24h | 7d | 30d

Overview

  • Mozilla
  • Firefox

24 Feb 2026
Published
26 Feb 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 3 hours ago

Fediverse

Profile picture fallback

Oh look, a 9.8 critical vulnerability in the NSS service used by #Firefox and #Thunderbird.

#CVE #CVE-2026-2781

nvd.nist.gov/vuln/detail/CVE-2

  • 0
  • 1
  • 0
  • 3h ago

Overview

  • anthropics
  • claude-code

03 Oct 2025
Published
03 Oct 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.10%

KEV

Description

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 12 hours ago

Bluesky

Profile picture fallback
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 #machinelearning #ai
  • 0
  • 1
  • 0
  • 12h ago

Overview

  • langflow-ai
  • langflow

26 Feb 2026
Published
27 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.29%

KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 2 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-27966 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow... https://www.cyberhub.blog/cves/CVE-2026-27966
  • 0
  • 1
  • 0
  • 2h ago

Overview

  • hoppscotch
  • hoppscotch

26 Feb 2026
Published
27 Feb 2026
Updated

CVSS v3.1
HIGH (8.3)
EPSS
0.04%

KEV

Description

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal environment by ID. `user-environments.resolver.ts:82-109`, `updateUserEnvironment` mutation uses `@UseGuards(GqlAuthGuard)` but is missing the `@GqlUser()` decorator entirely. The user's identity is never extracted, so the service receives only the environment ID and performs a `prisma.userEnvironment.update({ where: { id } })` without any ownership filter. `deleteUserEnvironment` does extract the user but the service only uses the UID to check if the target is a global environment. Actual delete query uses WHERE { id } without AND userUid. hoppscotch environments store API keys, auth tokens and secrets used in API requests. An authenticated attacker who obtains another user's environment ID can read their secrets, replace them with malicious values or delete them entirely. The environment ID format is CUID, which limits mass exploitation but insider threat and combined info leak scenarios are realistic. Version 2026.2.0 fixes the issue.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 9 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-28216 - hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's person... https://www.cyberhub.blog/cves/CVE-2026-28216
  • 0
  • 1
  • 0
  • 9h ago

Overview

  • openemr
  • openemr

25 Feb 2026
Published
26 Feb 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.03%

KEV

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in `apis/routes/_rest_routes_standard.inc.php` does not call `RestConfig::request_authorization_check()` for the document and insurance routes. Other patient routes in the same file (e.g. encounters, patients/med) call it with the appropriate ACL. As a result, any valid API bearer token can access or modify every patient's documents and insurance data, regardless of the token’s OpenEMR ACLs—effectively exposing all document and insurance PHI to any authenticated API client. Version 8.0.0 patches the issue.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 6 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-25164 - OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route ta... https://www.cyberhub.blog/cves/CVE-2026-25164
  • 0
  • 1
  • 0
  • 6h ago

Overview

  • pyasn1
  • pyasn1

16 Jan 2026
Published
01 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.02%

KEV

Description

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 9 hours ago

Bluesky

Profile picture fallback
Heads up, #SUSE Linux community! A new security advisory (2026-20482-1) drops for python-pyasn1. We're looking at CVE-2026-23490, a classic but nasty DoS issue with a 7.5 CVSS score—memory exhaustion via malformed OIDs. Read more: 👉 tinyurl.com/3usjhrdd #Security
  • 0
  • 1
  • 0
  • 9h ago

Overview

  • NaturalIntelligence
  • fast-xml-parser

26 Feb 2026
Published
26 Feb 2026
Updated

CVSS v4.0
LOW (2.7)
EPSS
0.04%

KEV

Description

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `preserveOrder:true`. Version 5.3.8 fixes the issue. As a workaround, use XML builder with `preserveOrder:false` or check the input data before passing to builder.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
🚨 New LOW CVE detected in AWS Lambda 🚨 CVE-2026-27942 impacts fast-xml-parser in 4 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/430 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • OpenStack
  • Vitrage

27 Feb 2026
Published
27 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.08%

KEV

Description

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise of the Vitrage service. All deployments exposing the Vitrage API are affected. This occurs in _create_query_function in vitrage/graph/query.py.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: CVE-2026-28370 in OpenStack Vitrage (CVSS 9.1) enables authenticated RCE via eval injection in query parser. Upgrade to fixed versions, restrict API access, and monitor logs. Affects 0, 13.0.0, 14.0.0, 15.0.0. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • rucio
  • rucio

25 Feb 2026
Published
26 Feb 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.03%

KEV

Description

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessage of the WebUI 500 error which could allow attackers to steal login session tokens of users who navigate to a specially crafted URL. Versions 35.8.3, 38.5.4, and 39.3.1 fix the issue.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-25136 - Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies... https://www.cyberhub.blog/cves/CVE-2026-25136
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • GNU
  • libopts

09 Aug 2025
Published
11 Aug 2025
Updated

CVSS v4.0
MEDIUM (4.8)
EPSS
0.03%

KEV

Description

A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this "bug appears to be in libopts which is an external library." This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
Heads up, self-hosters and enterprise sysadmins! 🛡️ A new patch for #openSUSE Leap 16.0 is out addressing CVE-2025-8746 in Autogen. Read more: 👉 tinyurl.com/mtrvh4va #Security
  • 0
  • 0
  • 0
  • 13h ago
Showing 11 to 20 of 78 CVEs