24h | 7d | 30d

Overview

  • Samsung Mobile
  • Samsung Mobile Devices

07 Jan 2022
Published
21 Oct 2025
Updated

CVSS v3.1
MEDIUM (5.0)
EPSS
0.16%

Description

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 10 hours ago

Fediverse

Profile picture fallback

Here's the good read of the day, more interesting part is the exploitation tricks at the end of the post soez.github.io/posts/CVE-2022- by @javierprtd

  • 1
  • 2
  • 0
  • 10h ago

Overview

  • nikkhokkho
  • FileOptimizer

18 Feb 2026
Published
19 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.03%

KEV

Description

FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when opening options.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 22 hours ago

Bluesky

Profile picture fallback
📌 CVE-2019-25358 https://www.cyberhub.blog/article/alert-cve-2019-25358
  • 0
  • 1
  • 0
  • 22h ago

Overview

  • librenms
  • librenms

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.00%

KEV

Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 6 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-26990 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnera... https://www.cyberhub.blog/cves/CVE-2026-26990
  • 0
  • 1
  • 0
  • 6h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 2 hours ago

Fediverse

Profile picture fallback

Found a couple of bugs in Mastodon.
One of them just received CVE-2026-27477.
Keeping you safe, one line of code at a time.

  • 0
  • 1
  • 1
  • 2h ago

Overview

  • Genivia Inc.
  • gSOAP

18 Feb 2026
Published
19 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.43%

KEV

Description

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal sequences.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
📌 CVE-2019-25355 https://www.cyberhub.blog/article/alert-cve-2019-25355
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Tsinghua Unigroup
  • Electronic Archives System

18 Feb 2026
Published
19 Feb 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.04%

KEV

Description

A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-2684 https://www.cyberhub.blog/article/alert-cve-2026-2684
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • kovidgoyal
  • calibre

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.01%

KEV

Description

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. Function extract_pictures only checks startswith('Pictures'), and does not sanitize '..' sequences. calibre's own ZipFile.extractall() in utils/zipfile.py does sanitize '..' via _get_targetpath(), but extract_pictures() bypasses this by using manual zf.read() + open(). This issue has been fixed in version 9.3.0.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture fallback

🛑 CRITICAL CVE-2026-26064 in calibre <9.3.0: Path traversal in extract_pictures enables arbitrary file writes & remote code execution on Windows. Patch to 9.3.0+ ASAP. User interaction required. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Splunk
  • Splunk Enterprise

01 Jul 2024
Published
28 Feb 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
93.52%

KEV

Description

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
Splunk Windows Vulnerability: From Low-Privilege User to SYSTEM in Minutes + Video Introduction: A recently disclosed high-severity vulnerability in Splunk Enterprise for Windows (CVE-2024-36991) exposes a critical flaw where any low-privileged local user can hijack the DLL search order to execute…
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • JetBrains
  • Hub

09 Feb 2026
Published
10 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.00%

KEV

Description

In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture fallback
JetBrains「Hub」で認証バイパスの重大な脆弱性(CVE-2026-25848)-管理者操作が不正実行される恐れ rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Alex4SSB
  • ADB-Explorer

19 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.01%

KEV

Description

ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the integrity or authenticity of the ADB binary path specified in the ManualAdbPath setting before executing it, allowing arbitrary code execution with the privileges of the current user. An attacker can exploit this by crafting a malicious App.txt settings file that points ManualAdbPath to an arbitrary executable, then convincing a victim to launch the application with a command-line argument directing it to the malicious configuration directory. This vulnerability could be leveraged through social engineering tactics, such as distributing a shortcut bundled with a crafted settings file in an archive, resulting in RCE upon application startup. Thus issue has been fixed in version 0.9.26021.

Statistics

  • 1 Post

Last activity: 23 hours ago

Fediverse

Profile picture fallback

CVE-2026-26959: HIGH severity vuln in Alex4SSB ADB-Explorer (<0.9.26021). Malicious config (App.txt) can trigger code execution if users launch app with a crafted argument. Upgrade ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 23h ago
Showing 11 to 20 of 88 CVEs