24h | 7d | 30d

Overview

  • Microsoft
  • Windows 10 Version 1507

11 Mar 2025
Published
13 Feb 2026
Updated

CVSS v3.1
MEDIUM (6.5)
EPSS
7.83%

Description

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 7 hours ago

Fediverse

Profile picture fallback

CISA just added CVE-2025-24054 to its Known Exploited Vulnerabilities catalog, mandating federal agencies patch Windows systems against an NTLM hash-leaking flaw already weaponized in the wild.

Read more: steelefortress.com/6o7x90

CyberDefense

  • 0
  • 1
  • 0
  • 7h ago

Overview

  • FreeBSD
  • FreeBSD

30 Apr 2026
Published
30 Apr 2026
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent of the configured ruleset.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture fallback

2/

CVE-2026-7164 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:14.pf <security.freebsd.org/advisorie> credited to Igor Gabriel Sousa e Souza.

I can't easily find any information about this person.

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • AWS
  • QnABot on AWS

27 Apr 2026
Published
28 Apr 2026
Updated

CVSS v3.1
HIGH (7.2)
EPSS
0.07%

KEV

Description

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Content Designer interface, which bypasses the intended expression sandbox through JavaScript prototype manipulation. This may grant direct access to backend resources (Lambda environment variables, OpenSearch indices, S3 objects, DynamoDB tables) that are not exposed through normal administrative interfaces. We recommend you upgrade to version 7.3.0 or above.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
CVE-2026-7191- Arbitrary Code Execution via Sandbox Bypass in QnABot on AWS #patchmanagement
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • arc53
  • DocsGPT

29 Apr 2026
Published
30 Apr 2026
Updated

CVSS v4.0
CRITICAL (10.0)
EPSS
0.29%

KEV

Description

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-26015 in DocsGPT 0.15.0-0.16.0 enables unauthenticated RCE via command injection (CVSS 10). All deployments at risk — patch to 0.16.0 or later now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • ProFTPD
  • ProFTPD

28 Apr 2026
Published
29 Apr 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.24%

KEV

Description

mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

Statistics

  • 3 Posts

Last activity: 23 hours ago

Fediverse

Profile picture fallback

CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD
zeropath.com/blog/proftpd-cve-

  • 0
  • 0
  • 2
  • 23h ago

Overview

  • AWS
  • FreeRTOS-Plus-TCP

29 Apr 2026
Published
29 Apr 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.01%

KEV

Description

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled. To mitigate this issue, users should upgrade to version V4.2.6 or V4.4.1 or newer.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
CVE-2026-7424 - Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP #patchmanagement
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Wireshark Foundation
  • Wireshark

30 Apr 2026
Published
30 Apr 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.04%

KEV

Description

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

Statistics

  • 1 Post

Last activity: 10 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-5402: HIGH severity heap buffer overflow in Wireshark 4.6.0 – 4.6.4 TLS dissector. Exploitation can lead to DoS or code execution. No patch yet — avoid untrusted TLS traffic. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Tenda
  • 4G300

30 Apr 2026
Published
30 Apr 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-7470: HIGH severity stack buffer overflow in Tenda 4G300 (US_4G300V1.0Mt_V1.01.42_CN_TDC01). Exploit public, no patch yet. Restrict access & monitor for activity. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • WebAssembly
  • Binaryen

19 Dec 2025
Published
24 Feb 2026
Updated

CVSS v4.0
MEDIUM (4.8)
EPSS
0.04%

KEV

Description

A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
Just patched CVE-2025-14956 on Fedora? Good. Now learn how to find the next buffer overflow before it's disclosed. Read more-> tinyurl.com/kn4byfmj #Fedora
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts

Last activity: 6 hours ago

Bluesky

Profile picture fallback
⚠️ #Vulnerabilidad 'Ghost-Print' (CVE-2026-4412): Fallo en la cola de impresión de #Windows que afecta a #redes corporativas (+MITIGACIÓN) www.newstecnicas.info.ve/2026/04/vuln...
  • 0
  • 0
  • 1
  • 6h ago
Showing 11 to 20 of 38 CVEs