24h | 7d | 30d

Overview

  • AWS
  • FreeRTOS-Plus-TCP

29 Apr 2026
Published
29 Apr 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.01%

KEV

Description

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled. To mitigate this issue, users should upgrade to version V4.2.6 or V4.4.1 or newer.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
CVE-2026-7424 - Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP #patchmanagement
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Wireshark Foundation
  • Wireshark

30 Apr 2026
Published
01 May 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.04%

KEV

Description

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

Statistics

  • 1 Post

Last activity: 23 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-5402: HIGH severity heap buffer overflow in Wireshark 4.6.0 – 4.6.4 TLS dissector. Exploitation can lead to DoS or code execution. No patch yet — avoid untrusted TLS traffic. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 23h ago

Overview

  • WebAssembly
  • Binaryen

19 Dec 2025
Published
24 Feb 2026
Updated

CVSS v4.0
MEDIUM (4.8)
EPSS
0.04%

KEV

Description

A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
Just patched CVE-2025-14956 on Fedora? Good. Now learn how to find the next buffer overflow before it's disclosed. Read more-> tinyurl.com/kn4byfmj #Fedora
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • libsodium
  • libsodium

31 Dec 2025
Published
07 Jan 2026
Updated

CVSS v3.1
MEDIUM (4.5)
EPSS
0.01%

KEV

Description

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
The PyNaCl vulnerability (CVE-2025-69277) just reminded us: cryptographic dependencies need constant attention. Here's a practical guide for openSUSE admins: check scripts, automation code, and AppArmor mitigations all included. Read more -> tinyurl.com/3pkzwaff #openSUSE
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Grafana
  • Grafana

27 Mar 2026
Published
24 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.14%

KEV

Description

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the sqlExpressions feature toggle enabled are vulnerable. Only instances in the following version ranges are affected: - 11.6.0 (inclusive) to 11.6.14 (exclusive): 11.6.14 has the fix. 11.5 and below are not affected. - 12.0.0 (inclusive) to 12.1.10 (exclusive): 12.1.10 has the fix. 12.0 did not receive an update, as it is end-of-life. - 12.2.0 (inclusive) to 12.2.8 (exclusive): 12.2.8 has the fix. - 12.3.0 (inclusive) to 12.3.6 (exclusive): 12.3.6 has the fix. - 12.4.0 (inclusive) to 12.4.2 (exclusive): 12.4.2 has the fix. 13.0.0 and above also have the fix: no v13 release is affected.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
Another critical Grafana security update landed in openSUSE Leap. The RCE (CVE-2026-27876) lets attackers turn Viewer accounts into full host access. Read more -> tinyurl.com/mstzsfc3 #openSUSE
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 3 Posts

Last activity: 18 hours ago

Bluesky

Profile picture fallback
⚠️ #Vulnerabilidad 'Ghost-Print' (CVE-2026-4412): Fallo en la cola de impresión de #Windows que afecta a #redes corporativas (+MITIGACIÓN) www.newstecnicas.info.ve/2026/04/vuln...
  • 0
  • 0
  • 2
  • 18h ago

Overview

  • Totolink
  • A8000RU

01 May 2026
Published
01 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-7538 (CRITICAL, CVSS 9.3): Totolink A8000RU 7.1cu.643_b20200521 OS command injection in CGI handler allows unauthenticated remote code execution. No patch — restrict access & monitor vendor updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • SonicWall
  • SonicOS

29 Apr 2026
Published
30 Apr 2026
Updated

CVSS
Pending
EPSS
0.00%

KEV

Description

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
SonicWall released patches for three SonicOS vulnerabilities across Gen 6, 7, and 8 firewalls, including a high-severity access control bypass (CVE-2026-0204). SSH access restrictions recommended until updates applied. #FirewallSecurity #VulnerabilityPatch
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • dnnsoftware
  • Dnn.Platform

17 Apr 2026
Published
22 Apr 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.04%

KEV

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture fallback

CVE-2026-40321: stored XSS in DNN (DotNetNuke) prior to v10.2.2 chains to full RCE.

Any authenticated user can upload a crafted SVG with embedded JavaScript. If a power user opens it, the payload calls DNN's own config endpoint to drop an ASPX backdoor in the server root.

One file. One click. Full RCE. CVSS 8.1, patched, fully documented.

Write-up + PoC payloads: pentest-tools.com/blog/dotnetn

More research from our team: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 17h ago

Overview

  • OpenBSD
  • OpenSSH

02 Apr 2026
Published
02 Apr 2026
Updated

CVSS v3.1
MEDIUM (4.2)
EPSS
0.02%

KEV

Description

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture fallback

📰 Decade-Old OpenSSH Flaw (CVE-2026-35414) Allows Full Root Access, Exploits Hard to Detect

🚨 CRITICAL: A 15-year-old flaw in OpenSSH (CVE-2026-35414) allows attackers to gain full root access. The bug is trivial to exploit and hard to detect in logs. Update to OpenSSH 10.3p1 immediately! 🛡️ #OpenSSH #CVE #Linux #CyberSecurity

🔗 cyber.netsecops.io

  • 0
  • 0
  • 0
  • 15h ago
Showing 11 to 20 of 29 CVEs