24h | 7d | 30d

CVE-2026-7424

Overview

  • AWS
  • FreeRTOS-Plus-TCP
29 Apr 2026
Published
29 Apr 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.01%
KEV

Description

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled. To mitigate this issue, users should upgrade to version V4.2.6 or V4.4.1 or newer.

Statistics

  • 1 Post
Last activity: 18 hours ago

Bluesky

Profile picture fallback
Eyal Estrin ☁️ @eyalestrin.bsky.social
CVE-2026-7424 - Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP #patchmanagement
  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-5402

Overview

  • Wireshark Foundation
  • Wireshark
30 Apr 2026
Published
01 May 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.04%
KEV

Description

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CVE-2026-5402: HIGH severity heap buffer overflow in Wireshark 4.6.0 – 4.6.4 TLS dissector. Exploitation can lead to DoS or code execution. No patch yet — avoid untrusted TLS traffic. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-14956

Overview

  • WebAssembly
  • Binaryen
19 Dec 2025
Published
24 Feb 2026
Updated
CVSS v4.0
MEDIUM (4.8)
EPSS
0.04%
KEV

Description

A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Just patched CVE-2025-14956 on Fedora? Good. Now learn how to find the next buffer overflow before it's disclosed. Read more-> tinyurl.com/kn4byfmj #Fedora
  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-69277

Overview

  • libsodium
  • libsodium
31 Dec 2025
Published
07 Jan 2026
Updated
CVSS v3.1
MEDIUM (4.5)
EPSS
0.01%
KEV

Description

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
The PyNaCl vulnerability (CVE-2025-69277) just reminded us: cryptographic dependencies need constant attention. Here's a practical guide for openSUSE admins: check scripts, automation code, and AppArmor mitigations all included. Read more -> tinyurl.com/3pkzwaff #openSUSE
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-27876

Overview

  • Grafana
  • Grafana
27 Mar 2026
Published
24 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.14%
KEV

Description

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the sqlExpressions feature toggle enabled are vulnerable. Only instances in the following version ranges are affected: - 11.6.0 (inclusive) to 11.6.14 (exclusive): 11.6.14 has the fix. 11.5 and below are not affected. - 12.0.0 (inclusive) to 12.1.10 (exclusive): 12.1.10 has the fix. 12.0 did not receive an update, as it is end-of-life. - 12.2.0 (inclusive) to 12.2.8 (exclusive): 12.2.8 has the fix. - 12.3.0 (inclusive) to 12.3.6 (exclusive): 12.3.6 has the fix. - 12.4.0 (inclusive) to 12.4.2 (exclusive): 12.4.2 has the fix. 13.0.0 and above also have the fix: no v13 release is affected.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Another critical Grafana security update landed in openSUSE Leap. The RCE (CVE-2026-27876) lets attackers turn Viewer accounts into full host access. Read more -> tinyurl.com/mstzsfc3 #openSUSE
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-4412

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 3 Posts
Last activity: 18 hours ago

Bluesky

Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.info.ve
⚠️ #Vulnerabilidad 'Ghost-Print' (CVE-2026-4412): Fallo en la cola de impresión de #Windows que afecta a #redes corporativas (+MITIGACIÓN) www.newstecnicas.info.ve/2026/04/vuln...
  • 0
  • 0
  • 2
  • 18h ago

CVE-2026-7538

Overview

  • Totolink
  • A8000RU
01 May 2026
Published
01 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CVE-2026-7538 (CRITICAL, CVSS 9.3): Totolink A8000RU 7.1cu.643_b20200521 OS command injection in CGI handler allows unauthenticated remote code execution. No patch — restrict access & monitor vendor updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-0204

Overview

  • SonicWall
  • SonicOS
29 Apr 2026
Published
30 Apr 2026
Updated
CVSS
Pending
EPSS
0.00%
KEV

Description

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
SonicWall released patches for three SonicOS vulnerabilities across Gen 6, 7, and 8 firewalls, including a high-severity access control bypass (CVE-2026-0204). SSH access restrictions recommended until updates applied. #FirewallSecurity #VulnerabilityPatch
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-40321

Overview

  • dnnsoftware
  • Dnn.Platform
17 Apr 2026
Published
22 Apr 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.04%
KEV

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture fallback
pentest-tools.com @pentesttools

CVE-2026-40321: stored XSS in DNN (DotNetNuke) prior to v10.2.2 chains to full RCE.

Any authenticated user can upload a crafted SVG with embedded JavaScript. If a power user opens it, the payload calls DNN's own config endpoint to drop an ASPX backdoor in the server root.

One file. One click. Full RCE. CVSS 8.1, patched, fully documented.

Write-up + PoC payloads: pentest-tools.com/blog/dotnetn

More research from our team: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-35414

Overview

  • OpenBSD
  • OpenSSH
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
MEDIUM (4.2)
EPSS
0.02%
KEV

Description

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture fallback
CyberNetsecIO @netsecio

📰 Decade-Old OpenSSH Flaw (CVE-2026-35414) Allows Full Root Access, Exploits Hard to Detect

🚨 CRITICAL: A 15-year-old flaw in OpenSSH (CVE-2026-35414) allows attackers to gain full root access. The bug is trivial to exploit and hard to detect in logs. Update to OpenSSH 10.3p1 immediately! 🛡️ #OpenSSH #CVE #Linux #CyberSecurity

🔗 cyber.netsecops.io

  • 0
  • 0
  • 0
  • 15h ago
Showing 11 to 20 of 29 CVEs