24h | 7d | 30d

CVE-2026-0265

Overview

  • Palo Alto Networks
  • Cloud NGFW
13 May 2026
Published
14 May 2026
Updated
CVSS v4.0
HIGH (7.2)
EPSS
Pending
KEV

Description

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled. The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used. The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma Access® are not impacted by this vulnerability.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Ciarán (mc) @ciaranmak

Palo Alto Auth Bypass
#threatintel #cve
security.paloaltonetworks.com/

  • 0
  • 1
  • 0
  • 13h ago

Bluesky

Profile picture fallback
ripjyr.bsky.social @ripjyr.bsky.social
Paloaltoの脆弱性情報 「CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled (Severity: HIGH)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0265
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-32661

Overview

  • Canon Marketing Japan Inc.
  • GUARDIANWALL MailSuite (On-premises version)
13 May 2026
Published
13 May 2026
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
0.14%
KEV

Description

Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd with grdnwww user privilege.

Statistics

  • 2 Posts
Last activity: 21 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: CVE-2026-32661 stack buffer overflow in Canon GUARDIANWALL MailSuite (v1.4.00 – 2.4.26). Remote code execution possible. Restrict network access & monitor pop3wallpasswd. Patch pending. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture fallback
ケイ | 副業Webライター📖 @keiwork35.bsky.social
GUARDIANWALL MailSuiteの脆弱性とは?影響範囲や悪用状況、対策をわかりやすく解説 本記事では、GUARDIANWALL MailSuiteの脆弱性(CVE-2026-32661)の概要、影響を受ける環境、想定されるリスク、利用者が取るべき対策をわかりやすく解説します。
  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-30893

Overview

  • wazuh
  • wazuh
29 Apr 2026
Published
29 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.0)
EPSS
0.08%
KEV

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the intended extraction directory on other cluster nodes. This can be escalated to code execution in the Wazuh service context by overwriting Python modules loaded by Wazuh components (proof of concept available as separate attachment). In deployments where the cluster daemon runs with elevated privileges, system-level compromise is possible. This issue has been patched in version 4.14.4.

Statistics

  • 2 Posts
Last activity: 15 hours ago

Fediverse

Profile picture fallback
benzogaga33 :verified: @benzogaga33

Wazuh – CVE-2026-30893 : un patch est disponible pour cette faille critique it-connect.fr/wazuh-cve-2026-3 #ActuCybersécurité #Cybersécurité #Vulnérabilité

  • 0
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture fallback
IT-Connect @it-connect.bsky.social
➡️ Wazuh - Un patch est disponible Une faille de sécurité critique, associée à la référence CVE-2026-30893 et affichant un score CVSS de 9.9, a été révélée récemment au sein de Wazuh. 🛡️ Quels sont les risques ? Comment se protéger ? www.it-connect.fr/wazuh-cve-20... #CVE #Wazuh
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-31431

Overview

  • Linux
  • Linux
22 Apr 2026
Published
12 May 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
2.57%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Statistics

  • 2 Posts
Last activity: Last hour

Bluesky

Profile picture fallback
ICS Advisory Project @advisoryics.bsky.social
New ICSAP Analysis Report: Copy Fail (CVE-2026-31431) and Linux exposure across ICS products. Of 3,800 CISA ICS advisories, only 0.8% name Linux. Asset owners can't assess exposure from advisory text alone. drive.google.com/file/d/1CDvy... #OTSecurity #ICSSecurity #CopyFail #ICSAP
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
小众软件 @appinn.bsky.social
从4月30日至今,Linux 已经连爆三起提权漏洞,只需要一行代码,立即获得系统 root 权限。 2026年4月30日:Copy Fail:2017年至今的漏洞,一个脚本获得 Linux root 管理员权限|CVE-2026-31431 2026年5月8日:Linux 又爆 Dirty Frag
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-7482

Overview

  • ollama
  • ollama
  • ollama/ollama
04 May 2026
Published
04 May 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.10%
KEV

Description

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and server/quantization.go (WriteTo()), the server reads past the allocated heap buffer. The leaked memory contents may include environment variables, API keys, system prompts, and concurrent users' conversation data, and can be exfiltrated by uploading the resulting model artifact through the /api/push endpoint to an attacker-controlled registry. The /api/create and /api/push endpoints have no authentication in the upstream distribution. Default deployments bind to 127.0.0.1, but the documented OLLAMA_HOST=0.0.0.0 configuration is widely used in practice (large public-internet exposure observed).

