24h | 7d | 30d

CVE-2026-0509

Overview

  • SAP_SE
  • SAP NetWeaver Application Server ABAP and ABAP Platform
10 Feb 2026
Published
10 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.6)
EPSS
0.04%
KEV

Description

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 16 hours ago

Fediverse

Profile picture fallback
Uwe Fetzer @se38

3674774 - [CVE-2026-0509] Missing Authorization check in SAP NetWeaver Application Server #ABAP and ABAP Platform
me.sap.com/notes/3674774

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
SAP released 27 security notes including two critical vulnerabilities (CVE-2026-0488 and CVE-2026-0509) enabling database compromise and unauthorized background remote function calls.
  • 1
  • 0
  • 0
  • 16h ago

CVE-2026-21510

Overview

  • Microsoft
  • Windows 10 Version 1809
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Raphael @0x3e4

πŸ” CVE-2026-21510
CVE-2026-21510

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

πŸ“Š CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
πŸ“… Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21510
πŸ›‘οΈ CWE: CWE-693
πŸ”— CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
πŸ“š References: msrc.microsoft.com/update-guid cisa.gov/known-exploited-vulne

  • 0
  • 1
  • 0
  • 9h ago
Profile picture fallback
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CISA has added 6 vulnerabilities to the KEV Catalog

CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.

CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.

  • 0
  • 1
  • 0
  • 12h ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA added six new actively exploited vulnerabilities to its KEV catalog, urging immediate patching. - IOCs: CVE-2026-21510, CVE-2026-21513, CVE-2026-21514 - #CISA #KEV #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-21513

Overview

  • Microsoft
  • Windows 11 version 26H1
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Raphael @0x3e4

πŸ” CVE-2026-21513
CVE-2026-21513

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

πŸ“Š CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
πŸ“… Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21513
πŸ›‘οΈ CWE: CWE-693
πŸ”— CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
πŸ“š References: msrc.microsoft.com/update-guid cisa.gov/known-exploited-vulne

  • 0
  • 1
  • 0
  • 9h ago
Profile picture fallback
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CISA has added 6 vulnerabilities to the KEV Catalog

CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.

CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.

  • 0
  • 1
  • 0
  • 12h ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA added six new actively exploited vulnerabilities to its KEV catalog, urging immediate patching. - IOCs: CVE-2026-21510, CVE-2026-21513, CVE-2026-21514 - #CISA #KEV #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-21514

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Raphael @0x3e4

πŸ” CVE-2026-21514
CVE-2026-21514

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

πŸ“Š CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
πŸ“… Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21514
πŸ›‘οΈ CWE: CWE-807
πŸ”— CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
πŸ“š References: msrc.microsoft.com/update-guid cisa.gov/known-exploited-vulne

  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CISA has added 6 vulnerabilities to the KEV Catalog

CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.

CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.

  • 0
  • 1
  • 0
  • 12h ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA added six new actively exploited vulnerabilities to its KEV catalog, urging immediate patching. - IOCs: CVE-2026-21510, CVE-2026-21513, CVE-2026-21514 - #CISA #KEV #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-13154

Overview

  • Lenovo
  • Vantage
14 Jan 2026
Published
15 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.8)
EPSS
0.03%
KEV

Description

An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.

Statistics

  • 1 Post
  • 7 Interactions
Last activity: 23 hours ago

Bluesky

Profile picture fallback
Compass Security @compass-security.com
John Ostrowski (Compass Security) and Manuel Kiesel (Cyllective AG) worked together on CVE-2025-13154, a Lenovo Vantage LPE. Even after Microsoft closed a known primitive, collaboration led to a working PoC. blog.compass-security.com/2026/02/from... #Windows #CVE #SecurityResearch #PrivEsc
  • 3
  • 4
  • 0
  • 23h ago

CVE-2026-21519

Overview

  • Microsoft
  • Windows 10 Version 1809
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Raphael @0x3e4

πŸ” CVE-2026-21519
CVE-2026-21519

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

πŸ“Š CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
πŸ“… Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21519
πŸ›‘οΈ CWE: CWE-843
πŸ”— CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
πŸ“š References: msrc.microsoft.com/update-guid cisa.gov/known-exploited-vulne

  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CISA has added 6 vulnerabilities to the KEV Catalog

CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.

CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.

  • 0
  • 1
  • 0
  • 12h ago

CVE-2026-21525

Overview

  • Microsoft
  • Windows 10 Version 1809
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v3.1
MEDIUM (6.2)
EPSS
Pending
KEV

Description

Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Raphael @0x3e4

πŸ” CVE-2026-21525
CVE-2026-21525

Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

πŸ“Š CVSS Score: 6.2
⚠️ Severity: Medium
🚨 Exploited: true
πŸ“… Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21525
πŸ›‘οΈ CWE: CWE-476
πŸ”— CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (secure@microsoft.com)
πŸ“š References: msrc.microsoft.com/update-guid cisa.gov/known-exploited-vulne

  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CISA has added 6 vulnerabilities to the KEV Catalog

CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.

CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.

  • 0
  • 1
  • 0
  • 12h ago

CVE-2026-21533

Overview

  • Microsoft
  • Windows 11 version 26H1
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Raphael @0x3e4

πŸ” CVE-2026-21533
CVE-2026-21533

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

πŸ“Š CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
πŸ“… Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21533
πŸ›‘οΈ CWE: CWE-269
πŸ”— CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (secure@microsoft.com)
πŸ“š References: msrc.microsoft.com/update-guid cisa.gov/known-exploited-vulne

  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CISA has added 6 vulnerabilities to the KEV Catalog

CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.

CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.

  • 0
  • 1
  • 0
  • 12h ago

CVE-2015-10145

Overview

  • Gargoyle
  • Gargoyle Router Management Utility
31 Dec 2025
Published
02 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.10%
KEV

Description

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.

Statistics

  • 1 Post
  • 6 Interactions
Last activity: 17 hours ago

Fediverse

Profile picture fallback
hrbrmstr πŸ‡ΊπŸ‡¦ πŸ‡¬πŸ‡± πŸ‡¨πŸ‡¦ @hrbrmstr

@todb Oh mighty CVE Seer! Pray expound upon which arcane spell doth cause a 2025 birthed vulnerability to don a CVE-2015 prefix?

CVE-2015-10145 β€” Published: 2025-12-31

  • 1
  • 5
  • 0
  • 17h ago

CVE-2026-21925

Overview

  • Oracle Corporation
  • Oracle Java SE
20 Jan 2026
Published
21 Jan 2026
Updated
CVSS v3.1
MEDIUM (4.8)
EPSS
0.03%
KEV

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 11 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT: Patch #Java 17 OpenJDK on SUSE now. New update fixes 4 flaws (CVE-2026-21925 to 21945), including a 7.5 CVSS DoS bug. Affects #SLES, #openSUSE Leap, HPC. Read more: πŸ‘‰ tinyurl.com/r7amu53n #security
  • 1
  • 1
  • 0
  • 11h ago
Showing 11 to 20 of 45 CVEs