Overview
- OpenPrinting
- cups
03 Apr 2026
Published
06 Apr 2026
Updated
CVSS v4.0
MEDIUM (5.0)
EPSS
0.01%
KEV
Description
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That token is enough to drive /admin/ requests on localhost, and the attacker can combine CUPS-Create-Local-Printer with printer-is-shared=true to persist a file:///... queue even though the normal FileDevice policy rejects such URIs. Printing to that queue gives an arbitrary root file overwrite; the PoC below uses that primitive to drop a sudoers fragment and demonstrate root command execution. At time of publication, there are no publicly available patches.
Statistics
- 3 Posts
- 1 Interaction
Last activity: 9 hours ago
Fediverse
Spooler Alert: Remote Unauth'd RCE-to-root Chain in CUPS
https://heyitsas.im/posts/cups/
More LLM bugs: CVE-2026-34980 and CVE-2026-34990
https://heyitsas.im/posts/cups/
More LLM bugs: CVE-2026-34980 and CVE-2026-34990
Bluesky
Spooler Alert: Remote Unauth'd RCE-to-root Chain in CUPS
heyitsas.im ->
More LLM bugs: CVE-2026-34980 and CVE-2026-34990
Original->
Overview
- FontForge
- FontForge
31 Dec 2025
Published
31 Dec 2025
Updated
CVSS v3.0
HIGH (8.8)
EPSS
0.20%
KEV
Description
FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated array. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28563.
Statistics
- 1 Post
Last activity: 8 hours ago
Overview
Description
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Statistics
- 1 Post
Last activity: 2 hours ago
Overview
- nyariv
- SandboxJS
06 Apr 2026
Published
06 Apr 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.06%
KEV
Description
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for example Math.random = ...), but this protection can be bypassed through an exposed callable constructor path: this.constructor.call(target, attackerObject). Because this.constructor resolves to the internal SandboxGlobal function and Function.prototype.call is allowed, attacker code can write arbitrary properties into host global objects and persist those mutations across sandbox instances in the same process. This vulnerability is fixed in 0.8.36.
Statistics
- 1 Post
Last activity: Last hour
Overview
- Progress Software
- Telerik UI for ASP.NET AJAX
14 May 2025
Published
27 Aug 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.60%
KEV
Description
In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.
Statistics
- 1 Post
Last activity: 21 hours ago
Overview
- Go standard library
- html/template
- html/template
08 Apr 2026
Published
08 Apr 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV
Description
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.
Statistics
- 1 Post
Last activity: 13 hours ago
Overview
- Six Apart Ltd.
- Movable Type
08 Apr 2026
Published
08 Apr 2026
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
0.05%
KEV
Description
Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.
Statistics
- 1 Post
Last activity: 15 hours ago
Fediverse
🚨 CRITICAL: CVE-2026-25776 impacts Six Apart Movable Type ≤9.1.0. Unauthenticated code injection enables remote Perl script execution. No patch yet — restrict access & monitor. More info: https://radar.offseq.com/threat/cve-2026-25776-code-injection-in-six-apart-ltd-mov-c0a38b7e #OffSeq #Vuln #InfoSec #CVE #WebSecurity
Overview
- felixmartinez
- Users manager – PN
08 Apr 2026
Published
08 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.42%
KEV
Description
The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1.1.15. This is due to a flawed authorization logic check in the userspn_ajax_nopriv_server() function within the 'userspn_form_save' case. The conditional only blocks unauthenticated users when the user_id is empty, but when a non-empty user_id is supplied, execution bypasses this check entirely and proceeds to update arbitrary user meta via update_user_meta() without any authentication or authorization verification. Additionally, the nonce required for this AJAX endpoint ('userspn-nonce') is exposed to all visitors via wp_localize_script on the public wp_enqueue_scripts hook, rendering the nonce check ineffective as a security control. This makes it possible for unauthenticated attackers to update arbitrary user metadata for any user account, including the userspn_secret_token field.
Statistics
- 1 Post
Last activity: 19 hours ago
Fediverse
🔥 CRITICAL: CVE-2026-4003 in Users manager – PN for WordPress allows unauthenticated attackers to escalate privileges via arbitrary user meta updates. Disable plugin ASAP and monitor for patches. https://radar.offseq.com/threat/cve-2026-4003-cwe-862-missing-authorization-in-fel-3d2461b4 #OffSeq #WordPress #Vuln #PrivilegeEscalation
Overview
- Go standard library
- crypto/x509
- crypto/x509
08 Apr 2026
Published
08 Apr 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV
Description
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.
Statistics
- 1 Post
Last activity: 13 hours ago
Overview
Description
npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25430.
Statistics
- 1 Post
Last activity: 4 hours ago