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 23 hours ago

Fediverse

Profile picture fallback
knoppix @knoppix95

Ollama fixed CVE-2026-7482 in v0.17.1, a critical out-of-bounds read flaw that could leak API keys, prompts, and chat data from exposed servers via crafted GGUF files. 🔓
Researchers also disclosed unpatched Windows update flaws enabling persistent code execution through unsigned updates and path traversal in Ollama 0.12.10–0.17.5. ⚠️

🔗 thehackernews.com/2026/05/olla

#TechNews #Ollama #LLM #AI #Cybersecurity #OpenSource #FOSS #Privacy #Infosec #Windows #Linux #Security #Servers #DataBreach #Technology

  • 4
  • 4
  • 0
  • 23h ago

CVE-2026-32202

Overview

  • Microsoft
  • Windows 10 Version 1607
14 Apr 2026
Published
12 May 2026
Updated
CVSS v3.1
MEDIUM (4.3)
EPSS
7.19%
KEV

Description

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

CISA Adds CVE-2026-32202 to KEV Catalog as APT28 Actively Exploits Zero-Click Windows Shell Flaw
#CyberSecurity
securebulletin.com/cisa-adds-c

  • 4
  • 0
  • 0
  • 14h ago

CVE-2026-2291

Overview

  • dnsmasq
  • dnsmasq
11 May 2026
Published
13 May 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.

Statistics

  • 1 Post
  • 5 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Michel Lind :fedora: :debian: @michelin

If you use #dnsmasq on @fedora or @centos Stream - be aware that there are recently disclosed CVEs - kb.cert.org/vuls/id/471747

@SUSE at least rates one of them a 9.2 on the CVSS 4.0 scale

suse.com/security/cve/CVE-2026

Fedora updates for stable releases are about to hit testing: bodhi.fedoraproject.org/update

and if you have the #CentOSHyperscale repo enabled you can `sudo dnf install centos-release-hyperscale-testing && sudo dnf update 'dnsmasq*'`

Please give feedback for the Fedora builds and for the Hyperscale ones if you give them a spin!

gitlab.com/CentOS/Hyperscale/r

As of the time of posting there is no advisory from #RedHat yet

#Fedora
#CentOS
#CentOS_Stream

  • 2
  • 3
  • 0
  • 11h ago

CVE-2025-8088

Overview

  • win.rar GmbH
  • WinRAR
08 Aug 2025
Published
26 Feb 2026
Updated
CVSS v4.0
HIGH (8.4)
EPSS
8.29%
KEV

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 17 hours ago

Bluesky

Profile picture fallback
780th Military Intelligence Brigade (Cyber) @780thmibdecyber.bsky.social
Gamaredon, also known as Aqua Blizzard, Primitive Bear, Shuckworm or UAC-0010, has been exploiting CVE-2025-8088 to target Ukrainian organizations. Harfang Lab harfanglab.io/insidethelab...
  • 1
  • 3
  • 0
  • 17h ago

CVE-2026-44194

Overview

  • opnsense
  • core
13 May 2026
Published
13 May 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
Pending
KEV

Description

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatting their malicious payload as a compliant email address, allowing shell commands to reach the underlying operating system. The flaw exists in the local user synchronization flow, within core/src/opnsense/scripts/auth/sync_user.php. This vulnerability is fixed in 26.1.8.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CVE-2026-44194 (CVSS 9.1): OPNsense core <26.1.8 is vulnerable to OS command injection via sync_user.php. Authenticated users with user-management rights can gain root. Update to 26.1.8 ASAP. radar.offseq.com/threat/cve-20

  • 1
  • 1
  • 0
  • 2h ago

CVE-2026-21535

Overview

  • Microsoft
  • Microsoft Teams
19 Feb 2026
Published
11 May 2026
Updated
CVSS v3.1
HIGH (8.2)
EPSS
0.09%
KEV

Description

Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 19 hours ago

Fediverse

Profile picture fallback
Vito Botta @vitobotta

CVE-2026-21535: unauthenticated info disclosure in Microsoft Teams. Network access is all an attacker needs, no credentials at all. The app sitting open on every corporate laptop right now. Go patch it. bleepingcomputer.com/news/micr

  • 1
  • 1
  • 0
  • 19h ago
Showing 11 to 20 of 82 CVEs