24h | 7d | 30d

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
CVE-2026-30769: New BYOVD Killer Enters the Arena—TVicPort64sys Weaponized for Kernel Takeover + Video Introduction: The Bring Your Own Vulnerable Driver (BYOVD) attack technique continues to be a favored method for adversaries seeking to disable security controls and gain kernel-level privileges.…
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • QNAP Systems Inc.
  • QVR Pro

20 Mar 2026
Published
20 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.37%

KEV

Description

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture fallback
QNAPのQVR Proに致命的な脆弱性(CVE-2026-22898) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Ubiquiti Inc
  • UniFi Network Application

19 Mar 2026
Published
19 Mar 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.02%

KEV

Description

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

Statistics

  • 2 Posts

Last activity: 14 hours ago

Fediverse

Profile picture fallback

Ubiquiti Unifi Users Should Update Their Gear ASAP To Protect Themselves From Three Absolutely Critical Vulnerabilities

Users of Ubiquiti Unifi gear should be aware of CVE-2026-22557 which details a super critical vulnerability that can lead to account takeovers. This is what the CVE says: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could…

itnerd.blog/2026/03/23/ubiquit

  • 0
  • 0
  • 1
  • 14h ago

Overview

  • GitLab
  • GitLab

11 Mar 2026
Published
12 Mar 2026
Updated

CVSS v3.1
HIGH (8.7)
EPSS
0.06%

KEV

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to inject JavaScript in a browser due to improper sanitization of placeholder content in markdown processing.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
CVE-2026-1090 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab scq.ms/3Nxr2R5
  • 0
  • 0
  • 0
  • Last hour

Overview

  • MB connect line
  • MB connect line mbCONNECT24

23 Mar 2026
Published
23 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.11%

KEV

Description

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.

Statistics

  • 2 Posts
  • 4 Interactions

Last activity: 19 hours ago

Fediverse

Profile picture fallback

VDE-2026-024
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow unauthenticated RCE or SQLi.
CVE-2026-32968, CVE-2026-32969

certvde.com/en/advisories/vde-

mbconnectline.csaf-tp.certvde.

  • 1
  • 1
  • 0
  • 19h ago
Profile picture fallback

VDE-2026-025
Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual

Multiple vulnerabilities have been discovered in Helmholz myREX24V2 / myREX24V2.virtual that could allow unauthenticated RCE or SQLi.
CVE-2026-32968, CVE-2026-32969

certvde.com/en/advisories/vde-

helmholz.csaf-tp.certvde.com/.

  • 1
  • 1
  • 0
  • 19h ago

Overview

  • MB connect line
  • MB connect line mbCONNECT24

23 Mar 2026
Published
23 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.11%

KEV

Description

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Statistics

  • 2 Posts
  • 4 Interactions

Last activity: 19 hours ago

Fediverse

Profile picture fallback

VDE-2026-024
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow unauthenticated RCE or SQLi.
CVE-2026-32968, CVE-2026-32969

certvde.com/en/advisories/vde-

mbconnectline.csaf-tp.certvde.

  • 1
  • 1
  • 0
  • 19h ago
Profile picture fallback

VDE-2026-025
Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual

Multiple vulnerabilities have been discovered in Helmholz myREX24V2 / myREX24V2.virtual that could allow unauthenticated RCE or SQLi.
CVE-2026-32968, CVE-2026-32969

certvde.com/en/advisories/vde-

helmholz.csaf-tp.certvde.com/.

  • 1
  • 1
  • 0
  • 19h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • gvfs

26 Feb 2026
Published
26 Feb 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the malicious server to probe for open ports accessible from the client's network.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 11 hours ago

Bluesky

Profile picture fallback
⚠️ URGENT: Canonical issues USN-8114-1 for @Ubuntu 22.04-25.10. Critical GVfs RCE vulns (CVE-2026-28295, CVE-2026-28296) in FTP backend. Read more: 👉 tinyurl.com/mupeehtp #Security
  • 0
  • 1
  • 0
  • 11h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • gvfs

26 Feb 2026
Published
26 Feb 2026
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF) sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and inject arbitrary FTP commands, potentially leading to arbitrary code execution or other severe impacts.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 11 hours ago

Bluesky

Profile picture fallback
⚠️ URGENT: Canonical issues USN-8114-1 for @Ubuntu 22.04-25.10. Critical GVfs RCE vulns (CVE-2026-28295, CVE-2026-28296) in FTP backend. Read more: 👉 tinyurl.com/mupeehtp #Security
  • 0
  • 1
  • 0
  • 11h ago

Overview

  • GNU
  • inetutils

13 Mar 2026
Published
23 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.02%

KEV

Description

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
[Backport staging-25.11] inetutils: apply patches for CVE-2026-32746 and CVE-2026-28372 https://github.com/NixOS/nixpkgs/pull/501896 #security
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • GNU
  • inetutils

27 Feb 2026
Published
07 Mar 2026
Updated

CVSS v3.1
HIGH (7.4)
EPSS
0.00%

KEV

Description

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
[Backport staging-25.11] inetutils: apply patches for CVE-2026-32746 and CVE-2026-28372 https://github.com/NixOS/nixpkgs/pull/501896 #security
  • 0
  • 0
  • 0
  • 23h ago
Showing 31 to 40 of 44 CVEs