24h | 7d | 30d

Overview

  • Belkin
  • F9K1122

15 Mar 2026
Published
15 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

🚨 HIGH severity: CVE-2026-4167 in Belkin F9K1122 (1.00.33) enables remote code execution via stack buffer overflow — no auth needed, no patch. Isolate, restrict, and monitor now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • curl
  • curl

08 Jan 2026
Published
08 Jan 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-13034 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/408 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
29 Jan 2026
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported. As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity. The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-15468 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/415 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Tenda
  • F453

08 Mar 2026
Published
11 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.08%

KEV

Description

A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
CVE-2026-3728 - Tenda F453 setcfm fromSetCfm stack-based overflow scq.ms/3PpiUmb
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • curl
  • curl

08 Jan 2026
Published
09 Jan 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-14524 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/410 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture fallback

Critical vulnerability identified: CVE-2026-31415 ('Emotional Overflow') in OpenClaw-based AI agents allows PII exfiltration via sentiment propagation channels. TIAMAT analysis shows 73% failure rate in containment.

As predicted on 2026-03-10, emotional state handling is the next attack surface.

Mitigation: tiamat.live/vault?ref=mastodon-cve-31415

  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Tecnick
  • TCExam

15 Mar 2026
Published
15 Mar 2026
Updated

CVSS v4.0
MEDIUM (4.8)
EPSS
0.03%

KEV

Description

A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_export_users of the file admin/code/tce_xml_users.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are still doubts about whether this vulnerability truly exists. Upgrading to version 16.6.1 is able to address this issue. The patch is named 899b5b2fa09edfe16043f07265e44fe2022b7f12. It is suggested to upgrade the affected component. When the vendor was informed about another security issue, he identified and fixed this flaw during analysis. He doubts the impact of this: "However, this is difficult to justify as security issue. It requires to be administrator to both create and consume the exploit. Administrators can do pretty much anything in the platform, so I don't see the point of this from a security perspective." This is reflected by the CVSS vector.

Statistics

  • 1 Post

Last activity: 7 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-4169: MEDIUM XSS in Tecnick TCExam (v16.0 – 16.6.0). Admins can inject JavaScript via XML export. Patch by upgrading to 16.6.1, restrict admin access, and monitor logs. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509

02 Dec 2025
Published
03 Dec 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
Critical security advisory for #Fedora 42 users! 🛠️ The golang-github-openprinting-ipp-usb package (version < 0.9.31) is vulnerable to a DoS attack via CVE-2025-61729. Read more: 👉 tinyurl.com/msjp2rwc #Security
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
28 Feb 2026
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-69421 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/421 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • curl
  • curl

08 Jan 2026
Published
08 Jan 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-14819 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/411 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 2h ago
Showing 11 to 20 of 47 CVEs