24h | 7d | 30d

CVE-2026-1340

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
32.27%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 3 Posts
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Jeroen Wiert Pluimers @wiert

@christopherkunz didn't see this in your Toots yet, but hope you already saw it somewhere else:

bsi.bund.de/SharedDocs/Cybersi

Version 1.3: Ivanti EPMM - Aktive Angriffe über Zero-Day Schwachstellen beobachtet

Schwachstellen CVE-2026-1281 und CVE-2026-1340

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
#cryptohagen @cryptohagen

2 nylige #0day (CVE-2026-1281 og CVE-2026-1340) i Ivanti EPMM-platformen er blevet udnyttet i siden mindst sommeren 2025

Tysklands 🇩🇪 cyber-sikkerheds-agentur har fundet beviser for kompromittering under efterforskningen af angrebene

De 2 zero-days er blevet knyttet til angreb på det hollandske 🇳🇱 data-beskyttelses-agentur og Europa-Kommissionen 🇪🇺

Palo Alto Networks har nogle detaljer om angrebene, som nu omfatter både spionage og cyber-kriminalitet
unit42.paloaltonetworks.com/iv

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
Exploitation of two patched Ivanti EPMM critical vulnerabilities (CVE-2026-1281, CVE-2026-1340) has surged, enabling remote unauthenticated code execution and full MDM compromise.
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-1281

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
43.87%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 3 Posts
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Jeroen Wiert Pluimers @wiert

@christopherkunz didn't see this in your Toots yet, but hope you already saw it somewhere else:

bsi.bund.de/SharedDocs/Cybersi

Version 1.3: Ivanti EPMM - Aktive Angriffe über Zero-Day Schwachstellen beobachtet

Schwachstellen CVE-2026-1281 und CVE-2026-1340

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
#cryptohagen @cryptohagen

2 nylige #0day (CVE-2026-1281 og CVE-2026-1340) i Ivanti EPMM-platformen er blevet udnyttet i siden mindst sommeren 2025

Tysklands 🇩🇪 cyber-sikkerheds-agentur har fundet beviser for kompromittering under efterforskningen af angrebene

De 2 zero-days er blevet knyttet til angreb på det hollandske 🇳🇱 data-beskyttelses-agentur og Europa-Kommissionen 🇪🇺

Palo Alto Networks har nogle detaljer om angrebene, som nu omfatter både spionage og cyber-kriminalitet
unit42.paloaltonetworks.com/iv

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
Exploitation of two patched Ivanti EPMM critical vulnerabilities (CVE-2026-1281, CVE-2026-1340) has surged, enabling remote unauthenticated code execution and full MDM compromise.
  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-7676

Overview

  • Microsoft, Inc
  • Windows 11
28 Jul 2025
Published
28 Jul 2025
Updated
CVSS v4.0
MEDIUM (5.4)
EPSS
0.02%
KEV

Description

DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to load Base DLLs that would ordinarily not be loaded from the application directory. Fixed in release 24H2, but present in all earlier versions of Windows 11 for ARM CPUs.

Statistics

  • 1 Post
  • 18 Interactions
Last activity: 20 hours ago

Fediverse

Profile picture fallback
Jimmy Wylie @mayahustle

I earned my first CVE credit (CVE-2025-7676) for helping with a Windows ARM vuln. So, to commemorate the credit, @reverseics presented me last week with a Trophy of Perpetual Futility, because there’s always more work to do.

raw.githubusercontent.com/reid

  • 1
  • 17
  • 0
  • 20h ago

CVE-2025-29824

Overview

  • Microsoft
  • Windows 10 Version 1507
08 Apr 2025
Published
13 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.47%
KEV

Description

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 20 hours ago

Bluesky

Profile picture fallback
The DFIR Report @thedfirreport.bsky.social
SEO poisoning ➡️ Fake RVTools ➡️ Python backdoor ➡️ PipeMagic ➡️ CVE-2025-29824 ➡️ #Ransomexx — domain-wide in <19 hrs. The Python backdoor connected to azure-secure-agent[.]com (87.251.67[.]241), enabling cmd/PowerShell exec, payload download, screenshots, and IP discovery.
  • 0
  • 2
  • 0
  • 20h ago

CVE-2019-25358

Overview

  • nikkhokkho
  • FileOptimizer
18 Feb 2026
Published
19 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.03%
KEV

Description

FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when opening options.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2019-25358 https://www.cyberhub.blog/article/alert-cve-2019-25358
  • 0
  • 1
  • 0
  • 9h ago

CVE-2025-65716

Overview

  • Pending
16 Feb 2026
Published
17 Feb 2026
Updated
CVSS
Pending
EPSS
0.05%
KEV

Description

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
stephen ryner jr. 🦉 @nuthatch

"OX Security discovered a vulnerability (CVE-2025-65716) in Markdown Preview Enhanced that enables a crafted Markdown file to execute JavaScript in the Markdown preview, allowing local port enumeration and exfiltration to an attacker-controlled server."

ox.security/blog/cve-2025-6571

  • 0
  • 1
  • 0
  • 11h ago

CVE-2026-26980

Overview

  • TryGhost
  • Ghost
20 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.4)
EPSS
Pending
KEV

Description

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CVE-2026-26980: CRITICAL SQL Injection in TryGhost Ghost CMS (3.24.0 – 6.19.0). Unauth attackers can read DB data remotely. Patch to 6.19.1 now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

CVE-2019-25355

Overview

  • Genivia Inc.
  • gSOAP
18 Feb 2026
Published
19 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.43%
KEV

Description

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal sequences.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2019-25355 https://www.cyberhub.blog/article/alert-cve-2019-25355
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-2684

Overview

  • Tsinghua Unigroup
  • Electronic Archives System
18 Feb 2026
Published
19 Feb 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.04%
KEV

Description

A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-2684 https://www.cyberhub.blog/article/alert-cve-2026-2684
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-26064

Overview

  • kovidgoyal
  • calibre
20 Feb 2026
Published
20 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. Function extract_pictures only checks startswith('Pictures'), and does not sanitize '..' sequences. calibre's own ZipFile.extractall() in utils/zipfile.py does sanitize '..' via _get_targetpath(), but extract_pictures() bypasses this by using manual zf.read() + open(). This issue has been fixed in version 9.3.0.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🛑 CRITICAL CVE-2026-26064 in calibre <9.3.0: Path traversal in extract_pictures enables arbitrary file writes & remote code execution on Windows. Patch to 9.3.0+ ASAP. User interaction required. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago
Showing 11 to 20 of 84 CVEs