24h | 7d | 30d

CVE-2026-35393

Overview

  • patrickhener
  • goshs
06 Apr 2026
Published
06 Apr 2026
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
Pending
KEV

Description

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized. This vulnerability is fixed in 2.0.0-beta.3.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CVE-2026-35393: Critical path traversal in goshs (<2.0.0-beta.3). Remote attackers can write files anywhere via unsanitized POST uploads. Upgrade to 2.0.0-beta.3 now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

CVE-2025-47916

Overview

  • invisioncommunity
  • Invision Power Board
16 May 2025
Published
17 May 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
90.73%
KEV

Description

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
[CVE-2025-47916] Invision Community <= 5.0.6 (customCss) Remote Code Execution
  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-49825

Overview

  • gravitational
  • teleport
17 Jun 2025
Published
18 Jun 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
11.53%
KEV

Description

Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch.

Statistics

  • 1 Post
Last activity: 4 hours ago

Bluesky

Profile picture fallback
r/redteamsec bot @r-redteamsec.bsky.social
Exploiting CVE-2025-49825 (authentication bypass vulnerability in Teleport)
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-5281

Overview

  • Google
  • Chrome
01 Apr 2026
Published
02 Apr 2026
Updated
CVSS
Pending
EPSS
3.03%
KEV

Description

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture fallback
Sean C Higgins @seanchiggins.com
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-1114

Overview

  • parisneo
  • parisneo/lollms
07 Apr 2026
Published
07 Apr 2026
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
Pending
KEV

Description

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens (JWT). This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the secret key is obtained, the attacker can forge administrative tokens by modifying the JWT payload and resigning it with the cracked secret. This enables unauthorized users to escalate privileges, impersonate the administrator, and gain access to restricted endpoints. The issue is resolved in version 2.2.0.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔴 CRITICAL: CVE-2026-1114 in parisneo/lollms v2.1.0 — weak JWT secret lets attackers brute-force, forge admin tokens & escalate privileges. Patch to v2.2.0 now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-35535

Overview

  • Sudo project
  • Sudo
03 Apr 2026
Published
04 Apr 2026
Updated
CVSS v3.1
HIGH (7.4)
EPSS
0.00%
KEV

Description

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
SIOSセキュリティブログを更新しました。 sudoの脆弱性(High: CVE-2026-35535) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #sudo security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-35471

Overview

  • patrickhener
  • goshs
06 Apr 2026
Published
06 Apr 2026
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
Pending
KEV

Description

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile() missing return after path traversal check. This vulnerability is fixed in 2.0.0-beta.3.

Statistics

  • 2 Posts
Last activity: 2 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔔 CRITICAL: CVE-2026-35471 in patrickhener goshs (<2.0.0-beta.3) allows path traversal via tdeleteFile(), enabling attackers to access or delete files outside the intended directory. Upgrade to 2.0.0-beta.3 ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: goshs (<2.0.0-beta.3) vulnerable to path traversal (CVE-2026-35471). Remote attackers can access/delete files outside restricted dirs. Patch with 2.0.0-beta.3 ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-26817

Overview

  • Pending
03 Apr 2025
Published
29 May 2025
Updated
CVSS
Pending
EPSS
2.73%
KEV

Description

Netwrix Password Secure 9.2.0.32454 allows OS command injection.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
Authenticated Remote Code Execution in Netwrix Password Secure (CVE-2025-26817)
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-35392

Overview

  • patrickhener
  • goshs
06 Apr 2026
Published
06 Apr 2026
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
Pending
KEV

Description

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go has no path sanitization. This vulnerability is fixed in 2.0.0-beta.3.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CVE-2026-35392: goshs < 2.0.0-beta.3 has a CRITICAL path traversal flaw (CVSS 9.8). Remote attackers can write files anywhere on the server. Upgrade to 2.0.0-beta.3+ ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-14905

Overview

  • Red Hat
  • Red Hat Directory Server 11.5 E4S for RHEL 8
  • redhat-ds:11
23 Feb 2026
Published
31 Mar 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
The signal-to-noise ratio in enterprise Linux security just shifted. RLSA-2026:5513 (CVE-2025-14905) turns 389-ds-base into a critical auth bypass vector. Read more: 👉 tinyurl.com/573k2btn #Security #RockyLinux
  • 0
  • 0
  • 0
  • Last hour
Showing 11 to 20 of 29 CVEs