24h | 7d | 30d

Overview

  • Samsung Mobile
  • Samsung Mobile Devices

07 Jan 2022
Published
21 Oct 2025
Updated

CVSS v3.1
MEDIUM (5.0)
EPSS
0.16%

Description

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 17 hours ago

Fediverse

Profile picture fallback

Here's the good read of the day, more interesting part is the exploitation tricks at the end of the post soez.github.io/posts/CVE-2022- by @javierprtd

  • 1
  • 2
  • 0
  • 17h ago

Overview

  • librenms
  • librenms

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.00%

KEV

Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 13 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-26990 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnera... https://www.cyberhub.blog/cves/CVE-2026-26990
  • 0
  • 1
  • 0
  • 13h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 9 hours ago

Fediverse

Profile picture fallback

Found a couple of bugs in Mastodon.
One of them just received CVE-2026-27477.
Keeping you safe, one line of code at a time.

  • 0
  • 1
  • 1
  • 9h ago

Overview

  • Microsoft
  • Azure Core shared client library for Python

13 Jan 2026
Published
13 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
1.47%

KEV

Description

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
Just published a deep dive on the latest #Fedora 42 security advisory for Azure CLI (CVE-2026-21226). If you're using Azure tools on Fedora, you need to see this. Read more: 👉 tinyurl.com/2s3e5ehr #Security
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Microsoft
  • Windows Server version 2004

17 Aug 2020
Published
21 Oct 2025
Updated

CVSS v3.1
MEDIUM (5.5)
EPSS
94.38%

Description

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture fallback

What’s more dangerous?
A) Zero-days
B) Unpatched one-year-old CVEs
C) Assets you forgot existed
Attackers already chose B + C.
Example:
CVE-2020-1472 (Zerologon) — still exploited in 2026.
🔗 Why it still works:
cvedatabase.com/cve/CVE-2020-1
#CyberSecurity #VulnerabilityManagement

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • akuity
  • kargo

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
Pending

KEV

Description

Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. Specially crafted payloads can manifest a bug present in the logic of both endpoints to inject arbitrary resources (of specific types only) into the underlying namespace of an existing Project using the API server's own permissions when that behavior was not intended. Critically, an attacker may exploit this as a vector for elevating their own permissions, which can then be leveraged to achieve remote code execution or secret exfiltration. Exfiltrated artifact repository credentials can be leveraged, in turn, to execute further attacks. In some configurations of the Kargo control plane's underlying Kubernetes cluster, elevated permissions may additionally be leveraged to achieve remote code execution or secret exfiltration using kubectl. This can reduce the complexity of the attack, however, worst case scenarios remain entirely achievable even without this. This vulnerability is fixed in v1.7.8, v1.8.11, and v1.9.3.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL vuln: CVE-2026-27112 in akuity kargo (v1.7.0 – 1.9.2) enables resource injection & privilege escalation via batch API endpoints. Patch to 1.7.8/1.8.11/1.9.3+ ASAP. Monitor logs & restrict API access. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • TryGhost
  • Ghost

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.4)
EPSS
0.08%

KEV

Description

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-26980 - Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the datab... https://www.cyberhub.blog/cves/CVE-2026-26980
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • libexpat project
  • libexpat

30 Jan 2026
Published
03 Feb 2026
Updated

CVSS v3.1
MEDIUM (6.9)
EPSS
0.01%

KEV

Description

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2026-25210 impacts expat in 7 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/425 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Pending

19 Feb 2026
Published
19 Feb 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are registered in the system through observable response discrepancy.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
CVE-2026-26744: How a Small Bug Bump Can Lead to Big Security Wins + Video Introduction: In the world of cybersecurity, not every vulnerability leads to a system-wide compromise or makes headlines. However, the discovery and disclosure of even minor flaws are the bedrock of a resilient digital…
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Splunk
  • Splunk Enterprise

01 Jul 2024
Published
28 Feb 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
93.52%

KEV

Description

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
Splunk Windows Vulnerability: From Low-Privilege User to SYSTEM in Minutes + Video Introduction: A recently disclosed high-severity vulnerability in Splunk Enterprise for Windows (CVE-2024-36991) exposes a critical flaw where any low-privileged local user can hijack the DLL search order to execute…
  • 0
  • 0
  • 0
  • 22h ago
Showing 11 to 20 of 70 CVEs