24h | 7d | 30d

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509

08 Apr 2026
Published
13 Apr 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2026-32281 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/458 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • Last hour

Overview

  • PCRE2Project
  • pcre2

27 Aug 2025
Published
27 Aug 2025
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%

KEV

Description

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
PCRE2 is in grep, Postfix, Apache, and systemd. CVE-2025-58050 (heap overflow) was just patched. CVSS: 9.1. But this won't be the last PCRE2 bug. Here's Read more: 👉 tinyurl.com/ywzafbrk #SUSE
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • JetBrains
  • YouTrack

17 Apr 2026
Published
17 Apr 2026
Updated

CVSS v3.1
HIGH (7.2)
EPSS
Pending

KEV

Description

In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-33392: HIGH severity RCE in JetBrains YouTrack < 2025.3.131383. High privileged users can bypass sandbox for remote code execution. No patch yet — restrict admin rights & monitor advisories. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • kernel

07 Mar 2022
Published
21 Oct 2025
Updated

CVSS
Pending
EPSS
81.63%

Description

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
Dirty Pipe (CVE-2022-0847) was just a rehearsal. The next Linux kernel write bug is already being discussed in private mailing lists. Here's your evergreen playbook to stop chasing CVEs forever. Read more: 👉 tinyurl.com/bdfksekx #AlmaLinux
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Python Software Foundation
  • CPython

16 Mar 2026
Published
07 Apr 2026
Updated

CVSS v4.0
MEDIUM (6.0)
EPSS
0.11%

KEV

Description

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2026-3644 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/455 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Digital Knowledge
  • KnowledgeDeliver

16 Apr 2026
Published
16 Apr 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-5426 in Digital Knowledge KnowledgeDeliver (pre-Feb 2026) allows RCE via hard-coded ASP.NET machineKey & ViewState. No patch yet. Restrict access & monitor for ViewState abuse. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • HAProxy
  • HAProxy

13 Apr 2026
Published
14 Apr 2026
Updated

CVSS v3.1
MEDIUM (4.0)
EPSS
0.01%

KEV

Description

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. The earliest affected version is 2.6.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
HAProxy HTTP/3 -> HTTP/1 Desync: Cross-Protocol Smuggling via a Standalone QUIC FIN (CVE-2026-33555)
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • OpenSSL
  • OpenSSL

13 Mar 2026
Published
17 Mar 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even when a group in a more preferred tuple was mutually supported. As a result, the client and server might fail to negotiate a mutually supported post-quantum key agreement group, such as 'X25519MLKEM768', if the client's configuration results in only 'classical' groups (such as 'X25519' being the only ones in the client's initial keyshare prediction). OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS 1.3 key agreement group on TLS servers. The old syntax had a single 'flat' list of groups, and treated all the supported groups as sufficiently secure. If any of the keyshares predicted by the client were supported by the server the most preferred among these was selected, even if other groups supported by the client, but not included in the list of predicted keyshares would have been more preferred, if included. The new syntax partitions the groups into distinct 'tuples' of roughly equivalent security. Within each tuple the most preferred group included among the client's predicted keyshares is chosen, but if the client supports a group from a more preferred tuple, but did not predict any corresponding keyshares, the server will ask the client to retry the ClientHello (by issuing a Hello Retry Request or HRR) with the most preferred mutually supported group. The above works as expected when the server's configuration uses the built-in default group list, or explicitly defines its own list by directly defining the various desired groups and group 'tuples'. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary. OpenSSL 3.6 and 3.5 are vulnerable to this issue. OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released. OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released. OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2026-2673 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/454 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • Last hour

Overview

  • @fastify/static
  • @fastify/static

16 Apr 2026
Published
16 Apr 2026
Updated

CVSS v3.1
MEDIUM (5.9)
EPSS
Pending

KEV

Description

@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows attackers to bypass route-based middleware or guards that protect files served by @fastify/static. For example, a route guard on a protected path can be circumvented by encoding the path separator in the URL. Upgrade to @fastify/static 9.1.1 to fix this issue. There are no workarounds.

Statistics

  • 3 Posts

Last activity: 23 hours ago

Fediverse

Profile picture fallback

🚨 Medium-severity security fix in @fastify/static@9.1.1 just released!

Patches CVE-2026-6414 — route guard bypass via encoded path separators

github.com/fastify/fastify-sta

  • 0
  • 0
  • 2
  • 23h ago

Overview

  • Meta
  • react-server-dom-turbopack

08 Apr 2026
Published
08 Apr 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.69%

KEV

Description

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4). The vulnerability is triggered by sending specially crafted HTTP requests to Server Function endpoints.The payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable.

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture fallback
The latest update for #CyCognito includes "Emerging Threat: (CVE-2026-23869) React Server Components Denial of Service" and "Mythos, MOAK, CTEM and the End of CVE Chasing". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 21h ago
Showing 31 to 40 of 50 CVEs