24h | 7d | 30d

CVE-2026-42208

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure https://securityaffairs.com/191483/hacking/cve-2026-42208-litellm-bug-exploited-36-hours-after-its-disclosure.html
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-42167

Overview

  • ProFTPD
  • ProFTPD
28 Apr 2026
Published
01 May 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
12.39%
KEV

Description

mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD - in an extension, not core
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-7333

Overview

  • Google
  • Chrome
28 Apr 2026
Published
30 Apr 2026
Updated
CVSS
Pending
EPSS
0.07%
KEV

Description

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
Last activity: 8 hours ago

Bluesky

Profile picture fallback
ケイ | 副業Webライター📖 @keiwork35.bsky.social
【脆弱性情報】 CVE-2026-7333 googleのchromeの脆弱性について CVE-2026-7333 googleのchromeの脆弱性について Google Chrome の GPU における Use after free の脆弱性により、147.0.7727.138 より前のバージョンでは、
  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-7584

Overview

  • Zurich Instruments
  • LabOne Q
  • laboneq
01 May 2026
Published
01 May 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target class or restriction on which modules could be imported. An attacker can craft a serialized experiment file that causes the deserialization engine to import and instantiate arbitrary Python classes with attacker-controlled constructor arguments, resulting in arbitrary code execution in the context of the user running the Python process. Exploitation requires the victim to load a malicious file using LabOne Q's deserialization functions, for example a compromised experiment file shared for collaboration or support purposes.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔒 HIGH-severity in Zurich Instruments LabOne Q (2.41.0, 26.4.0b1): CVE-2026-7584 enables arbitrary code exec via malicious experiment files. No patch yet — open files only from trusted sources. Monitor vendor updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-7546

Overview

  • Totolink
  • NR1800X
01 May 2026
Published
01 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%
KEV

Description

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: CVE-2026-7546 in Totolink NR1800X (v9.1.0u.6279_B20210910) — stack buffer overflow in lighttpd. Remote code execution possible. No patch yet. Limit device exposure & monitor vendor updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-4539

Overview

  • pygments
22 Mar 2026
Published
23 Mar 2026
Updated
CVSS v4.0
MEDIUM (4.8)
EPSS
0.01%
KEV

Description

A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
New guide: Understand & fix ReDoS in Pygments (CVE-2026-4539) on openSUSE. Includes verification commands, automation script, and 5 mitigation strategies when you can't patch. Read more-> tinyurl.com/muhbwmf5 #openSUSE
  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-33210

Overview

  • ruby
  • json
20 Mar 2026
Published
23 Mar 2026
Updated
CVSS v4.0
HIGH (8.3)
EPSS
0.04%
KEV

Description

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New CRITICAL CVE detected in AWS Lambda 🚨 CVE-2026-33210 impacts json in 1 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/485 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-42994

Overview

  • Bitwarden
  • Bitwarden CLI
01 May 2026
Published
01 May 2026
Updated
CVSS v4.0
HIGH (8.8)
EPSS
0.05%
KEV

Description

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚩 CVE-2026-42994: Bitwarden CLI v2026.4.0 (npm, Apr 2026) has a HIGH severity OS Command Injection (CVSS 8.8) due to a supply chain compromise. No patch yet. Avoid this version & verify installs. More info: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-14917

Overview

  • IBM
  • WebSphere Application Server - Liberty
25 Mar 2026
Published
27 Mar 2026
Updated
CVSS v3.1
MEDIUM (6.7)
EPSS
0.01%
KEV

Description

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture fallback
knaepp.bsky.social @knaepp.bsky.social
PH70078:IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14917 CVSS 6.7) https://tinyurl.com/22aozekr
  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-7538

Overview

  • Totolink
  • A8000RU
01 May 2026
Published
01 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.89%
KEV

Description

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CVE-2026-7538 (CRITICAL, CVSS 9.3): Totolink A8000RU 7.1cu.643_b20200521 OS command injection in CGI handler allows unauthenticated remote code execution. No patch — restrict access & monitor vendor updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago
Showing 11 to 20 of 21 CVEs