Overview
Description
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
Statistics
- 1 Post
Last activity: Last hour
Fediverse
Here's a summary of recent important global, technology, and cybersecurity news:
**Global:**
US-Iran talks continued, with the US demanding nuclear concessions (Feb 7). Italy thwarted suspected Russian cyberattacks targeting government and Olympic-linked websites (Feb 6).
**Technology:**
Big Tech firms (Amazon, Alphabet, Meta, Microsoft) are committing $650B to AI infrastructure in 2026. OpenAI launched Frontier, an enterprise AI agent platform (Feb 6). Intel and AMD warned China of server CPU shortages, citing AI demand and US export rules (Feb 6).
**Cybersecurity:**
CISA ordered US federal agencies to remove unsupported edge network devices to reduce risk (Feb 6). Ransomware groups are actively exploiting a critical VMware ESXi flaw (CVE-2025-22225) (Feb 6). Global cybersecurity laws are tightening, mandating rapid incident reporting (Feb 7).
Overview
- Red Hat
- Red Hat Enterprise Linux 10
- bootc
27 Jan 2026
Published
03 Feb 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV
Description
A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.
Statistics
- 1 Post
Last activity: 16 hours ago
Overview
- Unstructured-IO
- unstructured
04 Feb 2026
Published
04 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.06%
KEV
Description
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partition_msg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. This issue has been patched in version 0.18.18.
Statistics
- 1 Post
Last activity: 7 hours ago
Overview
- Go toolchain
- cmd/go
- cmd/go
28 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV
Description
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
Statistics
- 1 Post
Last activity: 19 hours ago
Overview
Description
A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Statistics
- 1 Post
Last activity: 6 hours ago
Fediverse
🔥 HIGH-severity: CVE-2026-2191 in Tenda AC9 (v15.03.06.42_multi) enables remote, unauthenticated code execution via stack overflow. Public exploit out — segment networks & disable remote admin. No patch yet. https://radar.offseq.com/threat/cve-2026-2191-stack-based-buffer-overflow-in-tenda-65760e1b #OffSeq #CVE20262191 #netsec #routers
Overview
Description
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. The vulnerability has been fixed in jsPDF@4.1.0.
Statistics
- 1 Post
Last activity: 6 hours ago
Overview
- Cisco
- Cisco RoomOS Software
04 Feb 2026
Published
04 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.08%
KEV
Description
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient validation of input received by an affected device. An attacker could exploit this vulnerability by getting the affected device to render crafted text, for example, a crafted meeting invitation. As indicated in the CVSS score, no user interaction is required, such as accepting the meeting invitation. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Statistics
- 1 Post
Last activity: 1 hour ago
Overview
Description
Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Statistics
- 1 Post
Last activity: 14 hours ago
Overview
Description
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in jsPDF@4.1.0.
Statistics
- 1 Post
Last activity: 6 hours ago
Overview
Description
Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Statistics
- 1 Post
Last activity: 14 hours ago