24h | 7d | 30d

Overview

  • Qualcomm, Inc.
  • Snapdragon

02 Mar 2026
Published
03 Mar 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-47376 - Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. https://www.cyberhub.blog/cves/CVE-2025-47376
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Pending

03 Mar 2026
Published
03 Mar 2026
Updated

CVSS v3.1
HIGH (7.2)
EPSS
0.02%

KEV

Description

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-63910 - An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administra... https://www.cyberhub.blog/cves/CVE-2025-63910
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • openemr
  • openemr

03 Mar 2026
Published
04 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.6)
EPSS
0.03%

KEV

Description

OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary money movement or broad account takeover of payment gateway APIs. This vulnerability is fixed in 8.0.0.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-25146 - OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at lea... https://www.cyberhub.blog/cves/CVE-2026-25146
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Tenda
  • F453

01 Mar 2026
Published
01 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3379 - A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipul... https://www.cyberhub.blog/cves/CVE-2026-3379
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Cloudflare
  • https://github.com/cloudflare/pingora

04 Mar 2026
Published
04 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

An HTTP request smuggling vulnerability (CWE-444) was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, causing the proxy to pass through the rest of the bytes on the connection to a backend before the backend has accepted the upgrade. An attacker can thus directly forward a malicious payload after a request with an Upgrade header to that backend in a way that may be interpreted as a subsequent request header, bypassing proxy-level security controls and enabling cross-user session hijacking. Impact This vulnerability primarily affects standalone Pingora deployments where a Pingora proxy is exposed to external traffic. An attacker could exploit this to: * Bypass proxy-level ACL controls and WAF logic * Poison caches and upstream connections, causing subsequent requests from legitimate users to receive responses intended for smuggled requests * Perform cross-user attacks by hijacking sessions or smuggling requests that appear to originate from the trusted proxy IP Cloudflare's CDN infrastructure was not affected by this vulnerability, as ingress proxies in the CDN stack maintain proper HTTP parsing boundaries and do not prematurely switch to upgraded connection forwarding mode. Mitigation: Pingora users should upgrade to Pingora v0.8.0 or higher As a workaround, users may return an error on requests with the Upgrade header present in their request filter logic in order to stop processing bytes beyond the request header and disable downstream connection reuse.

Statistics

  • 1 Post

Last activity: 9 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: CVE-2026-2833 in Cloudflare Pingora enables HTTP request smuggling — attackers can bypass proxy ACLs/WAFs, poison caches, and hijack sessions. Upgrade to v0.8.0+ or filter Upgrade headers. More info: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

Overview

  • kiteworks
  • security-advisories

27 Feb 2026
Published
03 Mar 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.03%

KEV

Description

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface. Version 9.2.0 contains a patch for the issue.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-28272 - Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administ... https://www.cyberhub.blog/cves/CVE-2026-28272
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • MongoDB Inc
  • MongoDB Server

10 Feb 2026
Published
11 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture fallback
The latest update for #CatoNetworks includes "Cato CTRL Threat Research: New #MongoDB Vulnerability Allows Instant Remote Server Takedown (CVE-2026-25611)" and "From Alerts to Action: Dynamic Prevention". #Cybersecurity #SASE https://opsmtrs.com/3M0ijCj
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • LabRedesCefetRJ
  • WeGIA

27 Feb 2026
Published
02 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.27%

KEV

Description

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$_REQUEST` superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass authentication checks, allowing unauthorized access to administrative and protected areas of the WeGIA application. Version 3.6.5 fixes the issue.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-28411 - WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$_REQUEST` superglobal a... https://www.cyberhub.blog/cves/CVE-2026-28411
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Qualcomm, Inc.
  • Snapdragon

02 Mar 2026
Published
02 Mar 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

Memory Corruption when accessing buffers with invalid length during TA invocation.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-47373 - Memory Corruption when accessing buffers with invalid length during TA invocation. https://www.cyberhub.blog/cves/CVE-2025-47373
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Ivanti
  • Connect Secure

08 Jan 2025
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.0)
EPSS
94.18%

Description

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture fallback
Malware RESURGE colpisce Ivanti: come difendersi subito dalla zero-day 📌 Link all'articolo : www.redhotcyber.com/post/mal... #redhotcyber #news #cybersecurity #hacking #malware #ransomware #cisa #vulnerabilita #cve20250282 #rootkit
  • 0
  • 0
  • 0
  • 21h ago
Showing 31 to 40 of 74 CVEs