24h | 7d | 30d

Overview

  • Microsoft
  • Windows 10 Version 1809

10 Feb 2026
Published
11 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
1.67%

Description

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Statistics

  • 2 Posts

Last activity: 4 hours ago

Bluesky

Profile picture fallback
2026年2月のMicrosoft 定例パッチで6つのゼロデイ脆弱性に対処、まずはWindows端末の優先適用を(CVE-2026-21519他) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
「この内 CVE-2026-21510、CVE-2026-21513、CVE-2026-21514、CVE-2026-21519、CVE-2026-21525、CVE-2026-21533 の脆弱性について、Microsoft 社では悪用の事実を確認済みと公表しており、今後被害が拡大するおそれがあるため、至急、セキュリティ更新プログラムを適用してください。」
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Apple
  • macOS

11 Feb 2026
Published
11 Feb 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to gain root privileges.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 3 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-20617 (CRITICAL): Race condition lets malicious apps escalate to root on macOS & Apple OS. No exploits in the wild yet — patch to Sonoma 14.8.4, Tahoe 26.3 ASAP! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 3h ago

Overview

  • SmarterTools
  • SmarterMail

22 Jan 2026
Published
27 Jan 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
55.52%

Description

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 15 hours ago

Bluesky

Profile picture fallback
Storm-2603 Exploits CVE-2026-23760 to Stage Warlock Ransomware "This appears to be the first observed exploitation linking the China-based actor to the vulnerability as an entry point for its “Warlock” ransomware operations." ReliaQuest Threat Research reliaquest.com/blog/threat-...
  • 0
  • 1
  • 0
  • 15h ago

Overview

  • zyddnys
  • manga-image-translator
  • manga-image-translator

11 Feb 2026
Published
11 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simple_execute/{method} and /execute/{method} deserialize attacker-controlled request bodies using pickle.loads() without validation. Although a nonce-based authorization check is intended to restrict access, the nonce defaults to an empty string and the check is skipped, allowing remote attackers to execute arbitrary code in the server context by sending a crafted pickle payload.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 2 hours ago

Fediverse

Profile picture fallback

CVE-2026-26215: CRITICAL RCE in zyddnys manga-image-translator (beta-0.3 & earlier). Unauthenticated attackers can exploit unsafe pickle.loads() in FastAPI endpoints to execute code. Disable endpoints & monitor for threats! radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 2h ago

Overview

  • Linux
  • Linux

20 Jun 2024
Published
19 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid field-overflowing memcpy() In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), avoid intentionally writing across neighboring fields. Use flexible arrays instead of zero-element arrays (which look like they are always overflowing) and split the cross-field memcpy() into two halves that can be appropriately bounds-checked by the compiler. We were doing: #define ETH_HLEN 14 #define VLAN_HLEN 4 ... #define MLX5E_XDP_MIN_INLINE (ETH_HLEN + VLAN_HLEN) ... struct mlx5e_tx_wqe *wqe = mlx5_wq_cyc_get_wqe(wq, pi); ... struct mlx5_wqe_eth_seg *eseg = &wqe->eth; struct mlx5_wqe_data_seg *dseg = wqe->data; ... memcpy(eseg->inline_hdr.start, xdptxd->data, MLX5E_XDP_MIN_INLINE); target is wqe->eth.inline_hdr.start (which the compiler sees as being 2 bytes in size), but copying 18, intending to write across start (really vlan_tci, 2 bytes). The remaining 16 bytes get written into wqe->data[0], covering byte_count (4 bytes), lkey (4 bytes), and addr (8 bytes). struct mlx5e_tx_wqe { struct mlx5_wqe_ctrl_seg ctrl; /* 0 16 */ struct mlx5_wqe_eth_seg eth; /* 16 16 */ struct mlx5_wqe_data_seg data[]; /* 32 0 */ /* size: 32, cachelines: 1, members: 3 */ /* last cacheline: 32 bytes */ }; struct mlx5_wqe_eth_seg { u8 swp_outer_l4_offset; /* 0 1 */ u8 swp_outer_l3_offset; /* 1 1 */ u8 swp_inner_l4_offset; /* 2 1 */ u8 swp_inner_l3_offset; /* 3 1 */ u8 cs_flags; /* 4 1 */ u8 swp_flags; /* 5 1 */ __be16 mss; /* 6 2 */ __be32 flow_table_metadata; /* 8 4 */ union { struct { __be16 sz; /* 12 2 */ u8 start[2]; /* 14 2 */ } inline_hdr; /* 12 4 */ struct { __be16 type; /* 12 2 */ __be16 vlan_tci; /* 14 2 */ } insert; /* 12 4 */ __be32 trailer; /* 12 4 */ }; /* 12 4 */ /* size: 16, cachelines: 1, members: 9 */ /* last cacheline: 16 bytes */ }; struct mlx5_wqe_data_seg { __be32 byte_count; /* 0 4 */ __be32 lkey; /* 4 4 */ __be64 addr; /* 8 8 */ /* size: 16, cachelines: 1, members: 3 */ /* last cacheline: 16 bytes */ }; So, split the memcpy() so the compiler can reason about the buffer sizes. "pahole" shows no size nor member offset changes to struct mlx5e_tx_wqe nor struct mlx5e_umr_wqe. "objdump -d" shows no meaningful object code changes (i.e. only source line number induced differences and optimizations).

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
The #Debian LTS team is backporting fixes for CVE-2022-48744, a nasty use-after-free in netfilter/ipv6. Read more: 👉 tinyurl.com/72kr768x #Security
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • libxml2

15 Jan 2026
Published
15 Jan 2026
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
Critical #SUSE libxml2 vulnerability CVE-2026-0989 exposes enterprise Linux systems to heap-based out-of-bounds reads via malformed XML. Official patch SUSE-2026-20233-1 now available. Read more: 👉 tinyurl.com/54fv63mm #Security
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Ivanti
  • Endpoint Manager Mobile

29 Jan 2026
Published
30 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
16.41%

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
📢 Ivanti EPMM : une campagne déploie des backdoors dormantes via un chargeur Java en mémoire sur /mifs/403.jsp 📝 Selon … https://cyberveille.ch/posts/2026-02-09-ivanti-epmm-une-campagne-deploie-des-backdoors-dormantes-via-un-chargeur-java-en-memoire-sur-mifs-403-jsp/ #CVE_2026_1281_1340 #Cyberveille
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Palo Alto Networks
  • Cloud NGFW

11 Feb 2026
Published
11 Feb 2026
Updated

CVSS v4.0
LOW (1.3)
EPSS
Pending

KEV

Description

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
Paloaltoの脆弱性情報 「CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate (Severity: LOW)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0228
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • step-security
  • harden-runner

09 Feb 2026
Published
10 Feb 2026
Updated

CVSS v4.0
MEDIUM (6.3)
EPSS
0.06%

KEV

Description

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when using egress-policy: audit. This vulnerability is fixed in 2.14.2.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture fallback
CVE-2026-25598 Exposed: How Attackers Bypass Outbound Connection Detection in GitHub’s Harden-Runner – Full Exploit Guide Introduction: GitHub Actions has become a prime target for supply chain attacks, and the `harden-runner` security tool was designed to lock down outbound connections from CI/CD…
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • pnggroup
  • libpng

10 Feb 2026
Published
11 Feb 2026
Updated

CVSS v4.0
HIGH (8.3)
EPSS
0.04%

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Showing 11 to 20 of 44 CVEs