24h | 7d | 30d

CVE-2026-5286

Overview

  • Google
  • Chrome
01 Apr 2026
Published
01 Apr 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CVE-2026-5286: HIGH severity use-after-free in Chrome’s Dawn component <146.0.7680.178. Remote code execution possible via crafted HTML. Patch now to stay protected! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-21962

Overview

  • Oracle Corporation
  • Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
20 Jan 2026
Published
02 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.02%
KEV

Description

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in. While the vulnerability is in Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data. Note: Affected version for Weblogic Server Proxy Plug-in for IIS is 12.2.1.4.0 only. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
Critical WebLogic RCE (CVE-2026-21962): Active Exploitation Demands Immediate Patching + Video Introduction: A maximum-severity vulnerability in Oracle WebLogic Server, tracked as CVE-2026-21962, is under active exploitation in the wild. This unauthenticated Remote Code Execution (RCE) flaw,…
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-24018

Overview

  • Fortinet
  • FortiClientLinux
10 Mar 2026
Published
11 Mar 2026
Updated
CVSS v3.1
HIGH (7.4)
EPSS
0.02%
KEV

Description

A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture fallback
Securitycipher @securitycipher.bsky.social
CVE-2026–24018: A Logic flaw to Local Privilege Escalation 0day $$ https://febinj.medium.com/cve-2026-24018-a-logic-flaw-to-local-privilege-escalation-0day-ff3a3b5bba69?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-26954

Overview

  • nyariv
  • SandboxJS
13 Mar 2026
Published
16 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.06%
KEV

Description

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct {[p]: Function} where p is any constructible property. This vulnerability is fixed in 0.8.34.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2026-26954 - SandboxJS Function Injection Vulnerability scq.ms/4bjjp8M
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-4370

Overview

  • Canonical
  • Juju
  • juju
01 Apr 2026
Published
01 Apr 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.04%
KEV

Description

A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client certificates when a new node attempts to join the cluster. An unauthenticated attacker with network reachability to the Juju controller's Dqlite port can exploit this flaw to join the database cluster. Once joined, the attacker gains full read and write access to the underlying database, allowing for total data compromise.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔥 CRITICAL: CVE-2026-4370 in Canonical Juju (3.2.0 – 3.6.19, 4.0 – 4.0.4) allows unauthenticated attackers to join Dqlite clusters via improper TLS validation. Patch or restrict port access now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-24076

Overview

  • Microsoft
  • Windows 11 version 22H2
11 Mar 2025
Published
13 Feb 2026
Updated
CVSS v3.1
HIGH (7.3)
EPSS
1.60%
KEV

Description

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
  • 12 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Clément Labro @itm4n

Yet another abuse of the missing "CrossDevice.Streaming.Source.dll" DLL!

After CVE-2025-24076 / CVE-2025-24076 found by Compass Security, Researcher Oscar Zanotti Campo found another vulnerability that he could exploit using the built-in misconfigured COM class referencing this DLL. This is CVE-2026-21508. 🔥

👉 0xc4r.github.io/posts/CVE-2026
👉 github.com/0xc4r/CVE-2026-2150
👉 blog.0patch.com/2026/03/microp

  • 6
  • 6
  • 0
  • 12h ago

CVE-2026-21508

Overview

  • Microsoft
  • Windows 10 Version 1607
10 Feb 2026
Published
16 Mar 2026
Updated
CVSS v3.1
HIGH (7.0)
EPSS
0.05%
KEV

Description

Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
  • 12 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Clément Labro @itm4n

Yet another abuse of the missing "CrossDevice.Streaming.Source.dll" DLL!

After CVE-2025-24076 / CVE-2025-24076 found by Compass Security, Researcher Oscar Zanotti Campo found another vulnerability that he could exploit using the built-in misconfigured COM class referencing this DLL. This is CVE-2026-21508. 🔥

👉 0xc4r.github.io/posts/CVE-2026
👉 github.com/0xc4r/CVE-2026-2150
👉 blog.0patch.com/2026/03/microp

  • 6
  • 6
  • 0
  • 12h ago

CVE-2026-3888

Overview

  • snapd
17 Mar 2026
Published
18 Mar 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.00%
KEV

Description

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

Statistics

  • 2 Posts
Last activity: 12 hours ago

Fediverse

Profile picture fallback
0xdf @0xdf

Snapped from HackTheBox features CVE-2026-27944 to download and decrypt Nginx UI backups without auth, bcrypt cracking for a shell, and CVE-2026-3888 to exploit a snapd race condition for root.

0xdf.gitlab.io/2026/04/01/htb-

  • 0
  • 0
  • 1
  • 12h ago

CVE-2026-21513

Overview

  • Microsoft
  • Windows 10 Version 1607
10 Feb 2026
Published
27 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
27.97%
KEV

Description

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Pawn Storm’s PRISMEX malware targets NATO logistics and Ukrainian defense by exploiting CVE-2026-21513 & CVE-2026-21509, using steganography, fileless attacks, and COM hijacking to disrupt Western military aid. #PawnStorm #Ukraine #MalwareAttack
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-21509

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise
26 Jan 2026
Published
01 Apr 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
6.58%
KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Pawn Storm’s PRISMEX malware targets NATO logistics and Ukrainian defense by exploiting CVE-2026-21513 & CVE-2026-21509, using steganography, fileless attacks, and COM hijacking to disrupt Western military aid. #PawnStorm #Ukraine #MalwareAttack
  • 0
  • 0
  • 0
  • 12h ago
Showing 31 to 40 of 42 CVEs