24h | 7d | 30d

CVE-2001-0144

Overview

  • Pending
07 May 2001
Published
08 Aug 2024
Updated
CVSS
Pending
EPSS
61.72%
KEV

Description

CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Tim Hergert @cjust

@TheBreadmonkey Fun fact: In the movie the The Matrix Reloaded - Trinity executes a real world exploit (CVE-2001-0144) against an SSH server using nmap.

Not So Fun Fact: There's probably some system somewhere exposed to Mr. Internet still running that vulnerable version of SSH

  • 0
  • 2
  • 0
  • 5h ago

CVE-2025-70152

Overview

  • Pending
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters (firstname, lastname, username, password, user_id) into SQL queries without validation or parameterization.

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
CVE Alert: CVE-2025-70152 - CVSS 9.8/10 code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These end... https://www.cyberhub.blog/cves/CVE-2025-70152
  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-70150

Overview

  • Pending
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter.

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
CVE Alert: CVE-2025-70150 - CVSS 9.8/10 CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via... https://www.cyberhub.blog/cves/CVE-2025-70150
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-27174

Overview

  • sergejey
  • MajorDoMo
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

MajorDoMo (aka Major Domestic Module) allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect() call that lacks an exit statement, allowing unauthenticated requests to reach the ajax handler in inc_panel_ajax.php. The console handler within that file passes user-supplied input from GET parameters (via register_globals) directly to eval() without any authentication check. An attacker can execute arbitrary PHP code by sending a crafted GET request to /admin.php with ajax_panel, op, and command parameters.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔴 CRITICAL: CVE-2026-27174 in MajorDoMo enables unauth RCE via vulnerable PHP handler — no user interaction needed. Full system compromise possible. Restrict panel access, patch, & monitor logs. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-1994

Overview

  • clavaque
  • s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
19 Feb 2026
Published
19 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CVE-2026-1994 (CRITICAL, CVSS 9.8): All s2Member WordPress plugin versions up to 260127 allow unauthenticated password resets — admin takeover possible! Disable plugin, enforce MFA, audit accounts. No patch yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-27175

Overview

  • sergejey
  • MajorDoMo
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
Pending
KEV

Description

MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double quotes without sanitization via escapeshellarg(). The command is inserted into a database queue by safe_exec(), which performs no sanitization. The cycle_execs.php script, which is web-accessible without authentication, retrieves queued commands and passes them directly to exec(). An attacker can exploit a race condition by first triggering cycle_execs.php (which purges the queue and enters a polling loop), then injecting a malicious command via the rc endpoint while the worker is polling. The injected shell metacharacters expand inside double quotes, achieving remote code execution within one second.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

MajorDoMo (all versions) faces a CRITICAL OS command injection (CVE-2026-27175, CVSS 9.2). Unauthenticated RCE via rc/index.php & cycle_execs.php. No patch yet — restrict endpoints, sanitize input, and monitor activity! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-22695

Overview

  • pnggroup
  • libpng
12 Jan 2026
Published
13 Jan 2026
Updated
CVSS v3.1
MEDIUM (6.1)
EPSS
0.02%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Heads up, #Debian 11 admins! A critical libpng update (DLA-4481-1) just dropped patching three CVEs (CVE-2026-22695, etc.). Read more: 👉 tinyurl.com/54nsbcjd #Security
  • 0
  • 0
  • 0
  • 19h ago

CVE-2024-7694

Overview

  • TeamT5
  • ThreatSonar Anti-Ransomware
12 Aug 2024
Published
18 Feb 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
1.86%
KEV

Description

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
A high-severity arbitrary file-upload vulnerability (CVE-2024-7694) in TeamT5's ThreatSonar Anti-Ransomware has been exploited in the wild and added to CISA's KEV catalog.
  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-70148

Overview

  • Pending
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR).

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
CVE Alert: CVE-2025-70148 - CVSS 7.5/10 Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitr... https://www.cyberhub.blog/cves/CVE-2025-70148
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-1670

Overview

  • Honeywell
  • I-HIB2PI-UL 2MP IP
17 Feb 2026
Published
18 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
Red Hot Cyber @redhotcyber.bsky.social
Bug critico nelle telecamere Honeywell: rischio compromissione totale. Il CISA Avverte 📌 Link all'articolo : www.redhotcyber.com/post/bug... #redhotcyber #news #cybersecurity #hacking #vulnerabilita #cve20261670 #sicurezzainformatica #telecamere #cctv #honeywell
  • 0
  • 0
  • 0
  • 22h ago
Showing 11 to 20 of 54 CVEs