24h | 7d | 30d

Overview

  • Tenda
  • AC9

08 Feb 2026
Published
08 Feb 2026
Updated

CVSS v4.0
HIGH (8.6)
EPSS
0.04%

KEV

Description

A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture fallback

🔥 HIGH-severity: CVE-2026-2191 in Tenda AC9 (v15.03.06.42_multi) enables remote, unauthenticated code execution via stack overflow. Public exploit out — segment networks & disable remote admin. No patch yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • pypa
  • setuptools

17 May 2025
Published
28 May 2025
Updated

CVSS v4.0
HIGH (7.7)
EPSS
0.18%

KEV

Description

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
Security Advisory: Multiple critical vulnerabilities identified in #Python pip package manager (CVE-2025-47273+, USN-8010-1). Affects #Ubuntu LTS releases 16.04-20.04. Read more: 👉 tinyurl.com/2tv2pe3n #Security
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • parallax
  • jsPDF

02 Feb 2026
Published
03 Feb 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.01%

KEV

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. The vulnerability has been fixed in jsPDF@4.1.0.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
jsPDFにPDF注入とDoSの高リスクの脆弱性、緊急アップデート呼びかけ(CVE-2026-24737,CVE-2026-24133) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Cisco
  • Cisco RoomOS Software

04 Feb 2026
Published
04 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.08%

KEV

Description

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of input received by an affected device. An attacker could exploit this vulnerability by getting the affected device to render crafted text, for example, a crafted meeting invitation. As indicated in the CVSS score, no user interaction is required, such as accepting the meeting invitation. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture fallback
シスコとF5が深刻度の高い脆弱性を複数件修正(CVE-2026-20119、CVE-2026-22548他) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43806/
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • parallax
  • jsPDF

02 Feb 2026
Published
03 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.02%

KEV

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in jsPDF@4.1.0.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
jsPDFにPDF注入とDoSの高リスクの脆弱性、緊急アップデート呼びかけ(CVE-2026-24737,CVE-2026-24133) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Google
  • Chrome

03 Feb 2026
Published
04 Feb 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture fallback
URGENT: #Fedora 43 Chromium update patches critical RCE flaws: heap overflow in libvpx (CVE-2026-1861) and type confusion in V8 (CVE-2026-1862). Exploitable via crafted HTML. Read more: 👉 tinyurl.com/5j2hba73 #Security
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • F5
  • BIG-IP

04 Feb 2026
Published
04 Feb 2026
Updated

CVSS v3.1
MEDIUM (5.9)
EPSS
0.06%

KEV

Description

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture fallback
シスコとF5が深刻度の高い脆弱性を複数件修正(CVE-2026-20119、CVE-2026-22548他) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43806/
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • WAGO
  • 0852-1322

09 Feb 2026
Published
09 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.43%

KEV

Description

An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • WAGO
  • 0852-1322

09 Feb 2026
Published
09 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.10%

KEV

Description

An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 6h ago
Showing 31 to 39 of 39 CVEs