Overview
Description
Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Statistics
- 1 Post
Last activity: 18 hours ago
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
Last activity: 8 hours ago
Bluesky
Overview
Description
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
Statistics
- 1 Post
Last activity: 17 hours ago
Overview
- djangorestframework
26 Jun 2024
Published
31 Dec 2024
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
16.27%
KEV
Description
Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.
Statistics
- 1 Post
Last activity: 4 hours ago
Overview
Description
Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.
This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
Statistics
- 2 Posts
Last activity: 3 hours ago
Bluesky
URGENT: #Fedora 42 BIND DNS security flaw (CVE-2025-13878) patched. DoS via corrupt BRID/HHIT records Read more: 👉 tinyurl.com/yhtadmte #Security
Overview
Description
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Statistics
- 1 Post
Last activity: 4 hours ago
Bluesky
Overview
- Palo Alto Networks
- Cloud NGFW
15 Jan 2026
Published
30 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.6)
EPSS
0.06%
KEV
Description
A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.
Statistics
- 1 Post
Last activity: 12 hours ago
Overview
Description
Sudo before 1.9.13 does not escape control characters in log messages.
Statistics
- 1 Post
Last activity: 4 hours ago
Overview
- Google Cloud
- Gemini Enterprise (formerly Agentspace)
06 Feb 2026
Published
06 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.1)
EPSS
0.04%
KEV
Description
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an attacker to engage in "bucket squatting" by establishing these buckets before a victim's initial use.
All versions after December 12th, 2025 have been updated to protect from this vulnerability. No user action is required for this.
Statistics
- 1 Post
Last activity: 3 hours ago
Fediverse
CRITICAL: CVE-2026-1727 in Google Cloud Gemini Enterprise exposes sensitive info via predictable GCS bucket names (bucket squatting risk). All versions prior to Dec 12, 2025 are vulnerable — ensure you're patched! https://radar.offseq.com/threat/cve-2026-1727-cwe-200-exposure-of-sensitive-inform-c82534e3 #OffSeq #CloudSecurity #GoogleCloud #CVE2026_1727
Overview
Description
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Statistics
- 1 Post
Last activity: 3 hours ago