24h | 7d | 30d

CVE-2026-2210

Overview

  • D-Link
  • DIR-823X
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
0.20%
KEV

Description

A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub_4211C8 of the file /goform/set_filtering. Such manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ HIGH-severity OS command injection (CVE-2026-2210) in D-Link DIR-823X v250416 — remote, unauthenticated code execution possible. Patch firmware or restrict admin access now. European orgs: prioritize response! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-2175

Overview

  • D-Link
  • DIR-823X
08 Feb 2026
Published
09 Feb 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
0.19%
KEV

Description

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🛡️ CVE-2026-2175: HIGH severity OS command injection in D-Link DIR-823X (v250416) via /goform/set_upnp. No auth needed; public exploit out. Patch ASAP or disable UPnP & segment networks. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-27234

Overview

  • Zabbix
  • Zabbix
12 Sep 2025
Published
08 Feb 2026
Updated
CVSS v4.0
HIGH (7.3)
EPSS
0.06%
KEV

Description

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.

Statistics

  • 1 Post
Last activity: 23 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Security Advisory: #Debian LTS DLA-4473-1 patches a high-severity RCE in Zabbix (CVE-2025-27234). The smartctl plugin's lack of input sanitization allows argument injection into the underlying command. Read more: 👉 tinyurl.com/4dmk7ayh #Security
  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-21509

Overview

  • Microsoft
  • Microsoft Office 2019
26 Jan 2026
Published
06 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
2.91%
KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
How to detect CVE-2026-21509 exploits
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-2152

Overview

  • D-Link
  • DIR-615
08 Feb 2026
Published
08 Feb 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
0.19%
KEV

Description

A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 2 Posts
Last activity: 19 hours ago

Fediverse

Profile picture fallback
hbrpgm @hbrks

#Cve-2026-2152: Critical Command Injection in Legacy D-Link Router
A publicly exploitable, remote OS command injection flaw in the unmaintained D-Link #Dir-615 router poses a critical risk to consumer and small office networks.

🔗 p4u.xyz/ID_HW7Y74-Y/1 (🇩🇪🇺🇸🇫🇷)

#Cybersecurity #Security #Threatintel #Osint #Alert #Bot

  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
hbrpgm @hbrks

✨ Alerte #Cve-2026-2152 : Injection de commandes critiques sur le routeur D-Link #Dir-615
Une vulnérabilité publique et exploitée sur un équipement non maintenu représente un risque de priorité 1 pour les réseaux hérités.

🔗 p4u.xyz/ID_HW7Y74-Y/1 (🇩🇪🇺🇸🇫🇷)

#Cybersecurity #Security #Threatintel #Osint #Alert #Bot

  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-0858

Overview

  • net.sourceforge.plantuml:plantuml
16 Jan 2026
Published
16 Jan 2026
Updated
CVSS v4.0
MEDIUM (5.1)
EPSS
0.04%
KEV

Description

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to arbitrary script execution in the context of applications that render the SVG.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical security advisory: CVE-2026-0858 in PlantUML represents a stored cross-site scripting vulnerability enabling arbitrary script execution through GraphViz diagrams. Read more: 👉 tinyurl.com/3stzs37p #Fedora #Security
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-1615

Overview

  • jsonpath
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.22%
KEV

Description

All versions of the package jsonpath are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CVE-2026-1615: CRITICAL code injection in all jsonpath versions — RCE in Node.js, XSS in browsers. No patch yet. Audit dependencies, block untrusted JSON Path input, monitor for attacks. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-0041

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 4 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT for #openSUSE users: Critical Chromium patch (SUSE-2026-1861/CVE-2026-0041) is live. This high-severity vulnerability requires immediate action. Read more: 👉 tinyurl.com/4d4rc5uu #Security
  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-47910

Overview

  • Go standard library
  • net/http
  • net/http
22 Sep 2025
Published
24 Sep 2025
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 Critical update for #Fedora 42 users: node-exporter 1.10.2 patches multiple CVEs (CVE-2025-47910, 58189, etc.) - DoS, info leak, and bypass risks fixed. Read more: 👉 tinyurl.com/bdeskb2e #Security
  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-68670

Overview

  • neutrinolabs
  • xrdp
27 Jan 2026
Published
03 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.32%
KEV

Description

xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote attackers to execute arbitrary code on the target system. The vulnerability allows an attacker to overwrite the stack buffer and the return address, which could theoretically be used to redirect the execution flow. The impact of this vulnerability is lessened if a compiler flag has been used to build the xrdp executable with stack canary protection. If this is the case, a second vulnerability would need to be used to leak the stack canary value. Upgrade to version 0.10.5 to receive a patch. Additionally, do not rely on stack canary protection on production systems.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Security Advisory: Critical buffer overflow vulnerability (CVE-2025-68670) identified in xrdp implementation for #SUSE Linux distributions. Read more: 👉 tinyurl.com/msykptnz #Security
  • 0
  • 0
  • 0
  • 6h ago
Showing 11 to 20 of 39 CVEs