24h | 7d | 30d

CVE-2025-14905

Overview

  • Red Hat
  • Red Hat Directory Server 11.5 E4S for RHEL 8
  • redhat-ds:11
23 Feb 2026
Published
31 Mar 2026
Updated
CVSS
Pending
EPSS
0.47%
KEV

Description

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

Statistics

  • 1 Post
Last activity: 20 hours ago

Bluesky

Profile picture fallback
nixpkgs security changes @nixpkgssecuritychanges.gerbet.me
_389-ds-base: add patch to fix CVE-2025-14905 https://github.com/NixOS/nixpkgs/pull/508544 https://tracker.security.nixos.org/issues/NIXPKGS-2026-0311 #security
  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-33698

Overview

  • chamilo
  • chamilo-lms
10 Apr 2026
Published
10 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.05%
KEV

Description

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals with the main/install/ directory still present and read-accessible. This vulnerability is fixed in 1.11.38.

Statistics

  • 2 Posts
Last activity: 13 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

๐Ÿ”” CVE-2026-33698: Chamilo LMS (<1.11.38) has a CRITICAL flaw โ€” exposed install/ dir lets unauth attackers execute PHP & modify files. Upgrade to 1.11.38+ & restrict install/ directory access now! Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 1
  • 13h ago

CVE-2026-27135

Overview

  • nghttp2
  • nghttp2
18 Mar 2026
Published
20 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.02%
KEV

Description

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
CVE-2026-27135 (nghttp2 assertion DoS) is fixed, but the process to detect, patch, and mitigate is what keeps you safe. Read more: ๐Ÿ‘‰ tinyurl.com/mhap9fe #SUSE
  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-55182

Overview

  • Meta
  • react-server-dom-webpack
03 Dec 2025
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
84.89%
KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture fallback
Red Hot Cyber @redhotcyber.bsky.social
React2Shell: 766 server compromessi in 24 ore, รจ corsa alle patch ๐Ÿ“Œ Link all'articolo : www.redhotcyber.com/post/react2s... A cura di Bajram Zeqiri #redhotcyber #news #ciberattacchi #cybersecurity #hacking #malware #vulnerabilita #react2shell #cve202555182
  • 0
  • 0
  • 0
  • 11h ago

CVE-2023-52356

Overview

  • libtiff
25 Jan 2024
Published
09 Apr 2026
Updated
CVSS
Pending
EPSS
0.74%
KEV

Description

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
libtiff CVE-2023-52356 crashes apps with a single malicious TIFF. Still unpatched on many Rocky/Ubuntu/SUSE boxes. Read more: ๐Ÿ‘‰ tinyurl.com/2sphv8h8 #RockyLinux
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-5809

Overview

  • tomdever
  • wpForo Forum
11 Apr 2026
Published
11 Apr 2026
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.03%
KEV

Description

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action handlers accept arbitrary user-supplied data[*] arrays from $_REQUEST and store them as postmeta without restricting which fields may contain array values. Because 'body' is included in the allowed topic fields list, an attacker can supply data[body][fileurl] with an arbitrary file path (e.g., wp-config.php or an absolute server path). This poisoned fileurl is persisted to the plugin's custom postmeta database table. Subsequently, when the attacker submits wpftcf_delete[]=body on a topic_edit request, the add_file() method retrieves the stored postmeta record, extracts the attacker-controlled fileurl, passes it through wpforo_fix_upload_dir() which only rewrites legitimate wpforo upload paths and returns all other paths unchanged, and then calls wp_delete_file() on the unvalidated path. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files writable by the PHP process on the server, including critical files such as wp-config.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

๐Ÿ›ก๏ธ CVE-2026-5809: HIGH severity vuln in wpForo Forum plugin โ‰ค3.0.2 lets subscriber+ users delete arbitrary files (e.g., wp-config.php). No patch yet โ€” restrict permissions & monitor topic edits for abuse. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-5194

Overview

  • wolfSSL
  • wolfSSL
09 Apr 2026
Published
10 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
CVE-2026-5194 wolfSSL: wolfSSL: Reduced security of ECDSA authentication via missing digest size checks
  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-53779

Overview

  • Microsoft
  • Windows Server 2025
12 Aug 2025
Published
26 Feb 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.51%
KEV

Description

Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.

Statistics

  • 2 Posts
Last activity: 2 hours ago

Fediverse

Profile picture fallback
0xdf @0xdf

Eighteen from HackTheBox is an assume breach Windows Server 2025 box featuring MSSQL impersonation, Werkzeug hash cracking, password spraying, and Bad Successor (CVE-2025-53779) to abuse dMSA migration for domain admin.

0xdf.gitlab.io/2026/04/11/htb-

  • 0
  • 0
  • 1
  • 2h ago

CVE-2026-4149

Overview

  • Sonos
  • Era 300
11 Apr 2026
Published
11 Apr 2026
Updated
CVSS v3.0
CRITICAL (10.0)
EPSS
1.27%
KEV

Description

Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the DataOffset field within SMB responses. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the kernel. Was ZDI-CAN-28345.

Statistics

  • 2 Posts
Last activity: 4 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

๐Ÿšจ CRITICAL: CVE-2026-4149 in Sonos Era 300 (v17.5) allows unauth RCE via SMB out-of-bounds flaw (CVSS 10.0). No patch yet โ€” restrict SMB access, monitor advisories. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
OffSequence @offseq

โš ๏ธ CVE-2026-4149: Sonos Era 300 (v17.5) has a CRITICAL remote code execution vulnerability via SMB, allowing kernel-level compromise without auth. No patch yet โ€” restrict SMB access! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-34504

Overview

  • OpenClaw
  • OpenClaw
31 Mar 2026
Published
31 Mar 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.05%
KEV

Description

OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service metadata and responses through the image pipeline.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture fallback
Vito Botta @vitobotta

From over a week ago but anyway, CVE-2026-34504 in OpenClaw's image generation pipeline is a reminder that AI agent frameworks inherit all the classic web vulnerabilities plus their own unique attack surface.

An SSRF in the Fal provider means a malicious relay can have the agent fetch internal URLs and leak metadata through the generated output.

I switched from OpenClaw to Hermes Agent a couple of weeks ago, and I need to explore in detail how Hermes handles this stuff.

  • 0
  • 0
  • 0
  • 22h ago
Showing 11 to 20 of 32 CVEs