day the telnet Died

"On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation."

Link: labs.greynoise.io/grimoire/202

#linkdump #blogpost #filtering #internet #iso #security #telnet

  • 2
  • 2
  • 0
  • 17h ago

Overview

  • ros-navigation
  • navigation2

12 Feb 2026
Published
12 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.06%

KEV

Description

navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing a single crafted geometry_msgs/PoseWithCovarianceStamped message with extreme covariance values to the /initialpose topic, an unauthenticated attacker on the same ROS 2 DDS domain can trigger a negative index write (set->clusters[-1]) into heap memory preceding the allocated buffer. In Release builds, the sole boundary check (assert) is compiled out, leaving zero runtime protection. This primitive allows controlled corruption of the heap chunk metadata(at least the size of the heap chunk where the set->clusters is in is controllable by the attacker), potentially leading to further exploitation. At minimum, it provides a reliable single-packet denial of service that kills localization and halts all navigation.

Statistics

  • 1 Post
  • 4 Interactions

Last activity: 10 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-26011 in ROS 2 navigation2 (≤1.3.11) allows unauth attackers in the same DDS domain to trigger heap out-of-bounds writes via /initialpose, causing DoS or further exploit. Isolate & patch! radar.offseq.com/threat/cve-20

  • 2
  • 2
  • 0
  • 10h ago

Overview

  • traefik
  • traefik

12 Feb 2026
Published
12 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.02%

KEV

Description

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest (STARTTLS) prelude and then stalling, causing connections to remain open indefinitely, leading to a denial of service. This vulnerability is fixed in 3.6.8.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 14 hours ago

Fediverse

Profile picture fallback

Traefik v3.6.8 just dropped! Crucial security update fixing CVE-2026-25949 is LIVE. Plus, enjoy smoother ACME certs, stronger healthchecks, & better TLS stability. Upgrade now!

More info: github.com/traefik/traefik/rel

#selfhosted #homelab

  • 1
  • 1
  • 0
  • 14h ago

Overview

  • PostgreSQL

12 Feb 2026
Published
13 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.10%

KEV

Description

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 21 hours ago

Fediverse

Profile picture fallback

few new #postgresql vulns out there today

🔐 CVE-2026-2004
CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.

📊 CVSS Score: 8.8
⚠️ Severity: High
📅 Published: 02/12/2026, 02:16 PM
🏷️ Aliases: CVE-2026-2004
🛡️ CWE: CWE-1287
📚 References: postgresql.org/support/securit

🔗 hecate.pw/vulnerability/CVE-20

#cve #vulnerability #hecate

  • 1
  • 0
  • 0
  • 21h ago

Overview

  • Apache Software Foundation
  • Apache Log4j2

10 Dec 2021
Published
21 Oct 2025
Updated

CVSS
Pending
EPSS
94.36%

Description

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
Zero-Day to Zero Trust: Inside the Log4Shell Apocalypse and How AI-Powered Hardening Can Save Your Stack + Video Introduction: In December 2021, the cybersecurity world shuddered as the Log4Shell vulnerability (CVE-2021-44228) tore through enterprise environments, earning a perfect 10.0 CVSS score…
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • unclecode
  • Crawl4AI
  • crawl4ai

12 Feb 2026
Published
12 Feb 2026
Updated

CVSS v4.0
CRITICAL (10.0)
EPSS
0.20%

KEV

Description

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was included in the allowed builtins, allowing unauthenticated remote attackers to import arbitrary modules and execute system commands. Successful exploitation allows full server compromise, including arbitrary command execution, file read and write access, sensitive data exfiltration, and lateral movement within internal networks.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL RCE (CVE-2026-26216) in Crawl4AI <0.8.0: /crawl endpoint allows unauthenticated Python code injection via exec(), enabling server takeover & lateral movement. Restrict access, monitor activity, upgrade ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • newbee-ltd
  • newbee-mall
  • newbee-mall

12 Feb 2026
Published
12 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.02%

KEV

Description

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to rapidly recover plaintext credentials via offline attacks.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-26219 (CRITICAL): newbee-mall 1.0.0 uses unsalted MD5 for password storage — enabling fast offline attacks if hashes leak. Upgrade to secure hashing (Argon2, bcrypt, PBKDF2) ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • nodejs
  • node

20 Jan 2026
Published
22 Jan 2026
Updated

CVSS v3.0
HIGH (7.1)
EPSS
0.01%

KEV

Description

A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
#SUSE just patched Node.js 20 (CVE-2025-55130). The CVSS 7.5 is almost misleading—this isn't complex to execute. HTTP/2 continuation flood = CPU pegged at 100%. No auth needed. Just packets. Read more: 👉 tinyurl.com/53b3zctf #Security
  • 0
  • 0
  • 0
  • 23h ago
Showing 11 to 20 of 49 CVEs