24h | 7d | 30d

CVE-2026-0667

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture fallback
Eyal Estrin ☁️ @eyalestrin.bsky.social
Critical 9.8 CVSS Schneider Electric Flaw Exposes SCADA and Data Center Systems (CVE-2026-0667) #patchmanagement
  • 0
  • 0
  • 0
  • 9h ago

CVE-2025-53770

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016
20 Jul 2025
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
89.41%
KEV

Description

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CISA and Microsoft have issued urgent warnings about active exploitation of CVE-2025-53770 in on-premises SharePoint servers. Attackers are using this deserialization flaw, dubbed ToolShell, to gain full access to file systems and configurations, hitting federal agencies and energy firms.
  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-32635

Overview

  • @angular
  • compiler
13 Mar 2026
Published
17 Mar 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
0.05%
KEV

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute (for example href on an anchor tag) together with Angular's ability to internationalize attributes. Enabling internationalization for the sensitive attribute by adding i18n-<attribute> name bypasses Angular's built-in sanitization mechanism, which when combined with a data binding to untrusted user-generated data can allow an attacker to inject a malicious script. This vulnerability is fixed in 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20.

Statistics

  • 1 Post
Last activity: 23 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
Angularに高深刻度のXSS 脆弱性(CVE-2026-32635)、早期更新が必要 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-22732

Overview

  • Spring
  • Spring Security
19 Mar 2026
Published
19 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
Pending
KEV

Description

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.  This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CVE-2026-22732 (CRITICAL, CVSS 9.1): Spring Security 5.7.0 – 7.0.3 vulnerability lets HTTP headers go unwritten, risking CSP/HSTS bypass. No auth needed, remote exploit possible. Upgrade urgently & enforce headers via WAF/CDN! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-27540

Overview

  • Rymera Web Co Pty Ltd.
  • Woocommerce Wholesale Lead Capture
19 Mar 2026
Published
19 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.0)
EPSS
0.04%
KEV

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Using Malicious Files.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CVE-2026-27540 (CVSS 9.0): Woocommerce Wholesale Lead Capture plugin lets unauthenticated attackers upload malicious files — remote code execution & full compromise possible. Disable plugin, enforce file type restrictions! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-27065

Overview

  • ThimPress
  • BuilderPress
19 Mar 2026
Published
19 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.12%
KEV

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through 2.0.1.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-27065 in ThimPress BuilderPress (≤2.0.1) lets attackers perform unauthenticated RFI, risking full WordPress compromise. Disable plugin & harden PHP configs immediately! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-15282

Overview

  • Python Software Foundation
  • CPython
20 Jan 2026
Published
03 Mar 2026
Updated
CVSS v4.0
MEDIUM (6.0)
EPSS
0.04%
KEV

Description

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🔍 Lambda Watchdog detected that CVE-2025-15282 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/442 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-25646

Overview

  • pnggroup
  • libpng
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v4.0
HIGH (8.3)
EPSS
0.07%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🔍 Lambda Watchdog detected that CVE-2026-25646 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/440 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-27067

Overview

  • Syarif
  • Mobile App Editor
  • mobile-app-editor
19 Mar 2026
Published
19 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.04%
KEV

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through 1.3.1.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CRITICAL (CVSS 9.1): Syarif Mobile App Editor ≤1.3.1 hit by CWE-434 unrestricted file upload (CVE-2026-27067). Allows web shell deployment & full compromise. Enforce strict validation, monitor uploads, patch ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-0953

Overview

  • themeum
  • Tutor LMS Pro
10 Mar 2026
Published
10 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.05%
KEV

Description

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token. This makes it possible for unauthenticated attackers to log in as any existing user, including administrators, by supplying a valid OAuth token from their own account along with the victim's email address.

Statistics

  • 1 Post
Last activity: 18 hours ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2026-0953 - Tutor LMS Pro scq.ms/47yNIqQ
  • 0
  • 0
  • 0
  • 18h ago
Showing 31 to 40 of 53 CVEs