24h | 7d | 30d

Overview

  • tolgee
  • tolgee-platform

12 Mar 2026
Published
13 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%

KEV

Description

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources (.xml) and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files from the server and make server-side requests to internal services. This vulnerability is fixed in 3.166.3.

Statistics

  • 2 Posts

Last activity: 17 hours ago

Bluesky

Profile picture fallback
Reading /etc/passwd via translation file upload in Tolgee's cloud platform (CVE-2026-32251, CVSS 9.3)
  • 0
  • 0
  • 1
  • 17h ago

Overview

  • Google
  • Android

06 Apr 2026
Published
06 Apr 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
Google、2026年4月のAndroid セキュリティ公開情報を公表、危険な脆弱性(CVE-2026-0049)を修正 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Go standard library
  • crypto/tls
  • crypto/tls

08 Apr 2026
Published
08 Apr 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
🚨 New UNKNOWN CVE detected in AWS Lambda 🚨 CVE-2026-32283 impacts stdlib in 26 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/460 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Pending

05 Jul 2009
Published
07 Aug 2024
Updated

CVSS
Pending
EPSS
93.10%

KEV

Description

Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
Global Cybercrime Networks Exploit Outdated Software, Crypto Hype, and Fake Online Stores to Defraud Users #cryptophishingscam #CVE20092265exploit #CyberFraud
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Go standard library
  • archive/tar
  • archive/tar

08 Apr 2026
Published
08 Apr 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
🚨 New UNKNOWN CVE detected in AWS Lambda 🚨 CVE-2026-32288 impacts stdlib in 26 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/461 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • davidfcarr
  • Quick Playground

09 Apr 2026
Published
09 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated attackers to retrieve the sync code, upload PHP files with path traversal, and achieve remote code execution on the server.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture fallback

🚨 CVE-2026-1830: CRITICAL RCE in davidfcarr Quick Playground (WordPress ≤1.3.1). Unauthenticated users can upload PHP files via REST API flaw — patch or disable plugin now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509

08 Apr 2026
Published
08 Apr 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
🚨 New UNKNOWN CVE detected in AWS Lambda 🚨 CVE-2026-32281 impacts stdlib in 26 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/458 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Google
  • Chrome

08 Apr 2026
Published
08 Apr 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: CVE-2026-5859 in Chrome WebML (<147.0.7727.55) allows heap corruption via integer overflow. Remote code execution possible if exploited. Patch not fully confirmed — check vendor advisory for updates: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • obsidianforensics
  • unfurl
  • dfir-unfurl

08 Apr 2026
Published
08 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string to evaluate truthy, allowing attackers to access the Werkzeug debugger and disclose sensitive information or achieve remote code execution.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: obsidianforensics unfurl up to 2025.08 enables Flask debug mode by default. Attackers can exploit CVE-2026-40035 for RCE & info disclosure. Avoid production use, disable debug mode, monitor for fixes. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago
Showing 31 to 39 of 39 CVEs