24h | 7d | 30d

Overview

  • kernel

07 Mar 2022
Published
21 Oct 2025
Updated

CVSS
Pending
EPSS
83.44%

Description

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 6 hours ago

Bluesky

Profile picture fallback
~Elastic~ Elastic details the evolution of Linux rootkits, covering userland, LKM, eBPF, and emerging io_uring hooking techniques. - IOCs: CVE-2022-0847 - #Linux #Rootkit #ThreatIntel
  • 0
  • 1
  • 0
  • 6h ago

Overview

  • discourse
  • discourse

26 Feb 2026
Published
27 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.03%

KEV

Description

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The `user_field_ids` parameter in `DirectoryItemsController#index` accepts arbitrary user field IDs without authorization checks, bypassing the visibility restrictions (`show_on_profile` / `show_on_user_card`) that are enforced elsewhere (e.g., `UserCardSerializer` via `Guardian#allowed_user_field_ids`). An attacker can request `GET /directory_items.json?period=all&user_field_ids=<id>` with any private field ID and receive that field's value for every user in the directory response. This enables bulk exfiltration of private user data such as phone numbers, addresses, or other sensitive custom fields that admins have explicitly configured as non-public. The issue is patched in versions 2025.12.2, 2026.1.1, and 2026.2.0 by filtering `user_field_ids` against `UserField.public_fields` for non-staff users before building the custom field map. As a workaround, site administrators can remove sensitive data from private user fields, or disable the user directory via the `enable_user_directory` site setting.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 21 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-26265 - Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items end... https://www.cyberhub.blog/cves/CVE-2026-26265
  • 0
  • 1
  • 0
  • 21h ago

Overview

  • Pending

Pending
Published
05 Sep 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

The unisharp/laravel-filemanager is a separate project, unrelated to laravel-filemanager.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 17 hours ago

Bluesky

Profile picture fallback
CVE-2025-58440: Remote Code Execution via Polyglot File Attack in Laravel FileManager – A Deep Dive + Video Introduction A newly disclosed vulnerability in the popular `unisharp/laravel-filemanager` package (versions ≤ 2.11) allows unauthenticated remote code execution (RCE) through a clever…
  • 0
  • 1
  • 0
  • 17h ago

Overview

  • Red Hat
  • Enterprise Linux 9
  • OpenSSH

01 Jul 2024
Published
11 Dec 2025
Updated

CVSS
Pending
EPSS
33.51%

KEV

Description

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
Critical OpenSSH Flaw Exposes Millions of Servers: RegreSSHion CVE-2024-6387 Deep Dive and Mitigation + Video Introduction: A critical signal handler race condition vulnerability, dubbed RegreSSHion (CVE-2024-6387), has been discovered in OpenSSH’s server component (sshd) on glibc-based Linux…
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Chargemap
  • chargemap.com

26 Feb 2026
Published
02 Mar 2026
Updated

CVSS v3.1
HIGH (7.3)
EPSS
0.04%

KEV

Description

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-25711 - The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same sessi... https://www.cyberhub.blog/cves/CVE-2026-25711
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • projectworlds
  • Online Art Gallery Shop

02 Mar 2026
Published
02 Mar 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%

KEV

Description

A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3406 - A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.ph... https://www.cyberhub.blog/cves/CVE-2026-3406
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Pending

02 Dec 2021
Published
04 Aug 2024
Updated

CVSS
Pending
EPSS
0.17%

KEV

Description

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
New security notice for the #Ubuntu community: USN-8067-1 patches a CSRF token bypass in Mailman (CVE-2021-44227). Read more: 👉 tinyurl.com/542zrwd3 #Security
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • wpeverest
  • User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

03 Mar 2026
Published
03 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.07%

KEV

Description

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-1492 (CRITICAL, CVSS 9.8): wpeverest User Registration plugin ≤5.1.2 lets unauthenticated attackers register admin accounts via improper privilege checks. Disable registrations & audit users urgently! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Tenda
  • F453

01 Mar 2026
Published
01 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromqossetting of the file /goform/qossetting. Executing a manipulation of the argument qos can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3378 - A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromqossetting of the file /goform/qossetting. Executing a manipulation of the ... https://www.cyberhub.blog/cves/CVE-2026-3378
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Tenda
  • F453

28 Feb 2026
Published
28 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3377 - A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Perfor... https://www.cyberhub.blog/cves/CVE-2026-3377
  • 0
  • 0
  • 0
  • 5h ago
Showing 11 to 20 of 63 CVEs