24h | 7d | 30d

Overview

  • CODESYS
  • CODESYS EtherNetIP

23 Apr 2026
Published
23 Apr 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 3 hours ago

Fediverse

Profile picture fallback

VDE-2026-040
CODESYS EtherNetIP - Improper timeout handling

CODESYS EtherNet/IP is an add‑on for the CODESYS Development System that provides a fully integrated EtherNet/IP protocol stack along with diagnostic capabilities. A flaw in the EtherNet/IP adapter protocol stack library results in a vulnerability within the generated application code. When an EtherNet/IP adapter is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.
CVE-2026-35225

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

  • 1
  • 1
  • 0
  • 3h ago

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
20 Mar 2026
Updated

CVSS
Pending
EPSS
0.70%

KEV

Description

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 6 hours ago

Fediverse

Profile picture fallback

VDE-2026-029
METTLER TOLEDO: OpenSSL vulnerability in MX and MR balances

MX/MR firmware V2.0.0 or earlier is affected by the OpenSSL vulnerability CVE-2025-15467.
CVE-2025-15467

certvde.com/en/advisories/vde-

mettler-toledo.csaf-tp.certvde

  • 1
  • 1
  • 0
  • 6h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 7 hours ago

Fediverse

Profile picture fallback

"ERB patches deserialization guard bypass enabling code execution"

Published 21 Apr 2026
Source: Ruby-lang.org Security Advisory
CVE-2026-41316

justappsec.com/news/2026-04-er

  • 0
  • 1
  • 0
  • 7h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts

Last activity: 23 hours ago

Bluesky

Profile picture fallback
You patched the StrongSwan infinite loop (CVE-2026-35328). Good. But do you know why your config was vulnerable? tinyurl.com/38zeyuwe
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
StrongSwan crashed again? CVE-2026-35328 isn't the last one. Stop playing whack-a-mole with patches. This book teaches crash-resistant VPN configs → amzn.to/4cEV8ea I earn a commission if you make a purchase. #ad #LinuxSecurity
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • coreruleset
  • coreruleset

08 Jan 2026
Published
09 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
0.07%

KEV

Description

The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has a legitimate charset. Versions 4.22.0 and 3.3.8 patch the issue.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture fallback
Progress Software社が、巧妙なWAFバイパスの脆弱性(CVE-2026-21876)を修正しました Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) #HelpNetSecurity (Apr 22) www.helpnetsecurity.com/2026/04/22/p...
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • luanti-org
  • luanti

23 Apr 2026
Published
23 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.0)
EPSS
0.07%

KEV

Description

Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the server-side mod, async and mapgen as well as the client-side (CSM) environments. This vulnerability is only exploitable when using LuaJIT. Version 5.15.2 contains a patch. On release versions, one can also patch this issue without recompiling by editing `builtin/init.lua` and adding the line `getfenv = nil` at the end. Note that this will break mods relying on this function (which is not inherently unsafe).

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture fallback

🔴 CVE-2026-41196: luanti 5.0.0 – 5.15.1 has a CRITICAL code injection vuln (CVSS 9.0). Malicious mods can break Lua sandbox with LuaJIT, gaining full filesystem access. Patch: upgrade to 5.15.2 or mitigate via getfenv = nil. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Meta
  • react-server-dom-webpack

03 Dec 2025
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
84.48%

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
An exposed server reveals AI-driven mass exploitation using Bissa Scanner and React2Shell (CVE-2025-55182), confirming 900+ breaches and harvesting thousands of credentials with Claude Code and Telegram bots. #BissaScanner #AIExploitation
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Beghelli
  • SicuroWeb (Sicuro24)

22 Apr 2026
Published
22 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.07%

KEV

Description

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator browser sessions, enabling session hijacking, DOM manipulation, and persistent browser compromise. Network-adjacent attackers can deliver the complete injection and escape chain via MITM in plaintext HTTP deployments without active user interaction.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

🛑 CVE-2026-41468: Beghelli SicuroWeb (Sicuro24) uses unmaintained AngularJS 1.5.2, allowing network-adjacent attackers to hijack sessions via MITM and template injection. Enforce HTTPS, monitor activity. No patch yet. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • langflow-ai
  • langflow

02 Jan 2026
Published
26 Feb 2026
Updated

CVSS v4.0
HIGH (8.8)
EPSS
6.97%

KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
📢 CVE-2026-21445 : Exploitation active d'un bypass d'authentification critique dans Langflow 📝 ## 🔍 Contexte Source : CrowdSec VulnTracking R… https://cyberveille.ch/posts/2026-04-23-cve-2026-21445-exploitation-active-d-un-bypass-d-authentification-critique-dans-langflow/ #AI_framework #Cyberveille
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • BorG Technology Corporation
  • Borg SPM 2007

23 Apr 2026
Published
23 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%

KEV

Description

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL SQL Injection (CVE-2026-6887) in BorG SPM 2007: unauthenticated remote attackers can manipulate databases. No patch, product EOL. Isolate or discontinue use ASAP. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago
Showing 11 to 20 of 47 CVEs