24h | 7d | 30d

CVE-2026-25253

Overview

  • OpenClaw
  • OpenClaw
01 Feb 2026
Published
03 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.04%
KEV

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Socket~ An AI agent is rapidly building trust by getting code merged into major open-source projects, mimicking the initial stages of a supply chain attack. - IOCs: kaigritun. com, CVE-2026-25253 - #AI #OSS #SupplyChain #ThreatIntel
  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-12062

Overview

  • flippercode
  • WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters
16 Feb 2026
Published
17 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.06%
KEV

Description

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fc_load_template function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .html files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .html file types can be uploaded and included.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
CVE Alert: CVE-2025-12062 - CVSS 8.8/10 The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8... https://www.cyberhub.blog/cves/CVE-2025-12062
  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-1333

Overview

  • Dassault Systèmes
  • SOLIDWORKS eDrawings
16 Feb 2026
Published
17 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

CVE-2026-1333 (HIGH, CVSS 7.8): SOLIDWORKS eDrawings 2025 – 2026 SP0 vulnerable to code execution via crafted EPRT files. No exploits yet, but patch and restrict file handling! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-2247

Overview

  • Clickedu
  • SaaS platform
17 Feb 2026
Published
17 Feb 2026
Updated
CVSS v4.0
HIGH (8.3)
EPSS
0.14%
KEV

Description

SQL injection vulnerability (SQLi) in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile application. In the URL of the generated PDF, the session token used does not expire, so it remains valid for days after its generation, and unusual characters can be entered after the ‘id_alu’ parameter, resulting in two types of SQLi: boolean-based blind and time-based blind. Exploiting this vulnerability could allow an attacker to access confidential information in the database.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

CVE-2026-2247: HIGH-severity SQL injection in Clickedu SaaS (all versions). Attackers can exploit 'id_alu' in report card URLs to access sensitive data. Persistent session tokens increase risk. Prioritize mitigation! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-1358

Overview

  • Airleader GmbH
  • Airleader Master
12 Feb 2026
Published
17 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.13%
KEV

Description

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.

Statistics

  • 1 Post
Last activity: 23 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
Critical Unrestricted File Upload Flaw in Airleader Master (CVE-2026-1358): Remote Root Exploit Exposes ICS/SCADA Networks Introduction A newly disclosed critical vulnerability, CVE-2026-1358, has been identified in Airleader Master v6.381 and earlier versions, exposing industrial control systems…
  • 0
  • 0
  • 0
  • 23h ago

CVE-2023-53321

Overview

  • Linux
  • Linux
16 Sep 2025
Published
14 Jan 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: drop short frames While technically some control frames like ACK are shorter and end after Address 1, such frames shouldn't be forwarded through wmediumd or similar userspace, so require the full 3-address header to avoid accessing invalid memory if shorter frames are passed in.

Statistics

  • 2 Posts
Last activity: 2 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🛡️ Critical: #SUSE Linux Kernel Live Patch 2026-0566-1 is out! It fixes CVE-2023-53321 (out-of-bounds access) & two other high-severity flaws in SLE 15 SP4. Read more: 👉 tinyurl.com/39zrjc3v #Security
  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 URGENT: #SUSE Linux Kernel Update! 🚨 SUSE-SU-2026:0565-1 patches 4 HIGH-severity flaws in SLE 15 SP4, including CVE-2023-53321 (Wi-Fi driver) & CVE-2025-38111 (Memory corruption). R ead more: 👉 tinyurl.com/52u328c5 #Security
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-2452

Overview

  • pretix
  • pretix-newsletter
  • pretix-newsletter
16 Feb 2026
Published
17 Feb 2026
Updated
CVSS v4.0
HIGH (7.5)
EPSS
0.05%
KEV

Description

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information about the pretix system through specially crafted placeholder names such as {{event.__init__.__code__.co_filename}}. This way, an attacker with the ability to control email templates (usually every user of the pretix backend) could retrieve sensitive information from the system configuration, including even database passwords or API keys. pretix does include mechanisms to prevent the usage of such malicious placeholders, however due to a mistake in the code, they were not fully effective for this plugin. Out of caution, we recommend that you rotate all passwords and API keys contained in your pretix.cfg https://docs.pretix.eu/self-hosting/config/  file.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔒 CVE-2026-2452 (HIGH): pretix-newsletter 1.0.0 & 2.0.0 let backend users leak sensitive data by abusing placeholders in email templates. Rotate credentials, restrict edit rights, and monitor changes! More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-22208

Overview

  • OpenS100 Project
  • OpenS100
  • OpenS100
17 Feb 2026
Published
17 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
Pending
KEV

Description

OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL_openlibs() without sandboxing or capability restrictions, exposing standard libraries such as 'os' and 'io' to untrusted portrayal catalogues. An attacker can provide a malicious S-100 portrayal catalogue containing Lua scripts that execute arbitrary commands with the privileges of the OpenS100 process when a user imports the catalogue and loads a chart.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-22208 in OpenS100 (S-100 viewer) enables RCE via unsandboxed Lua. Attackers can embed malicious scripts in S-100 catalogues — risk of full system compromise. Block untrusted imports & monitor. Patch when released. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-2001

Overview

  • wpxpo
  • WowRevenue – Product Bundles & Bulk Discounts
16 Feb 2026
Published
17 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.21%
KEV

Description

The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'Notice::install_activate_plugin' function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the affected site's server which may make remote code execution possible.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔎 CVE-2026-2001 (HIGH): WowRevenue WordPress plugin lets subscriber-level users install arbitrary plugins due to missing authorization, risking RCE. All versions ≤2.1.3 affected. Restrict permissions & monitor installs! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-1334

Overview

  • Dassault Systèmes
  • SOLIDWORKS eDrawings
16 Feb 2026
Published
17 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CVE-2026-1334: HIGH-severity out-of-bounds read in SOLIDWORKS eDrawings (2025 SP0/2026 SP0). Exploiting crafted EPRT files can enable code execution. Patch when released, restrict sources, use sandboxing. No known exploits yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago
Showing 11 to 20 of 33 CVEs