24h | 7d | 30d

Overview

  • Ricoh Company, Ltd.
  • ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.0
HIGH (7.8)
EPSS
0.01%

KEV

Description

The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture fallback

🚨 Ricoh ジョブログ集計ツール (<1.3.7) has a HIGH severity DLL search path issue (CVE-2026-26050). Exploiting this enables admin-level code execution during install. Update to v1.3.7+ and restrict local access. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • bompus
  • WP Customer Reviews

19 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
HIGH (7.2)
EPSS
0.08%

KEV

Description

The WP Customer Reviews plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpcr3_fname' parameter in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-14452 https://www.cyberhub.blog/article/alert-cve-2025-14452
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Mozilla
  • Firefox

16 Feb 2026
Published
17 Feb 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
📢 Firefox 147.0.4 corrige la faille à haut risque CVE-2026-2447 dans libvpx (RCE) 📝 Selon The Cyber Express, Firefox v147.0.4 corrige la vulnérabilité C… https://cyberveille.ch/posts/2026-02-19-firefox-147-0-4-corrige-la-faille-a-haut-risque-cve-2026-2447-dans-libvpx-rce/ #CVE_2026_2447 #Cyberveille
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • hcaptcha
  • hCaptcha for WP
  • hcaptcha-for-forms-and-more

19 Feb 2026
Published
20 Feb 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through <= 4.22.0.

Statistics

  • 2 Posts

Last activity: 9 hours ago

Bluesky

Profile picture fallback
wordpressPackages.plugins.hcaptcha-for-forms-and-more: CVE-2026-25315… https://github.com/NixOS/nixpkgs/pull/492405 #security
  • 0
  • 0
  • 1
  • 9h ago

Overview

  • Python Software Foundation
  • CPython

20 Jan 2026
Published
11 Feb 2026
Updated

CVSS v4.0
MEDIUM (6.0)
EPSS
0.14%

KEV

Description

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
Critical #Fedora 42 Python Update! 🚨 Patch CVE-2026-0672 & 4 other header injection flaws NOW. Update to Python 3.14.3 via DNF to secure your apps from HTTP response splitting & email attacks. Read more: 👉 tinyurl.com/559493pd #Security
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Microsoft
  • Microsoft Teams

19 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
HIGH (8.2)
EPSS
0.07%

KEV

Description

Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-21535 - Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network. https://www.cyberhub.blog/cves/CVE-2026-21535
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • openclaw
  • openclaw

19 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.02%

KEV

Description

OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by an attacker, this can allow forged Telegram updates (for example spoofing message.from.id). If an attacker can reach the webhook endpoint, they may be able to send forged updates that are processed as if they came from Telegram. Depending on enabled commands/tools and configuration, this could lead to unintended bot actions. Note: Telegram webhook mode is not enabled by default. It is enabled only when `channels.telegram.webhookUrl` is configured. This issue has been fixed in version 2026.2.1.

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-25474 https://www.cyberhub.blog/article/alert-cve-2026-25474
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • libexpat project
  • libexpat

30 Jan 2026
Published
03 Feb 2026
Updated

CVSS v3.1
MEDIUM (6.9)
EPSS
0.01%

KEV

Description

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2026-25210 impacts expat in 7 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/425 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Bematech
  • MP-4200

18 Feb 2026
Published
19 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.10%

KEV

Description

Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the printer's web service, causing a denial of service condition.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
📌 CVE-2019-25401 https://www.cyberhub.blog/article/alert-cve-2019-25401
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • ALSA Project
  • alsa-lib

29 Jan 2026
Published
06 Feb 2026
Updated

CVSS v4.0
MEDIUM (4.6)
EPSS
0.01%

KEV

Description

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound without validating it against the fixed-size channel array (SND_TPLG_MAX_CHAN). A crafted topology file with an excessive num_channels value can cause out-of-bounds heap writes, leading to a crash.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
alsa-lib: apply patch for CVE-2026-25068 https://github.com/NixOS/nixpkgs/pull/492079 #security
  • 0
  • 0
  • 0
  • 8h ago
Showing 31 to 40 of 89 CVEs