24h | 7d | 30d

CVE-2026-0265

Overview

  • Palo Alto Networks
  • Cloud NGFW
13 May 2026
Published
14 May 2026
Updated
CVSS v4.0
HIGH (7.2)
EPSS
Pending
KEV

Description

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled. The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used. The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma Access® are not impacted by this vulnerability.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Ciarán (mc) @ciaranmak

Palo Alto Auth Bypass
#threatintel #cve
security.paloaltonetworks.com/

  • 0
  • 1
  • 0
  • 14h ago

Bluesky

Profile picture fallback
ripjyr.bsky.social @ripjyr.bsky.social
Paloaltoの脆弱性情報 「CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled (Severity: HIGH)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0265
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-30893

Overview

  • wazuh
  • wazuh
29 Apr 2026
Published
29 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.0)
EPSS
0.08%
KEV

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the intended extraction directory on other cluster nodes. This can be escalated to code execution in the Wazuh service context by overwriting Python modules loaded by Wazuh components (proof of concept available as separate attachment). In deployments where the cluster daemon runs with elevated privileges, system-level compromise is possible. This issue has been patched in version 4.14.4.

Statistics

  • 2 Posts
Last activity: 16 hours ago

Fediverse

Profile picture fallback
benzogaga33 :verified: @benzogaga33

Wazuh – CVE-2026-30893 : un patch est disponible pour cette faille critique it-connect.fr/wazuh-cve-2026-3 #ActuCybersécurité #Cybersécurité #Vulnérabilité

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
IT-Connect @it-connect.bsky.social
➡️ Wazuh - Un patch est disponible Une faille de sécurité critique, associée à la référence CVE-2026-30893 et affichant un score CVSS de 9.9, a été révélée récemment au sein de Wazuh. 🛡️ Quels sont les risques ? Comment se protéger ? www.it-connect.fr/wazuh-cve-20... #CVE #Wazuh
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-31431

Overview

  • Linux
  • Linux
22 Apr 2026
Published
12 May 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
2.57%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Statistics

  • 2 Posts
Last activity: 1 hour ago

Bluesky

Profile picture fallback
ICS Advisory Project @advisoryics.bsky.social
New ICSAP Analysis Report: Copy Fail (CVE-2026-31431) and Linux exposure across ICS products. Of 3,800 CISA ICS advisories, only 0.8% name Linux. Asset owners can't assess exposure from advisory text alone. drive.google.com/file/d/1CDvy... #OTSecurity #ICSSecurity #CopyFail #ICSAP
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
小众软件 @appinn.bsky.social
从4月30日至今,Linux 已经连爆三起提权漏洞,只需要一行代码,立即获得系统 root 权限。 2026年4月30日:Copy Fail:2017年至今的漏洞,一个脚本获得 Linux root 管理员权限|CVE-2026-31431 2026年5月8日:Linux 又爆 Dirty Frag
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-32202

Overview

  • Microsoft
  • Windows 10 Version 1607
14 Apr 2026
Published
12 May 2026
Updated
CVSS v3.1
MEDIUM (4.3)
EPSS
7.19%
KEV

Description

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 16 hours ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

CISA Adds CVE-2026-32202 to KEV Catalog as APT28 Actively Exploits Zero-Click Windows Shell Flaw
#CyberSecurity
securebulletin.com/cisa-adds-c

  • 4
  • 0
  • 0
  • 16h ago

CVE-2026-2291

Overview

  • dnsmasq
  • dnsmasq
11 May 2026
Published
13 May 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.

Statistics

  • 1 Post
  • 5 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Michel Lind :fedora: :debian: @michelin

If you use #dnsmasq on @fedora or @centos Stream - be aware that there are recently disclosed CVEs - kb.cert.org/vuls/id/471747

@SUSE at least rates one of them a 9.2 on the CVSS 4.0 scale

suse.com/security/cve/CVE-2026

Fedora updates for stable releases are about to hit testing: bodhi.fedoraproject.org/update

and if you have the #CentOSHyperscale repo enabled you can `sudo dnf install centos-release-hyperscale-testing && sudo dnf update 'dnsmasq*'`

Please give feedback for the Fedora builds and for the Hyperscale ones if you give them a spin!

gitlab.com/CentOS/Hyperscale/r

As of the time of posting there is no advisory from #RedHat yet

#Fedora
#CentOS
#CentOS_Stream

  • 2
  • 3
  • 0
  • 12h ago

CVE-2025-8088

Overview

  • win.rar GmbH
  • WinRAR
08 Aug 2025
Published
26 Feb 2026
Updated
CVSS v4.0
HIGH (8.4)
EPSS
8.29%
KEV

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 18 hours ago

Bluesky

Profile picture fallback
780th Military Intelligence Brigade (Cyber) @780thmibdecyber.bsky.social
Gamaredon, also known as Aqua Blizzard, Primitive Bear, Shuckworm or UAC-0010, has been exploiting CVE-2025-8088 to target Ukrainian organizations. Harfang Lab harfanglab.io/insidethelab...
  • 1
  • 3
  • 0
  • 18h ago

CVE-2026-44194

Overview

  • opnsense
  • core
13 May 2026
Published
13 May 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
Pending
KEV

Description

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatting their malicious payload as a compliant email address, allowing shell commands to reach the underlying operating system. The flaw exists in the local user synchronization flow, within core/src/opnsense/scripts/auth/sync_user.php. This vulnerability is fixed in 26.1.8.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CVE-2026-44194 (CVSS 9.1): OPNsense core <26.1.8 is vulnerable to OS command injection via sync_user.php. Authenticated users with user-management rights can gain root. Update to 26.1.8 ASAP. radar.offseq.com/threat/cve-20

  • 1
  • 1
  • 0
  • 3h ago

CVE-2026-21535

Overview

  • Microsoft
  • Microsoft Teams
19 Feb 2026
Published
11 May 2026
Updated
CVSS v3.1
HIGH (8.2)
EPSS
0.09%
KEV

Description

Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 20 hours ago

Fediverse

Profile picture fallback
Vito Botta @vitobotta

CVE-2026-21535: unauthenticated info disclosure in Microsoft Teams. Network access is all an attacker needs, no credentials at all. The app sitting open on every corporate laptop right now. Go patch it. bleepingcomputer.com/news/micr

  • 1
  • 1
  • 0
  • 20h ago

CVE-2019-14192

Overview

  • Pending
31 Jul 2019
Published
12 May 2026
Updated
CVSS
Pending
EPSS
0.38%
KEV

Description

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 18 hours ago

Fediverse

Profile picture fallback
Hack in Days of Future Past @allainyann

@eshard Very clever write-up from @eshard team on adding a missing USB-Ethernet peripheral to QEMU (SMSC LAN9514) to enable Time Travel Analysis of CVE-2019-14192 on unmodified RPi 3B+ U-Boot firmware.

Using the U-Boot driver as the hardware spec is such an elegant trick. Sparked some ideas for things I'm working on. Thanks for sharing it !

eshard.com/blog/u-boot-cve-tta

  • 0
  • 1
  • 0
  • 18h ago

CVE-2026-41050

Overview

  • SUSE
  • Rancher
  • github.com/rancher/fleet
13 May 2026
Published
14 May 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.04%
KEV

Description

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 22 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔥 CRITICAL: SUSE Rancher Fleet Helm deployer (0.11.0 – 0.15.0) has a major auth flaw (CVE-2026-41050). Tenants with git push access can read secrets from any namespace in downstream clusters. Restrict access & monitor closely! radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 22h ago
Showing 11 to 20 of 82 CVEs