24h | 7d | 30d

CVE-2026-2049

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
HDR images can pwn your SUSE server via GEGL (CVE-2026-2049 style). Instead of waiting for patches, learn to audit image parsers for good. Read more: 👉 tinyurl.com/3tuvc47p #SUSE
  • 0
  • 0
  • 0
  • 9h ago

CVE-2020-11868

Overview

  • Pending
17 Apr 2020
Published
05 May 2025
Updated
CVSS v3.0
MEDIUM (5.9)
EPSS
1.30%
KEV

Description

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Cybergcca~ CCCS issued 6 security advisories covering critical updates for IBM, Dell, Ubuntu, Red Hat, Moxa, and CISA ICS products. - IOCs: CVE-2020-11868 - #PatchNow #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-25172

Overview

  • Microsoft
  • Windows 10 Version 1607
10 Mar 2026
Published
14 Apr 2026
Updated
CVSS v3.1
HIGH (8.0)
EPSS
0.08%
KEV

Description

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.info.ve
🛡️ CVE-2026-25172: El 'Hotpatch' urgente de Microsoft para Windows 11 que debes aplicar ya (Sin reiniciar) www.newstecnicas.info.ve/2026/04/cve-...
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-6257

Overview

  • Vvveb
  • Vvveb CMS
20 Apr 2026
Published
20 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
Pending
KEV

Description

Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this logic flaw by first uploading a text file and renaming it to .htaccess to inject Apache directives that register PHP-executable MIME types, then uploading another file and renaming it to .php to execute arbitrary operating system commands as the www-data user.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: CVE-2026-6257 in Vvveb CMS v1.0.8 enables RCE by renaming uploads to .php/.htaccess. No patch yet — restrict media mgmt & user access, monitor file changes! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-39918

Overview

  • givanz
  • Vvveb
20 Apr 2026
Published
20 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
Pending
KEV

Description

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in the define statement to achieve unauthenticated remote code execution as the web server user.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CRITICAL: CVE-2026-39918 in givanz Vvveb <1.0.8.1 allows unauth RCE via code injection in the installation endpoint (unsanitized subdir param). Restrict access, monitor for updates, and deploy WAF rules. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour

CVE-2026-5963

Overview

  • Digiwin
  • EasyFlow .NET
20 Apr 2026
Published
20 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%
KEV

Description

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: SQL Injection (CVE-2026-5963) in Digiwin EasyFlow .NET (6.1.*, 6.6.*, 8.1.1) allows unauthenticated attackers DB access & control. No patch yet — restrict exposure & monitor closely. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-39454

Overview

  • Sky Co.,LTD.
  • SKYSEA Client View
20 Apr 2026
Published
20 Apr 2026
Updated
CVSS v3.0
HIGH (7.8)
EPSS
0.01%
KEV

Description

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be executed with the administrative privilege.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
SKYSEA Client View・SKYMEC IT Managerに権限昇格の脆弱性(CVE-2026-39454) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-5964

Overview

  • Digiwin
  • EasyFlow .NET
20 Apr 2026
Published
20 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%
KEV

Description

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CVE-2026-5964: Digiwin EasyFlow .NET (6.1.*, 6.6.*, 8.1.1) has a CRITICAL SQL injection flaw. Unauthenticated attackers can access or alter DB data. Patch status unknown — check the vendor. Deploy WAFs & monitor activity! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-6296

Overview

  • Google
  • Chrome
15 Apr 2026
Published
16 Apr 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Statistics

  • 1 Post
Last activity: 18 hours ago

Bluesky

Profile picture fallback
ケイ | 副業Webライター📖 @keiwork35.bsky.social
【脆弱性情報】 CVE-2026-6296 googleのchromeの脆弱性について Google Chrome 147.0.7727.101 より前のバージョンにおいて、ANGLE にヒープバッファオーバーフローの脆弱性が存在します。
  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-34839

Overview

  • nicolargo
  • glances
20 Apr 2026
Published
20 Apr 2026
Updated
CVSS v4.0
HIGH (7.7)
EPSS
Pending
KEV

Description

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API (`/api/4/*`) that is accessible without authentication and allows cross-origin requests from any origin due to a permissive CORS policy (`Access-Control-Allow-Origin: *`). This allows a malicious website to read sensitive system information from a running Glances instance in the victim’s browser, leading to cross-origin data exfiltration. While a previous advisory exists for XML-RPC CORS issues, this report demonstrates that the REST API (`/api/4/*`) is also affected and exposes significantly more sensitive data. Version 4.5.4 patches the issue.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #getastra includes "CVE-2026-34839: CORS Vulnerability in Glances" and "The Claude Code Leak". #cybersecurity #webprotection #pentesting https://opsmtrs.com/3KjMi92
  • 0
  • 0
  • 0
  • 6h ago
Showing 11 to 20 of 46 CVEs