24h | 7d | 30d

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
HDR images can pwn your SUSE server via GEGL (CVE-2026-2049 style). Instead of waiting for patches, learn to audit image parsers for good. Read more: 👉 tinyurl.com/3tuvc47p #SUSE
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Pending

17 Apr 2020
Published
05 May 2025
Updated

CVSS v3.0
MEDIUM (5.9)
EPSS
1.30%

KEV

Description

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
~Cybergcca~ CCCS issued 6 security advisories covering critical updates for IBM, Dell, Ubuntu, Red Hat, Moxa, and CISA ICS products. - IOCs: CVE-2020-11868 - #PatchNow #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

14 Apr 2026
Published
20 Apr 2026
Updated

CVSS v3.1
MEDIUM (4.3)
EPSS
0.07%

KEV

Description

Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
PoC Exploit Unleashed: Windows Snipping Tool Leaks NTLM Hashes via Malicious Deep Links – Patch Now! + Video Introduction: A newly disclosed proof-of-concept (PoC) exploit for CVE-2026-33829 demonstrates how Microsoft’s Snipping Tool can be abused to leak Net-NTLM credential hashes simply by…
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Sudo project
  • Sudo

30 Jun 2025
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
38.49%

Description

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

VDE-2026-032
Endress+Hauser: sudo vulnerability affects Endress+Hauser MCS200HW

The display unit of the Endress+Hauser MCS200HW is affected by a sudo chroot vulnerability.
CVE-2025-32463

certvde.com/en/advisories/vde-

endress-hauser.csaf-tp.certvde

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Quantum Networks
  • Router QN-I-470

21 Apr 2026
Published
21 Apr 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture fallback

🚨 HIGH severity alert: Quantum Networks QN-I-470 routers (6.1.1.B1) have a CLI OS command injection (CVE-2026-41036). Authenticated attackers can execute root commands remotely. Limit access & monitor systems. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

10 Mar 2026
Published
14 Apr 2026
Updated

CVSS v3.1
HIGH (8.0)
EPSS
0.08%

KEV

Description

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
🛡️ CVE-2026-25172: El 'Hotpatch' urgente de Microsoft para Windows 11 que debes aplicar ya (Sin reiniciar) www.newstecnicas.info.ve/2026/04/cve-...
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Vvveb
  • Vvveb CMS

20 Apr 2026
Published
20 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
Pending

KEV

Description

Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this logic flaw by first uploading a text file and renaming it to .htaccess to inject Apache directives that register PHP-executable MIME types, then uploading another file and renaming it to .php to execute arbitrary operating system commands as the www-data user.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-6257 in Vvveb CMS v1.0.8 enables RCE by renaming uploads to .php/.htaccess. No patch yet — restrict media mgmt & user access, monitor file changes! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • OpenClaw
  • OpenClaw

20 Apr 2026
Published
20 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.0)
EPSS
Pending

KEV

Description

OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve unauthorized privilege escalation.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
AI agents rely on sandboxing to stay safe. CVE-2026-41329 shows how that protection can fail in OpenClaw — allowing attackers to bypass sandbox restrictions and escalate privileges. 🔗 basefortify.eu/cve_reports/... #CyberSecurity #AI #CVE
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • givanz
  • Vvveb

20 Apr 2026
Published
20 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
Pending

KEV

Description

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in the define statement to achieve unauthenticated remote code execution as the web server user.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: CVE-2026-39918 in givanz Vvveb <1.0.8.1 allows unauth RCE via code injection in the installation endpoint (unsanitized subdir param). Restrict access, monitor for updates, and deploy WAF rules. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Cisco
  • Cisco Identity Services Engine Software

15 Apr 2026
Published
16 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
0.23%

KEV

Description

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
📢 Cisco corrige des vulnérabilités critiques dans ISE et Webex permettant RCE et usurpation d'identité 📝 ## 🔍 Contexte Publié l… https://cyberveille.ch/posts/2026-04-20-cisco-corrige-des-vulnerabilites-critiques-dans-ise-et-webex-permettant-rce-et-usurpation-d-identite/ #CVE_2026_20147 #Cyberveille
  • 0
  • 0
  • 0
  • 20h ago
Showing 11 to 20 of 44 CVEs