24h | 7d | 30d

Overview

  • OpenPrinting
  • cups

11 Sep 2025
Published
04 Nov 2025
Updated

CVSS v3.1
HIGH (8.0)
EPSS
0.05%

KEV

Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
The #SUSE CUPS vulnerability (CVE-2025-58060) is a textbook case of legacy complexity haunting modern infrastructure. Heap overflow, local to root pivot, and it affects the IPP stack. Read more: 👉 tinyurl.com/3fewkb33 #Security
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Microsoft
  • GitHub Copilot Plugin for JetBrains IDEs

10 Feb 2026
Published
11 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.04%

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
🚨 CVE-2026-21516 (CVSS 8.8 HIGH) Command Injection in GitHub Copilot allows an unauthorized attacker to execute code over a network due to improper neutralization of special elements in commands. Full analysis: basefortify.eu/cve_reports/... #CVE #GitHubCopilot #Microsoft #CyberSecurity #AppSec
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • wpvividplugins
  • Migration, Backup, Staging – WPvivid Backup & Migration

11 Feb 2026
Published
11 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.46%

KEV

Description

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's AES cipher initialization. The library treats this false value as a string of null bytes, allowing an attacker to encrypt a malicious payload using a predictable null-byte key. Additionally, the plugin accepts filenames from the decrypted payload without sanitization, enabling directory traversal to escape the protected backup directory. This makes it possible for unauthenticated attackers to upload arbitrary PHP files to publicly accessible directories and achieve Remote Code Execution via the wpvivid_action=send_to_site parameter.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-1357 impacts WPvivid Backup & Migration (all versions). Unauthenticated file upload via directory traversal enables RCE. Disable plugin or restrict access immediately! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Apple
  • iOS and iPadOS

17 Dec 2025
Published
18 Dec 2025
Updated

CVSS
Pending
EPSS
0.03%

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.

Statistics

  • 2 Posts
  • 12 Interactions

Last activity: 8 hours ago

Fediverse

Profile picture fallback

📣 EMERGENCY UPDATES 📣

Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.

🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3

  • 7
  • 4
  • 0
  • 8h ago

Bluesky

Profile picture fallback
🐛 CVE-2025-14174 (dyld) additional patches, 🐛 CVE-2025-43529 (dyld) additional patches, 🐛 CVE-2026-20700 (dyld): - iOS and iPadOS 26.3 - macOS Tahoe 26.3 - tvOS 26.3 - visionOS 26.3 - watchOS 26.3 #apple #infosec
  • 0
  • 1
  • 0
  • 8h ago

Overview

  • Google
  • Chrome

12 Dec 2025
Published
16 Dec 2025
Updated

CVSS
Pending
EPSS
0.65%

Description

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 2 Posts
  • 12 Interactions

Last activity: 8 hours ago

Fediverse

Profile picture fallback

📣 EMERGENCY UPDATES 📣

Apple pushed updates for 1 new zero-day that may have been actively exploited and is linked to CVE-2025-14174 and CVE-2025-43529 which were fixed in iOS 26.2.

🐛 CVE-2026-20700 (dyld):
- iOS and iPadOS 26.3
- macOS Tahoe 26.3
- tvOS 26.3
- visionOS 26.3
- watchOS 26.3

  • 7
  • 4
  • 0
  • 8h ago

Bluesky

Profile picture fallback
🐛 CVE-2025-14174 (dyld) additional patches, 🐛 CVE-2025-43529 (dyld) additional patches, 🐛 CVE-2026-20700 (dyld): - iOS and iPadOS 26.3 - macOS Tahoe 26.3 - tvOS 26.3 - visionOS 26.3 - watchOS 26.3 #apple #infosec
  • 0
  • 1
  • 0
  • 8h ago

Overview

  • libexpat project
  • libexpat

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS v3.1
LOW (2.9)
EPSS
0.00%

KEV

Description

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
USN-8023-1: libxmltok flaws (CVE-2026-24515 & CVE-2026-25210) are now public. Key takeaway: CVE-2026-25210 = Integer Overflow → Heap Overflow → Potential RCE. ⚠️ Patches ONLY in #Ubuntu Pro/ESM repos. Read more: 👉 tinyurl.com/fd6dsmfu #Security
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Ivanti
  • Endpoint Manager

10 Feb 2026
Published
10 Feb 2026
Updated

CVSS v3.1
HIGH (8.6)
EPSS
0.16%

KEV

Description

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
Ivanti released patches for EPM fixing a high-severity authentication bypass (CVE-2026-1603) and a medium SQL injection (CVE-2026-1602).
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • libexpat project
  • libexpat

30 Jan 2026
Published
03 Feb 2026
Updated

CVSS v3.1
MEDIUM (6.9)
EPSS
0.01%

KEV

Description

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
USN-8023-1: libxmltok flaws (CVE-2026-24515 & CVE-2026-25210) are now public. Key takeaway: CVE-2026-25210 = Integer Overflow → Heap Overflow → Potential RCE. ⚠️ Patches ONLY in #Ubuntu Pro/ESM repos. Read more: 👉 tinyurl.com/fd6dsmfu #Security
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Ivanti
  • Endpoint Manager

10 Feb 2026
Published
10 Feb 2026
Updated

CVSS v3.1
MEDIUM (6.5)
EPSS
0.05%

KEV

Description

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
Ivanti released patches for EPM fixing a high-severity authentication bypass (CVE-2026-1603) and a medium SQL injection (CVE-2026-1602).
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Microsoft
  • Windows 10 Version 1809

10 Feb 2026
Published
11 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
6.40%

Description

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
~Cisa~ CISA added six new actively exploited vulnerabilities to its KEV catalog, urging immediate patching. - IOCs: CVE-2026-21510, CVE-2026-21513, CVE-2026-21514 - #CISA #KEV #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 23h ago
Showing 31 to 40 of 41 CVEs