24h | 7d | 30d

CVE-2025-14917

Overview

  • IBM
  • WebSphere Application Server - Liberty
25 Mar 2026
Published
27 Mar 2026
Updated
CVSS v3.1
MEDIUM (6.7)
EPSS
0.01%
KEV

Description

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture fallback
knaepp.bsky.social @knaepp.bsky.social
PH70078:IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14917 CVSS 6.7) https://tinyurl.com/22aozekr
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-7538

Overview

  • Totolink
  • A8000RU
01 May 2026
Published
01 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.89%
KEV

Description

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CVE-2026-7538 (CRITICAL, CVSS 9.3): Totolink A8000RU 7.1cu.643_b20200521 OS command injection in CGI handler allows unauthenticated remote code execution. No patch — restrict access & monitor vendor updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago

CVE-2020-12662

Overview

  • Pending
19 May 2020
Published
04 Aug 2024
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture fallback
Erik Nygren :verified: @nygren

Interesting and surprising corner-case discovered by @phils when debugging an issue with IPv6-only DNS recursive resolvers:

mailarchive.ietf.org/arch/msg/

In-particular, it is important to have both A and AAAA records on all of the nameserver names (ie, that NS records point to). Just having two of each isn't enough -- the number of names without AAAA records is also a consideration.

Unbound's defenses for CVE-2020-12662 can otherwise kick in and result in SERVFAILs in some corner-cases.

#IPv6 #IPv6only #DNS

  • 0
  • 0
  • 0
  • Last hour

CVE-2026-5174

Overview

  • Progress Software
  • MOVEit Automation
30 Apr 2026
Published
01 May 2026
Updated
CVSS v3.1
HIGH (7.7)
EPSS
0.06%
KEV

Description

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture fallback
Sami Laiho @samilaiho.com
MOVEit Automation Critical Security Alert Bulletin – April 2026 – (CVE-2026-4670, CVE-2026-5174) URL: community.progress.com/s/article/MO... Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8
  • 0
  • 0
  • 0
  • 17h ago
Showing 21 to 24 of 24 CVEs