24h | 7d | 30d

Overview

  • pocket-id
  • pocket-id

09 Mar 2026
Published
10 Mar 2026
Updated

CVSS v3.1
HIGH (8.5)
EPSS
0.01%

KEV

Description

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.4.0, the OIDC token endpoint rejects an authorization code only when both the client ID is wrong and the code is expired. This allows cross-client code exchange and expired code reuse. This vulnerability is fixed in 2.4.0.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture fallback
[25.11] pocket-id: fix CVE-2026-28513 https://github.com/NixOS/nixpkgs/pull/498930 #security
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • curl
  • curl

08 Jan 2026
Published
08 Jan 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-15079 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/412 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Fortinet
  • FortiClientEMS

06 Feb 2026
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.05%

KEV

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
【已復現】FortiClientEMS 無需認證 SQL 注入漏洞可致遠程命令執行 (CVE-2026-21643)
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
29 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-68160 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/417 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
29 Jan 2026
Updated

CVSS
Pending
EPSS
0.00%

KEV

Description

Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. The subsequent tail-handling code then operates on the original<br>base pointers, effectively reprocessing the beginning of the buffer while<br>leaving the actual trailing bytes unprocessed. The authentication checksum<br>also excludes the true tail bytes.<br><br>However, typical OpenSSL consumers using EVP are not affected because the<br>higher-level EVP and provider OCB implementations split inputs so that full<br>blocks and trailing partial blocks are processed in separate calls, avoiding<br>the problematic code path. Additionally, TLS does not use OCB ciphersuites.<br>The vulnerability only affects applications that call the low-level<br>CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with<br>non-block-aligned lengths in a single call on hardware-accelerated builds.<br>For these reasons the issue was assessed as Low severity.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected<br>by this issue, as OCB mode is not a FIPS-approved algorithm.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-69418 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/418 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • mackron
  • dr_flac

20 Jan 2026
Published
20 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool.

Statistics

  • 2 Posts

Last activity: 15 hours ago

Bluesky

Profile picture fallback
Just a heads-up for the Fedora community on Bluesky: A new update patches CVE-2025-14369 in SDL2_sound. Read more:👉 tinyurl.com/4k37vysw #Fedora #Security
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
Heads-up, Fedora community! 🐧A new security advisory is out for Fedora 43 addressing CVE-2025-14369 in SDL3_sound. This isn't a theoretical issue—it's a real integer overflow in FLAC decoding that can lead to service crashes. Read more: 👉 tinyurl.com/bduzzk8w #Security
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Fortinet
  • FortiOS

14 Jan 2025
Published
30 Jul 2025
Updated

CVSS v3.1
CRITICAL (9.6)
EPSS
93.75%

Description

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
Zero-Day to Zero Trust: Fortinet CVE-2024-55591, 1Password Supply Chain Attack, and the Collapse of Kubernetes AI Secrets + Video Introduction: The convergence of edge device zero-days, software supply chain interdiction, and AI infrastructure misconfigurations has created a perfect storm for…
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Apache Software Foundation
  • Apache Tomcat

17 Feb 2026
Published
11 Mar 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected. Tomcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one of those hosts did not require client certificate authentication but another one did, it was possible for a client to bypass the client certificate authentication by sending different host names in the SNI extension and the HTTP host header field. The vulnerability only applies if client certificate authentication is only enforced at the Connector. It does not apply if client certificate authentication is enforced at the web application. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
#openSUSE Leap 16.0 admins: IMMEDIATE ACTION REQUIRED. New Tomcat update (9.0.115) patches three high-severity flaws, incl. CVE-2025-66614 (certificate bypass, CVSS 8.7). Read more: 👉 tinyurl.com/cnk4a8f8 #Security
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • SUSE
  • openSUSE Factory
  • obs-scm-bridge

28 Nov 2024
Published
28 Nov 2024
Updated

CVSS v3.1
HIGH (7.3)
EPSS
0.02%

KEV

Description

Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture fallback
Critical #openSUSE Leap 16.0 security patch for osc & obs-scm-bridge is out! It fixes CVE-2024-22038 (local file overwrite in Git builds) and adds slick new git-obs staging commands. Read more: 👉 tinyurl.com/yc39dv22 #Security #SUSE
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Google
  • Chrome

12 Mar 2026
Published
14 Mar 2026
Updated

CVSS
Pending
EPSS
21.89%

Description

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: 16 hours ago

Fediverse

Profile picture fallback

@browserversiontracker For the curious, this includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.

And yes, we somehow beat the Chrome team getting this out even though they did the fix. 😂

  • 1
  • 0
  • 0
  • 16h ago
Profile picture fallback

@vivaldiversiontracker This includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.

  • 0
  • 1
  • 0
  • 16h ago
Showing 31 to 40 of 44 CVEs