24h | 7d | 30d

CVE-2026-21509

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise
26 Jan 2026
Published
22 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
10.07%
KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
Urgent: Microsoft Office Zero-Day CVE-2026-21509 Under Active Exploitation—APT28 Weaponizes Patched Flaw in Operation Neusploit + Video Introduction: A high-severity security feature bypass vulnerability, tracked as CVE-2026-21509, is currently being actively exploited in the wild, prompting an…
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-26936

Overview

  • Elastic
  • Kibana
26 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
MEDIUM (4.9)
EPSS
0.04%
KEV

Description

Inefficient Regular Expression Complexity (CWE-1333) in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup (CAPEC-492).

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
Kibana AI Engine Flaw Exposes Clusters to ReDoS Attacks: CVE-2026-26936 Deep Dive + Video Introduction: A recently disclosed medium‑severity vulnerability (CVE‑2026‑26936, CVSS 4.9) in Kibana’s AI Inference Anonymization Engine allows attackers to trigger a Denial of Service (DoS) via Regular…
  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-3377

Overview

  • Tenda
  • F453
28 Feb 2026
Published
28 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.05%
KEV

Description

A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CVE-2026-3377 (HIGH): Buffer overflow in Tenda F453 v1.0.0.3 via /goform/SafeUrlFilter. Public exploit available, no patch yet. Restrict device access & monitor traffic. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-28370

Overview

  • OpenStack
  • Vitrage
27 Feb 2026
Published
27 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.08%
KEV

Description

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise of the Vitrage service. All deployments exposing the Vitrage API are affected. This occurs in _create_query_function in vitrage/graph/query.py.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-28370 - In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code executio... https://www.cyberhub.blog/cves/CVE-2026-28370
  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-3412

Overview

  • itsourcecode
  • University Management System
02 Mar 2026
Published
02 Mar 2026
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
Pending
KEV

Description

A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att_single_view.php. The manipulation of the argument dt results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture fallback
Offensive Sequence @offseq

CVE-2026-3412: Medium XSS in itsourcecode University Management System v1.0. 'dt' param in /att_single_view.php is vulnerable. Public exploit available — patch or mitigate to prevent session hijack & data theft. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour

CVE-2023-41772

Overview

  • Microsoft
  • Windows 10 Version 1809
10 Oct 2023
Published
14 Apr 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
19.53%
KEV

Description

Win32k Elevation of Privilege Vulnerability

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
RandomEntropy @R41N3RZUF477

@tiraniddo Finally, the post I waited for. Back in 2023 I searched for a UAC bypass that is compatible with "always notify" and Windows 10 upwards to complete my chain for any Windows UAC bypass. I used your token reading UAC bypass as a base for older Windows systems. Then I just found CVE-2023-41772 by accident. So this route was burned or at least I thought it was. Then I tried to find a UIAccess bypass and it worked again. That was the moment where I knew not auto-elevate but UIAccess is (and will be) the biggest weakness of UAC. Even without GetProcessHandleFromHwnd there are more options like CSRSS activation cache poisoning, COM injection, abusing WER, ...

As far as I have seen the newest version of administrator protection still has at least one bug, that let's you bypass it, but after the chaos of the first "release", I will rather wait for the full release.

Anyway the PPL bypass might be fixed, but I have another PPL bypass that is "fixed" in 24H2 but still works on 25H2 and preview. The bug is simple, but (unique) exploitation is so dumb, I don't know what to say ... 😅

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-3400

Overview

  • Tenda
  • AC15
01 Mar 2026
Published
01 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🛡️ CVE-2026-3400 (HIGH, CVSS 8.7): Stack-based buffer overflow in Tenda AC15 routers (≤v15.13.07.13) allows unauthenticated remote code execution. PoC code is public. Restrict access & monitor for patches! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-3408

Overview

  • Open Babel
02 Mar 2026
Published
02 Mar 2026
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
Pending
KEV

Description

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available and might be used. The name of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is best practice to apply a patch to resolve this issue.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔎 CVE-2026-3408 (MEDIUM): Open Babel 3.1.0/3.1.1 vulnerable to DoS via null pointer dereference in CDXML handler. Exploit public, patch available (commit e23a224b8fd9…). Update now to prevent app crashes! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-3164

Overview

  • itsourcecode
  • News Portal Project
25 Feb 2026
Published
25 Feb 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.02%
KEV

Description

A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.

Statistics

  • 1 Post
Last activity: 4 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-3164 - A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The ma... https://www.cyberhub.blog/cves/CVE-2026-3164
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-1761

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • libsoup3
02 Feb 2026
Published
17 Feb 2026
Updated
CVSS
Pending
EPSS
1.64%
KEV

Description

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical vulnerability patched in #openSUSE Leap 16.0: CVE-2026-1761 in libsoup2. This is a CVSS 9.2 stack-based buffer overflow in multipart response parsing, leading to potential RCE. Read more: 👉 tinyurl.com/2r2cr9xe #Security
  • 0
  • 0
  • 0
  • 15h ago
Showing 11 to 20 of 36 CVEs