24h | 7d | 30d

CVE-2026-1320

Overview

  • ays-pro
  • Secure Copy Content Protection and Content Locking
12 Feb 2026
Published
12 Feb 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
Pending
KEV

Description

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ HIGH severity alert: CVE-2026-1320 impacts ays-pro Secure Copy Content Protection & Content Locking (all versions) — Stored XSS via 'X-Forwarded-For' lets unauth attackers inject scripts. Monitor and restrict input. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-25727

Overview

  • time-rs
  • time
06 Feb 2026
Published
06 Feb 2026
Updated
CVSS v4.0
MEDIUM (6.8)
EPSS
0.05%
KEV

Description

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.

Statistics

  • 1 Post
Last activity: 4 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 ALERT: CVE-2026-25727 drops with an 8.2 CVSS. #OpenSUSE Leap 15.5/15.6 + SCCache 0.13.0 = Heap overflow in distributed compilation. Attackers inject persistent malware into your #Rust/#C++ build cache. Read more: 👉 tinyurl.com/2xkdy69w #Security
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-26217

Overview

  • unclecode
  • Crawl4AI
  • crawl4ai
12 Feb 2026
Published
12 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
Pending
KEV

Description

Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can access sensitive files such as /etc/passwd, /etc/shadow, application configuration files, and environment variables via /proc/self/environ, potentially exposing credentials, API keys, and internal application structure.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-26217 in Crawl4AI (<0.8.0) enables unauthenticated file read via Docker API endpoints. Attackers can access /etc/passwd, configs, and secrets. Upgrade to 0.8.0+! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-26235

Overview

  • ALBRECHT JUNG GMBH & CO. KG
  • JUNG Smart Visu Server
12 Feb 2026
Published
12 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.08%
KEV

Description

JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any authentication.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CVE-2026-26235 (HIGH): JUNG Smart Visu Server 1.1.1050 lets unauthenticated users remotely shut down or reboot the server via POST request. Restrict network access, monitor logs, and await vendor patch. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-20654

Overview

  • Apple
  • macOS
11 Feb 2026
Published
11 Feb 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to cause unexpected system termination.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
Speedyfriend67 @speedyfriend67

Got my first Apple CVE!
CVE-2026-20654

At the age of 19, I have finally achieved my goal.

Weird thing is, the 2025 CVE isn't addressed yet haha

More exciting news coming soon!

Thank you everyone for the support 🥹🙏

  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-21218

Overview

  • Microsoft
  • .NET 10.0
10 Feb 2026
Published
12 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.04%
KEV

Description

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 #Ubuntu .NET CRITICAL 🚨 CVE-2026-21218 lets attackers bypass crypto checks in System.Security.Cryptography.Cose. Affects: .NET 8/9/10 on Ubuntu 25.10 & 22.04 LTS. Read more: 👉 tinyurl.com/34ny5waj #Security
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-26080

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture fallback
ScriptFanix💍⏚ ⸫ @ScriptFanix

2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC

haproxy.com/blog/cves-2026-qui

  • 2
  • 1
  • 0
  • 9h ago

CVE-2026-1281

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
16.41%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Kris @isotopp

@wiert @christopherkunz hackernoob.tips/critical-ivant

  • 2
  • 0
  • 0
  • 12h ago

CVE-2026-1340

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.18%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Kris @isotopp

@wiert @christopherkunz hackernoob.tips/critical-ivant

  • 2
  • 0
  • 0
  • 12h ago

CVE-2026-0652

Overview

  • TP-Link Systems Inc.
  • Tapo C260 v1
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.50%
KEV

Description

On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cause full device compromise.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
TP-Link Tapo CVE-2026-0651 & CVE-2026-0652: Unauthenticated RCE and File Disclosure in Millions of Smart Cameras — Full Technical Breakdown + Video Introduction: Recent responsible disclosures by researcher Eugene Lim have revealed two critical vulnerabilities—CVE-2026-0651 (unauthenticated…
  • 0
  • 0
  • 0
  • 17h ago
Showing 31 to 40 of 51 CVEs