24h | 7d | 30d

Overview

  • D-Link
  • DWR-M960

20 Feb 2026
Published
24 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.03%

KEV

Description

A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub_462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-2853 - A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub_462E14 of the file /boafrm/formSysLog of the component System L... https://www.cyberhub.blog/cves/CVE-2026-2853
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • GIMP
  • GIMP

20 Feb 2026
Published
23 Feb 2026
Updated

CVSS v3.0
HIGH (7.8)
EPSS
0.06%

KEV

Description

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PGM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28158.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-2044 - GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o... https://www.cyberhub.blog/cves/CVE-2026-2044
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Moxa
  • UC-1200A Series

05 Feb 2026
Published
05 Feb 2026
Updated

CVSS v4.0
HIGH (7.0)
EPSS
0.01%

KEV

Description

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of eMMC contents. This attack cannot be performed through brief or opportunistic physical access and requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis. Remote exploitation is not possible.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Microsoft
  • Microsoft SQL Server 2022 (GDR)

13 Jan 2026
Published
22 Feb 2026
Updated

CVSS v3.1
HIGH (7.2)
EPSS
0.06%

KEV

Description

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture fallback
Amazon RDS Custom now supports the latest GDR updates for Microsoft SQL Server Amazon RDS Custom for SQL Server now supports the latest GDR updates for Microsoft SQL Server, including SQL Server 2022 Cumulative Update and KB5072936. These updates address CVE-2026-20803 vulnerabilities.
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • D-Link
  • DWR-M960

20 Feb 2026
Published
24 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.03%

KEV

Description

A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_424AFC of the file /boafrm/formFilter of the component Filter Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-2856 - A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_424AFC of the file /boafrm/formFilter of the ... https://www.cyberhub.blog/cves/CVE-2026-2856
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • UTT
  • HiPER 810G

23 Feb 2026
Published
23 Feb 2026
Updated

CVSS v4.0
HIGH (8.6)
EPSS
0.04%

KEV

Description

A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Impacted is the function strcpy of the file /goform/setSysAdm. The manipulation of the argument passwd1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
📌 CVE-2026-2980 - A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Impacted is the function strcpy of the file /goform/setSysAdm. The manipulation of ... https://www.cyberhub.blog/cves/CVE-2026-2980
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Tattile s.r.l.
  • Smart+

24 Feb 2026
Published
24 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: CVE-2026-26341 in Tattile Smart+, Vega & Basic (fw ≤1.181.5) — default creds allow admin access if device is reachable. Change passwords, restrict interface access ASAP. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • QuantumNous
  • new-api

24 Feb 2026
Published
24 Feb 2026
Updated

CVSS v4.0
HIGH (7.1)
EPSS
0.04%

KEV

Description

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the `/api/token/search` endpoint allows authenticated users to cause denial of service through resource exhaustion by crafting malicious search patterns. The token search endpoint accepts user-supplied `keyword` and `token` parameters that are directly concatenated into SQL LIKE clauses without escaping wildcard characters (`%`, `_`). This allows attackers to inject patterns that trigger expensive database queries. Version 0.10.8-alpha.10 contains a patch.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-25591 (HIGH): QuantumNous new-api <0.10.8-alpha.10 vulnerable to SQL LIKE wildcard injection in /api/token/search. Auth users can cause DoS via crafted search patterns. Patch ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Nagios
  • Host

20 Feb 2026
Published
24 Feb 2026
Updated

CVSS v3.0
HIGH (7.2)
EPSS
0.47%

KEV

Description

Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the esensors_websensor_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28249.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-2043 - Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to ... https://www.cyberhub.blog/cves/CVE-2026-2043
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
FreeBSD Kernel Under Fire: New Critical Stack Overflow CVE-2026-3038 Puts All Versions at Risk for Privilege Escalation + Video Introduction: The integrity of the FreeBSD kernel has been compromised by a newly discovered stack overflow vulnerability, designated CVE-2026-3038, which allows an…
  • 0
  • 0
  • 0
  • 2h ago
Showing 31 to 40 of 88 CVEs